[go: up one dir, main page]

WO2009090428A1 - Mobile approval system and method - Google Patents

Mobile approval system and method Download PDF

Info

Publication number
WO2009090428A1
WO2009090428A1 PCT/GB2009/050029 GB2009050029W WO2009090428A1 WO 2009090428 A1 WO2009090428 A1 WO 2009090428A1 GB 2009050029 W GB2009050029 W GB 2009050029W WO 2009090428 A1 WO2009090428 A1 WO 2009090428A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
approval
over
unsecured
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/GB2009/050029
Other languages
French (fr)
Inventor
Vedat Demir
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Group PLC
Original Assignee
Vodafone Group PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Group PLC filed Critical Vodafone Group PLC
Publication of WO2009090428A1 publication Critical patent/WO2009090428A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the invention relates to a system and method for providing the approval of transactions such as banking, login into sub-networks and filling in of e-questionnaires etc. on secured GSM networks in a session-based structure realized over the Internet or similar networks, which are not secured and which require an approval.
  • the internet represents an example of an unsecured network where there is little control or governance around the allocation or uses of IP addresses to identify or verify identification of an actual user. Access permission or transaction authorisation over such unsecured networks have therefore heavily relied on password/identification processes to verify an end users identity and to permit such actions or transactions.
  • GSM Networks
  • GSM Global System for Mobile communications
  • ETSI European Telecommunications Standards Institute
  • transaction authorisation can be effected and realized directly on GSM networks, examples of which are disclosed in the following patent specifications, US 6,665,529 Bl (Mills, Jr) and US 5,642,401 (Yahagi)
  • the basic differentiation achieved by the subject invention is, that whilst transactions are carried out over unsecured networks, they are authorized over secured over mobile telecommunications (eg. GSM)networks.
  • GSM mobile telecommunications
  • the invention considers the problems associated with different networks having different network integrity within the system and interacts with session-based clients existing in these different networks and operates with different protocols to carry out and effect authorization over a secured GSM network..
  • the client requests a service from the Application Web Site.
  • the client enters the incoming password to the appropriate screen on the Application Web Site.
  • the basic problem of the prior art to be addressed by the current invention is to effect a simple and efficient approval of transactions or other events over unsecured networks in a secured environment (such as a GSM network), by means of a session-based structure and server oriented and thus to secure the requests of the users.
  • a secured environment such as a GSM network
  • the unsecured network is the internet and the secured standardised mobile telecommunications network is a GSM network.
  • the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the protocols used in the secured standardised mobile telecommunications network employ session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
  • session-based USSD Unstructured Supplementary Service Data
  • the method of the invention will utilise a gateway functioning as an approval server between the internet network and GSM network, such gateway processing internet protocol authorisation requests from the internet network to enable such requests to be converted to session-based USSD service protocols to be sent over the GSM network.
  • a gateway functioning as an approval server between the internet network and GSM network
  • This is usually effected by an internet application sending an authorisation request relating to a transaction to the approval server over an internet session wherein such request is processed for transmission over the GSM network to a targeted mobile device registered on that GSM network for actioning.
  • the method will further, preferably, comprise the step of facilitating the mobile device with a client configured to recognise such request via a USSD session and to enable the user of such device respond thereto by a second USSD session over the same GSM network, via the approval server, to the internet application.
  • a method of effecting secure transactions over an unsecured network by requiring an approval step over a second, secure, network wherein approval is effected through a secured standardised mobile telecommunications network in a session based structure wherein a transaction request is submitted to a network application over the unsecured network and said network application initiates an approval process over the secured standardised mobile telecommunications network in a session based structure.
  • This approval process may first transmit an approval request to the mobile telecommunications network via a gateway between the secure and unsecured network, wherein the mobile telecommunications network then transmits the approval request over a secure network to a designated approver device securely registered to such secure network and the designated approver device is configured to effect an approval response to such request and return such approval response, via the secure network, to the gateway for onward transmission to the network application.
  • the inventive method will further comprise the step of having the gateway convert the approval request from the first, unsecured network protocol, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, and having the gateway convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network.
  • a preferred embodiment of the invention provides that the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the secured network comprises a GSM network with the protocols used in the GSM network employing session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
  • GSM Global System for Mobile communications
  • the approval request is initiated by an end user interoperating with the network application and comprises the steps of providing an identifier associated by such end user which is incorporated with the approval request, such identifier being recognisable by the secure network to enable the secure network to deliver such approval request to an approver device associated with the end user.
  • the approver device may be a mobile telephone registered to said user or the users employer. It is important to note that the approver device does not need to be physically associated with the actual user, as it is merely a vehicle to provide approval over a secure and trusted network
  • an approval system for effecting secure transactions over an unsecured network( eg the internet) by requiring an approval step over a second, secure, network wherein approval is effected through a said second secure network in a session based structure
  • said system comprising an unsecured network having a user facing network interface (an internet web site accessible via the internet) , a secured mobile telecommunication network (eg GSM) having at least one mobile device securely registered thereon and a gateway between said secured and unsecured networks, wherein the gateway is configured to recognise and convert an approval request from the first, unsecured network protocols, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, to the mobile device for requesting approval.
  • GSM secured mobile telecommunication network
  • the gateway is further configured to recognise and convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network to the network interface.
  • the subject approval system is superior in terms of its flexible and instant answering features. In some applications, these features are compulsory.
  • GSM networks provide features enabling the direct access of user and to start the transaction by the server.
  • the server sends the service request for approval only to the related person. Even if 3rd parties obtain this information, they will not be able to initiate the transactions of other users.
  • FIG. 2 The proposed mobile approval method according to the present invention: The proposed session-based mobile approval method is explained in this figure with reference to the following specific description.
  • FIG. 3- The Functioning of the Mobile Approval System and its Method: schematic illustration explaining the steps of approval of the transactions over secured GSM networks in a session-based structure realized over unsecured networks.
  • the Mobile Approval System and Method is a system and method providing the approval of transactions such as banking, login into sub-networks (e.g. accessing secure files held on a remote database) and e-questionnaire on secured GSM networks in a session-based structure realized over the Internet or similar networks, which are not secured and which require approval for security purposes.
  • the specific embodiment of the invention to be described herein contains a system and a method which provides the connection between unsecured networks (herein the internet) and mobile telecommunication networks (herein, by way of preferred example) GSM networks.
  • This system uses protocols, which the Internet network supports on the unsecured Internet side and the session-based USSD service protocols operating on all mobile telephones on the SS7-based GSM network.
  • GSM networks are superior in terms of security and coverage area and user access.
  • GSM networks cover more than 98% of the living areas.
  • GSM network Another important advantage of GSM network is, that it is much securer than Internet network.
  • terminal devices telephones
  • GSM Global System for Mobile communications
  • security and registration processes of GSM networks can be readily referenced from publicly available resources (GSM Association, ETSI and most reference repositories).
  • SIM subscriber identity modules
  • IMSI International Mobile Subscriber Identity and MSISDN (the number uniquely identifying a subscription in a GSM or UMTS mobile network)
  • the internet site has no means to identify or trust the user requesting a transaction (the term transaction is not limited to a financial transaction, such as payment for goods, but may be a security transaction requesting access to controlled information)
  • the gateway taking over the functioning of an "Approval Server" between the Internet network and the GSM networks.
  • This gateway service requests coming over the Internet network are processed by the interfaces listening to the Internet protocols of the gateway and sent to the GSM networks over USSD (Unstructured Supplementary Service Data).
  • USSD is the technology operating in all existing telephones being the unique application, which is session-based in GSM networks.
  • the USSD can set up a session-based communication between the Internet network and the GSM network.
  • a secured approval mechanism can be established between the Internet network, which offers variety of services and the secured GSM networks. For instance, when shopping is made over the Internet, a menu can be offered to request the approval for the transaction of the shopping over the mobile phone or to enter the approval password.
  • an internet application will be provided with an authorisation client which is configured, when requested to initiate a secure approval process over a secure GSM network. This may take the form of requesting the user to enter a telephone number associated with an account number for accessing certain restricted information.
  • the authorisation client will then be configured to contact a first server associated with that account number to determine the phone number is recognised as a valid number of that account. If yes, the server will pass a session based request using standard internet protocol to a gateway server which serves to convert the authorisation request to the appropriate USSD service protocols to passed to the GSM network to be processed.
  • the GSM network is able to identify the appropriate device associated with the entered telephone number and transmit the authorisation request to that device.
  • the device will have an authorisation client which is configured to recognise the authorisation request and launch an application on the mobile device allowing the device user to accept or reject such request and transmit such response back to the network through a further USSD session.
  • This response is subsequently passed to the gateway where it is again processed to convert to the necessary internet protocols to be communicated back to the internet application.
  • the internet application can then approve or reject the requested transaction.
  • the authorisation request may involve the user of a device being prompted to enter a code displayed on the internet application when prompted by his handset requesting authorisation.
  • this is not necessary as the authoriser does not need to be the person accessing the specific internet application.
  • the client requests a service (a request for Electronic Fund Transfer or shopping) from the Application Web Site.
  • This request reaches the Bank's Virtual Server operating under the Bank Web Server.
  • the Bank sends this request received to the "Approval Server".
  • an Internet session is opened between the "Approval Server " and the bank.
  • the Approval Server sends the received request to the USSD system of the GSM operator by using the USSD service protocols in order to send it to the user.
  • the alert for approval request is sent to the client over the GSM network by opening an USSD session (Here, the user can be sent an approval alert in form of a menu, which requests the approval or the entering of the approval password).
  • the client processes the incoming request (selects the option over the menu or enters the approval password).
  • the answer of the client reaches the USSD system of the GSM operator via the USSD session.
  • the 'Approval Server' returns this reply to the bank via the Internet session opened. 10.
  • the bank returns the reply of the client to the Application Web Site, which has made the request.
  • the Application Web Site in return gives information related to the approval to the client making the request.
  • the invention Whilst the specific embodiment relates to the internet and a GSM network, the invention is not so limited. The invention could apply to the implementation on any unsecured network or any standards defined (ie. Specified by an Internationally recognised Standards Setting organisation - such as ETSI or 3GPP) secure mobile telecommunication network (eg UMTS Universal Mobile Telecommunications System) and any reference herein to GMS should be construed accordingly.
  • any standards defined ie. Specified by an Internationally recognised Standards Setting organisation - such as ETSI or 3GPP
  • secure mobile telecommunication network eg UMTS Universal Mobile Telecommunications System
  • the user is requested to enter the password or the approval of the menu into the mobile phone, so that with this action there is no need for another interface and as there is only one session open between the user and the bank, nobody else can interfere.
  • the approval mechanism is the mobile phone when shopping is realized with a credit card, others will not be able to use the credit card or the information even though they pass into the hands of others.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Mobile Approval System and Method is a system and method providing the approval of transactions such as banking, login into sub-networks and e-questionnaire on secured GSM networks in a session-based structure realized over the Internet or similar networks, which are not secured and which require an approval. This invention uses protocols, which the Internet network supports on the unsecured Internet side and the session-based USSD service protocols operating on all mobile telephones on the SS7-based GSM network. A gateway is provided taking over the functioning of an 'Approval Server' between the Internet network and the GSM networks. With this gateway, service requests coming via the Internet network are processed by the interfaces listening to the Internet protocols of the gateway and sent to the GSM networks over USSD (Unstructured Supplementary Service Data). In the proposed method, the user is requested to enter the password or the approval of the menu into the mobile phone, so that with this action there is no need for another interface and as there is only one session open between the user and the bank, nobody else can interfere. Further, in the method proposed, as the approval mechanism is the mobile phone when shopping is realized with a credit card, others will not be able to use the credit card or the information even though they pass into the hands of others.

Description

Mobile Approval System and Method
Technical Field:
The invention relates to a system and method for providing the approval of transactions such as banking, login into sub-networks and filling in of e-questionnaires etc. on secured GSM networks in a session-based structure realized over the Internet or similar networks, which are not secured and which require an approval.
Background Technology
The internet represents an example of an unsecured network where there is little control or governance around the allocation or uses of IP addresses to identify or verify identification of an actual user. Access permission or transaction authorisation over such unsecured networks have therefore heavily relied on password/identification processes to verify an end users identity and to permit such actions or transactions. GSM Networks
In contrast, standards based mobile telecommunication networks and, in particular by way of example, the GSM (Global System for Mobile communications) network, (the technical standards for which are administered by ETSI (European Telecommunications Standards Institute) represents a secure network whereby communication between the network and a mobile device are subject to robust security protocols and each mobile device utilizes identification mechanisms which can be associated with specific users or accounts i.e. the mobile telecommunication network is able to identify the mobile device with which it is communicating and associating such device with a user or account..
However, there is no known system or method, which grants the approval of the transactions realized over unsecured networks in a session-based structure over secured GSM networks. Whilst existing approaches are known which seek to utilise the security associated with a mobile telecoms (eg GSM) network to support and/or facilitate transactions over a non secure network, such known techniques can be distinguished in two main groups, the first relating to the use of approval methods realized directly on GSM networks and approval methods, which are not application customized and session- based. Alternatively, the second group relates to transactions realized over unsecured networks (eg. Internet) whereby authentication can be secured by use of password distribution over the secured (eg GSM) nework - the passwords being sent by SMS.
For the first group, transaction authorisation can be effected and realized directly on GSM networks, examples of which are disclosed in the following patent specifications, US 6,665,529 Bl (Mills, Jr) and US 5,642,401 (Yahagi)
However, the basic differentiation achieved by the subject invention is, that whilst transactions are carried out over unsecured networks, they are authorized over secured over mobile telecommunications (eg. GSM)networks. The invention considers the problems associated with different networks having different network integrity within the system and interacts with session-based clients existing in these different networks and operates with different protocols to carry out and effect authorization over a secured GSM network..
For transactions effected by thesecond group of known techniques, transactions realized over unsecured networks can utilise passwords sent by SMS over a secured GMS (or like) network. However, these are not session-based methods and are provide clumsy solutions only for their related fields. For example, when shopping with credit cards, the target web application my request that the user identity be confirmed via a secure GMS network, preferably by requesting the users mobile details and requesting the users network verifies identification or authorisation by sending an authentication code to the users mobile telephone. However, in order to enter the password sent by SMS, again the screens on the Internet have to be used. Therefore, these systems can only operate on individual web sites of the banks and the transactions are realized over unsecured networks. Further, the application has to know, that the security code of the credit card will be send by SMS and for this purpose, extra applications have to be developed.
In the method of the patent given below, an example has been given related to the use of SMS services over the GSM network while connecting to secured servers. US 6,230,002 Bl Approaches of the prior art of the second group have been shown in Figure 1 in form of a diagram. The steps of this approach are as follows:
1. The client requests a service from the Application Web Site.
2. This request is transmitted to the GSM Network. 3. A password is sent to the mobile phone of the client over the GSM network.
4. The client enters the incoming password to the appropriate screen on the Application Web Site.
5. If the entered password is correct, the client will have received the approval and will continue the transaction.
The basic problem of the prior art to be addressed by the current invention is to effect a simple and efficient approval of transactions or other events over unsecured networks in a secured environment (such as a GSM network), by means of a session-based structure and server oriented and thus to secure the requests of the users. There is no need for an additional application development for the use of all applications existing in the proposed system.
Conversely, a simplified embodiment of an approach of the proposed invention is shown graphically in Figure 2 wherein the detailed steps of the embodiment are shown in more detail in Figure 3.
Summary of the Invention:
It is an object of the present invention to provide an improved method and arrangement for effecting secure transactions over an unsecured network.
According to a first embodiment of the present invention there is provided a method of effecting secure transactions over an unsecured network by requiring an approval step over a second, secure, network wherein approval is effected through a secured standardised mobile telecommunications network in a session based structure. Preferably, the unsecured network is the internet and the secured standardised mobile telecommunications network is a GSM network.
Usually, the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the protocols used in the secured standardised mobile telecommunications network employ session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
Preferably, the method of the invention will utilise a gateway functioning as an approval server between the internet network and GSM network, such gateway processing internet protocol authorisation requests from the internet network to enable such requests to be converted to session-based USSD service protocols to be sent over the GSM network. This is usually effected by an internet application sending an authorisation request relating to a transaction to the approval server over an internet session wherein such request is processed for transmission over the GSM network to a targeted mobile device registered on that GSM network for actioning. The method will further, preferably, comprise the step of facilitating the mobile device with a client configured to recognise such request via a USSD session and to enable the user of such device respond thereto by a second USSD session over the same GSM network, via the approval server, to the internet application.
According to an alternative form of the invention, there is provided a method of effecting secure transactions over an unsecured network by requiring an approval step over a second, secure, network wherein approval is effected through a secured standardised mobile telecommunications network in a session based structure wherein a transaction request is submitted to a network application over the unsecured network and said network application initiates an approval process over the secured standardised mobile telecommunications network in a session based structure. This approval process may first transmit an approval request to the mobile telecommunications network via a gateway between the secure and unsecured network, wherein the mobile telecommunications network then transmits the approval request over a secure network to a designated approver device securely registered to such secure network and the designated approver device is configured to effect an approval response to such request and return such approval response, via the secure network, to the gateway for onward transmission to the network application.
Preferably, the inventive method will further comprise the step of having the gateway convert the approval request from the first, unsecured network protocol, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, and having the gateway convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network.
A preferred embodiment of the invention provides that the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the secured network comprises a GSM network with the protocols used in the GSM network employing session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
Usually, the approval request is initiated by an end user interoperating with the network application and comprises the steps of providing an identifier associated by such end user which is incorporated with the approval request, such identifier being recognisable by the secure network to enable the secure network to deliver such approval request to an approver device associated with the end user. The approver device may be a mobile telephone registered to said user or the users employer. It is important to note that the approver device does not need to be physically associated with the actual user, as it is merely a vehicle to provide approval over a secure and trusted network
According to a further embodiment of the present invention there is provided an approval system for effecting secure transactions over an unsecured network( eg the internet) by requiring an approval step over a second, secure, network wherein approval is effected through a said second secure network in a session based structure, said system comprising an unsecured network having a user facing network interface (an internet web site accessible via the internet) , a secured mobile telecommunication network (eg GSM) having at least one mobile device securely registered thereon and a gateway between said secured and unsecured networks, wherein the gateway is configured to recognise and convert an approval request from the first, unsecured network protocols, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, to the mobile device for requesting approval. Preferably, the gateway is further configured to recognise and convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network to the network interface. As the communication in between is session-based, the subject approval system is superior in terms of its flexible and instant answering features. In some applications, these features are compulsory.
As the approval system in the proposed method is carried out directly and only over the secured GSM network instead over the Internet, the security of the transaction is granted, so that 3rd parties and other users are prevented from intervening the transaction.
GSM networks provide features enabling the direct access of user and to start the transaction by the server. Thus, the server sends the service request for approval only to the related person. Even if 3rd parties obtain this information, they will not be able to initiate the transactions of other users.
Since the device used for entering the information is a telephone, there shall be no need for any additional development in the systems applied (in the sections of application and/or telephone).
Description of the Pictures
Below attached figures show the implementation of the technique developed to reach the purpose of the invention.
Figure 1- Approval method according to the prior art, which is application customized and not session-based: The currently used mobile approval method, which is application customized and not session-based, is explained in a diagram.
Figure 2- The proposed mobile approval method according to the present invention: The proposed session-based mobile approval method is explained in this figure with reference to the following specific description.
Figure 3- The Functioning of the Mobile Approval System and its Method: schematic illustration explaining the steps of approval of the transactions over secured GSM networks in a session-based structure realized over unsecured networks. Explanation of the Invention
The Mobile Approval System and Method is a system and method providing the approval of transactions such as banking, login into sub-networks (e.g. accessing secure files held on a remote database) and e-questionnaire on secured GSM networks in a session-based structure realized over the Internet or similar networks, which are not secured and which require approval for security purposes. The specific embodiment of the invention to be described herein contains a system and a method which provides the connection between unsecured networks (herein the internet) and mobile telecommunication networks (herein, by way of preferred example) GSM networks. This system uses protocols, which the Internet network supports on the unsecured Internet side and the session-based USSD service protocols operating on all mobile telephones on the SS7-based GSM network.
Today, the Internet can offer services with a wide variety of content such as banking transactions and e-shopping to users based on high data carrying capacity. On the other hand, in comparison to the Internet network, GSM networks are superior in terms of security and coverage area and user access. Today, GSM networks cover more than 98% of the living areas.
Another important advantage of GSM network is, that it is much securer than Internet network. In a GSM network, terminal devices (telephones) are securely registered to the mobile network (through conventional registration techniques and security protocols) and a foreign (unauthorised) user cannot enter the system. A full description of the registration of users and individual devices on a mobile network is not provided herein but is introduced as common general knowledge since the security and registration processes of GSM networks can be readily referenced from publicly available resources (GSM Association, ETSI and most reference repositories). However, in summary, conventional use of SIM (subscriber identity modules), IMSI (International Mobile Subscriber Identity and MSISDN (the number uniquely identifying a subscription in a GSM or UMTS mobile network) enables a mobile device to be securely associated with a defined user within a mobile network so that a trusted and secure communication link can be established. The users in the system can be followed as they are known and can be contacted directly. By comparison, in the internet environment, users without a fixed IP address cannot be accessed directly, as the owner of the determined IP address is not known in the Internet network or the owners of applications (websites) accessible over such unsecured network. Unless a user has registered a specific account with an internet application which has been verified by alternative means, the internet site has no means to identify or trust the user requesting a transaction (the term transaction is not limited to a financial transaction, such as payment for goods, but may be a security transaction requesting access to controlled information)
The most important component of the subject invention is the gateway taking over the functioning of an "Approval Server" between the Internet network and the GSM networks. With this gateway, service requests coming over the Internet network are processed by the interfaces listening to the Internet protocols of the gateway and sent to the GSM networks over USSD (Unstructured Supplementary Service Data). USSD is the technology operating in all existing telephones being the unique application, which is session-based in GSM networks. The USSD can set up a session-based communication between the Internet network and the GSM network.
Thus, a secured approval mechanism can be established between the Internet network, which offers variety of services and the secured GSM networks. For instance, when shopping is made over the Internet, a menu can be offered to request the approval for the transaction of the shopping over the mobile phone or to enter the approval password.
Preferably, an internet application will be provided with an authorisation client which is configured, when requested to initiate a secure approval process over a secure GSM network. This may take the form of requesting the user to enter a telephone number associated with an account number for accessing certain restricted information. The authorisation client will then be configured to contact a first server associated with that account number to determine the phone number is recognised as a valid number of that account. If yes, the server will pass a session based request using standard internet protocol to a gateway server which serves to convert the authorisation request to the appropriate USSD service protocols to passed to the GSM network to be processed. The GSM network is able to identify the appropriate device associated with the entered telephone number and transmit the authorisation request to that device. Ideally, the device will have an authorisation client which is configured to recognise the authorisation request and launch an application on the mobile device allowing the device user to accept or reject such request and transmit such response back to the network through a further USSD session. This response is subsequently passed to the gateway where it is again processed to convert to the necessary internet protocols to be communicated back to the internet application. Dependent on the response, the internet application can then approve or reject the requested transaction.
This embodiment is purely by way of example. Many clear variations are possible. For example, the authorisation request may involve the user of a device being prompted to enter a code displayed on the internet application when prompted by his handset requesting authorisation. However, this is not necessary as the authoriser does not need to be the person accessing the specific internet application.
Today, the use of approval transactions of GSM networks are provided with a single use password (OTP- One Time Password), by sending a SMS to users with similar methods. In this method, the user enters the password received with an SMS into the screens, via a separate password screen into the Internet. Whereas this solution results in the fact, that the use is entirely restricted with the own Internet site of the service provider and requires the realization of the verification over the unsecured Internet platform. In the method of the proposed invention, the user is requested to enter his/her password or menu approval into the mobile phone, so that there are no other interfaces needed for the completion of the transaction. As there has been opened a session between the user and the bank, nobody else can interfere.
In the method proposed, the steps related to the functioning of the Mobile Approval System and Method have been shown graphically in Figure 3 and are in the following order:
1. The client requests a service (a request for Electronic Fund Transfer or shopping) from the Application Web Site.
2. This request reaches the Bank's Virtual Server operating under the Bank Web Server.
3. In order to get the approval of the user, the Bank sends this request received to the "Approval Server". Thus, an Internet session is opened between the "Approval Server " and the bank. 4. "The Approval Server" sends the received request to the USSD system of the GSM operator by using the USSD service protocols in order to send it to the user. 5. The alert for approval request is sent to the client over the GSM network by opening an USSD session (Here, the user can be sent an approval alert in form of a menu, which requests the approval or the entering of the approval password).
6. The client processes the incoming request (selects the option over the menu or enters the approval password).
7. The answer of the client reaches the USSD system of the GSM operator via the USSD session.
8. The operator sends this reply to the "Approval Server".
9. The 'Approval Server' returns this reply to the bank via the Internet session opened. 10. The bank returns the reply of the client to the Application Web Site, which has made the request.
11. The Application Web Site in return gives information related to the approval to the client making the request.
Whilst the specific embodiment relates to the internet and a GSM network, the invention is not so limited. The invention could apply to the implementation on any unsecured network or any standards defined (ie. Specified by an Internationally recognised Standards Setting organisation - such as ETSI or 3GPP) secure mobile telecommunication network (eg UMTS Universal Mobile Telecommunications System) and any reference herein to GMS should be construed accordingly.
In the proposed method, the user is requested to enter the password or the approval of the menu into the mobile phone, so that with this action there is no need for another interface and as there is only one session open between the user and the bank, nobody else can interfere. Further, in the method proposed, as the approval mechanism is the mobile phone when shopping is realized with a credit card, others will not be able to use the credit card or the information even though they pass into the hands of others.
Application of the Invention to the Industry
Examples of usage areas;
• Approval of banking transactions (Mobile approval) • Realization of questionnaires (As it is secure and quick)
• Access to secured sites (such as company networks or limited Internet sites)

Claims

Claims
1. A method of effecting secure transactions over an unsecured network by requiring an approval step over a second, secure, network wherein approval is effected through a secured standardised mobile telecommunications network in a session based structure.
2. A method as claimed in claim 1 wherein the unsecured network is the internet and the secured standardised mobile telecommunications network is a GSM network.
3. A method as claimed in claim 1 or claim 2 wherein the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the protocols used in the secured standardised mobile telecommunications network employ session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
4. A method as claimed in claim 3 utilising a gateway functioning as an approval server between the internet network and GSM network, such gateway processing internet protocol authorisation requests from the internet network to enable such requests to be converted to session-based USSD service protocols to be sent over the GSM network
5. A method as claimed in claim 4 wherein an internet application sends an authorisation request relating to a transaction to the approval server over an internet session wherein such request is processed for transmission over the GSM network to a targeted mobile device registered on that GSM network for actioning .
6. A method as claimed in claim 5 further comprising the step of facilitating the mobile device with a client configured to recognise such request via a USSD session and to enable the user of such device respond thereto by a second USSD session over the same GSM network, via the approval server, to the internet application.
7. A method as claimed in claim 1 wherein a transaction request is submitted to a network application over the unsecured network and said network application initiates an approval process over the secured standardised mobile telecommunications network in a session based structure.
8. A method as claimed in claim 7 wherein the approval process first transmits an approval request to the mobile telecommunications network via a gateway between the secure and unsecured network, wherein the mobile telecommunications network then transmits the approval request over a secure network to a designated approver device securely registered to such secure network and the designated approver device is configured to effect an approval response to such request and return such approval response, via the secure network, to the gateway for onward transmission to the network application.
9. A method as claimed in claim 8 further comprising the step of having the gateway convert the approval request from the first, unsecured network protocol, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, and having the gateway convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network.
10. A method as claimed in claim 9 wherein the transaction effected on the unsecured network uses protocols supported by that unsecured network, and the secured network comprises a GSM network with the protocols used in the GSM network employing session-based USSD (Unstructured Supplementary Service Data) service protocols operating on mobile telephones on the SS7-based GSM network.
11. A method as claimed in any one of claims 8 to 10 wherein the approval request is initiated by an end user interoperating with the network application and comprises the steps of providing an identifier associated by such end user which is incorporated with the approval request, such identifier being recognisable by the secure network to enable the secure network to deliver such approval request to an approver device associated with the end user.
12. A method as claimed in claim 11 in which the approver device is a mobile telephone registered to said user.
13. An approval system for effecting secure transactions over an unsecured network by requiring an approval step over a second, secure, network wherein approval is effected through a said second secure network in a session based structure, said system comprising an unsecured network having a user facing network interface, a secured mobile telecommunication network having at least one mobile device securely registered thereon and a gateway between said secured and unsecured networks, wherein the gateway is configured to recognise and convert an approval request from the first, unsecured network protocols, to the second, secured network protocols to enable such approval request to be transmitted over the secure network, to the mobile device for requesting approval.
14. A system as claim in claim 13 wherein the gateway is further configured to recognise and convert the approval response from the second, secured network protocol, to the first, unsecured network protocols to enable such approval response to be transmitted over the unsecured network to the network interface
PCT/GB2009/050029 2008-01-15 2009-01-15 Mobile approval system and method Ceased WO2009090428A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2008/00255A TR200800255A1 (en) 2008-01-15 2008-01-15 Mobile approval system and method.
TR08/00255 2008-01-15

Publications (1)

Publication Number Publication Date
WO2009090428A1 true WO2009090428A1 (en) 2009-07-23

Family

ID=40513668

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2009/050029 Ceased WO2009090428A1 (en) 2008-01-15 2009-01-15 Mobile approval system and method

Country Status (2)

Country Link
TR (1) TR200800255A1 (en)
WO (1) WO2009090428A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009060946A1 (en) * 2009-12-23 2011-06-30 Doering, Wolfram, 13469 Method for electronic communication of banking orders and communication system for carrying out the method
WO2012004640A1 (en) * 2010-07-08 2012-01-12 Entersect Technologies (Pty) Ltd. Transaction authentication
WO2012134330A1 (en) 2011-03-25 2012-10-04 Общество С Ограниченной Ответственностью "Аилайн Кэмьюникейшнс Снг" Method for presenting information when conducting distributed transactions and structure for implementing same

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000003316A1 (en) * 1997-05-28 2000-01-20 Telefonaktiebolaget Lm Ericsson (Publ) A method for securing access to a remote system
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000003316A1 (en) * 1997-05-28 2000-01-20 Telefonaktiebolaget Lm Ericsson (Publ) A method for securing access to a remote system
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Digital cellular telecommunications system (Phase 2); Unstructured Supplementary Service Data (USSD) - Stage 2 (GSM 03.90); ETS 300 549", ETSI STANDARDS, LIS, SOPHIA ANTIPOLIS CEDEX, FRANCE, vol. SMG3, no. Second Edition, 1 June 1996 (1996-06-01), XP014013630, ISSN: 0000-0001 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009060946A1 (en) * 2009-12-23 2011-06-30 Doering, Wolfram, 13469 Method for electronic communication of banking orders and communication system for carrying out the method
WO2012004640A1 (en) * 2010-07-08 2012-01-12 Entersect Technologies (Pty) Ltd. Transaction authentication
WO2012134330A1 (en) 2011-03-25 2012-10-04 Общество С Ограниченной Ответственностью "Аилайн Кэмьюникейшнс Снг" Method for presenting information when conducting distributed transactions and structure for implementing same
CN103688559A (en) * 2011-03-25 2014-03-26 眼界通讯有限责任公司 Method for presenting information when conducting distributed transactions and structure for implementing same
US20140141748A1 (en) * 2011-03-25 2014-05-22 Vitaliy Shamilovich Gumirov Method for presenting information when conducting distributed transactions and structure for implementing same
EP2690897A4 (en) * 2011-03-25 2015-06-03 Ltd Liability Company Eyeline Comm Cis METHOD FOR PRESENTING INFORMATION WHILE REALIZING DISTRIBUTED TRANSACTIONS AND STRUCTURE FOR CARRYING OUT SAID METHOD
US9226154B2 (en) 2011-03-25 2015-12-29 Eyeline Communications Cis, Llc. Method for presenting information when conducting distributed transactions and structure for implementing same

Also Published As

Publication number Publication date
TR200800255A1 (en) 2009-08-21

Similar Documents

Publication Publication Date Title
AU2009323748B2 (en) Secure transaction authentication
US7979054B2 (en) System and method for authenticating remote server access
KR102321781B1 (en) Processing electronic tokens
US7954141B2 (en) Method and system for transparently authenticating a mobile user to access web services
US8650622B2 (en) Methods and arrangements for authorizing and authentication interworking
US20030061503A1 (en) Authentication for remote connections
US20040139204A1 (en) Architecture for providing services in the internet
JP2002505458A (en) Methods, arrangements and devices for authentication
CN101986598B (en) Authentication method, server and system
CN101374050A (en) Device, system and method for realizing identity authentication
US11165768B2 (en) Technique for connecting to a service
CN101567878A (en) Method and device for improving network identity authentication security
US20140330689A1 (en) System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate
WO2012004640A1 (en) Transaction authentication
WO2008008014A9 (en) Method and arrangement for authentication procedures in a communication network
IE20210230A1 (en) Laterpay 5G Secondary Authentication
CN103124252B (en) Client application access authentication treating method and apparatus
PT1386470E (en) Architecture for providing services in the internet
CN102083066B (en) Unified safety authentication method and system
RU2354066C2 (en) Method and system for authentication of data processing system user
WO2009090428A1 (en) Mobile approval system and method
WO2012041781A1 (en) Fraud prevention system and method using unstructured supplementary service data (ussd)
KR20060094453A (en) Authentication method and system for part-time service using EAP
RU92592U1 (en) MOBILE RADIOTELEPHONE USER IDENTIFICATION SYSTEM BASED ON THE SUBSCRIBER NUMBER IN THE MOBILE RADIOTELEPHONE COMMUNICATION NETWORK
Kehr et al. Mobile security for Internet applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09702692

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09702692

Country of ref document: EP

Kind code of ref document: A1