The object of the invention is a system and a method for utilizing card operated mobile stations, especially utiliz- ing the service card of the GSM-network SIM-card containing the SIM-unit, favorably in different electronic service systems demanding high data protection.

In present card systems the telecommunication networks are utilized either in on-line or off-line communication of transactions. Considerable problems are the development and maintenance costs of the card systems and the telecommuni¬ cation fixed costs as well as the variable costs of the communication for the service providers, e.g. shops and banks, etc. In the present card systems the telecommunica¬ tion traffic and subscriber fees are paid by the service providers (the shop, restaurant, taxi, hotel, etc.), be¬ cause the division of the telecommunication costs otherwise would demand the construction of expensive or for the use of the customers clumsy solutions.

A vital problem is the prevention of unlawful and criminal use of electronic service systems. Such situations occur when the card falls into wrong hands or when the card is used for unauthorized services (the card lacks cover or the card limit has been overdrawn) . A considerable challenge comes from preventing the forgery of service cards and electronic service sessions. The problem is e.g. forgery of the A-number identity in the public network service appli- cations, where the A-number is used to check the access rights to the service, by which a forged A-number identity enables the criminal use of the service in question.

A considerable problem arises also from the management of the access rights of different services associated to the same service card. At present expensive technical arrange¬ ments are provided separately for every service provider in order to administrate the different services associated to

the card .

Moreover, the problem of the present card systems is the transfer of the transaction data in connection with the card transaction to the different parties, e.g. in a trade situation the transfer of the purchase and the card payment to the central system of the shop from a single site, to the payer's bank, the payee's bank, etc. Different banks and credit companies have their own security systems.

The existing telephone banks with different numbers provide voice-frequency telephones for the payment of bills and statement of account inquiries. When e.g. a telebank is called, the computer identifying the DTMF-voice frequency signals available through the telephone network i.e. the central voice applications platform (the CVAP) answers and the caller talks with the CVAP by pushing certain keys suggested by a predetermined program.

By linking a card reader system to the phone, the calls can be paid by credit card. The U.S. patent publication 5 144 649 describes the method of using the radio telephone with a credit card. The phone can be used only by first present¬ ing the credit card. The credit card data is read from the credit card and the local validity of the credit card is established by processing the credit card data. If the validity is approved, the phone can be used. When the client uses the phone to place or receive a call, the time for using the phone is recorded. The validity can be checked during the call, and if the call charge exceeds the credit limit, the method can cut off the call.

The published EP application 409 417 also describes the charging of calls when using a certain service data termi- nal having a credit card reader. In the credit card phone method, a local database, a storage and a programming intelligence have been connected to the telephone to enable the processing of the calls, in which method the user

enters the credit card number after having dialled the required number, the data is locally recorded after having checked the authority of the card, and in affirmative case, immediately continues the call set-up. The line is super- vised during the call. The card number, the dialled number, the date, time and call time are locally recorded. The host computer is updated with this information. In the methods above only calls are charged by the credit cards.

The system and method according to the subject invention provide a preferable solution to the above mentioned prob¬ lems. The invention is characterized in what is presented in the claims. The solution according to the invention requires the initialization of the service card SIM-unit always to require the use of the PIN-code, the connection of service number applications demanding high data security from the GSM-network base station onwards through a private network all the way to the service provider (e.g. the bank credit system) , searching with the A-number identity in the service application from the service database the database required by the user, to which the user has a predetermined right according to the database register, the description of the A-number identity related services to the service database, in which e.g. the customer's account number corresponds to the A- and B-number identities, and, fur¬ thermore, for the service management a service center for the control of the access rights of the A- and B-number related services and the re-connection of the services.

Vital advantages of the subject invention are the possibil¬ ities to utilize the Pan-European GSM-system SIM-card or a card of a corresponding system in and for the different card issuers' applications, the possibilities to reduce and divide the service and equipment related telecommunication costs, due to i.a. joint usage of different service provid¬ ers. The invention solves the question of utilizing reli¬ ably the GSM-network user's local authentication all the way to the service provider. The invention also provides a

solution to the charging of the card system telecommunica¬ tion transaction costs direct from the user or from third party, which is a direct benefit for the service supplier of the use of the GSM-network and the SIM-unit in the card system. The invention has resolved the question of substan¬ tially obstructing unlawful and criminal use of telecommu¬ nication services, and furthermore the safe processing of the A-number identity in service applications.

Payment transactions can be secured on-line, by which the use of stolen and forged cards can be prevented immediately when the computer in question has been informed. The trans¬ action data is simultaneously transferred to the payer and the buyer. The same data terminal equipment can be used also as a mobile phone by installing a mobile communication network service card. Payments can thus take place on the whole network area.

Different services can be associated to the GSM-card cus- tomer number defined in the SIM-unit (Subscriber Identity Module) . The telecommunication costs related to the use of the services can directly be charged the customer defined by the card. The card related services are described either in the network to the customer's service database i.e. the AUP (A-user profile), from which the data is searched with the caller's ANI (A-number identity) or to the service card containing the SIM-unit.

Due to the authentication taking place in the local or the mobile telephone network, the GSM-card is adapted for different transactions demanding high data security, which require authentication of the user. The most important applications are i.a. the banking service cards, such as credit and cash cards, insurance cards, regular customer cards, hotel cards, passenger traffic cards, etc.

The invention provides a solution to the reliable utiliza¬ tion of the local authentication of the user of the GSM- or

corresponding network in different service applications (e.g. accounts in two different banks). The invention provides a solution to the safe management of different services associated with the same service card and/or A- number identity.

By the network is meant a combination of transmission routes and nodes between two or several users of the tele- or data communication connections.

The invention is presented below more in detail with refer¬ ence to the enclosed drawing.

Fig. 1 presents the present system for paying bills; Fig. 2 presents a simple system of the subject inven¬ tion;

Fig. 3 presents the system between the data terminal equipment and the central computer system.

Fig. 1 presents a known system for paying bills or inquir¬ ing account information by phone. No A-number identity authentication takes place. The telephone connection goes via the public telephone network 17, which does not enable a reliable A-number identity authentication in the applica¬ tion. The PIN-code application 18 is required to secure the customer identification in the application. The phone can in principle be used by anyone. The A- number identity cannot reliably be used in applications demanding high data security to identify the user, e.g. payments, if the con¬ nection is permitted without the use of the PIN-code of the service card 2, as in such a case anyone could unlawfully use the service. The application 18 must be installed to ask for the user code and the password.

Fig. 2 presents a mobile telephone system according to the invention, in which the audio- and/or data connection is taken from the terminal equipment 1 to the network 13 of

the desired service provider. The service card's SIM-unit has been initialized always to demand e.g. a four-number PIN-code before setting up the connection. In applications demanding high data security the connection from the mobile telephone exchange to the application is coupled via the dedicated network 6 and to the application is communicated the caller's A-number identity used to administrate the user's rights and to connect the user to the service. With the intelligence part of the service card 2 installed in the terminal equipment of the system, the user of the equipment is locally authenticated in point 5, connection is taken via the dedicated network 6 to the service provid¬ er, with the help of the identifier the service provider identifies the rights of the service user to use the ser- vices.

The system comprises a terminal equipment 1, which is in connection via the telephone network with the service provider's central computer containing the payment system. The object of the invention is a payment system, comprising a mobile telephone network's terminal equipment 1, to which can be connected the subscriber identification unit 2 containing data for subscriber identification and radio traffic secrecy, and which is readable to the terminal equipment for the use of card operated mobile stations, e.g. a SIM-card in a GSM-system. The mobile stations 1 are in connection with the mobile network transmitter-receiver station i.e. base station 3. The base station controller 16 controls the operations of one or several base stations 3. From the controller or the base station there are connec¬ tions with the mobile telephone exchange, from where there are connections to the telecommunication networks 6. Ac¬ cording to the invention, calls to a predetermined number are directed to the dedicated network 6 in the mobile telephone exchange. In the call set-up, the subscriber is identified in the authentication center 5 and the subscrib¬ er is given the right to the call. The authentication center contains in i.a. the GSM-system the mobile

subscribers ' secret identification keys and this is uti¬ lized i.a. in securing the data protection to prevent misuse of the mobile subscriptions and to maintain the radio traffic secrecy. The network can be a public tele- phone network, as is well known, but according to the invention in applications demanding high data security, a dedicated network 6. Information about e.g. the amount to be paid as well as data required to identify the A- and B- subscribers are transferred in the phone calls.

To build up the connections, the system comprises the service connecting point 7, to which has been linked a service control point 8, containing the data about the services available to the subscriber. The control and management devices are essential for the access to the services of the service provider, e.g. in audio-applica¬ tions a person-aided 9a, e.g. a call-management program intended for operator use in a CallCoordinator 2 operating in local area network PC- or minicomputer environment, or an automatic telephone service system 9b, e.g. a Periphoni- cs VPS or IBM DirectTalk/6000 or some other micro- or minicomputer intended for voice processing, and in data applications a telematic service system 9c, with connec¬ tions via the service connection point 7 to the services of the service provider.

In the voice-applications the telephone service system com¬ prises a PABX 10, e.g. Meridian, an data adapter 11 linked to the PABX, e.g. Meridian Link for switching of the A- and B-numbers to the talk- and data session, an automatic talk control system 12, e.g. Meridian ACD, a possible PABX network 13, e.g. Meridian, a host computer 14, e.g. host- machine IBM or Tandem, a service application to be run in the host computer 15.

The data terminal equipment can be at e.g. the store pay- desk, where the customers puts his own pay (service) card in the terminal, i.e. the GSM-telephone's card reading

device. In the method the charging of the transactions of the card holder is based on the SIM-card and the GSM-net¬ work standard, according to which the SIM-card in the GSM- terminal card reader reserves the equipment based on the SIM-card user data. The GSM-terminal is visible to the network-operator as a personal transaction of the card holder. The payer enters his card identification number into the terminal. After having approved the identification number given by the payer, the GSM-network terminal is switched to the GSM-network, if permitted by the system. The payer selects the transmitter of the transaction, e.g. a bank, a credit company, based on which a call is placed to the transmitter's payment system. When the connection is set up via the dedicated network 6, the system of the transmitter's payment system asks for the amount to be paid and requests the payer to confirm the amount. After having approved the transaction, the payment system returns the identification number. The payment terminal utilizing the GSM-network produces a receipt to the customer for the transaction and records the transaction in the cash regis¬ ter.

In the system the same call gets in connection with the payment system of the payee for a simultaneous securing of the usability of the card, and with the network operator to charge for the use of the phone.

The system also enables the offering of free services via the network, because the payer of every transaction in the GSM-connection can be defined so that the payee or another party is charged if utilizing in the GSM-network the pay¬ ee's free service number, a collect call or alike.

Generally a computer system is built around the GSM-termi- nal, which system contains the local database, the storage and the programming intelligence providing the peripheral devices required for the invoicing and cash registering. The identification of the card issuer i.e. the service

provider, e.g. the store, bank, etc. can be made in the SIM-card blank. The SIM-card can, if required, be furnished with a magnetic stripe and card embossing. The SIM-card or a corresponding micro-chip can be programmed and altered so that when putting the card into the data terminal equipment it automatically calls the transaction processing system of the service provider, e.g. the central payment transmission system.

Due to the high data security demands in banking and pay¬ ment applications, the banking and payment application connections taken from the GSM-network are connected from the mobile telephone exchange MSC 4 to the dedicated net¬ work 6. The dedicated network 6 consists e.g. of N*2Mbps connections. The use of the dedicated network 6 aims at preventing unlawful use of the services, which at present is possible when using the public telephone network.

In the banking services, the bank customer places the bank service card containing the SIM-unit in the GSM-network terminal. In telephone based banking services the terminal can be a standard GSM-telephone. In databased banking services the terminal can be a microcomputer and a banking service program linked to the GSM-telephone. Thus a suffi- cient storage and programming intelligence for the data processing and transmission is contained in the data termi¬ nal itself or linked to it, as is well known. To the termi¬ nal, e.g. Motorola MicroTac-phone serial port can be linked a microcomputer (data processing device) and/or a display, keyboard and means to control these.

The banking services are handled by calling the bank relat¬ ed service numbers, the B-number, based on which is searched from the service database linked to the customer's A-number i.e. the customer's service profile (AUP= A user profile) the customer's account number/(s) and information about available banking services. From the accounts linked to the customer's AUP, means can be transferred to other

accounts, bills can be paid, or bills contained in the bill basket linked to the AUP can be approved or rejected. The bill basket is a system to which the invoicing parties deliver their invoicing material, from which the payers can approve or reject payments addressed to them.

In the banking service application the customer feeds his card into a device contained in the GSM-network terminal. The customer enters his PIN-code. The GSM-network terminal makes a local PIN-code checking according to the GSM-stan- dard. If the PIN-code is correct, the customer can get in connection with the bank. In case the PIN-code is incor¬ rect, the customer can try again a limited amount of times according to the GSM-network's SIM-standard. The SIM-unit has been initialized for banking and payment applications in a state that always demands the PIN-code. When the amount of consecutive faulty entries permitted by the PIN- code is exceeded, the card is locked and its re-opening requires a so called PUG-code which is longer than the PIN- code. When the entry is correct, the customer selects the banking service number. Based on the customer's A-number the services available to the customer are searched from the customer's database. The customer attends to his bank¬ ing affairs by phone or by the home computer and thereafter cuts off the connection.

When paying by pay card, the payer's card is fed into the payment data terminal and the shopkeeper (cashier) enters the code of the payment transmitter selected by the payer (bank, credit company, etc.) and the amount to be paid. The payer enters his PIN-code. As described above, checking is done, whereafter based on the customer's A-number the account (bank account, credit account, or alike) to be charged is searched from the data base maintained by the teleoperator or the payment transmitter. After having approved the transaction, the payment system sends to the seller a consecutive approval number for the registration of the transaction and for the producing of the receipt.

The approved transaction is credited to shopkeeper's ac¬ count with the amount paid. In case there is not a suffi¬ cient cover in the account or if the transaction for some other reason cannot be approved, the payment system sends a rejection message.

The payment data terminal contains i.a. a display, a key¬ board, a receipt printer, a possible link to the cashier system, a reader etc. as well as the above mentioned SIM- card reader and the GSM-network terminal equipment.

The Mega Service Center operates as the service card system maintenance center, in which different service providers' services related to the service cards and/or A-number identity are administrated, and in which the customers with the help of their A-number identity can change their ser¬ vice profiles (AUP) and easily and safely handle different transactions. The Mega Service Center is a person aided 9a or an automatic telephone 9b or a telematic 9c system (computer supported data service system), from which the customer's telecommunication connection is transmitted to the services available to the customer.

The invention has above been described with reference to one of its favorable forms of application. The invention is not to be considered as so limited, but all modifications within the scope of the inventive idea defined by the claims are naturally applicable.