| WO2002023303A2 | 2002-03-21 |
| US20010007983A1 | 2001-07-12 | |||
| US20020165830A1 | 2002-11-07 | |||
| DE10114237A1 | 2002-09-26 | |||
| DE10315940A1 | 2004-11-04 | |||
| EP1489535A1 | 2004-12-22 |
CLAIMS
1. Method of using a service in a telecommunication network, which comprises a mobile terminal (1) and a service provider (3), between which there is a secured connection (4) for a code exchange service created and which have a service program for exchanging codes needed in payment sessions, which service provider (3) also has a program for payment sessions, whereby said codes are used to perform payments, in which method a) the service program performing the code exchange service is started, b) the service provider sends the codes needed for performing the payments to the mobile terminal (1), c) the mobile terminal (1) saves the codes, characterized in that d) the code exchange service is opened for use by means of a password, e) the program installed in the mobile terminal (1) for the code exchange fetches the right codes to use the service from the memory and the codes are presented on the screen of the mobile terminal (1), f) the codes presented by the mobile terminal (1) are used to perform the payment by means of the program of the service provider for payment sessions in such a way that the user performs the payment service by inputting the information needed for the payment session and the codes fetched from the mobile terminal (1).
2. Method of claim ^characterized in that the connection (4) between the mobile terminal (1) and the service provider (3) is secured by means of the SSL protocol.
3. Method of claim 1 and 2, characterized in that the service created is started in step (1) by sending a request from the mobile terminal (1) to the service provider (3) to use the code exchange service.
4. Method of any of claims 1 -3, ch a racte ri zed in that the codes are used in payment communication for which payment communication the client has an account and a user ID connected to the account.
5. Method of any of claims 1 -4, ch a racterized in that the codes used in step b) consists of a user ID and a series of keys and/or confirmation codes, whereby the series of keys/confirmation codes consist of separate keys and/or confirmation codes for each individual payment session.
6. Method of any of claims 1 -5, characterized in that in step c), the mobile terminal (1) stores the codes in the telephone memory or memory card of a mobile station.
7. Method of any of claims 1 -6, c h a ra cte ri ze d in that in addition to the right code to be used for the actual payment session, one or more of the forgoing codes are presented and also one or more of the following codes in turn.
8. Method of claim 7, characterized in that the right code for the actual payment session is distinguished from the foregoing and/or following code(s) by means of tone, size, font or other such things.
9. Method of any of claims 1 -8, ch a ra cte ri zed in that the telecommunication network also comprises a personal computer (5), whereby the user performs the payment session of step f) with the personal computer (5) and fetches the ID and the codes for the payment session from the mobile terminal and performs the payment session by inputting the information needed for the payment and/or the codes fetched by the mobile terminal (1).
10. Method of any of claims 1-8, characterized in that the user performs the payment of step f) with his mobile terminal (1), whereby the payment is performed by fetching the identifier and the codes for the payment from the memory or memory card of the mobile terminal (1) directly to the payment and by inputting other information needed for the payment.
11. System for using services in a telecommunication network, which comprises a mobile terminal (1) and a service provider (3), which service provider (3) has a program for payment sessions, whereby codes are used to perform the payment sessions, whereby the mobile terminal (1) and the service provider (3) has a service program for exchanging the codes needed in the payment sessions and there is a secured connection (4) between the mobile terminal (1) and the service provider (3) for the code exchange service created, whereby the codes needed for the payment can be received through said secured connection with the code exchange program in the mobile terminal (1) and thereafter they can be stored and the code exchange program at the service provider (3) can be used to send the codes needed to the mobile terminal (1) through said secured connection, characterized in that, the code exchange service program in the mobile terminal (1) is opened by means of the password and it presents the right codes needed for the actual payment to use the service from the memory on the screen of the mobile terminal (1).
12. System of claim 11, characterized in that the connection (4) between the mobile terminal (1) and the service provider (3) is secured by means of the SSL protocol.
13. System of claim 11 or 12, characterized in that the codes consist of a user ID and a key series and/or confirmation codes for the payment session, for which payment session the client has an account, and a user ID connected to the account.
14. System of any of claims 11-13, characterized in that one or more of the forgoing codes are presented in addition to the right code for the actual payment session and one or more codes of the following codes being in turn, whereby the right code for the actual payment is distinguished from the foregoing code or codes and/or from the following code or codes by means of reflection density, size, font or other such property.
15. System of any of claims 11 -14, characterized in that there furthermore is a personal computer (5) in said telecommunication network with which the payment is performed.
16. Computer program, c h a r a ct e r i z e d in that it comprises program code means arranged to perform the method, the method steps a) to e) defined in any of claims 1 -10 when performing the program in a computer. |
METHOD AND SYSTEM FOR USING SERVICES IN A TELECOMMUNICATION NETWORK
TECHNICAL FIELD
The invention is concerned with a method and system for using services in a telecommunication network, which comprises a mobile terminal and a service provider, between which there is a secured connection for service created. The invention is especially intended for a service to be used in a payment session.
BACKGROUND ART
It is known that banks are using bank security identifiers and use keys, with which the bank client has access to his own bank account via an Internet, telephone or other such connection. It is also known that the bank client gets this personal information printed on paper for example by fetching them or delivered home by mail. As the identifiers and keys delivered are numeral information in a known way and partly changing and for one-time use, the client of the bank has to keep the papers with him always when the bank services are needed.
Furthermore, it is known to preserve different personal information in a mobile terminal, also in a secure form. It is, however, not possible to keep bank identifiers and use keys in a useful form in these programs. It is also difficult to input data to these programs.
The object of this invention has been to develop a solution which enables a more practical and secure method to handle bank services than in prior art.
SUMMARY OF THE INVENTION
In the method of the invention, services are used in a telecommunication network, which comprises a mobile terminal and a service provider, between which there is a secured connection for the service created. In the steps of the method, the service program that performs the service is activated, the service provider sends the codes needed to use the service to the mobile terminal and the mobile terminal saves the codes.
The mobile terminal belonging to the system of the invention has a program to use the service for payment sessions. The codes needed to use the service can be received with the program through a secure connection and thereafter saved. The service provider has a program with which the codes needed can be sent to the mobile terminal in order to use the service through said secure connection.
The preferable embodiments have the characteristics of the subclaims.
In this invention it is possible to have a service program working in a mobile terminal, for example in a mobile phone, which saves the bank identifiers of the owner of the terminal and the use keys in a secure form, and a bank program, with which the terminal is in contact. New and updated bank identifiers and use keys can be sent to the terminal from the program.
The system of the invention thus comprises a service program in the mobile device and a program in the data system of the bank, which communicate with each other via some encrypted protocol known in itself over a wireless radio network in such a way that only these parties understand the content of the information to be transferred. It is also important that the user of the mobile terminal is identified in a trusted and safe way.
Both the program at the mobile device and the bank can be implemented to each bank ' s own way to use bank identifiers and use keys. The program of the mobile device can handle the security identifiers of each bank and use keys in the way the bank has defined and present and use the one-time identifiers in the right running order and preferably also show the used identifiers and possibly the following identifiers in some way, for example with a lighter tone. New identifiers can be sent in accordance with different practices, for example by requesting, by given intervals or when the program of the service provider notices that a given amount of codes have been used and new ones probably are needed.
The programs of the mobile device and the bank belonging to the invention have numerous advantages.
The programs identify the user in a secure way and the bank client always has the security codes needed in his mobile device and the use keys in a safe way with a strong encryption known in itself in an encrypted security mode. The user only has to remember one password chosen by himself with which he can access all information wanted at the same time. Even if the mobile device would be lost or stolen, the data can not be accessed in contrary to actual paper or plastic outprints that usually are carried in a wallet or in a corresponding way.
It is also a considerable advantage that the transferring of new security codes and use keys to the mobile device is performed by means of a secured data transfer per radio and that the information thus not necessary need be stored manually in the mobile device. In other words, the bank does not need to send the security codes or use keys in form of paper prints. This is a considerable improvement with respect to data security and cost saving.
It is also an advantage that the data connection per radio is not bound in the mobile device to a given technique. Instead, the invention can be performed with
the best actual technique a by the mobile device in order to form a transfer connection. It can be e.g. GSM data, GSM modem, GPRS, EDGE, 3G or any other technique supported by the mobile device.
In the following, the invention is described more in detail by means of a figure to which the invention is not restricted. One skilled in the art understands that the details of the embodiments presented and also the system of the identifier and other input systems can vary in accordance with different bank practices.
FIGURES
Figure 1 presents an architectural view of an environment in which the invention can be implemented.
Figure 2 is a presents a signal diagram of a preferable embodiment of the invention.
DETAILED DESCRIPTION
Figure 1 presents an example of a telecommunication network in which the invention can be implemented. The telecommunication network of figure 1 comprises a mobile terminal 1 and a server 3 of a service provider having a connection to internet 2. The mobile terminal can be mobile phone, a laptop, a so called communicator or other wireless device, preferable a portable device. The service provider is for example a bank offering bank services for instance for payment sessions. There is a secured connection 4 between the service provider 3 and the mobile terminal 1 for the service created. The secured connection is known in itself, for example a SSL connection.
One known protocol is SSL (Secure Sockets Layer), which is developed for transferring individual documents over internet. SSL works by using a secret key over the SSL connection in order to encrypt transferred data. Both Netscape Navigator and Internet Explorer (browsers, with which internet pages can be seen) support the SSL protocol and many web sites use this protocol for receiving confidential information, such as credit card information. Usually, the internet addresses that work with an SSL connection begin with the letters https, whereas unprotected ones usually begin with the letters http.
Another protocol to transfer information in a secure way in internet, such as over the World Wide Web network (the most common internet server system), is Secure HTTP (S-HTTP). SSL creates a secure connection between the client and the server, and S-HTTP is designed to transfer individual messages in a secure way. Both protocols are standards accepted by the organ Internet Engineering Task Force (IETF).
It is, however, not essential for the invention which security protocol is used. It can be any desired security or encryption method. For the time being, the primary practical secure connection has meant to be the SSL protocol.
The service provider, in this case a bank, has a program with which payment sessions can be performed from a given account. A password is needed to access the service. In order to perform the payment session itself from the account, a user ID and a user key are needed and possibly also a confirmation code. The use of these passwords, user IDs and confirmation codes is individual for each bank and in practice they are used a little differently.
So that the mobile user could use the payment service offered by the bank, there first has to be an account to which the service is connected and also a user ID
defining the user having the right to use the service, with respect to this given account.
Furthermore, a connection has to be defined along which the service for this user and this account works. Primarily, it has been the intention in the invention that the payment traffic itself, in other words the payments, would be performed from a personal computer (PC) marked with reference number 5 in figure 1. Thus, the service for this user and this account works via connection 6 in figure 1.
Another possible embodiment is such an embodiment, wherein the user himself performs the payment session from the mobile terminal 1 , either via the connection 4 or via another connection between some other mobile terminal and server 3.
Figure 2 presents a signal diagram of an advantageous embodiment of the invention.
So that the user could use the service of the invention, the mobile terminal has a program with which codes necessary to use the service can be received via a secured connection between the mobile terminal and the service provider and thereafter they can be stored in the mobile terminal. The service provider has a program with which codes needed to use the service can be sent with the mobile terminal through said secured connection.
The user has received the program in this mobile terminal from a bank or other distribution channel to be stored in the mobile terminal, for example in a mobile station, to which the connection between the mobile terminal and the server has been defined. The user installs this program to his mobile terminal, such as to a mobile station.
When the user wants to use the service for the first time, the user starts the service in step 1 in figure 1 and the program sends the request in step 2 to the service provider.
So that the mobile terminal could identify the user in a trusted way in step 2, the bank has given the first identifiers to the user after the installation of the program which he stores in the program of the mobile device. Thereafter, the program can contact the system of the bank (which now is done in step 2) and open the service in a trusted way.
In step 3 in figure 1 , the program of the service provider sends the codes needed to use the service after having identified the user, i.e. the user ID and a key series and possibly also confirmation codes, if such codes are needed.
In step 4 in figure 1 , the program installed in the mobile terminal stores these codes automatically in the memory of the terminal.
If desired, the screen of the mobile terminal can in step 5 of figure 1 get a message of successful storing of the codes.
When the user wants to use the service for example for performing some payment, he inputs the password needed to open the service program in step 6 of figure 1 which, action opens the service (step 7).
The program now searches the user ID needed and other necessary codes (the key and possibly a confirmation code needed to perform the payment session) from the memory (or memory card) of the mobile terminal in step 9. These are sent to the screen of the user in step 10.
The user can now input the payment information, the user ID and the confirmation numbers in step 11 in the payment program working on the
computer (step 12), which program sends the payment to the bank in step 13 in a previously known way.
When the codes/keys are almost used, this service program requests the bank to send new identifiers with requirements of another type.