HK1229083B - Method for producing certified electronic contracts by a user of a telecommunications provider - Google Patents

Description

Method for generating an electronic protocol for user authentication by a telecommunications operator

Technical Field

The object of the present invention is a method that enables a telecommunications operator to receive, redirect, deliver and authenticate the acceptance of an electronic agreement from any sending customer user of the operator to one or more non-customers of the receiving operator's user, generate a certificate of the entire transaction of the final operation to ultimately digitally sign it, and deliver the certificate of the trusted operator and third party together with the sending date, initial conditions, delivery date and time and the response of the non-customer recipient to these conditions to the customer sending user and the non-customer recipient, and generate a certificate record of the entire transaction.

Background Art

It is a known fact that electronic communication has become an important and indispensable tool for any type of legal or illegal operation. Communication is used for every type of movement, calling, sending information, etc. from a source to a destination.

Telecommunications operators provide the infrastructure to manage, direct and store the vast majority of these communications. These operators are constrained by regulations, for example because the use of the radio spectrum is restricted or because the use of telephone number coding resources is restricted.

Furthermore, telecommunications operators keep records of actions performed by users for rating purposes, keep records of numbers associated therewith, bill references, and keep records of any transaction data used when billing the user, etc. These records are kept for subsequent rating authentication and/or tracking of user communications.

Sometimes, judicial authorities require telecommunications operators to record data on completed electronic transactions, since the operator is considered a trusted third party to provide this data as well as any data that could help to identify the natural or legal person who has completed the action in question.

Once the jurisdiction has locked down the requested data, the operator issues a certificate that clearly spells out the requested transaction data, frequency, destination, and any other type of information requested by the relevant jurisdiction.

This method has recently even been accepted as evidence by the Supreme Court (ATS 2501/2013, Spanish Supreme Court, Civil Tribunal), when requested by any party to a telecommunications operator and presented as evidence.

Various methods and systems for creating online agreements are known in the art. Most of these rely on the parties sending a link to a network environment monitored by a trusted third party, where multiple signatures can be stored and the parties accept the terms of the product or service provider. These methods have the disadvantages of not working in closed network environments, preventing them from working for entities without network access, requiring digital signatures or Java applications to sign them, which limits their application environments, and generally implying sudden changes in the user's environment, which is not the case with the method described in the present invention.

The invention of this application aims to provide a solution to the above-mentioned defects, by performing the entire process through a certified email and/or certified SMS sent by a telecommunications operator, and obtaining an electronic agreement between two parties that is certified by the telecommunications operator as a trusted third party, including transmitted data, sent data, attachments, single record numbers and data, and other data from the intermediate and final states of the transmission.

Summary of the Invention

In light of the above discussion, the object of the present invention is a method for generating an authenticated electronic agreement by a telecommunications operator client via email and/or SMS, whereby the operator client receives a certificate when the conditions of the agreement are sent to a third party that is not the client, and this is replied to via email SMS, including the response text, date, time and its traceability, adding a single transaction code.

The method of the present invention for generating an authenticated electronic agreement by a telecommunications operator comprises the following steps, and at least combines an incoming mail server, an outgoing mail server, a database of an outgoing element server, a database of a receiving element server, a timestamp server, an incoming SMS server, an outgoing SMS server, and a data processing unit as a certificate server, which are interconnected between the following:

- The mail server receives incoming messages from the operator's customer user, sent to a previously prepared address of the type cliente@contrato.lleida.net, in accordance with the agreed terms. The subject or title of the message must include the non-customer destination's mobile phone number, the interval, the non-customer destination's email address, and finally the usual subject or title of the message.

- Check that the user is authorized, provided with credit to generate the agreement and subsequently enter into the text database and the import and recording of the received components.

- Creation in the data processing unit of an electronic agreement in the format of an e-mail sent from the address cliente@contrato.lleida.net with the contents sent by the Operator's client, specifically including the authenticated electronic agreement in the subject or title of the e-mail.

- Verify the original phone number and if it exists, the protocol authenticates the SMS to be sent to that number.

- Sending the email with the protocol data via the outgoing email server.

- Acceptance of the Agreement by the non-customer recipient by replying to the SMS or email, including the response.

- Receive a response via a non-client destination.

- The final result is an authenticated email protocol, including the data sent and received, the date and time of sending and receiving, and the application of a digital signature and a timestamp from the telecom operator.

-Send the certificate to the sending party via the mail server.

As described above, the method of the present invention aims to provide similar advantages in that content can be sent or specified by email, wherein no change of circumstances is necessary, and proof of the delivery, receipt and acceptance of the content by the telecommunications operator is generated.

BRIEF DESCRIPTION OF THE DRAWINGS

To complete the present description and provide a better understanding of the features of the invention, a set of drawings are attached as a part of the specification according to a preferred embodiment thereof, for the purpose of illustration and not limitation, showing the following:

FIG1 shows a flow chart of an exemplary embodiment of a method object of the present invention for initiating the generation of an authenticated e-mail protocol.

FIG2 shows a flow chart of an exemplary embodiment of the method object of the present invention for sending requests and receiving authenticated SMS and email responses, specifically showing SMS processing.

FIG3 shows a flow chart of an exemplary embodiment of the method object of the present invention for sending requests and receiving responses via e-mail, and for creating, sending and delivering authenticated electronic agreements.

FIG4 shows a flow chart of an exemplary embodiment of the method object of the present invention for sending requests and receiving responses by e-mail, and for creating, sending and receiving authenticated electronic agreements in case SMS is not used for the process.

FIG5 shows a flow chart of an exemplary embodiment of the method object of the present invention in case no response is received from a destination user who is neither a valid user nor a customer of the telecommunications operator.

DETAILED DESCRIPTION

Referring to Figures 1, 2, 3 and 4, a series of figures presented therein relate to the method purpose of the present invention, which is intended to create an authenticated electronic agreement through a telecommunications operator customer, including all processing from the sending user sending an electronic message to the same sender and the recipient or recipient receiving the authenticated electronic agreement.

The telecommunications operator's originating subscriber client sends an electronic message with a protocol to accept and verify the destination address managed by the incoming mail server, with the address type cliente@contrato.lleida.net. This message is a standard email, but its format uses a subject or title containing message data that includes at least one of the following: the destination mobile phone number to which the protocol is sent, the email address of the protocol, and finally the subject text.

When a message arrives at the incoming mail server, it verifies whether it's an email address that should generate a certificate. If it's not configured to do so, it's ignored. If it's an address capable of generating a certified electronic certificate, it verifies whether the sending user is authorized to do so, i.e., whether they're on a whitelist of certificates that allow certificate generation. If not, the message is ignored.

Once it has been verified that the address is correct and capable, and that the sender can generate a certificate, a verification of the availability of credit from the client user is performed. If the user does not have enough credit to generate the agreement, a warning is sent over the Internet to inform the user that the service must be suspended (top).

If the user has a valid status, for example indicating sufficient credit, the processing of the authenticated mail is initiated by detailing an internal message in all its components (sender, recipient, destination phone number, attachments), and a sequence number is added, placing everything in the database of received elements.

After this, all data is sent to the verification server, which verifies whether the phone number is provided in the agreement request. If no phone number is provided, the process moves forward to the process depicted in FIG4, where this process is performed only via email. If the subject or title contains data referencing the destination phone number, the process detailed in FIG2 is complete.

If the subject contains a phone number, an email message is created containing the legal content, such as the text of the agreement to be accepted, sent by the user from a sender of the type cliente@contratos.server.com to the email contained in the subject, and a certified SMS is generated indicating the phone number that will receive the conditional agreement, and if the recipient wishes to accept, a positive response is sufficient, either via SMS or via email. The processing of SMS and email can be synchronous or email first and then SMS, depending on market conditions, network or customer requirements.

The SMS is sent to the telecom operator's outgoing SMS server, from which it reaches the recipient operator's SMS server via the interconnected network and can be delivered to the destination mobile phone of the agreed recipient. The SMS can be replied to or not. If it is replied to with any text, the message reaches the mobile operator's destination server, and is then directed via the interconnected network to the operator's incoming message server. Once there, it will enter the verification server, which will determine the time to generate the authenticated electronic agreement based on the determined policy.

In mail processing, it is sent to the outgoing mail server of telecommunication operator, and determines whether mail can be delivered to the destination mail.If it can not be delivered, then next step is the NOEX processing that Fig. 5 details.

In the event that the email can be conditionally delivered, read by the user and replied to, the response is sent through the protocol recipient's mail server, which delivers the response to the operator's incoming mail server, which in turn sends it to the verification server.

Once the response is received from the user, the verification server details the response data and enters them into the reply database. Next, the verification server generates the first part of the certificate with all the destination operator customer data, date, time, request and content sent by the operator customer, plus the data obtained during the message communication previously stored in the database (where the request is also stored).

Subsequently, using the data contained in the reply database, a second part is generated, containing the user's reply. This certified electronic agreement is saved in PDF format and electronically signed with the telecom operator's electronic signature. Once completed, a digital hash of the content is performed and a timestamp is requested from the timestamp TSA server, which is incorporated into the resulting PDF and thus completes the creation of the PDF agreement using the certified electronic agreement.

The two copies of the authenticated electronic agreement are ultimately sent to the agreement sender and to the agreement receiver via the carrier's outgoing mail server by utilizing the sender's and receiver's respective mail servers.

If a protocol request comes from a telecommunications operator user and no telephone number is included in the subject or title of the e-mail, the process described in the flowchart of FIG. 4 is used.

Once the credit is received and verified, an email protocol is generated to the address previously included in the subject line of the email, with the text included in the original email, and sent to the carrier's outgoing email server. The email will be processed and delivered to the mail server at the destination address. If it is not delivered, the outgoing mail server will initiate the NOEX process or the process for the case where the email address does not exist. The NOEX process is illustrated in the diagram of Figure 5.

The email and the agreement (with the sender cliente@contratos.operador.com) are passed to the destination server, which is then forwarded to the non-client recipient of the telecommunications operator. If the final destination does not respond within the time period (24 to 48 hours) determined by the client wishing to create the agreement, the NORESPMAIL process is described with reference to FIG5 .

If the carrier's non-customer destination recipient responds to the agreement, this will be passed to the destination email's mail server, which sends it to the carrier's incoming mail server. Once there, the incoming mail server determines that it is an authentic electronic agreement and sends it to the verification server.

The verification server will detail the response in terms of all its elements and import them into the response or received element database. Once completed, the verification server initiates final processing to first create a database of authenticated electronic agreements or requests containing the name and company name and the time, date and destination of the initial email delivery using the material content in the outgoing element.

Once the first part is completed by making the request, the second part proceeds with responding to said request from an incoming element or database of responses, including the operator's non-customer source destination address, date, time and reply text, and IP traceability through which the message has been received.

Once the agreement is completed via the request and response, it is digitally signed and hashed using a digital summation that is included in the certificate and sent to the timestamp server. Once a PDF file with the agreement, authenticated and digitally signed by both the telecom operator and the third party, is created, one copy is sent via email to the operator's outgoing server for delivery to the telecom operator's customer, which is then delivered via its email server; and another copy is sent to the recipient or receiver via its email server, achieving the processing objectives of the present invention.

In the diagram of Figure 5, the handling of the NOEX case (or "it doesn't exist") or NORESPMAIL is detailed, when the operator does not receive a response to the operator's initial email. In this case, the verification server generates a certificate from the telecommunications operator using the initial data, indicating that either the destination does not exist or has not yet responded. This certificate is sent to the operator's customer's mail server, which ultimately sends it to the customer user.

Claims (5)

1. A method for generating an electronic protocol for user authentication by a telecommunications operator, wherein the method comprises: • A user certified by a telecommunications operator creates and sends at least one electronic message, where the user is the sender and the electronic message is sent to a recipient, wherein the electronic message includes at least one electronic protocol and has at least one of the following data in the subject field related to the destination of the electronic message: the mobile phone number of the electronic message recipient and the email address of the electronic message recipient. • Receive electronic messages from the mail server of telecommunications operators. • Determine if the sending user's address is in the address database that can be used to generate the certificate. • Break down an electronic message into at least one of the following: sender, recipient, recipient's address, destination phone number, and attachments. • Add the authentication server's serial number to the decomposed electronic message. • Create an email containing an electronic agreement. • Create an SMS message indicating receipt of an electronic protocol. • Send the email generated in the previous steps to the recipient via the operator's messaging server, and send the SMS message generated in the previous steps to the recipient via the telecommunications operator, to at least one of the destinations included in the subject field of the electronic message, wherein at least one of the email and SMS messages includes an electronic protocol request for receipt. • Respond to at least one of the receive requests in the email and the SMS message. • The response is decomposed by the verification server, and the response data includes at least one of the following: destination operator data, date, time, sent content, data related to message transmission, and data of the requested electronic protocol to be accepted. • Generate a first certificate including the response data. • Generate a second certificate, which includes at least the recipient's response to the received request. • Combine the first and second certificates by generating an electronic protocol authentication document. • Digitally sign electronic agreement documents that have been authenticated by telecommunications operators. • Implement digital hashing of the content of the authenticated electronic protocol document, and • Add timestamps generated by authoritative time stamping agencies. 2. The method according to claim 1, characterized in that it further includes verifying whether the sending status is valid by verifying whether it is included in the database of users with valid status when the method is executed. 3. The method according to claim 1, characterized in that it further comprises: • At least two copies of the electronic protocol document that generates the authentication, and • Send a copy to the sender and a copy to the certified recipient of the electronic protocol file via the telecommunications operator's mail server. 4. The method according to claim 1, characterized in that it further includes storing in the revenue database an electronic message decomposed together with the verification server serial number. 5. The method according to claim 1, characterized in that it further comprises storing response data for requests to electronic protocols in a response database.