TW200409521A - Authentication and identification system and transactions using such an authentication and identification system - Google Patents

Abstract

The present invention provides a method for authenticating and identifying a user, whereby a first terminal communicates with a facilitator over a first telecommunications channel and a second terminal communicates with an operator over a second telecommunications channel, the operator and the facilitator being able to communicate with each other, wherein no identity data of the user is required to be provided to the first terminal by the operator, the facilitator, or the second terminal; no identity data of the first terminal is required to be provided to the second terminal by the operator, the facilitator or the first terminal; and wherein any communication between the first terminal and the facilitator is not required to contain data regarding the identity details of the user or the second terminal; and any communication between the second terminal and the operator is not required to contain data regarding the identity details of the user.

Description

200409521 (1) Description of the invention: I: Technical field of the inventor 3 Technical field of the invention The present invention relates to an identification and identification system and transactions using such a dream determination and identification system. More precisely, the present invention The system and transactions related to the use of mobile phones. I: The prior art 3 is defined in the present invention_bookskins, phone calls, cellphones, cellular phones, PDAs, notepads, laptop computers, tablet computers, and laptop computers Wireless device. Any other portable

In the description of the present invention, the meanings are as follows: The following initials $ 略 字 will have the following

3G ID PIN P0S SAM SIM SMS Second-generation wireless communication standard mode identification code Personal identification number Point of sale security access module user identification module _ household identity module) Short message service 200409521 STK SIM tool group TMSI Mobile user temporary Identifier USSD Non-Structured Add-on Information Background In the past few years, attempts have been made to use many clocking and payment systems' but so far there is no global standard. Different systems continue to emerge. The platform of the project does not fully explain how to generate a consistent, convenient, fast, and easy-to-use user interface that enables authentication and different types of mobile payment methods. Anxie's current solution is the platform …… ,,,,, and 分, and the distributors; the sellers of square timber have worked hard to make their platform an international standard. Each kind of flat mouth has its own philosophical thinking mode and process. Therefore, the parent-to-child flow and user interaction are different between these types of mouths, and the transaction flow and user interaction in Weitong Pingtai are often different. Today, there are countless mobile phone users, and his mobile phone is regarded as a prince of an ancient temple.

Class of life-ministry, line of equipment. Mobile phones have become a knife, and most of the time, mobile phones are at / beside each other. The mobile phone and ^ 在 P are related to the degree of utilization, if the convenient and easy to use H and the system can be made or if ^ other parties. People will start to use the mobile phone channel: card: · Quite dangerous. The mobile phone will be ===

6

Method, and if lost, only the value of A and any prepaid value will be lost, and the relevant account will be set to protect the market price. Alas. The card number can still be affected. Therefore, the main object of the present invention is to provide a system in which information on the H-axis of the telecommunication channel and identification system are determined so that a third party attack action may occur regarding the identity of the user. Lai behavior. ’,’ &Quot;# Sufficient useful information is provided. Another object of the present invention is to have uniformity, whereby the individual horses can be seeded and identified for each predetermined procedure. Kindling and Recognition Another object of the present invention is to use lines and recognize the system. In order to provide this kind of identification, the ultimate purpose of Ben Erming is to provide a parent-easy system that uses this identification and identification system. [Summary of the Invention] Summary of the Invention According to the above and other objects of the present invention, the present invention will provide a method for identifying and identifying a user, thereby enabling: a younger brother-terminal to be in the first telecommunication channel and — The promoter promotes Jingxun; and (b) the Le Er terminal will communicate with — the operator on the second telecommunication channel, the operator and the promoter can communicate with each other, of which (C) does not need The operator, facilitator, or the second terminal provides the identity information of the user to the first terminal; 不需要 The operator, facilitator, or the first terminal does not need to provide the second terminal to the second terminal Provide the identity information of the first terminal; and any communication between the first terminal and the promoter does not need to include information about the identity of the user or the second terminal; and Any communication between the second terminal and the operator need not include information about the identity of the first terminal. The present invention will also provide a method for identifying and identifying a user so that the promoter can provide the first terminal with an authentication and identification message on the first telecommunication channel, thereby making the user ’s terminal Machine will be able to communicate with an operator on the second telecommunication channel, and the _promoter_facilitator is able to communicate with each other, where (b) Asia does not need * the operator, facilitator, or the second terminal pair The first terminal provides the identity information of the user; 不需要 It is not necessary for the operator, the promoter, or the first terminal to provide the second terminal with the identity information of the first terminal; and 200409521任何 Any communication between the second terminal and the promoter does not need to include information about the identity of the user or the second terminal; and ⑹ any communication between the second terminal and the operator It is not necessary to include details about the identity of the first terminal.

The user does not need to provide any identity information or information to the first terminal, nor does it need to provide any operator of the first terminal. If the user or the second terminal provides information on the identity of the user to the _ terminal or the first terminal, the operator shall provide 4 types of information or tribute to the residence. Cannot be entered into the first terminal 'and cannot be transmitted from the first terminal to the promoter. The enthusiast will generate a message of _promoter, which is about _ identification and symbol that can only be used for a single 4a private sequence. The jinjin will include the Xian-Telecom channel transmission to include the identification. And the promoter's message of the identification symbol to the _th terminal.

In the end, the machine will receive the promoter's message containing the identification number from the promoter, and make the identification and identification number = the appropriate reader is passed to the second terminal. The two terminals will transmit the clock and identification symbol to the operator on the 4th frequency. The author can receive the identification from the second terminal and identify the comparison and identification symbol M, which has been added to the user, and the miscellaneous author will transmit the identification and identification symbol to the promoter. From the drum when Qi Shao-make details. 9 200409521 Preferably 'the facilitator will receive the identification and identification symbol from the operator and at least-identification details of the user, use the clock and system symbol to retrieve the message, and for the received Authentication and identification symbols to check the clock and identification symbols in the message, and after performing a successful matching action, the promoter will provide the first terminal with a clock containing the user's identification Message, and the authentication message is transmitted on the first telecommunication channel. The identification and identification may be part of a transaction system, which is one or more of the following: a financial transaction, a payment transaction, a queue transaction, a service provider's login and registration Take action, make an appointment or reservation, arrange a service by a service provider, interrupt a service by a service provider, and log in to an application or the Internet. The first terminal may be a terminal of a retailer, preferably a point of sale terminal, and the second terminal may be a mobile phone of the user. The at least one identification detail of the user includes at least one information item obtained from the SIM card of the mobile phone and / or at least one item obtained from the mobile phone. Alternatively or in addition, it may be added to or by the operator. The identification and identification symbol can be transmitted by the user to the second terminal, and the user is watching the identification and identification symbol on the first terminal and / or any display connected to the identification terminal, and the identification is being identified. And the identification symbol is input to the second terminal; a printed version of the identification and identification symbol may be printed on the first terminal and transmitted to the user 10 200409521 for input to the second terminal The wireless terminal may be used to transmit from the first terminal to the second terminal; or the authentication and identification symbols may be input to the second terminal by using a voice activation method. The display connected to the first terminal includes: a display such as a-cash counter or checkout payment counter, a toll booth or a display at a parking lot outlet. When transmitting the identification and identification code to the operator, a PIN can also be transmitted. = PIN can be transmitted immediately before the identification and identification symbol, and the operator can approve the PIN before entering or transmitting the identification and identification symbol. The _ and identification symbols include multiple characters, and each of the multiple characters can be selected from the following:-number,-letter, __ symbol, a punctuation mark, a pronunciation tone, and an ASCII character. The facilitator and the operator may be the same or different entities. The facilitator can be a part of a financial institution, and the operator can provide a variety of financial services in the name of the financial institution. When the user transmits the clock and identification symbol to the operator, the operator may provide a confirmation message to the user. In another form, the present invention will provide a method for identifying and identifying a user, whereby the first terminal will communicate with a promoter on the first telecommunication channel; and (b) both The second terminal will communicate with an operator on the second telecommunication channel, and the operator and the promoter can communicate with each other; 11 200409521 Among them, in response to a request from the first terminal: (c) The facilitator will generate a message containing a single-use identification and identification symbol intended for use in a single program; (d) the facilitator will use the first telecommunications channel to transmit the identification and identification The message of the symbol to the first terminal; (e) the first terminal will receive the message from the promoter, which contains the identification and identification symbol; (f) the identification and identification symbol will be transmitted and Input to the second terminal; (g) the second terminal will transmit the identification and identification symbol to the operator on the second telecommunication channel; (h) the dull author will receive from the second terminal machine The identification and identification symbol, and at least one identification detail of the user has been added to the identification and identification symbol; ⑴ the operator will transmit the identification and identification symbol and at least one identification of the user to the promoter; Details; (j) the facilitator will receive the identification and identification symbol from the operator and at least one identification detail of the user, and use the identification and identification symbol to retrieve the message; (k) the facilitator will After the identification and identification symbol received in step (⑴) to check the identification and identification symbol in the message; and ⑴ after performing a successful matching action in step ，, the facilitator will The terminal provides an item of authentication information including the 12200409521 authentication of the user, and the message is transmitted on the telecommunication channel. The present invention will also provide a method for identifying and identifying a user. Method whereby the first terminal will be able to communicate with the promoter on the first telecommunication channel and the second terminal will be able to operate with the second telecommunication channel Communication, the operator and the facilitator can communicate with each other; wherein the first terminal will send an item request to the inspector at the No. 1 electric railway dojo, and receive from the facilitator generated by the facilitator and A facilitator message containing a single-use authentication and identifier intended for use in a single authentication procedure; the first terminal will transmit the authentication and identification symbol to the second terminal such that: (a) the The second terminal can transmit the identification and identification symbol to the operator on the second telecommunication channel; (b) the remote operator can receive the identification and identification symbol from the second terminal; At least one identification detail of the user has been added; (c) The operator can transmit the identification and identification symbol and at least one identification detail of the user to the promoter; (d) The promoter will receive from the operation The identification and identification symbol of the person and at least one identification detail of the user and use the identification and identification symbol to retrieve the message; (e) the facilitator can target at step (d) The received identification and identification symbol to check the identification and identification symbol in the message; and 13 200409521 () After performing a successful matching action in step (e), the facilitator can update the first terminal The machine provides an authentication message including an identification of the user, and the authentication message is transmitted on the first radio channel. The first and the second machine can be a mobile phone of the user, and the first terminal can ride a vendor's terminal, preferably an age point terminal.

Any transmission action from the second electronic money channel uses a type of electronic system with a function of sending and receiving, such as a gsm system. In the form of, the present invention will provide a transmission and use pin, which will transmit the P | N to an operator before transmitting the user ID. The author will first search by referring to the _ to provide limited As long as this number is available, the dull author will then search the user ID for a limited number of possibilities. Aberdeen provides a payment solution that supports different payment models. These models can be face-to-face, remote, and postal. House

^ 1 rh can be used in a variety of different applications to make purchases, remote payments, and accounts | ^ 儿 骑. I ^, it will be able to use the principle of leverage to control 〖, '* key⑦, avoid re-investing in technical equipment, provide $ to justify the different needs of the parties involved, and use the principle of leverage and the characteristics of existing subnets And other standard gsm wei. It will be better and better: some existing mobile phones and cards work without modification!] 4 4 scenarios include remote payment, bus fare, parking f, gambling, ^ 4 purchase payment, and person-to-person Payment method. _ y / Department: The parties involved in 4 include—mobile phone users, mobile phone operators, —retailers, financial institutions, financial institutions, and payment promoters. Standardized payment procedures will preferably protect business logic, payment procedures and security ”and therefore make such technology more visible. The back-end application will be able to execute according to the user's desired payment and account_: the desired transaction. Brief description of the drawings In order to make it easier to understand the present invention and put it into practice, it will be made by ripping actual books without limitation. The present invention will be described with reference to the following drawings, where: . : The concept block diagram of the #lai relationship in the mobile payment system; the brother will show the overall structure of the relevant interface of the system; Figure 3 shows a mobile payment scenario according to the first form of the present invention. Conceptual block diagram of a trusted relationship; Figure 4 is a conceptual block diagram of a trusted relationship in a mobile payment scenario according to the second form of the present invention; and Figure 5 is a perspective of various forms of terminals that can be used with the present invention FIG. 6 is the program steps of the form of the invention; 15 200409521 FIG. 7 is the program steps of the first embodiment of the invention; FIG. 8 is the program steps of the second embodiment of the invention; FIG. 9 The program steps of the third embodiment of the present invention; FIG. 10 shows the program steps of the fourth embodiment of the present invention; FIG. 11 shows the program steps of the payment process of the present invention; and FIG. 12 shows the payment process of the present invention. Program steps; Figure 13 shows the program steps of the second form of the invention; Figure 14 shows the encryption level;

Figure 15 will show the call path; and Figure 16 will show some mobile networks where the present invention can be used. [Embodiment] | ^ Detailed description of the preferred embodiment

The present invention is for sewing and identification. It can be used for various purposes, including but not limited to identification and identification of users. It can also be used for a variety of different transactions, such as financial systems, financial systems, and payment systems. , And as well as registrants include pure for Internet = apps. For the above pure, the operation of the identification and identification system is essentially the same. The Dorai et al. Transaction will be explained below as a Wei example. But this translation is not secret. Please refer to Figure 1. First, there are more than one billion mobile phone users worldwide. The total number of SIM cards issued has reached 100 million. Proponents of different uses have established mutual trust. For the purpose of making mobile payments, multiple relationships are relevant, such as: Lili 16 mobile phone operators and their users; credit financial institutions and their retailers; financial institutions and their financial institution account holders; and credit card companies and their finance mechanism. —Phase 0 place 'If only the service of Deding is entered, these related relationships include the authors of the subscriptions and their users, and the service providers who need to perform authentication with their customers. ㈣L 赖 中 ’Certain trusted related functions will be allocated to other entities to provide overall services. The service provider conducts customer identification and the commissioning of the operator's subscription to the mobile phone service will form communications for different and different telecommunication channels. For transactions using the method of identification and identification of the present month, the trust of trust includes identification and identification of the pairing, from: turning age into two non-ships. _ Figure 1 is a conceptual block diagram of an automatic payment scenario. The irregular shape will represent the current situation-an unclear and untidy interface-there are many variations and situations. ·, ☆ Although M and other relationships have different security levels, users currently accept all levels, except for one, which is a secret payment between the operator and its user. This is regardless of the action of the thief = the system ', such as GSM with a higher security level. The high security level of GSM is mainly due to the use of smart cards, in this case the SIM card. It will be solid to build the trusted relationship shown in Figure 1-making changes to it 200409521 would be impractical and quite expensive. Referring now to Figure 2, a preferred embodiment of a system will be shown in accordance with the present invention. The dotted line near the payment facilitator indicates a function that can be stand-alone, or can be incorporated into the operator, or in the financial institution. Taking into account the prevailing threat environment and management requirements, different security levels will be available. You can choose only the identification and identification symbol, or = select the identification and identification symbol with a PIN.

The present invention will provide a cooperative relational model that will allow individuals to “pass on” trust—that is, appoint reliance on other parties. This action will be referred to as “Deegated Trust” ) ,,. Appointment of Reliance As shown in Figure 3, the operator has a reliance relationship with the financial institution. The honest user and the operator have another kind of trust. The user will give the mobile operator-Xiang Guan to execute transactions with the financial institution on behalf of the user. Come

The account used for mobile payments can be any of the following account types: a preship established with the bank's author or-financial institution; a paid account established with the bank's operator; a financial institution account; or a credit card account =. Financial transactions are limited by the country's financial management institutions, and if = f is required to have-a permit to obtain scale transfer to hold 1 account =, it will depend on individual rules. As shown in Figure 4, a cooperative relationship between the present invention and the financial institution, the financial institution has the necessary license certificate. ] 8 4 is called the commissioned financial structure financialization, where the operator will use the A money structure system to provide useful-financial institutions as a trusted partner f limited financial institutions financial services. The face-to-face meeting can be a rugged provider of bookkeepers ^.乂 Meng Rong institutions can only keep detailed information of those who do not need it. U side, and preferably and so-then, the operator can simply build

And = The maintenance of the seam households on the contact surface is based on the second force :: Γ land is managed by financial institutions, and is supported by user information provided by the operator.

Before referring to FIG. 5 ', the present invention can be used differently at a retailer: for example, a POS terminal 1Q with _. Using this kind of terminal agency, the issuer issued the magnetic stripe card 12 'a. This magnetic stripe card is linked: a special account established by the supporting credit / debit card company, so that the terminal "can call Supports an existing phone number of the card company; fixed network POS terminal 14 with software correction; wireless p0s terminal 16 _ connected to GSM W18. The magnetic stripe card 彳 2 will be sent to zero and will be connected to A new account created specifically for this service. The terminal M will be able to dial a new phone number to the payment promoter. According to the poS terminal, the magnetic stripe card 12 of the possible cocoa «« will be replaced with the A hot key (not shown) on the keyboard of the terminal. The retailer can be issued a new mobile POS terminal 16 with customized software to allow direct calls] 9 calls to the payment promoter; or GSM phone 2Q —Using the retailer STK SIM card, a GSM phone can be used as a dedicated terminal device. The retailer can be issued a specially programmed STKS | M card. 2. According to the present invention, both Provide the mobile payment with the user-after the kind No matter what type of payment is performed: a standard mobile phone can be used as a payment device. For face-to-face payment recognition, the mobile phone can be used with a POS terminal, ATM, vending machine or another interface-the same Use. From the user's point of view, each transaction contains a standard procedure similar to dialing-out a phone call or sending a message, but includes entering the identification and identification symbol, and if appropriate, including entering a PIN. The identification and identification symbol_operator's process towel is transmitted from the user's mobile phone. The program will facilitate the way of making a phone call or transmitting a message. When the operator receives the phone call or USSD (telecommunications system) The signalling system in the system will be responsible for this action), the dialed number will be taken out and used by the operator to start the identification and identification procedure. This procedure with SMS is different. First, the operator will Access in the same way as USSD in a voice phone or switch (at this time, the operator already knows who sent the SMS and the user requested an SMS) Receive the SMS. The operator will then pick up the designated SMSC number (default and stored in the SIM or the user's mobile phone and embedded in each transmitted SMS), and send the SMS (message) Forward to the appropriate SMSC. The SMSC will send the SMS to the designated destination number. SMS is not a better form of transmitting data from the user to the operator, because SMS inherently contains information about the origin of the message 200409521, The destination of water 1 contains shell material and a router in the message path. Figure 6 will show the steps used to identify and identify in a financial transaction process. Fresh steps = speaking = chart 1. Not in chart 1 User ** —— __ 4 The identification and identification symbol will be entered into the user's mobile phone and transmitted to the operator for identification and identification of a purchase action; 5. If required If so, the user will then enter a PIN. Retailer 1. The retailer will swipe a magnetic stripe card or use the hot key in the POS to start the payment and rotate the amount; 2. The retailer receives an identification and identification symbol from the promoter; 3. Retail The merchant sends the identification and identification to the customer only.

For other forms of transactions, the initialization actions of the program may be different. For example, when the user is logged in to Yingying or the Internet, the user starts the sign-in procedure and needs to swipe in _ magnetic card or specific uniqueness under the dust * and also needs to enter the amount of money. The start of the login procedure may be fresh, but the user will receive the authentication and identification symbol on his terminal, as will be explained below. This login procedure is equivalent to steps 1 and 2 described above. When the user's final appointment, identification, and identification, the user can view the identification and identification on his terminal before performing steps 4 and 5 on his mobile phone. 2] The operator will add at least one identifying detail of the user and then transmit the identification to the facilitator. The at least-identification details include the SIM card from the mobile phone and / or information from the mobile phone's wealth / the identification and identification symbol will be transmitted to the mobile phone. This may be any suitable component or components, such as printing from a p0s terminal = handed over to the user / customer, displayed on the p0s terminal, audio generated on p0s, or using wireless transmission The round-trip mode is transmitted from the pos terminal to the mobile phone. When the user's vision or hearing is impaired, more than one method can be used. If necessary, the identification and identification symbols can be input to the mobile phone by any suitable method, such as voice activation, key input, stylus input, and voice recognition. The PIN can be transmitted immediately before the identification and identification symbol, or he can transmit p | N immediately after the identification and identification symbol. It is only necessary to enter the PIN because of the reminder of the operator. If the system is intended for a limited range of users, the operator can approve the pN before entering the W of the identification and identification symbol, or before transmitting. In this way, the operator will know that the user (because it is different from the mobile phone) comes from the restricted range of the user. The operator can also approve the identification and identification code before transmitting the PIN. By transmitting the pin before the delta signal and the identification code, the operator can search by referring to the PIN. The result of this search should be limited possibilities-any number starting from 1. Therefore, when the identification and identification code is received, or when the user of the SIM card from the mobile phone is received, the operator's search for the old action 200409521 will be considerably restricted. This can speed up the process. This is because there may be users with the same user ID, but few users with the same PIN. The identification and identification symbol contains multiple characters. Each of these characters can be one or more of the following: a number, a letter, a graphic symbol, a punctuation mark, a pronunciation tone, and an ASCII character. The identification and identification symbols are randomly generated by the facilitator or other trusted parties. The resulting randomness is the number of characters used and / or the number of characters used. For example, in one example, there may be only numbers. It may consist of a son and daughter and a number symbol, or it may be composed of non-letter and non-numeric characters. It can contain characters available on any mobile phone button. The only limitation is that all characters used must be able to be transmitted by a mobile phone. If the speech recognition method is used, the characters on the keys of the mobile phone will not be limited. -The side clock and identification symbol will achieve two security levels ~ It will identify the specific identification procedure in progress and serve as a tracking device so that the promoter and the operator can pass through all steps in the procedure Reliably and reliably track the identification and identification performed, and identify the user / customer as the person included in the identification and identification process. In the process of conducting a six-party exchange, the second aspect will be more important because only the user will be included in the transaction. When combined with a personal security item taken from the user or the user's terminal / mobile phone, three security levels will be included. As can be clearly seen in Figure 16, when a mobile phone is processed, it will be confronted with 者 23, which provides the mobile phone's D as the dial-out of the phone-normal, so that the pure author knows to pay for the material. Shafting will provide identification.戠 Another level. When transmitting the authentication and identification symbol to the known author ', it will provide the second level of clocking and identification when establishing an authentication of the terminal / mobile phone. Because the mobile phone can be legalized or verified by another digit), it is expected that the _ will provide the third level of identification and identification. Therefore, the mobile phone will provide the identity of the mobile phone, and therefore = the identity of the owner of the mobile phone, the identification and identification symbol will place the face-to-face mobile phone in the identification and identification process, and the _ Z person identification Fu finally _ determined and made clear that the owner of the action Wei used and acted ", and that the owner is a person who has been identified and identified by 0 ^ Chuan ^ before the terminal of the heart 'can be used by the promoter to the clock And the identification symbol is added with the logo magic. We can have one or several labels. The temple can be used for many purposes. It includes but is not limited to the identification and identification of the origin of the payment number, the target terminal, 4乂 Ease is the subject of the appraisal and identification, the nature of the appraisal and identification, etc .: The ⑽ identification symbol may have a built-in time limit, so that the promoter must be in 敎, according to various factors, for example, . And value, etc. For example, the appropriate time is ^: the nature, the transaction is the speed of the confrontation (for example, toll booths, such as the super following coffee lion seconds, she is at a remote = 24 200409521 or a large purchase transaction is 60 Seconds. Time and the comparison as well as the way of identifying symbols. This one or two displays, digital __ devices, long bars __, etc. are displayed: the clock is sloppy and the city advancer (the promoter will need to Put on the information from the operator) will also perform 1 position = if so, if by checking that the unit cell used by the customer is a pass. This can also be done by Gu Laxian. Can be thoroughly related = Row_

Similar matching actions ~ During this period of hacking, various non-P

Communication.

Depending on various factors, the length of the clock and the identification symbol will be different, including but not limited to: the nature of the transaction, the location of the transaction, and the value of the transaction. For example, 'a few characters, such as 3 or 4 for low-value transactions and transactions requiring speed and / or transactions with low security: such as toll stations, parking lot σ); more characters ^, For example, 6 or 8 characters' such as "normal, transaction, and / or modest speed level and / or safety scale (such as a supermarket or department store) for the normal range of daily purchases; or Long character strings, such as 1 () to 16 characters, such as for large numbers of _ and / or when there is high safety or privacy, and / or when time is not an important factor, and / or for large numbers Squat transactions. If necessary or desired, the customer / user can use the p0s to enter the PIN. However, the t0p0s terminal should not be used by the user to enter the 6a identification and identification Symbol, because the symbol should be transmitted to the operator on different radio channels. Similarly, if the user ’s mobile phone SIM card is taken from the user 25, the user ID is not transmitted. So that it should also be transmitted on the second telecommunication channel. The involvement of both the retailer and the mobile phone user will be required. All enablers of the transaction are a function of the facilitator, a logical entity that may be a freely existing legal entity, or other participating parties, such as the operation Or financial institution.

The procedure in Figure 6 can also be used to start or stop a service. For example, a user can use the system to log in to the system, such as a POS terminal. If you follow the procedures for identification and identification as described above, you can give them the conditions and records. Therefore, the author gives the zero: a hard copy of the one held by the merchant, printed on the coffee (while printing the clock 2 and the identification symbol, or after performing the identification and identification), by transmitting to-Qi Electronics Mail or other messenger accounts, or available at the time. ㈣ 述 ❸_ Action Wei's time limit will shape how to proceed. For example, if the user has a phone-enabled pda == it will have sufficient σ thinking about the documents of these conditions and terms to be transmitted, and stored in the user's terminal. There are several methods that can be used to determine the user's acceptance, such as 姻 其 行 难 简 # , A printed version of the stamp of stamping money; the input P 丨 N or other personal identifier is on the action line P0 ... or by signing—a hard copy and the retailer will promote the: 26 Provide the use Having signed phase m, the material supplier then transmits the hard copy to the promoter using normal methods. Because the user of Wuxuan does not have the details of the & author who received the identification and identification symbol, this detail may be provided by the retailer in hard copy, or provided for the terms and conditions. Alternatively, it is possible to provide this kind of,,, and field festivals at the same time and to provide them by the same method as that of noodle set and identification symbol. This method can be used in other services, such as booking tickets for theaters, concerts, performances, sports competitions, tours, etc .; booking restaurants, restaurants, or other German, Han automobile or other I / equipment services; arrangements Maintenance personnel or other service providers perform services at home, office, or other locations. Similarly, it can be used to terminate a service, such as any of the aforementioned services. , General and four examples of a wireless payment transaction: 1. Replacement of prepaid receipts (only the operator); payments by couples (only by the operator); 3. Replacement of prepaid receipts (implication of financial institutions) ; And 4_ retail payments (implications of financial institutions). The following explains the four examples described above with reference to Figures 7 to 10. I include steps 1 and 2 in Figure 1 above, but they are not described in detail because for all four examples, identical. Brother 7 diagram will show the payment procedure of prepaid payment, in which the operator 27 is related to the retailer and acts as the payment promoter. 1.2 customers will pay the retailer with cash and attribute it to the customer's account; 2. the retailer will give the customer a towel and a note of "Lang symbol and amount 'or display it on the p0s phone, pos terminal display, computer display, knot = ㈣ display or other display device, the clock and the identification symbol and amount; 3 'Gu each transmitted clock and identification to the operator;

4. The retailer sends a payment request to the operator, and the operator will also act as the promoter; 5. The operator / facilitator will perform a matching check, and if it is broken, the retailer will confirm the additional fee; 6_ The dull author / facilitator sends a confirmation SMS to the customer; 7. The retailer will print a receipt and give it to the customer.

▲ Brother. Figure 8 will not show the payment procedure, in which the operator will charge the customer on his phone bill. So-come, the Lin will be the one who pays: Two = 'and' If not only-operators, it is better: Private second-party payment provider / facilitator. 1. The seller will give the customer an identification and identification code with the amount 2. The customer sends the identification and identification code to the operator; 3. If necessary, the customer will enter the PIN on the POS; 4. The operator will send the customer丨 D, II set "Promotion number, time, and location (optionally) to the facilitator; 28 200409521 5. The retailer transmits the PIN (if entered), amount, POS ID, retailer ID, identification, and Identification symbol and time to the promoter; 6. The operator sends the payment verification result-consent / rejection-to the promoter who forwarded this result to the retailer; 7. The operator sends a confirmation SMS to the customer; 8. The retailer will print Receipt and give it to the customer; and 9. (not shown) the customer will be charged by the mobile operator. Figure 9 illustrates the payment procedure for a prepaid payment, where the operator is not directly related to the retailer. When working with a financial institution, the operator can choose to obtain a prepayment from the retailer for the time of sale (not shown). As shown, the operator will act as the facilitator, although it is more appropriate to designate a third party to play this role. 1. The customer will pay the retailer with cash to attribute to the customer's account; 2. The retailer will give the customer a note with the identification and identification symbol and the amount; 3. The customer will make a call and transmit the identification and identification symbol; 4 The retailer sends a payment request to the financial institution; 5. The financial institution sends a payment proposal to the operator; 6. The operator confirms the additional fees to the financial institution, and the financial institution forwards this message to the retailer; 7. The operator Send a confirmation SMS to the customer; 8. The retailer will print the receipt and give it to the customer. 29 200409521 Figure 10 shows the payment process for face-to-face payments, which includes a financial institution and a third-party payment promoter. This scenario is typically used in an environment with multiple operators. 1. The retailer will give the customer a note with the identification and identification symbol and amount; 2. The customer will make a phone call and transmit the identification and identification symbol; 3. If necessary, the customer will enter a PIN on the POS; 4. Action The customer transmits D, identification and identification symbol, time, and location, if necessary or desired, to the payment promoter; 5. the retailer transmits PIN (if entered), amount, POS ID, retailer D, Identification and identification symbols, time; 6. Facilitator checks its database and identifies and identifies customers; 7. Facilitator transmits customers, identification and identification symbols, POS ID, retailer ID, time, amount and PIN (if (Input) to financial institution; 8. Financial institution sends payment verification result-consent / rejection-forward this result to promoter and retailer-this will be forwarded to the retailer; 9. promoter sends confirmation SMS to customer; 10 The retailer will print the receipt and give it to the customer. Figure 11 shows the payment process, and Figure 12 shows the payment process: 30 200409521 1. The user and the retailer initiate the payment; 2. The mobile operator extracts the transaction information; 3. The payment facilitates To match the information; and 4. arrange the path of payment instructions to financial institutions. The user should have: a. An effective telephone service ordered with the mobile operator and a mobile phone that can be used with telecommunication systems with signaling functions, such as GSM; b. A login service according to the invention; c. Must have An account associated with the service. The scope of the payment method selected by the user is based on the implementation of the solution and the agreement between the parties involved. Possible account types include: • Prepaid accounts (provided by the operator or a financial institution); • Mobile phone paid accounts (provided by the operator); • Credit card accounts; • Debit card accounts; • Other financial institution accounts . d. need to comply with the terms and conditions of the service; e. must pay for the service used; f. will be responsible for protecting the mobile phone and any PIN associated with the service; and 31 200409521… ^ 1 to inform the Secretary Trainees, if their mobile phones are lost or stolen, so as to avoid personal financial losses. Car: = parking fee 'will have to log in to the user ’s car. The operator should: • implement the required service components; • provide the user with the service's prediction; • = for his actions and the future This service can be used by infrastructure construction companies; • Provide trusted services for commissions; • Accounts that provide this service; • Extract and transmit trusted information for additional costs to accounts; • Send bills and collect payments; • Generate And maintain a record of all transactions; • sell and promote the service; and • support the user through what his customers care about. _The author needs to provide the following information to the payment promoter for each transaction: a. User identity (for example, MSISDN); b. Retailer and Pos terminal body; c. Time stamp; d. Location information ( (Optional). If the communication on this link is on a computer network or the Internet, no operator or ISP is required. 200409521 I know that the author can send a PIN that can be encrypted. If the operator is expected to pay for the service of the payer's phone bill, the user may not need its 2 employees, and the service will then be completely under the control of the operator: selectively, The operator can use the assistance of the user's location to divide its service area into multiple areas in order to improve security: the financial institution has two options, depending on whether the trust is completed or not.

If Ren Zhi completes the transaction, the financial institution can execute the transaction without having to modify the deposited procedures. If there is no trust, the institution may need to provide an interface between its line and the payer, and possibly an operator. "To-a kind to use from. The new logic of the payment information received by the promoters to execute transactions. The payment promoter should: • implement the required service components and interfaces; • set the user profile;

• Receive a payment instruction to pair the data to generate a transaction; • Determine the payment method and submit the transaction to the selected payment provider; • Generate a confirmation message for the transaction; • Generate and maintain records of all transactions; and • Provide back-end support to customer concerns of other parties. Sixty solutions require a database solution that will complete the matching of data and generate a payment age. This solution must be able to scale to handle the intersection of large I. It runs on operating systems that are widely used today. 200409521 The database typically contains users | D with related payment profiles, and retailers | D or service with optional -related profiles. The payment facilitator must establish this button and other parties' interfaces included in the payment chain such as operators, financial institutions, and retailers. . The Xuanfu recognition promoter (or a special third party) will need to generate the identification and identification payment number and send it to the retailer, and can forward an encrypted PIN to make a large amount of payment. For users of mobile phones, the present invention will work with existing S | M cards and / or mobile phones. If the mobile phone is used as a Pos terminal, a lock is preferred. The merchant will pass the $ -system programming stks | m card to the author, and the network i and the respondent will only use the server to retrieve and transmit the trusted payment information. The following services will be possible: • Prepayment of additional account fees on the retail channel; = Knowledge authors pay for goods and / or services on the material channel, such as prepaid or paid accounts; use of financial institutions on the retail channel for payment 1 item for goods and / or services, such as a financial institution, debit card or credit card account, or: 4-inch prepaid financial institution account; • Internet payments; reliance and payment for use of equipment, such as tennis courts; • for Admission fees are paid; ten are for public transportation fees; 34 200409521 • V fare payments, and • Money transfers made in your account. f: "Explain how to encrypt data on individual entities. Provide various security services, Internet security, etc., such as SSL, team, and specific interception to provide security

In the industry, she must have been observing ^ Wang Ji ★ ’and surpassed the standard used to solve problems today, == problem. The operation in the past 10 years is based on the existence of 2G and 2 additions, and has security (to make the static author 2 included in the payment materials to work, will be able to use the author _ 部 stan㈣ and the line Anliquan, or New Zealand has been deployed but the operator's payment system is more

Desire :: The best way to perform end-to-end encryption. This means that all aspects of handling PINs, such as less money, management, verification methods, etc., will be briefly considered by individual terminal entities (such as financial institutions). The encrypted PIN can be transmitted by the payment promoter through the day. For small amount of procurement and / or payment, you do not need p | N to allow the number of suspected lion materials _ such as 2: Wall Lai Fu Second, you need to perform PIN identification. Various transaction types can be identified using a label that indicates what is needed. Payments that are 'unnecessary' during a specified period will be restricted based on the amount or number of transactions. It may be possible to implement the PIN system in one or more of the following ways: 35 200409521 • Submit P 丨 N as part of the authentication and identification symbol string dialed by the customer; or • Submit the pin through the POS terminal or computer. In the first case, if USSD is used, it will mean GSM security. The existing GSM infrastructure does not provide PIN end-to-end encryption (the input is part of the USSD string) between the mobile phone user (customer) and the financial institution. However, by encrypting the PIN at the base station (BTS / BSC) level, a high degree of security can be achieved because the user's true identity will not be used. Instead, an alias is used, the Mobile User Temporary Identifier (TMSI). TMSI is a GSM security feature that provides user identity protection and is managed by the VLR or MSC / VLR. Although the base station infrastructure must be modified, this method will use existing SIM cards and mobile phones to enable PIN "near-to-end," encryption operations. When using a POS terminal to enter a PIN The PIN can be encrypted with a secure access module (SAM) in p0s. The financial institution can own X SAM. The mobile phone used as a p0s terminal will use a special "retailer SIM" Card ,, which embeds SAM and pos application private. By encrypting the data in individual channels, a high level of security should be achieved. Therefore: Picking up customers does not need to reveal their identity to the retailer or the retailer's terminal or computer; and 36 η In the sequence of identifying the King of Spears, the required information is derived from two separate transmission channels. Information from a single channel is not effective in preventing fraud. -The two channels may not be directly linked or connected. The customer will be able to communicate directly with the operator and the retailer will be able to communicate directly with the promoter. The operator will communicate with the facilitator. Therefore, there is no direct data link between customers and retailers. As a result, the retailer was unable to obtain information on customer identity, PIN or account details. The two main weaknesses of the system are: • insiders can use technically simple ways to commit crimes; and • the problem of lost or stolen mobile phones. Technically, the system can be protected from being attacked by eavesdroppers on the mobile network, and it can also be protected from data being intercepted on POS. An attacker must attack two channels at the same time to succeed. Traditional username / password attacks are not possible because the details of the user are never revealed to the retailer, the retailer's terminal, or the computer. Even if the password is retrieved (using a key code recorder), it is useless because the attacker cannot access the user's mobile phone for authentication. Because two channels are used, if one channel is not functioning, or if a denial of service is activated on either channel, the system can interrupt the supply of services. As shown in Figure 15, the service is based on two separate channels that are available at the same time and operate using the necessary post-37 procedures and links. The four main important link paths for payment transactions are reduced in Figure 15. Owner experience, performance, and reliability are all important factors that make mobile payment services work. As such, it is important for troubleshooting to determine the age at which errors occur. The following description will briefly describe σ different connection paths and associated confirmation messages. Paths 1-3 are the main paths customers will go through in the course of a transaction ^. Mu Si said that the Xuxiang service for making mobile phones has not provided users with confirmation that their requests have been processed. Conversely, the service's Uil action has also constituted a cancer recognition message. The better {will try to generate a confirmation message for each parent. The method used to deliver the confirmation message and the content of the delivered message will be & based on the Internet. The confirmation message for the start of a normal successful transaction typically contains the message "Your transaction is being processed-please be patient". Mistakes in mobile phone paths are not uncommon and are typically due to network congestion. However, even with a fairly light load, a small number of call setup errors are "normal," because the Aloha protocol used for the initial network access request will use a random access burst. Most Your phone will respond to this problem by returning to idle mode without displaying any error message. If the call settings are incorrect, there should be no confirmation message. The phone will return to idle mode. During this period, if a confirmation message is not received, the user will need to redial the number of Shima 0 38 chuan 0409521. If the user is not connected, they can try to dial the same number several times in a row. This does not pose a problem, as the transaction will only be paired once. If an error code is used, the operator will likely detect an incorrect fare and identification symbol and generate an error confirmation message requesting that The user redials. In some areas, the coverage area of the base station is small. However, the signaling mechanism in some networks It is more powerful than the voice call function. If the signal is too weak to extract user information, there is no need to generate a confirmation message. Rarely, the request may be passed, but the confirmation message may not be passed. If the The transaction was properly completed, which does not pose a problem, because a receipt will be printed on the POS terminal or displayed on the POS terminal. If the mobile network has -item-generality If it is wrong, the mobile user will be aware of this problem and will not make calls or make payments. Paths 2-4 are routed between the retailer's PqS and the promoter. If there is a valid response, the time will be suspended and a receipt will be issued, which will indicate that the transaction was unsuccessful. The suspension delay of the POS will not be longer than that of the promoter.

2. Lu Xier is the link between the operator and the promoter. This is usually a lease, spring road, or an Internet connection using SSL. Mobile users or retailers cannot see the pauses in this link. If the link is interrupted, a matching action cannot be completed and the identification / payment process will be suspended at Miscellaneous 4. If an error message is not sent to S 39 4 4200409521, the p0s will also be suspended. Paths 4-5 are paths between facilitators and financial institutions. After a successful match, the facilitator will forward the payment request (or, if appropriate, generate and forward a payment request) to the financial institution ... once the request has been processed, the financial institution will send the payment The result of the request is transmitted back. An error in this path will create a pause at the facilitator. After that, the promoter can generate an error message to the mobile user. The mechanism that the network uses to accept and propagate dialled numbers through various network nodes will vary depending on the format of the number and the type of network. In the GSM system, the available options are, for example, or dial out a voice call that will terminate on the switch. The facilitator is a _line ± database, which needs to communicate with a small number of mobile operators (a large number of transactions), many retailers (single-transactions), and a small number of financial institutions (big! Father easy). The action of adding people to arrange information (that is, they want to pass $ to $) can be performed by the operator or facilitator. If the road # 安 师 讯 细 此 ㈣ 面 话, including all users The -㈣ library should be available. _New customers will need to log in. A formal contract will be required between the customer and the mobile operator, which will agree to provide the user identification information to other parties, and a formal contract will be required between the customer and each service provider. One or more seams on us can be assigned to issue Γ'4 ° The customer will sign by dialing the number printed on the note. The subscription operator will provide user details to the promoter. 40 200409521 In the past, the line made a return to "the correct identity of its own _ its user, and the 16th line shows the currently used road, and the operator takes 1 for each _ phone call And holds the caller D, Hasaki number (number), communication room, and call location. The location is normally located at the base station that received the call first. Mouth ~ Hua Ke thief to register the number

The machine will have no face value ’because he expected to know the name of the county finance minister and any account details. The stolen phone should be reported to the operator to reduce the thief's attempt to log on to the phone for his own use. To reduce this risk, users must log in using their name or other credentials known only to the original phone owner and the operator, such as birth date. When a mobile operator or promoter is reported to have lost or received a mobile phone, the account will be blocked and cannot be used. Service can only be resumed if the author_customer account is captured. heart

The authentication of other transaction forms is similar to the payment system described. However, financial institutions may not be included and the start of the transaction may be different, as described in relation to Figure 6. Examples of the Wei Ding method used when logging in are: • Entering the website, confirming an online transaction, and logging in to | Sp. Figure 13 shows an authentication procedure according to the present invention, which procedure is used to board a person to a serving or gateway towel. The author will also be __ by: ^ The login request sent is used by the user. This may or may not be the user's own or normal computer; 41 200409521 2. The promoter will generate and send identification and identification symbols to the user's computer; 3. The computer will display the fields with the identification and identification symbol and password Position login screen; 4. The user will enter the identification and identification symbol on his mobile phone and send the identification and identification symbol to the operator; 5. The operator will receive the identification and identification symbol from the user's mobile phone and Identify and identify the user; and 6. If required, the user will enter a PIN. This action can be performed before step 4. The advantage of using such an authentication and identification program is that the user can log in to a website, such as an Internet cafe, in various locations without risking his user name and password being retrieved. Regardless of whether or not the relevant parent is involved or not, a major step in the identification and identification procedure for each preferred embodiment is to receive the identification and identification symbol on a telecommunication channel, and The second electric L frequency transmits the identification and identification symbol with the user D to the operator. Distinguish the information on two separate channels. When combined with single-use Luding and Lang «, the GSM system will be provided with security-a safe level and easy to use, which cannot be achieved by the know-how . Having described the above preferred embodiments of the present invention, those skilled in the art will understand that many design changes, constructions, or operations of the present invention can be made without departing from the present invention. This booklet will extend all features disclosed individually or in combination. 42 200409521 [Brief description of the diagram] Figure 1 is a conceptual block diagram of the trusted relationship in a normal mobile payment system, and Figure 2 will show the overall architecture of the relevant interface of the system; Figure 3 is a diagram according to the present invention. Conceptual block diagram of a trusted relationship in a form of a mobile payment scenario; Figure 4 is a conceptual block diagram of a trusted relationship in a form of a mobile payment scenario according to the second form of the invention; and Figure 5 is a diagram that can be used with the present invention Perspective views of various types of terminals, FIG. 6 is a program step of one form of the present invention; FIG. 7 is a program step of the first embodiment of the present invention; and FIG. 8 is a view of a second embodiment of the present invention. Program steps; Figure 9 is the program steps of the third embodiment of the present invention; Figure 10 is the program steps of the fourth embodiment of the present invention; Figure 11 is the program steps of the payment procedure of the present invention; Figure 12 is The program steps of the payment process of the present invention; FIG. 13 is the program steps of the second form of the present invention; FIG. 14 will show the encryption level; FIG. 15 will show the call path; It will demonstrate the use of certain mobile networks invention. [Representative symbol table of the main components of the figure] 10 POS terminal 12 Magnetic stripe card 43 200409521 14 Fixed-line P0S terminal 16 Wireless P0S terminal 18 GSM phone 20 GSM phone

44

Claims (1)

Scope of patent application: 1. A method for identifying and identifying a user, thereby enabling: ⑻ the first terminal to communicate with the _ promoter on the-telecommunication channel; and (b) the second The terminal can communicate with the operator on the second telecommunication channel 'and the operator and the promoter can communicate with each other, where (c) and = need to be operated by the operator, the promoter, or the second terminal "Hidi's terminal provided the identity information of the user; (d) The author, the promoter, or the first terminal provided the identity information of the first terminal to the second terminal. And ('e) any communication between the first terminal and the facilitator does not need to contain information about the identity of the user or the second terminal; and (f) the second terminal Any communication with the operator does not need to include information about the identity of the user. 2. If the method of the scope of patent application item 1, the promoter will generate a Only one time A promoter message of the identification and identification symbol used; the promoter will use the first telecommunication channel to transmit the information of the promoter including the identification and identification symbol to the first terminal. The method of 2 wherein the first terminal will receive the promoter message including the identification and identification symbol from the promoter to enable the identification and identification symbol to be transmitted and input to the 45 200409521 brother. And the second terminal will communicate the clock and the identification symbol to the operator on the second telecommunication channel. 4. If you want to apply for the method of item 3, the author will receive, ^, ; And the identification and identification symbol of the machine, and the identification and identification number have been added to at least one identification of the second terminal, 'Tianjie and 4 Tochigi author will transmit the Zhongding to the promoter And the identification symbol and at least one identification detail of the second terminal. 5. If the method of the scope of patent application is No. 4, the promoter will receive the identification from the dull author and At least one identification detail of the identification symbol and the second terminal, using the identification and identification symbol to retrieve the message, checking the identification and identification symbol in the message for the identification and identification symbol received, and After performing a successful matching action, the promoter will provide the first terminal with an authentication message containing the user's authentication, and the authentication message is transmitted on the first telecommunication channel. The method according to any one of claims 1 to 5, in which the identification and identification are part of a trading system, and the trading system is selected from one or more of the following items: A financial transaction, a payment transaction, a queue transaction, a service provider's login or logout action, making an appointment or reservation, a service provider arranging a service, a service provider interrupting a service , And signing in to an app or internet silk. 7. The method according to any one of claims 1 to 5 of the patent application park, wherein the first terminal is a terminal of a retailer. 46 200409521 8. If the party applying for item 7 of the patent scope is a point of sale terminal. / Go to where the retailer's terminal 9_ If the method of any one of the patent application scope item 1 to 禾 μ and S, the terminal of the brother is the user's action order, 10. For example, if the scope of the patent application is the 9th electronic method, the first identification details of the second terminal include at least one information item from the card of the mobile phone. The card is -SIM card, _card Or a UICC card 11. Rushen, the method of the 5th mission of the second round of observation, wherein at least the identification details of the second terminal includes at least one item taken from the second terminal. 12. The method of applying for the second item of the patent application, wherein the identification and identification number is obtained by viewing the identification and identification symbol on the first terminal and / or on a display connected to the first terminal. The user is transmitted to the second terminal, and the user is entering the identification and identification code into the second terminal. 13. The method of claim 2 in the scope of patent application, wherein the identification and identification symbol is printed on the first terminal and a printed version of the identification and identification symbol is transmitted to the user for rotation To the second terminal. 14. The method of claim 2 in the scope of patent application, wherein the identification and identification symbol can be transmitted from the first terminal to the second terminal by wireless transmission. 47 200409521 15. If the method of the 12th or 13th in the scope of patent application is applied, the authentication and identification symbol can be input into the second terminal by voice activation. 16. If the method of any one of claims 1 to 5 of the scope of patent application, when transmitting the identification and identification symbol to the operator, user data identifying the user will also be transmitted. 17. The method of claim 16 in which the user data is transmitted immediately before the identification and identification symbol. 18. If the method of claim 17 is applied for, the operator will approve the user data before entering the identification and identification code. 19. For the method of applying for the scope of the patent No. 17, wherein the operator will approve the user data before transmitting the identification and identification symbol. 20. The method of claim 16 in which the user profile is a PIN. 21. The method according to item 2 of the patent application, wherein the identification and identification symbol includes multiple characters, and each of the multiple characters is selected from the group consisting of: a number, a letter, A graphic symbol, a punctuation mark, a pronunciation tone, and an ASCII character. 22. The method according to any one of claims 1 to 5, wherein the promoter is the same entity as the operator. 23. The method according to any one of claims 1 to 5 in which the facilitator and the operator are different entities. 24. The method according to any one of claims 1 to 5 in which the facilitator is part of a financial institution. 48 4 4200409521 25. If the method of applying any of the items 1 to 5 in the scope of the patent application, the operator will provide a variety of financial services. % If you apply for the reversal method, when the in-service user transmits the identification and identification symbol to the operator, the operator will provide a confirmation message to the user. 27. Shishen σ month patent | Method of encircling item 2, wherein the clock and identification symbol are randomly generated by the promoter. 28. The method of claim 27 in the scope of patent application, wherein the identification and identification symbol will identify the identification procedure of the towel, as a tracking device to enable the promoter and the operator to pass through the program in the program. All steps follow the ongoing identification and identification procedure, and identify the second terminal as being included in the identification and identification procedure. 29. The method of claim 16 in which the user profile identifies the user as a person using the second terminal. 30. If the method of any one of claims 1 to 5 is applied for, the user does not need to provide the first terminal or any operator of the first terminal with any information about the user or Identity information or data of the second terminal, and if the user or the second terminal provides the first terminal or the operator of the first terminal with information about the user or the second terminal In the case of identity data or information, such information or data cannot be input into the first terminal and cannot be transmitted from the first terminal to the promoter. 31. A method for identifying and identifying a user, by which: 49 4 4200409521 (a) the first terminal can communicate with a promoter on the first telecommunication channel; and (b) the second party The second terminal will communicate with an operator on the second telecommunication channel, and the operator and the promoter are able to communicate with each other; in response to a request from the first terminal: (c) the The facilitator will generate a message containing a single-use identification and identification symbol intended for use in a single identification procedure; (d) the facilitator will use the first telecommunications channel to transmit the identification and identification symbol The message to the first terminal; (e) the first terminal will receive the message containing the identification and identification symbol from the promoter; (f) the identification and identification symbol will be transmitted and input to The second terminal; (g) the second terminal will transmit the identification and identification symbol to the operator on the second telecommunication channel; (h) the operator will receive the second terminal from the second terminal; Identification and identification symbols, and at least one identification detail of the user has been added to the identification and identification symbols; ⑴ the operator will transmit the identification and identification symbols and at least one identification details of the user to the promoter; (j) the promoter will receive the identification and identification symbol from the operator and at least one identification detail of the user, and use the identification and identification symbol to retrieve the message; 50 200409521 (k) the promoter will Check the identification and identification symbol in the message based on the identification and identification symbol received in step (h); and (丨) after performing a successful matching action in step ⑴, the promoter will The first terminal provides an authentication message including an identification of the user, and the authentication message is transmitted on the first telecommunication channel. 32. The method of claim 31, wherein the second terminal is a mobile phone of the user. 33. The method of claim 32, wherein the first terminal is a terminal of a retailer, and the first terminal is a point of sale terminal. 34. The method according to any one of claims 1 to 5 and 31 to 33 in the scope of patent application, wherein any transmission action on the second telecommunication channel uses a telecommunication with a signaling function System to proceed. 35. The method of claim 34, wherein the telecommunications system is a GSM system. The method of claim 2 or any one of items 31 to 33, wherein the identification and identification symbol are identified by at least one tag. For example, the method of claim 36, wherein the at least one tag contains information about one or more items selected from the group consisting of: · origin, destination, transaction, and identification. 5] 200409521 36. If the method of applying for any of the items 5 or 31 to 33 in the scope of patent application, wherein the identification and identification symbol has a predetermined period, during which the promoter must perform This matching action, otherwise the identification and identification symbol will be invalid. 37. The method of claim 38, wherein the first terminal or any display device connected to the first terminal will display the remaining time of the predetermined period. 38. If the method of claim 5 or any one of items 31 to 33 is applied for, the operator will perform an operation based on a position of the second terminal and a position of the first terminal. Item position matching check. 39. The method according to item 40 of the patent application, wherein the position matching check is performed based on the location of the second terminal according to a unit cell where the position is found or using GPS technology. If applying for the method in any of the patent scope 5 or 31 to 33, the promoter will also perform a time matching check. 40. The method of claim 2 or any one of items 31 to 33, wherein the identification and identification symbol will have different lengths based on predetermined factors. For example, in the method of applying for the scope of patent No. 43, the preset factors include one or more selected from the group consisting of: the nature of the transaction, the value of the transaction, and the location of the user. A method of transmitting and using a PIN, where the PIN will be transmitted to an operator before 52 200409521 a user ID, and the operator will first search with reference to the PIN to provide a limited number of possibilities for the operator The user ro will then be searched for the limited number of possibilities. 53