WO2006009460A1 - A system and method for authenticating users in a payment system - Google Patents

A system and method for authenticating users in a payment system Download PDF

Info

Publication number
WO2006009460A1
WO2006009460A1 PCT/NO2005/000266 NO2005000266W WO2006009460A1 WO 2006009460 A1 WO2006009460 A1 WO 2006009460A1 NO 2005000266 W NO2005000266 W NO 2005000266W WO 2006009460 A1 WO2006009460 A1 WO 2006009460A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
client
authentication centre
rfid
authentication
Prior art date
Application number
PCT/NO2005/000266
Other languages
French (fr)
Inventor
Trond Are BJØRNVOLD
Bjørn THORSTENSEN
Original Assignee
Telenor Asa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telenor Asa filed Critical Telenor Asa
Publication of WO2006009460A1 publication Critical patent/WO2006009460A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices

Definitions

  • the present invention relates to the use of RFID tags in payment systems.
  • Radio frequency identification or RFID technologies use radio waves to automatically identify individual items.
  • the most common applications are tracking goods in a supply chain, tracking assets, tracking packages at a distribution centre, security (including controlling access to buildings and networks) and payment systems that let customers pay for items without using cash.
  • the system consists of a tag or transponder, which is made up of a microchip with an antenna attached to it, and an interrogator or reader.
  • the reader sends out a radio signal that "couple" with the antenna on the RFID tag.
  • the chip modulates the received signal, which is subsequently sent back to the reader.
  • a serial number is stored on the chip that identifies a product, and perhaps also includes other information
  • RFID systems are advantageous over other identification systems in that they do not require line of sight.
  • RFID tags can be read as long as they are within range of a reader, irrespective of spatial arrangement.
  • RFID tags may be used when buying bus or cinema tickets, tickets for football games, etc. By implementing RFID based access control in cinemas or football stadiums, users will get seamless access to the events in question without interaction with guard staff, ticket inspectors or gatekeepers. However, the use of RFID products in payment systems is challenging, in particular in respect to security issues. A payment RFID tag will be connected to the user's bank account, and if it is lost, a third party may buy a car using the rightful owner's money.
  • the RFID system must include some sort of user authentication. As far as we know, no solution for direct authentication of users exists today. Currently users are authenticated by entering personal identification number (PIN) codes at external terminals, or by sending short message system
  • SMS Session Management
  • mobile phones These solutions are demanding with respect to user interaction, and prevent the technology from gaining ground as a means for identification and authentication.
  • the inventive solution will now be described in detail with reference to the appended drawing, which shows a system for the authentication of a user, according to the present invention.
  • the core of the invention is to introduce some sort of 2 step authentication - in which the user must accept the transaction with his/her mobile phone. This will greatly reduce the possibility of misuse.
  • This solution is 5 different from common SMS commerce in that the transaction is initiated automatically and only requires a small degree of user interaction.
  • the system is illustrated in the appended figure.
  • the user possesses a mobile terminal 1 and an RFID tag.
  • the presence of the RFID tag is detected by an RFID reader 2.
  • the identification of the tag is sent to an authentication centre 3.
  • the authentication centre is arranged to send an inquiry to the user' s mobile phone asking him/her to accept s the transaction. If the user accepts the transaction, by pressing an appropriate key, the transaction information is sent from the authentication centre to a transaction system 4.
  • the arrows indicate the communication between the individual units involved in the transaction.
  • the RFID tag In order to avoid the system being triggered each time a person enters a shop, the RFID tag should be of a short- range type, e.g. with an activation range of only some few centimetres. A customer can then bring the goods he wants to purchase to the till (cash register) . The cashier will s enter the cash value of the goods, whereupon the transaction is initiated by holding the RFID tag near to a RFID reader.
  • the authentication centre 3 can be realized as a server running an authentication application.
  • a 0 corresponding application can be installed at the mobile terminal. This is an application listening for arriving requests for acceptance of a transaction, and presents this to the user as a YES/NO option (dedicating YES and NO to specific keys on the keyboard, or to specific fields on a 5 touch sensitive screen) .
  • the application on the mobile terminal may request the user to enter a 3 or 4 number code.
  • the system could be realized using IP-communication (i.e GPRS) between the server and the client software on the mobile terminal.
  • IP-communication i.e GPRS
  • the inventive solution could also be realized as a SMS service.
  • the authentication centre sends a SMS message to the client' s mobile terminal.
  • the client can respond to the message by returning a message containing a Y, and thereby accept the transaction. This will require the client to touch 3 or 4 keys, at the most.
  • the authentication centre can require the client to return a short number code. This could be a fixed number (PIN-code) or a number that is increased by 1 for each transaction, e.g. 10 for the first transaction, 11 for the next, etc. These measures will increase the security of the system.
  • the system includes a mobile terminal 1, and an RFID tag at the customer side.
  • the RFID tag should of course not be attached to the phone, in case the later is lost or stolen.
  • An RFID reader 2 is communicating with the RFID tag over a wireless link 10.
  • the RFID reader 2 is also in communication with an authentication centre 3 over a communication link 20.
  • the authentication centre 3 communicates with the mobile terminal 1 over the public mobile telephone network 30, and is connected to a transaction system 4 via communication link 50.

Abstract

A payment system is described that let customers pay for items without using cash. The user possesses a mobile terminal 1 and an RFID tag. When entering a shop, bus, cinema or other payment site, the presence of the RFID tag is detected by an RFID reader 2. The identification of the tag is sent to an authentication centre 3. The authentication centre is arranged to send an inquiry to the user's mobile phone asking him/her to accept the transaction. If the user accepts the transaction, by pressing an appropriate key, the transaction information is sent from the authentication centre to a transaction system 4.

Description

A SYSTEM AND METHOD FOR AUTHENTICATING USERS IN A PAYMENT SYSTEM
Field of the invention
The present invention relates to the use of RFID tags in payment systems.
Technical background
Radio frequency identification or RFID technologies use radio waves to automatically identify individual items. The most common applications are tracking goods in a supply chain, tracking assets, tracking packages at a distribution centre, security (including controlling access to buildings and networks) and payment systems that let customers pay for items without using cash.
The system consists of a tag or transponder, which is made up of a microchip with an antenna attached to it, and an interrogator or reader. The reader sends out a radio signal that "couple" with the antenna on the RFID tag. The chip modulates the received signal, which is subsequently sent back to the reader. A serial number is stored on the chip that identifies a product, and perhaps also includes other information
RFID systems are advantageous over other identification systems in that they do not require line of sight. RFID tags can be read as long as they are within range of a reader, irrespective of spatial arrangement.
RFID tags may be used when buying bus or cinema tickets, tickets for football games, etc. By implementing RFID based access control in cinemas or football stadiums, users will get seamless access to the events in question without interaction with guard staff, ticket inspectors or gatekeepers. However, the use of RFID products in payment systems is challenging, in particular in respect to security issues. A payment RFID tag will be connected to the user's bank account, and if it is lost, a third party may buy a car using the rightful owner's money.
In order to provide a satisfactory level of security, the RFID system must include some sort of user authentication. As far as we know, no solution for direct authentication of users exists today. Currently users are authenticated by entering personal identification number (PIN) codes at external terminals, or by sending short message system
(SMS) based receipts from mobile phones. These solutions are demanding with respect to user interaction, and prevent the technology from gaining ground as a means for identification and authentication.
Brief summary of the invention
It is an object of the present invention to provide a system and method for authentication of users that is satisfactory from a security viewpoint, and which requires very little user interaction.
It is another object to provide a system that is common (standard) for many different services. Such a solution could lead to the further dissemination of RFID systems.
These objects are achieved in a system and method as described in the appended patent claims.
Detailed description of the invention
The inventive solution will now be described in detail with reference to the appended drawing, which shows a system for the authentication of a user, according to the present invention. The core of the invention is to introduce some sort of 2 step authentication - in which the user must accept the transaction with his/her mobile phone. This will greatly reduce the possibility of misuse. This solution is 5 different from common SMS commerce in that the transaction is initiated automatically and only requires a small degree of user interaction.
The system is illustrated in the appended figure. The user possesses a mobile terminal 1 and an RFID tag. When o entering a shop, bus, cinema or other payment site, the presence of the RFID tag is detected by an RFID reader 2. The identification of the tag is sent to an authentication centre 3. The authentication centre is arranged to send an inquiry to the user' s mobile phone asking him/her to accept s the transaction. If the user accepts the transaction, by pressing an appropriate key, the transaction information is sent from the authentication centre to a transaction system 4. The arrows indicate the communication between the individual units involved in the transaction.
0 In order to avoid the system being triggered each time a person enters a shop, the RFID tag should be of a short- range type, e.g. with an activation range of only some few centimetres. A customer can then bring the goods he wants to purchase to the till (cash register) . The cashier will s enter the cash value of the goods, whereupon the transaction is initiated by holding the RFID tag near to a RFID reader.
The authentication centre 3 can be realized as a server running an authentication application. In addition, a 0 corresponding application can be installed at the mobile terminal. This is an application listening for arriving requests for acceptance of a transaction, and presents this to the user as a YES/NO option (dedicating YES and NO to specific keys on the keyboard, or to specific fields on a 5 touch sensitive screen) . Alternatively, the application on the mobile terminal may request the user to enter a 3 or 4 number code.
The system could be realized using IP-communication (i.e GPRS) between the server and the client software on the mobile terminal.
The inventive solution could also be realized as a SMS service. When the transaction is initialized, the authentication centre sends a SMS message to the client' s mobile terminal. The client can respond to the message by returning a message containing a Y, and thereby accept the transaction. This will require the client to touch 3 or 4 keys, at the most. Optionally, the authentication centre can require the client to return a short number code. This could be a fixed number (PIN-code) or a number that is increased by 1 for each transaction, e.g. 10 for the first transaction, 11 for the next, etc. These measures will increase the security of the system.
In summary, the system includes a mobile terminal 1, and an RFID tag at the customer side. The RFID tag should of course not be attached to the phone, in case the later is lost or stolen. An RFID reader 2 is communicating with the RFID tag over a wireless link 10. The RFID reader 2 is also in communication with an authentication centre 3 over a communication link 20. The authentication centre 3 communicates with the mobile terminal 1 over the public mobile telephone network 30, and is connected to a transaction system 4 via communication link 50.

Claims

C l a i m s
1. A method for conducting a transaction, said method including
• detecting the presence of an RFID tag possessed by a 5 client by an RFID reader system (2) installed at a merchant's premises,
• initiating a transaction by said RFID reader system (2),
characterized in that said transaction includes the o following steps:
• sending information identifying said RFID tag to an authentication centre (3) ,
• said authentication centre (3) sending a message to a mobile terminal (1) possessed by the client requesting s the client to accept or reject the transaction,
• the client sending an answer back to the authentication centre (3) ,
• the authentication centre (3) sending payment details to a transaction system (4), if the transaction has 0 been accepted by the client.
2. A method as claimed in claim 1, characterized in the client accepting the transaction by entering a number code, the correctness of the number code s being verified by the authentication centre.
3. A system for conducting transactions, said system including: • an RFID reader system (2) arranged to read the presence of an RFID tag possessed by a client and initiate a transaction,
characterized in
s • an authentication centre (3) arranged to receive transaction information from said RFID reader system (2) and authenticate the transaction information by sending a transaction accept request message to a mobile terminal (1) possessed by the client,
o • a transaction system (4) arranged to receive transaction payment information from said authentication centre (3) .
4. A system as claimed in claim 3, characterized in that the authentication centre (3) is s adapted to receive a number code from the mobile terminal (1) and verify the correctness of the code.
PCT/NO2005/000266 2004-07-16 2005-07-15 A system and method for authenticating users in a payment system WO2006009460A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20043052A NO20043052D0 (en) 2004-07-16 2004-07-16 Electronic payment system and procedure
NO20043052 2004-07-16

Publications (1)

Publication Number Publication Date
WO2006009460A1 true WO2006009460A1 (en) 2006-01-26

Family

ID=34972575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2005/000266 WO2006009460A1 (en) 2004-07-16 2005-07-15 A system and method for authenticating users in a payment system

Country Status (2)

Country Link
NO (1) NO20043052D0 (en)
WO (1) WO2006009460A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008074051A1 (en) * 2006-12-19 2008-06-26 Transurban Limited Transaction system for use in authorising cashless transactions
WO2009001366A1 (en) * 2007-06-22 2008-12-31 Ajay Adiseshann Method and system for performing a monetary transaction through a mobile communication device
WO2009087539A1 (en) 2008-01-04 2009-07-16 Logomotion, S.R.O. Method and system of authenticity particularly at the payments, identifier of identity and/or approval
EA013808B1 (en) * 2009-02-09 2010-08-30 Сергей Владимирович Скороходов A method of payment of travelling and control of travel documents and an automated system for the implementation thereof
WO2011004339A1 (en) 2009-07-08 2011-01-13 Logomotion, S.R.O. Method and system of contactless authentication, and carrier of pin code
EP2275982A1 (en) 2009-07-16 2011-01-19 Vodafone Holding GmbH Querying a user of a mobile communication device
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
US9456346B2 (en) 2006-07-25 2016-09-27 Virginia Innovation Science, Inc Method and system for improving client server transmission over fading channel with wireless location and authentication technology via electromagnetic radiation
US9723443B2 (en) 2005-08-12 2017-08-01 Virginia Innovation Sciences Inc. System and method for providing locally applicable internet content with secure action requests and item condition alerts
US10332087B2 (en) 2009-05-03 2019-06-25 Smk Corporation POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181710A1 (en) * 2000-02-27 2002-12-05 Kfir Adam Mobile transaction system and method
US20040030601A1 (en) * 2000-09-29 2004-02-12 Pond Russell L. Electronic payment methods for a mobile device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181710A1 (en) * 2000-02-27 2002-12-05 Kfir Adam Mobile transaction system and method
US20040030601A1 (en) * 2000-09-29 2004-02-12 Pond Russell L. Electronic payment methods for a mobile device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9723443B2 (en) 2005-08-12 2017-08-01 Virginia Innovation Sciences Inc. System and method for providing locally applicable internet content with secure action requests and item condition alerts
US9456346B2 (en) 2006-07-25 2016-09-27 Virginia Innovation Science, Inc Method and system for improving client server transmission over fading channel with wireless location and authentication technology via electromagnetic radiation
WO2008074051A1 (en) * 2006-12-19 2008-06-26 Transurban Limited Transaction system for use in authorising cashless transactions
WO2009001366A1 (en) * 2007-06-22 2008-12-31 Ajay Adiseshann Method and system for performing a monetary transaction through a mobile communication device
WO2009087539A1 (en) 2008-01-04 2009-07-16 Logomotion, S.R.O. Method and system of authenticity particularly at the payments, identifier of identity and/or approval
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
EA013808B1 (en) * 2009-02-09 2010-08-30 Сергей Владимирович Скороходов A method of payment of travelling and control of travel documents and an automated system for the implementation thereof
US10332087B2 (en) 2009-05-03 2019-06-25 Smk Corporation POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
WO2011004339A1 (en) 2009-07-08 2011-01-13 Logomotion, S.R.O. Method and system of contactless authentication, and carrier of pin code
EP2275982A1 (en) 2009-07-16 2011-01-19 Vodafone Holding GmbH Querying a user of a mobile communication device
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Also Published As

Publication number Publication date
NO20043052D0 (en) 2004-07-16

Similar Documents

Publication Publication Date Title
WO2006009460A1 (en) A system and method for authenticating users in a payment system
US10755271B2 (en) Location based authentication
US11146561B2 (en) Handling encoded information
US6612488B2 (en) Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor
US8645280B2 (en) Electronic credit card with fraud protection
US20070187482A1 (en) Point of Sale Transaction Method and System
US20080077527A1 (en) Method and System for a Purchase Transaction at a Remote Merchant Machine
CN101084516A (en) Transaction system and method
JP2002176671A (en) Mobile phone
CN1998032A (en) Apparatus for identification, authorisation and/or notification
US10482692B2 (en) Systems and methods for location-based automated authentication
WO2001088785A1 (en) Electronic settlement system, settlement device, and terminal
CN107025552A (en) A kind of self-service store's system and self-help shopping method
WO2001052205A1 (en) A processing method and apparatus
GB2398159A (en) Electronic payment authorisation using a mobile communications device
KR20000012607A (en) certification system using radio communication device
KR20000049788A (en) Personal ID automatic delivery and security by telecommunication system
US20050070330A1 (en) Method of matching between a mobile phone and a personal card
WO2007071157A1 (en) A recognition method for electronic payment and id authentication terminal and atm
CN103430199B (en) Secure payment system using a mobile phone, and payment method using same
TW200303496A (en) System and method for issuing card and processing blacklist using wireless communications
JP2001022869A (en) Card transaction processing system
JP2002056338A (en) Purchase price payment method and purchase price payment system
GB2491514A (en) Handling encoded information and identifying user
JP2002183439A (en) On-line checking method for commerce transaction party concerned, on-line communication method to commerce transaction party concerned, on-line acceptance information obtaining method, and system for them

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase