METHOD FOR USER AUTHENTICATION AND BILLING IN AN INFORMATION NETWORK SERVICE
The invention relates to a method according to the preamble of claim 1 for authen- tication and billing of an information network user, in which method the user of an information network service is identified, the product ordered by the information network service user is delivered to the user or, respectively, the service ordered by the user is produced for the same.
By means of conventional Internet techniques, today an enormous quantity of different information and other services have been implemented. For instance, nontangible goods such as network-readable publications, interactive services, computer programs, music and other information accessible in digital format. These can be delivered to the customer over the Internet. It is also possible to buy different kinds of tangible goods over the Internet, such as books, food and home appliances. These can be shipped to the customer over a conventional delivery system such as the mail, for instance. Later in the text, all of these services offered over the Internet are called information network services.
In the conventional technique, the information network service user can be identified by his user identification code and a password associated thereto. The database of the information network service provider stores the service user identification codes and respective passwords that the service user in a plurality of offered services can define when running the first session with the service. In certain services, the customer identity must be validated even before the first session. Today, no secure means have been devised for this task but an in-person meeting between the customer and the service provider. By the same token, a user identification code and password that open access to the offered service may be submitted to the customer. To initiate the use of a desired information network service, the customer must first enter his user identification code and the respective password. Herein, the transmission of passwords always involves a security risk as they may be captured from the network.
Further, the use of a password presumes that the password must be memorized and, since the user of an information network generally utilizes a plurality of different services, all the passwords related to each one of them must then be memorized. This poses a real problem, because a customer subscribing to tens of services on an occa- sional basis has then difficulties in memorizing or keeping log on those tens of different passwords of maximally random form, particularly as the passwords may be replaced by new ones every now and then in order to maintain data security.
A great number of information network services are profit-based, which means that the payment transactions associated with their use must be handled in some manner. All the known ways to transmit this payment transaction traffic involve their specific shortcomings, and the lack of a practicable payment convention in information network services may be the greatest obstacle to their wider deployment. Herein, such techniques are used as prepaid mail delivery and billing the product either after the delivery or prior to its delivery. In many cases, these techniques are impracticable, since particularly in the international commerce, banking costs form an unduly high portion in the overall price of a product. Moreover, it is awkward to send notices on unpaid bills of a relatively low value, a task which is further complicated by the unsure identification of a service user, particularly those subscribing on an occasional basis. A great number of information network service providers accept a credit card as the only legitimate payment instrument of purchases carried out over a network. However, not all people have a credit card and many credit card owners are reluctant to give their credit card number to a nonphysical party that often is located abroad over such a path wherein the number may be captured by anyone. It is also difficult to clear billings that deviate from the agreed price or bear extra costs, particularly if the billing takes place in a foreign country, which means that many people are cautious against taking the risk of getting involved in clearing such problems.
In the art is known a more secure method for billing transactions over the Internet ("Method for the billing of transactions over the Internet", US Pat. No. 5,905,736).
The method disclosed therein is based on utilizing the Internet user's IP address as the user identification code. Upon the user establishing a connection in the Internet, an Internet access provider, IAP, transmits the billing platform the user's identity and a temporary IP associated with the same. Information network service providers make an agreement with the IAP on the billing system and then the information network service provider can identify a user associated with such an agreement from the IP address assigned the user. Upon the signing of a purchase transaction, the information network service provider sends billing data that are identified by the user's IP address to the billing platform, which stores the data for billing to the correct user. The billing platform allocates the payments to predetermined billing mechanisms such as the telephone bill, a credit card system or, e.g., to a separate invoice. A handicap of this arrangement is that each transaction needs a new, secure connection both between the IAP's system and the billing platform and, respectively, between the information network service provider and the billing platform. The arrangement is also subject to aliasing of IP addresses.
It is an object of the present invention to overcome the drawbacks of the above- described prior-art techniques and to provide an entirely novel type of method for identification of an information network service user and to improve the security of customer identification in information network services. It is another object of the invention to facilitate billing of information network services to the customers mobile telephone bill. The billed items may be transferred data, tangible goods or, e.g., interactive services offered in an information network. The method is most advantageously applicable to the billing of purchase transactions of relatively small financial value.
The goal of the invention is achieved by virtue of using the connection identification code of a mobile terminal system, such as that contained in the SIM card of an GSM system, for user identification. According to the invention, the user of the informa- tion network service submits the identification code, such as his mobile phone number, of his mobile terminal connection, over the information network. The
information network service provider sends a message to that specific mobile terminal connection associated with the identification code. Subsequently, the information network service provider receives an acknowledge message from the specific mobile terminal connection, thus securing that the identified information network service user is controlling the specific mobile terminal connection. At this stage, the service provider is ascertained that the service user possesses the SIM card of his mobile terminal, whereby the billing can be made to the owner of the terminal connection. The user identification occurs at the same security level as generally takes place, e.g., in an GSM network.
More specifically, the method according to the invention for information network service user authentication and billing, in which method the service user is identified, and the product ordered by the service user is delivered to the user or, respectively, the service ordered by the user is produced for the same, is characterized by what is stated in the characterizing part of claim 1.
The invention offers significant benefits. The user of an Internet service can be identified at a higher level of security than what is offered in conventional telecom connections and utilizing existing identification schemes. The billing of services offered in information networks such as the Internet can be centralized to a mobile phone operator, whereby occasional offering/purchasing of information network services at extremely attractive prices is facilitated. The control of billing operations can be transferred to the mobile phone operator, whereby the same can relieve the service provider from the task of monitoring the payments and credit integrity of the customer ordering the services. The mobile phone operator can also monitor in behalf of the purchasing customer that, e.g., before a product is billed to the customer, the information network service provider really takes responsibility on delivering the ordered product.
In the following, the invention is examined in detail with the help of an exemplifying embodiment by making reference to the attached drawing of FIG. 1, wherein
FIG. 1 shows an embodiment of the invention for the identification of and service billing to a user of an information network.
The method is implemented by way of the steps described below. Steps 101 - 102 are carried out to determine which goods and/or service is/are desired to be purchased:
101) A network terminal 11 receives via the Internet from a server 12 of an informa- tion network service a WWW page or set of pages stored thereon, whereby the information contained on the received page(s) indicates that the information network service provider is willing to sell a given product.
102) The information network service provider's server 12 receives over the Internet from the network terminal 11 a message indicating interest to purchase a given product 19. Additionally, the information network service provider's server 12 receives from the IP-compatible terminal a proposed connection identification code 14 of the mobile terminal connection 13, such as the mobile phone number of the connection. Herein, the information network service provider may also receive information on such details as how, when and/or whereto the customer wishes the product to be delivered.
To authenticate the buyer's identity to the information network service provider 10, steps 103 - 107 are next carried out:
103) A short-message service exchange SMSC 17 receives over a secured communi- cations path a first short message 15 of a predetermined SMS format that is directed from the server 12 to the mobile terminal connection associated with the proposed connection identification code 14 and compiles a data structure including at least said first short message 15, the proposed connection identification code 14 and a customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed
data structure.
104) SMSC 17 relays the first short message 15 to the mobile terminal connection 13.
105) SMSC 17 receives a second short message 16 of a predetermined SMS format that is directed from the mobile terminal connection 13 to the server 12 of the information network service provider 10. Thereupon, SMSC 17 compiles a data structure including at least said second short message 16, the actual connection identification code 14 of the mobile terminal connection 13 and the customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed data structure. 106) SMSC 17 relays over a secured communications path said second short message 16, as well as combined therewith the actual mobile terminal connection identification code 18 received from the mobile terminal connection 13, to the server 12 of the information network service provider 10.
107) The information network service provider 1 compares the first short message 15 sent by the service provider with the second short message 16 received from the SMSC 17 and, respectively, compares the proposed connection identification code 14 received over the Internet from the network terminal device 11 with the actual connection identification code 18 received from the SMSC 17 and, hereby, interprets the received second short message 16 to be a proper response expected for the first short message 15 and, respectively, assumes the proposed connection identification code 14 and the actual connection identification code 18 to be assigned the same mobile terminal connection 13.
At this stage, the information network service provider 10 receiving the customer order knows that the party sending the order from the network terminal device 11 has a full control over the mobile terminal connection 13. In a GSM network, this presumes the possession of an SIM card and, generally, also entering the correct PIN code from the keyboard at the switch-on of a mobile phone. Hence, the party ordering products via the server 12 of the information network service provider can be authenticated at the same security level as that of the identification of a mobile
phone network subscriber when the subscriber uses the mobile phone network. In the delivery of the ordered product, two alternative methods can be used. Tangible goods are shipped according to step 108 described below. Nontangible products such as data is delivered according to step 109:
108) The information network service provider 10 sends the ordered product to the address specified by the customer using a physical shipping system such as the mail or a delivery service.
109) The information network service provider 10 transmits the ordered product 19 to the network terminal 1 1 over the information network.
Steps 110 and 111 are necessary to complete the billing routines:
110) At a later stage after or, alternatively, already during the execution of the above-described steps, a control system 23 of the mobile phone network operator 22 examines the short messages passed through the SMSC 17. Herein is detected a first short message 15 and, as a response sent thereto, a second short message 16 containing sender and recipient information. The information contents and sender/recipient data of the first short message 15 and the second short message 16, respectively, are compared with each other. Herein, the proposed connection identification code 14 and the actual connection identification code 18 that are received from different sources are found to be assigned the same mobile terminal connection 13. As an additional check it can be verified that the second short message 16 contains the correct response message information requested by the first short message 15.
1 1 1) The billing data is transmitted to the billing system 24 and the mobile terminal connection 13 is billed on the basis of the information contained in the first short message 15 and/or the second short message 16.
The service billing may also be charged to a mobile phone bill, a separate invoice or,
using a separate telecommunications connection, to a credit card system and therefrom to the customer's credit card invoice.
It is not mandatory that the second short message 16 carries any specific information transmitted from the connection 13, but for the sake of improved security level, it is possible to embed in the first short message 15 a string 25 of cryptographic authentication characters, such as a 5-digit random number, which is presumed to be returned in the response message (that is, in short message 16). This procedure secures that the terminal user responds to the correct message and that he actually possesses the connection identification code of the responding mobile terminal, such as the SIM card of the mobile phone being used, and that the correct PIN code has been entered at the switch-on of the mobile terminal device. It must be noted herein that in a strict sense the use of a terminal does not presume the PIN code to be known by the user, since the owner of the connection may have disabled the function of user identification by the PIN code or the mobile phone may have been operative at the hand-over of its possession.
An alternative method of improving information security is to add a random number at the end of the calling party's number, whereby the user's response message is directed to this modified number (e.g., if the service access number is 1234 and the generated random number is 97667, the service allocates the calling party a specific access number 123497667, whereby the user dials this number to respond). In this arrangement, the telephone exchange and the short-message switching center are programmed to redirect the second short message 16 to the correct recipient.
The security level of the data transmission between the network terminal device 11 and the server 12 can be improved by way of adopting the SSL (Secure Socket Layer) encryption technique and, also, by way of launching a JAVA applet in the terminal browser that then takes over communications with the offered service.
In the context of the present application and particularly in its claims, the term
connection identification code is used to make reference to the identifying code, such as a mobile phone number of a mobile terminal connection.