DE MORAES FABRIZIO VARGAS (BR)
MORELLI MARA REGINA (BR)
DE MORAES FABRIZIO VARGAS (BR)
| WO2001031840A1 | 2001-05-03 |
| US20040139014A1 | 2004-07-15 | |||
| US20060136739A1 | 2006-06-22 | |||
| EP1772832A1 | 2007-04-11 | |||
| US20030204725A1 | 2003-10-30 |
CLAIMS
1. A system and method for the transfer of credits with the use of a mobile device comprising means for access of a payer to a financial credit institution, at least one location where the credit is to be made available (19, 20) to a payee and a set of data communication means (14), characterized by comprising a credit authorization unit (18), a provider (16) having a memory able to store at least one specific software application capable of generating onetime passwords (OTP) as well as means to transfer the said software application to the memory of a mobile device (15) carried by a payee, and also a unit for authentication ( 17) of one-time passwords (OTP).
2. A system, as claimed in claim 1, characterized in that the said mobile device (15) comprises means for processing programs and data.
3. A system, as claimed in claim 1 or claim 2, characterized in that the said mobile device (15) is able to establish wireless communication links.
4. A system, as claimed in claim 1, characterized in that the said payer is an individual, a company or an institution that is the owner of credits or amounts at a financial institution associated with the said credit authorization unit. 5. A system, as claimed in claim 1, characterized in that the said location where the credits are to be made available is provided with an element selected from the set which comprises automatic teller machines (ATMs), teller desks of financial institutions, checkout counters of commercial establishments, point of sale terminals and equivalent elements. 6. A system, as claimed in claims 1 to 5, characterized in that the said authorization unit is provided with means for communicating, via a public or private network, with the said automatic teller machines (ATMs), teller offices of a financial institution, checkout counters of commercial establishments, point of sale terminals and equivalent elements.
7. A method for transferring credits with the use of a mobile device, characterized in that a credit is made available thereby to a payee previously registered at a financial credit institution, such registration being performed by a payer that is the owner of the credits or amounts at the said institution, the said use of the cited credit being conditional upon the use of a one-time password (OTP) generated by software installed in a mobile device carried by the said payee.
8. A method, as claimed in claim 7, characterized by comprising the transfer to the said mobile device, from a software application provider accessed via any means of communication, of a software application program capable of generating one-time passwords (OTPs). 9. A method, as claimed in claim 7 or claim 8, characterized in that the generation of the said one-time password (OTP) is conditional upon a prior process of activation of the mobile device after the said one-time password (OTP) generator software was loaded therein.
10. A method, as claimed in claim 9, characterized in that the said activation process comprises a process whereby the mobile device (15) is enabled to generate one-time passwords (OTPs), that are unique for that device, that user, at that exact moment.
11. A method, as claimed in any of the precedent claims, characterized in that the performance of a transaction of utilization of the transferred credits comprises the following steps: reception by the payee, via any means of communication, of a message informing the availability of a certain credit; confirmation, by the authorization unit (17) of the activation of the payee's mobile device; displacement of the payee to a location where the credit is to be made available; access of the payee to the authorization institution using any means of communication; running, by the authorization institution, of a software program in the credit authorization unit to request an OTP password to conclude the transaction; running of the software application by the payee in the mobile device
(15), by keying in his or her personal password and other data required for the transaction; generation, by the application software, of an OTP password, using data that comprises the said personal password and the registration code and other data of the transaction; sending of the OTP password to the credit authorization unit (18); transmission of the said OTP password by the credit authorization unit to the OTP password authorization unit (17); - if the OTP password is authenticated by the OTP password authorization unit, an information is provided to such effect by the latter to the credit authorization unit (18); release of the credit by the credit authorization unit at the location where the credit is to be made available. 12. A method, as claimed in claim 10 or claim 11, characterizedat the said one-time password (OTP) is only recognized by an OTP password authorization unit (17) wherein the information pertaining to that device (15) was already previously registered. |
"A SYSTEM AND A METHOD FOR TRANSFERRING CREDITS USING A MOBILE DEVICE"
Field of the invention The present invention refers to a system for transferring credits that is implemented by data handling equipment, and more particularly refers to the transference of credits using processing resources present in mobile devices such as cellular telephones, handheld computers and palm tops.
Description of the prior art
Systems and methods for transfer of information by means of computer networks are already known and widely used. Thus, for example, electronic mail messages may be sent by means of internet systems, and this medium may further be used for transferring funds. However, many of the known methods require that both individuals or entities involved in the transaction have access to a common means of transfer. In this regard, there are commonly known systems that allow the holder of an account at a certain bank to instantaneously transfer funds to another holder of an account at the same bank. In the case that the payee is the holder of an account at another bank, the known systems allow the transfer of funds by means of an interbank transfer operation named DOC in Brazil, and in such cases the funds are credited to the account of the payee only on the first day subsequently to the transaction.
In patent document No. US 5,963,647 "Method and system for transferring funds from an account to an individual" there is described a system and method intended to allow transfers to payees that are not holders of an
account at the same banking institution of the payer. The operation comprises the transmission of a first password created by the payer, together with a second password that is randomly generated by the system, where both passwords are informed to the payee. More specifically, the payer uses his/her magnetic card at a terminal, and must also insert/inform his/her PIN number; furthermore, the method includes the insertion of complementary information such as a name, a secret password having 6 or more digits, the amount to be transferred, the name of the payee, the address of the payee, the number of the account to be debited, etc. Upon the payer having confirmed such data, that is displayed onscreen, the terminal prints a record of the transaction wherein is included a reference number generated at the terminal and which will be informed to the payee together with the secret password and the amount of the transfer. With this information, the payee uses an ATM to withdraw the funds, without needing to use a card. Still according with the above mentioned document, the payer's account will only be debited upon withdrawal of the corresponding amount by the payee.
Among the drawbacks of the above invention, there may be cited the lack of security, since the codes are transmitted by telephone. Furthermore, if the payee does not withdraw the funds immediately upon receiving the above cited information, it might happen that the payer comes to use, for other purposes, an amount from his or her account that results in an account balance of a lesser amount than that which is intended to be paid to the payee, who in such case will be unable to proceed with the said withdrawal due to lack of sufficient funds in the account.
In patent document No. WO 2007/061505 "Internet funds transfer using ATM pickup" there is described a method whereby the payer accesses a specific Web page, and fills the appropriate fields therein with data to identify the payer and the payment vehicle to provide the funds for the transfer. A central system generates an authorization code for the transaction, which is informed to both the payer and the payee, online, thereby entailing a security breach since online transmissions are subject to being intercepted.
Objects of the invention In light of what has been set forth above, one object of the present invention consists in the provision of a credit transfer system able to provide enhanced security protection against interception as compared with the systems known in the art, in addition to obviating the need of magnetic cards of any type, or equivalent means such as optical cards, induction cards or cards equipped with chips, in order to use the credit.
One other object consists in the provision of a credit transfer system capable of being used in a wide variety of situations, comprising the withdrawal of cash at an automatic teller (ATM), at the teller office of a financial institution, or yet in a transaction conducted at a point of sale of a commercial establishment.
Brief description of the invention
The above and other objects are achieved by the invention by means of the provision of a system that comprises means to allow a payer to access a financial credit institution, a credit authorization unit, a mobile
communications device carried by a payee, a specific application provider, a password validation unit, at least one location where the credit is made available and data communication means interconnecting all the elements that constitute the system.
According to another characteristic of the invention, the said financial credit institution may consist in a bank, a credit cooperative, a mutual assistance institution, a credit card management entity, etc.
According to another characteristic of the invention, the said mobile device consists in an electronic apparatus intended for personal use, provided with means to process application software programs stored in a memory.
According to another characteristic of the invention, the said electronic apparatus for personal use consists in a cellular telephone, a handheld computer, a palm top or similar device.
According to another characteristic of the invention, the use of the credit is released by means of a single instance password (OTP - one time password).
According to another characteristic of the invention, such single instance password - OTP - can only be generated solely and exclusively at that exact moment, by the software application installed in the payee's mobile device, upon the insertion of the payee's personal password. This password is not transmitted by any means of communication, either public or proprietary.
According to another characteristic of the invention, the use of the credit by the payee is conditional upon the activation of the respective mobile device, the said activation comprising the generation, by the said software application, of a registration code which in addition to being stored in the memory of the said mobile device, is transmitted to a password validation unit and stored therein. The said registration code is used by the cited validation unit to authenticate the single instance password OTP.
According to another characteristic of the invention, both in the generation of the registration code and in the generation of the OTP password by the said software application, there is used identification data associated with the payee, as well as a personal password of the payee.
Description of the figures The remaining characteristics and advantages of the invention will become more apparent by means of the description of a non-limitative embodiment thereof, which is hereby provided as an example, and of the figures referring thereto, wherein:
In Figure 1 there is depicted the proposed system in one of its preferred embodiments, by means of a functional block diagram.
In Figure 2 there is illustrated the part of the system that participates in the initial phase of the proposed method.
Figure 3 is a flow diagram whereby is illustrated a first part of
the presently proposed method, comprising the provision of availability of credit transactions by the initiative of the payer.
In Figure 4 there is illustrated the part of the system that participates in the process of activation of a mobile device, according to the principles of the invention.
Figure 5 is a flow diagram whereby is illustrated the second part of the presently proposed method, to wit, the process of activation of a mobile device intended for the personal use of the payee.
In Figure 6 there is depicted the portion of the system that participates in the process of provision of the transfer of credit to the payee.
Figure 7 is a flow diagram whereby is illustrated the third part of the presently proposed method, to wit, the process of provision of the transfer of credit to the payee.
Detailed description of the invention As shown in Fig. 1, the proposed system consists, on the payer's side, of means to access the financial institution where the payer keeps an account, such access being possibly provided by communication equipment, selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13. The system further comprises a public
communication network 14, able to transmit voice and data by means of a physical line or via radio / cellular communication, a mobile device carried by the payee, which in the present example consists in a cellular telephone 15, a specific software application provider 16 enabled with means for external access from the said public network, a password validation unit which may consist in data processing equipment 17 able to be accessed from the said public network, as well as a credit authorization unit 18 associated to the financial entity wherein the payer holds an account, where the said authorization unit controls, by means of a data communications network, a plurality of financial service terminals 19 and 20. The said terminals may be connected by means of a specific network, such as, for example: X25, frame relay, ISDN, ADSL or equivalent. In the figures that exemplify the system, such terminals are represented by ATM's - automatic teller machines, that is, self-service electronic terminals - however, such terminals may consist in bank branch tellers, checkout counters or points of sale in shops, supermarkets or equivalent establishments, etc., where the places where such terminals are located are generically designated as "credit availability provision locations". In addition to the said specific software application, the system uses other software applications, comprising among others, the payees recording software, the communication software and the software for access via radio, etc.
According to the principles of the invention, the presently illustrated system may be split into various modules, each module corresponding to a given functionality. Such functionalities comprise the following: - Registration of one or more payees at the financial institution, performed by the holder of the account;
Registration and activation of the cellular apparatus of the payee; Funds transfer transaction.
Fig. 2 shows, in the form of a block diagram, the units of the system that participate in the first of the above functionalities, which consists in the registration of one or more payees. The process that corresponds to this functionality is illustrated by the flow diagram of Fig. 3, the first part of the method, which consists in the process of provision of availability of credit transactions, including therein the registration of payees. Initially, the payer accesses the services of a credit authorization institution, by means of a connection established using a cellular telephone 10, a fixed line telephone 11 , a computer terminal 12, an ATM terminal 13 or any other means allowing access to the data or voice communications network 14. Such payer may be an individual or an institution that owns credits or values at a credit authorization institution, where the latter may consist in a bank, a financial credit entity, a credit cooperative, a credit card management entity, etc. Upon effecting the said access, the payer requests, by means of a menu or by another means, a credit transfer service to a certain payee. If the latter has not yet been registered at the authorizing institution, the payer provides the necessary data for registration, and the said data is entered into the database of the said institution. More specifically, the database may be comprised in an authorization unit 18. Once registered, the system checks whether the mobile device of the payee was activated, and if it was not activated, it sends a message (dashed line in Fig. 2) to notify the said payee on the need to activate, such activation comprising a second part of the proposed method, as will be described in the following.
In Fig. 4 there are illustrated, by means of a block diagram, the system units that participate in the activation of the payee's mobile unit, where the corresponding process is that which is detailed in the flow diagram of Fig. 5. According to Figures 4 and 5, the process of activation takes place upon the receipt, by the payee, of a message (dashed line) issued by the credit authorization institution or by the OTP password authorization means, requesting the payee to perform the activation process steps. The initial step comprises the copying of the specific software application stored in the provider 16, where the said copy may be provided by means of any digital medium that allows the transfer of information, such as a CD-ROM, the Internet or a digital radio communications link. Preferably, this copy is loaded directly to the mobile device by means of a wireless connection. Upon this copy being secured, the specific software application should be installed in the mobile device and initialized. Such initialization comprises the reception of an initialization code supplied by the OTP password authorization means 17, and the said reception may be effected automatically by means of a radio connection between the mobile device and the said OTP password authorization means by means of the communication network 14. Alternatively, if such automatic reception does not take place, the payee shall be due to obtain the initialization code using any means of communication, such as by e-mail, letter, facsimile, telephone, Internet, WAP network or SMS, entering this code manually in the mobile device. To complement the said manual entry, the payee defines a personal numeric or alphanumeric password, that is also keyed in the mobile device upon being requested by the specific software application. This data is processed by the mobile device in accordance with the instructions comprised in the specific software application, further combining unique data such as the date and time as
well as, optionally, the number that identifies the processor chip of the said device, and there is thereby generated a registration code. This code, in addition to being stored in the memory of the mobile device 15, is transmitted to the OTP password authorization means 17 by a data transmission means using a radio communication link, a WAP connection or SMS. Upon receiving the said code, the OTP password authorization means generates, using software associated with the specific application, a verification code that is returned to the mobile device, such that the software application installed in the mobile device may be able to confirm the correct reception of the registration code by the OTP password authorization means. It should be pointed out that the said activation enables the mobile device 15 to generate single instance passwords (OTPs), that are exclusive for the cited device, for that user and for that exact moment. Furthermore, the said single-use password (OTP) may only be recognized by an OTP password authorization means 17 wherein the information of that device (15) were already previously registered.
Fig. 6 illustrates the system units activated during the performance of the credit utilization transaction by the payee, where the corresponding process is that which is shown in the flow diagram of Fig. 7. Initially, the payee will receive a notification (dashed line in Fig. 6) regarding the existence of a certain amount sent by the payer. The said notification can be transmitted using any means of communication, comprising the mobile device 15 itself, a fixed line telephone, a message sent via facsimile, etc. Assuming that the mobile device will already have been activated, according to the process illustrated in Figures 4 and 5, the payee will proceed to the location where the credit is to be made available, which location may consist in an ATM 19, a teller
desk at a bank or a credit institution, a point of sale terminal, etc. Subsequently, the payee accesses the authorization institution and requests a part or the whole amount of the credit, using the mobile device for that purpose. The institution responds to the request by checking whether the mobile device has been activated, and in the affirmative, requests a single-use password OTP. Otherwise, the institution requests the payee to activate his or her mobile device (Fig- 5).
In order to obtain the single-use password (OTP), the payee runs the specific software application in the mobile device 15, and during that operation the payee keys in his or her personal password. In a preferred embodiment, the payee may also key in the amount of the transaction or other information pertaining thereto. Such information is used together with the data comprised in the registration code and other confidential information stored in the memory of the mobile device, in order that the software application may generate an OTP password that is displayed on the display screen of the said device. As already mentioned, this TOP password is valid for one sole transaction only, and should also be used within a certain delay. The sending of the OTP password to the authorizing institution may be performed by keying the same in an ATM terminal, a terminal in a teller desk of a financial institution or a point of sale terminal, or yet by automatic transmission via a wireless link or by SMS. It should be pointed out that, although an OTP password transmitted via wireless link is subject to interception, it will not be able to be used by the interceptor, since as it is a single use password, the very event of reception thereof by the credit authorization institution blocks any subsequent attempt of reutilization thereof.
Upon receiving the OTP password, the authorization institution requests the respective credit authorization unit 18 to send the OTP password to the OTP authorization means 17 which determines the authenticity thereof, using the data comprised in the registration code stored in its memory. Upon confirming the validity of the OTP password, this information is transmitted to the authorization unit 18 which releases the credit at the location where the same is to be made available, and the said credit may be used either entirely or partially. If there occurs an error in the sending of the OTP password to the authorization institution, the credit is not released, and this fact may be informed to the payee by means of a message displayed on the display means of the ATM or the terminal. The system can be programmed to initiate one or several repetitions of this part of the process, or to block any new attempt to use the credit.