FIELD OF THE INVENTION The present invention relates generally to authentication of authorized personnel and in particular to a method and system for remotely setting user authorization.

BACKGROUND OF THE INVENTION Online transactions enable a convenient purchasing of goods and services, usually by various communication devices, such as automatic teller machine (e. g., terminals), cellular or line telephones, WAP enabled personal assistants etc. Various security measures may be taken to authorize the transactions. For example, US Pat. No.

4, 868, 900 to Mcquire et al. describes a point-of-sale credit card verifier, which switches on a verifier when information regarding invalid credit card is about to be transmitted on VHF radio broadcast. More recently, US published patent application no.

2002116285 (Ito) describes a method for performing a transaction using a mobile communication system. This system involves delivering products from vendor (e. g., merchant) to a client, after reception of receipt infonnation from a network accounting server. Nevertheless, it is widely acknowledged that many clients, merchants and credit card companies do not find those verification techniques to be sufficient.

Moreover, many daily procedures require a predetermined allowance by an authorized identity. For example, access of an identified car to a car-park by a subscriber is a procedure that the owner of the car-park might need to authorize. Similarly, access of a subscriber to a sports club or to certain restricted areas should be verified and authorized. Thus, a means of authorization is widely required.

SUMMARY OF THE INVENTION It is thus an object of the present invention to provide a secure, rapid and efficient method for activating/deactivating the permission status of a user to execute a predetermined authorized procedure, characterized by a step of on/off-switching of said permission status by a means of an identifiable communicating device.

It is in the scope of the present invention, wherein the aforementioned method is useful for activating/deactivating the permission status of a user to execute a predetermined authorized procedure. Such a method comprises communicating a central data and processing center (CDPC) gathering up-to-date data concerning status of the permission status with the participants selected from a customer; a merchant; an owner of an identifiable device or identifying means; a user, owning the identifiable communicating device; and an owner of the identifiable device or identifying means, identity of the merchant. Said communication is provided by a means of said identifiable communicating device.

According to a first aspect of the invention, there is provided a method for activating/deactivating the permission status of a user to execute a predetermined authorized procedure, the method comprising : (a) receiving data indicative of a permission status to be associated with a permit in respect of an owner thereof, said data being amenable to repetitive changeover by said owner; (b) maintaining a database of permit identifications and corresponding permission status so as to reflect an instantaneous permission status of each permit; (c) receiving from an authorized party an identity of a specific permit during execution of a procedure carried out using said permit; and (d) communicating to the authorized party data indicative of the permission status during execution of said procedure.

According to a second aspect of the invention, there is provided a method for activating/deactivating the permission status of a user to execute a predetermined authorized procedure, the method comprising: (a) conveying to a central repository data indicative of a permission status to be associated with a permit in respect of an owner thereof, said data being amenable to repetitive changeover by said owner, so as to permit the central repository to maintain a database of permit identifications and corresponding permission status so as to reflect an instantaneous permission status of each permit; and (b) using the permit during execution of a procedure to query the database and allow the central repository to communicate to an authorized party data indicative of the permission status during execution of said procedure.

According to a third aspect of the invention, there is provided a permit comprising: an encoding unit for encoding a unique identification of the permit; a changeover switch for allowing repetitive changeover of a permission status of the permit ; and a communication interface for communicating with a central repository maintaining a database of permit identifications and corresponding permission status so as to reflect an instantaneous permission status of said permit.

According to a fourth aspect of the invention, there is provided an authorization unit for activating/deactivating the permission status of a user to execute a predetermined authorized procedure, the authorization unit comprising: a first interface for receiving data indicative of a permission status to be associated with a permit in respect of an owner thereof, said data being amenable to repetitive changeover by said owner; an update unit coupled to said interface for updating a database of permit identifications and corresponding permission status so as to reflect an instantaneous permission status of each permit;

a second interface for receiving from an authorized party an identity of a specific permit during execution of a procedure carried out using said permit; and a communication port coupled to the second interface for communicating to the authorized party data indicative of the permission status during execution of said procedure.

Thus, the method according to the invention is effective to ensure that the procedure application is authorized only in one case, wherein the user either owns or is legitimately associated with the identifiable device or identifying unit, or wherein an authorized user wishes to apply the procedure subject to the previously given permission of the owner.

More specifically, it is in the scope of the present invention, wherein the aforementioned procedure is selected, yet not limited to purchasing or rendering services or goods or usage or alternation of the status of credits, accounts, codes, databases, communication lines, communication networks, computers, computer networks and access to any of the above and any combination thereof.

Preferably, the aforementioned merchant is selected, yet not limited to any identity providing merchandise or goods or services relating to either usage or alternation of the status of credits, accounts, codes, databases, communication lines, communication networks, computers, computer networks and access to any of the above and any combination thereof. Additionally or alternatively, the aforementioned identifiable device is selected from credit cards, smart cards, club cards, customer cards, telephone cards, entrance cards, access permits, identity cards, driving licenses and any combination thereof. Moreover, the aforementioned'identifying means'is selected from PIN or personal identification code, biometric identification, personal ID parameters, predetermined signs comprising at least one of the group of numbers, characters, symbols, voice or vocal characteristics, biometric characteristics and any combination thereof. In addition, the aforementioned'identifiable communicating device'is selected from line telephone or cellular phone, PC, a server, a network- computer, a terminal interconnected to a computer network and/or palm pilot having a

communicating means, MIRS, coded radio or optical communications transceiver and any combination thereof.

It is also in the scope of the present invention, wherein the procedure to be authorized is purchasing of goods or services; said purchasing comprising the following participants: a customer, a merchant, an owner of a credit card and a user, owning the identifiable communicating device and a central data and processing center (CDPC) gathering relevant and keeping up-to-date data concerning the identity of the merchant, owner of the credit card and the available credit.

It is also in the scope of the present invention, wherein the aforementioned selective activation/deactivation is characterized by selectivity towards or conditioned by the identity of the customer and/or the merchant, the type of the goods or services to be purchased, the sum of the transaction, the currency used in the transaction, terms of the credit, the time of the transaction and/or to its occurrence in a specific hour in a day and/or day in a year and any combination thereof. This method is especially useful for activating/deactivating the permission status of credit cards to authorize a transaction, wherein said activating/deactivating is provided by means of an identifiable communicating device.

It is also in the scope of the present invention, wherein the aforementioned method procedure to be authorized is selected from access permission to a predetermined location, a subscription to services and any combination thereof. Additionally or alternatively, said method is useful wherein the remote procedure to be authorized is either usage or alternation of the status of credits, accounts, codes, databases, communication-lines, computers, computer networks and access to any of the above and any combination thereof.

It is also in the scope of the present invention, wherein the aforementioned communicating means is selected from the Internet, intranet, telephone line, computer LAN or WAN, PDF, properly coded SMS, GPRS, DTMF signaling, RF or optical communication means and any combination thereof.

It is still in the scope of the present invention, wherein the aforementioned procedure of activating/deactivating the permission status additionally comprises at least one of the following group: immediate or sustained activation/deactivation; online or offline activation/deactivation; singular or multiple allowance/abortion permissions; repetitive activation/deactivation; periodical, selective or non-selective activation/deactivation permissions and any combination thereof.

According to a further aspect of the invention there is provided an effective on/off- switching system useful for activating/deactivating the permission status of a user to execute a predetermined authorized procedure by means of an identifiable device or identifying means.

As an added value, it is important to allow the authorizing agent to apply or remove this authorization as necessary. This feature is achieved by an on/off authorization key.

Such an online switch enables the owner of a credit card or a property, for example, or a guard to authorize and allow the completion of selected procedures, such as credit transactions, access etc.

BRIEF DESCRIPTION OF THE DRAWINGS In order to understand the invention and to see how it may be carried out in practice, a preferred embodiment will now be described, by way of a non-limiting example only, with reference to the accompanying drawings, in which : Fig. 1 schematically generally presents a flow chart defining the method for on/off- switching according to the present invention; Fig. 2 schematically presents a means for allowing a transaction based on the state of the on/off switch as defined in another preferred embodiment of the present invention; Fig. 3 schematically presents another pathway for allowing a transaction as defined in another preferred embodiment of the present invention; and Fig. 4 schematically illustrating the various means usually utilized for the method defined in the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS The following description describes various embodiments for carrying out the invention. Various modifications, however, will remain apparent to those skilled in the art, since the generic principles of the present invention are defined specifically to provide a method and system for on/off-switching as defined and described below.

It is in the core of the present invention to provide for a useful method for an on/off- switching of a remote and predetermined authorized procedure. Such a method is generally adapted to activate/deactivate the permission status of a user to either authorizing or to executing aforementioned procedure by a means of an identifiable communicating device.

By way of non-limiting example, a method and system will now be described, wherein the remote procedure to be authorized is purchasing of goods or services. Thus, such an important embodiment of the present invention involves the following participants : at least one customer and merchant involved in the purchasing activity either directly, or in remote locations, via on-line or off-line communication. In addition, other identities that may participate in the purchasing transaction include an owner of a credit card ; a user, owning the identifiable communicating device; a central data and processing center (CDPC) gathering and maintaining relevant up-to-date data concerning the status of the permission switch, the means of card identification, the identity and means of identification of the card owner and, optionally, an identity of the merchant. It is well within the scope of the present invention that some or most of these identities are the same person.

The method generally comprising the following seven schematic operations: (a) The user initiates a communication with a CDPC by a means of an identifiable communicating device, in order to activate or alternatively to deactivate the use of a credit card.

(b) The CDPC then updates its lists and switches on or off the permission status of aforementioned user to authorize or to abort future transactions.

(c) At any time after or at the time of said on/off-switching, the customer presents a credit card to a merchant in order to purchase goods or services.

(d) At the initial step of the transaction, the merchant introduces the credit card or its details to a transaction terminal.

(e) The terminal initiates communication with the CDPC, frequently via a telephone line or other communications network.

(f) In response, the CDPC correlates between parameters, such as the transaction order and user identification, with the current authorization lists, as updated in (b).

(g) Lastly, after said correlation is completed, CDPC acts according to the one of two different alternatives: i) aborting said transaction in case the permission to use the credit card was switched'off, or, alternatively, ii) allowing said transaction to continue in case the usage permission of the credit card was switched'on'.

Usually, the above sequence includes a suitable notification. Hence, merchants may be notified in case of lack of credit-card usage permission, such as in the case of the owner having switched it'off ; the card owner may be notified or alternatively, asked to verify such a transaction; the owner and other identities may be promptly notified or alarmed in case of card misuse, such as in the case of initiating transaction in case of switched 'off credit card etc.

According to other embodiments of the present invention, the remote procedure to be authorized as described above is selected from access permission to a predetermined location, data, a subscription to services or reception therein and any combination thereof. It is acknowledged in this respect that the present invention provides for a secure entrance of authorized personnel, public or other, to certain locations where authorization is requires for entrance, stay or exit. Those places may be selected, yet not limited to libraries, laboratories, hospitals, dormitories, police or army zones, hotels, clubs, sport centers, prisons, offices, plants, banks, public buildings, enclosures, etc.

According to yet another embodiment of the present invention, the remote procedure to be authorized is either usage or changeover of the status of credits, accounts, codes, databases, communication lines, communication networks, computers, computer networks and access to any of the above and any combination thereof.

According to another embodiment of the present invention, the identifiable device is selected from credit cards, smart cards, club cards, loyalty cards, customer cards, telephone cards, entrance cards, identity cards, driving licenses and any combination thereof.

According to another embodiment of the present invention, the identifiable commun- cating device is selected from line telephone or cellular phone, PC, a network-computer, and/or palm pilot having a communicating means, MIRS, coded radio emitter and any combination thereof. The communicating means is preferably selected from internet, intranet, telephone line, computer LAN or WAN, PDF, properly coded SMS, GPRS, DTMF signaling and any combination thereof or any other means of communication technologically available.

According to another embodiment of the present invention, the procedure of activating/deactivating the permission status additionally comprises at least one of the following group: immediate or sustained activation/deactivation; online or offline activation/deactivation; singular or multiple allowance/abortion permissions; repetitive activation/deactivation; periodical, selective or non-selective, conditional or non- conditional activation/deactivation permissions and any combination thereof.

Preferably, the selective or conditional activation/deactivation is characterized by selectivity towards the identity of the customer and/or the merchant, the type of the goods or services to be purchased, the sum of the transaction, the currency used of the transaction, terms of the credit, the time of the transaction and/or to its occurrence in a specific hour in a day and/or day in a year and any combination thereof. Preferably a customer or user is a single person or a predetermined group of identities. Preferably

the conditions aforementioned can include different conditions pertaining to members of the group.

Hence, in the case where the group is a family, permission conditions can apply to limiting one member of the family (e. g. a child) to purchasing up to a predetermined purchase ceiling, to a limited assortment of merchandise or services, to certain time constraints, to particular locations or any combination thereof. Each of the other members of the group will be associated with other conditional constraints.

Reference is made now to figure 1, schematically presenting one mode of the present invention. The customer initiates communication with the CDPC to activate or to deactivate credit card usage or any other identifying object.

Reference is made now to figure 2, schematically presenting a flow chart defining a preferred mode of the method of applying the on/off-switching status to a remote and predetermined authorized procedure according to the present invention. Here, the customer credit card (or any other identifying means as defined above) is presented, preferably to a terminal, in order to initiate a transaction, or alternatively, in order to authorize any relevant procedure. The terminal then initiates a communication with a CDPC, subsequently transmitting to the CDPC the customer credit card or permit number and/or any suitable identification of the customer. After that, the terminal requests customer permission status. If the permission is not granted, the requested transaction (or any other procedure as defined above) is aborted. Alternatively, if the permission is granted, the procedure is allowed to continue, and the transaction or the other procedure is carried out in its normal manner to completion.

Reference is made now to Figure 3, presenting a schematic flow chart of another mode of the present invention. As set forth at the above mentioned embodiments of the present invention, this preferred embodiment is not limited by any means to transactions in its limited scope, yet the issue of credit transaction is provided hereto as an example for any procedure required authorization. Hence, customer card or other suitable means for identification is presented to the terminal in order to initiate the required transaction.

Then, the terminal initiates the communication with the clearing house or data processing center, the terminal transmits transaction related information and/or any suitable identification to the clearing house. Now, the clearing house initiates communication with the CDPC, and transmits the said customer card number and, optionally, other identification required by the CDPC. Subsequently, the clearing-house requests customer permission status from the CDPC. While the clearing-house immediately aborts the aforementioned transaction in case that said permission is not granted, the clearing-house continues the processing of the transaction procedure whereat the permission is granted. It is further acknowledged that either inline and/or offline notification is possible along the above defined sequence, to any from the list of the customer, the merchant, the clearing house, the credit card company, the owner of the credit card, access controller and so on.

Reference is now made to Fig. 4, illustrating at least a portion of useable communicating means, suitable to participate along the pathway of online on/off- switching of a remote and predetermined authorized procedure. A mobile phone, e. g., cellular phone of any type or system (41), computers (42) or terminals (43) of any type <BR> <BR> are interconnected with the WWW, Internet, intranet, VPN, etc (i. e. , 44). This latter means (45) is in communication (45, Web linkage, for example) with any suitable CDPC (46). The CDPC is further interconnected with any cellular and/or RF link (47), and/or with a communication device (see line telephone 49) by means of a suitable PSTN telephone link (49A) or any other relevant means of communication.

It is also in the scope of the present invention to provide an on/off-switching system useful for activating/deactivating the permission status of a user to execute a predeter- mined authorized procedure by means of an identifiable communicating device.

The aforementioned system is especially useful for activating/deactivating the permission status of credit cards to authorize a transaction, wherein said activating/deactivating is provided by means of an identifiable communicating device.

It is still in the scope of the present invention wherein the identifiable communicating device is selected from line telephone or cellular phone, PC, a server, a network- computer, a terminal interconnected to a computer network and/or palm pilot having a communicating means, MIRS, coded radio emitter and any combination thereof.

Lastly, it is also in the scope of the present invention wherein the identifiable device is selected from credit cards, smart cards, club cards, customer cards, telephone cards, entrance cards, access cards, identity cards, driving licenses and any combination thereof.

It will also be understood that the system according to the invention may be a suitably programmed computer. Likewise, the invention contemplates a computer program being readable by a computer for executing the method of the invention. The invention further contemplates a machine-readable memory tangibly embodying a program of instructions executable by the machine for executing the method of the invention.