[go: up one dir, main page]

HK1262135A1 - System of ascertainment - Google Patents

System of ascertainment Download PDF

Info

Publication number
HK1262135A1
HK1262135A1 HK19122042.5A HK19122042A HK1262135A1 HK 1262135 A1 HK1262135 A1 HK 1262135A1 HK 19122042 A HK19122042 A HK 19122042A HK 1262135 A1 HK1262135 A1 HK 1262135A1
Authority
HK
Hong Kong
Prior art keywords
mobile device
account
network
receiving
user mobile
Prior art date
Application number
HK19122042.5A
Other languages
Chinese (zh)
Inventor
陈杰臻
Original Assignee
March Projection Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by March Projection Ltd. filed Critical March Projection Ltd.
Publication of HK1262135A1 publication Critical patent/HK1262135A1/en

Links

Description

Probing system
Technical Field
The field of the invention relates generally to preventing fraudulent use of a user account in operation by verifying the identity of the user and probing for user dependencies based on data of the user's communication device.
Background
In addition to the control of smart devices, the world wide web paves the way for ubiquitous online activities; in order to maintain the relevant operations, the prior art requires user identity, which includes data encryption in transmission, password entry, biometric scanning, and the like. Contactless smart cards with standardized protocols (e.g., ISO 14443/NFC) in data transfer mechanisms are ubiquitous, but user account information can still be stolen and cloned in illegal abuse.
Disclosure of Invention
In one basic aspect of the disclosed subject matter, the principles of operation require correlation of user and communication device in terms of relevance and proximity. The probe includes a tracking system ("tracking system") for locating and recording time information relating to tracking the location, surroundings ("proximity data") of a communication device carried by the user, the communication device having a unique identifier other than an IP address, and the communication device having wireless telematics communication capabilities ("user mobile device") or no wireless telematics communication capabilities ("computing device"). The communication device sends real-time proximity data to the tracking system over a network that includes a combination of landline (landline) and wireless communication infrastructure. The probe probes the communication devices as "venue-related" with at least one access point ("AP") of the environment disposed at a geographic location identified as a regular user visit location from the user location record, and the devices are correlated with each other as "peer-to-peer related" devices.
Technical problem
Fraudulent use of user account information in credit cards, payment cards in POS transactions, ATM withdrawals, online purchases is common, and the only solution is limited to code correlation.
Means for solving the problems
In accordance with one broad aspect of the disclosed subject matter, the probe performs a user authentication process based on concurrent and tracked communication device proximity data and "mobility data" related to a geographic location or surrounding short-range wireless access points for linking, the mobility data comprising: a web browsing history with a unique identifier of the device, an IP address, and a communicatively linked wireless AP ("venue AP") IP address, a record of the code, and so forth.
In one aspect of the disclosed subject matter, a communication device opens a series of web pages in a browsing path in an online operation that requires a user to send account information to a host (host); the communication device is embedded with a client application that is capable of recording, retrieving, importing (from another installed web browser) and exporting mobility data to the probe in an online user authentication process for proving a correlation between online operations and existing communication devices. The probe generates a status indicator (discussed further below) to demonstrate the results of the online user authentication process. The "Web browsing history" related to the online operation, which is explored in the online user authentication process, includes at least one of the following Web browsing activities recorded for a certain period of time from the operation time ("authentication time") of transmitting the user account information or a time within a first threshold: a browser web page for performing online operations, an activated icon/link, a first identifier of a communication device embedded in the client application that derives user account information, and so forth.
In accordance with another aspect of the disclosed subject matter, user account information is obtained by an access device operated by a principal; however, the user authentication request message is received by the probe, which performs the user authentication process, at which time the proximity between the host and the user's mobile device must be within a pre-configured proximity threshold that is considered valid, thus enabling access device operation.
Drawings
FIG. 1 illustrates an embodiment of a system having a probe.
Fig. 2A is a schematic diagram of a communication device including a controller with an embedded client application.
Fig. 2B is a schematic diagram of the controller as a user mobile device.
Fig. 2C is a schematic diagram of a controller as a computing device.
Fig. 3 is a schematic diagram of a communication system operating through short-range wireless pairing with an access point.
Fig. 4A depicts a database 400 that includes data demonstrating whether a user mobile device is identified as a venue associated with an environment.
Fig. 4B depicts a database 410 comprising a client device IP database 10.1.
Fig. 4C depicts the master of the location database 10.2 in proximity to the data storage structure 420.
Fig. 5A depicts a venue AP list 500 including access points that may be used to provide short-range wireless pairing.
FIG. 5B depicts an exemplary diagram of web browsing history data stored in web browsing history 510.
Fig. 5C depicts a database that includes user blockchain paths 520 recorded by the tracking system with respect to time.
Fig. 6A is a schematic diagram of a communication system.
FIG. 6B depicts a website 650 related to an online store.
FIG. 6C depicts a communication group 680 for online transfers.
Fig. 7 is a flowchart of an online user authentication process.
Fig. 8 is a flowchart of the user authentication process.
Detailed Description
The present invention provides methods and apparatus for exploring an online user authentication process based on web browsing activity recorded with respect to time, and exploring a user authentication process based on proximity between a user communication device and an access device.
The following discussion refers to various embodiments, which should not be construed as limiting the disclosure to only the specifically described embodiments. Rather, it is contemplated that any combination of the following features and elements, whether related to different embodiments or not, may be implemented and practiced with the present disclosure. Although embodiments may achieve advantages over other possible solutions, the prior art, whether or not a particular advantage is achieved by a given embodiment, is not limiting of the disclosure. Likewise, reference to "the present disclosure" should not be construed as a generalization of any subject matter disclosed herein and should not be considered to be an element or limitation of the appended claims except where explicitly recited in a claim(s).
As will be appreciated, aspects of the present disclosure may be embodied as a processor-mounted system, method, or computer program product; accordingly, an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining hardware and software aspects that may generally be referred to herein as a "module," "device," or "system" is employed. Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more non-transitory computer-readable media having computer-readable program code encoded thereon.
Any combination of one or more non-transitory computer-readable media may be utilized, including a computer-readable signal medium or a computer-readable storage medium that may store data that is readable by a computer system. The computer readable storage medium or memory may be, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, an erasable programmable read-only memory (EPROM or "flash memory"), an optical storage device, a Random Access Memory (RAM), a read-only memory (ROM), a portable compact disc read-only memory (CD-ROM), a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Aspects of the present disclosure are described below with reference to flowchart illustrations and block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. Each block of the flowchart, block diagrams; and combinations of blocks in the flowchart illustrations, block diagrams, can be implemented by computer program instructions, which can be stored in a computer-readable medium, provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means or function in a particular manner to implement the functions/acts specified in the flowchart illustrations; each of which can be executed as computer recordable codes on a computer readable recording medium.
The present invention also relates to a system for performing various steps and operations through data transmission and processing at various nodes. The system and node may be a specially constructed device, such as an electronic device, or it may comprise one or more general purpose computers, such as a networked plurality of computers or application servers, which may follow software instructions to perform the steps described herein. There is no limitation as to the operation of a particular type of system or device. The software instructions may be stored in any computer-readable storage medium, such as a magnetic or optical disk, card, memory, or the like. No specific programming language is required; rather, the present invention can be implemented using any type of programming language, and computer program code for carrying out operations for aspects of the present disclosure can be written in any combination of one or more programming languages.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices provide processes for implementing the functions/acts specified in the flowchart, block or blocks.
Fig. 1 is a schematic block diagram illustrating an exemplary system 100, the system 100 not being limited to any system that needs to perform user authentication processing. Issuing an account (e.g., a member account issued by the server 103 as a member club or a payment network-related credit card issued by the issuer 104 as a bank) to a user (not shown) related to the mobile device 183 ("user mobile device 183 account") for a host-party 105 related operation that needs to perform a user authentication process; in one embodiment, the probe 108 receives a user authentication request message 110 generated and sent by any one of the facilitator 103, the issuer 104, the principal 105, the access device 185, or a user mobile device 183 account-related payment network (not shown) that includes selected information without a full account number ("secure account information"), and the probe 108 performs a user authentication process to probe that the principal 105-related operation is authorized by the user mobile device 183 account.
[ Table: 1 secure Account information
Complete account number Complete account name Secure account information
3002 1212 2020 2998 Adam Kevin Smith AKSmith30021212
According to some embodiments, the user authentication request message 110 may be an electronic message associated with the user mobile device 183, including some of the following: user mobile device 183 identifier (e.g., including a unique identifier, a telephone number, an existing client application 250 first identifier (fig. 2A)), identification information of the user mobile device 183 account, authentication time, location address, geo-location data, master 105 description information (including master identification number (HID) of master 105 for user authentication processing, terminal identification number (TID) of access device 185 activating operation, information of the master 105 account ("master 105 account") issued by facilitator 103), and any other information that may be used to determine whether to authorize an operation.
Proximity data (relating to multiple locations of the host 105, user mobile device 183, and computing device 189 operating the access device 185) includes longitude and latitude coordinates, or a recognizable location by such things as a city, zip code, street address, flat cell within a building, place name, or any other information suitable for identifying a particular location. In another aspect, the proximity data includes a venue AP list 500 (shown in fig. 5A) of APs 107 linked by the network 109 that can be used to communicatively link with the user mobile device 183 or the computing device 189 through short-range wireless pairing at the current location. In another aspect, the proximity data is a proximity log, which will be discussed further below.
AP107 (equipped in access device 185, or located in a venue, as examples) (e.g., beacon, gateway, WiFi router) may include a reader with a unique identifier and the ability to: provide short-range wireless pairing with the user mobile device 183 or computing device 189 and transmit information to the network 109. In an AP-based indoor positioning system, the tracking system 130 obtains the user location and the expected duration by assigning the geographic location of an existing AP107 identifier or signature stored by the memory 135.
The probe 108 includes an approval processor 121 (a processor-mounted network-linked application server or control system, as an example), a data storage medium 122, and a tracking system 130. The approval processor 121, including one or more modules (not shown), a processor-mounted server, utilizes a combination of hardware or software components to record, change, update, transmit, receive, or erase data and information stored in an operatively coupled (couple) data storage medium 122. One or more modules may be programmed or set to maintain and update the client device IP database 10.1 and the location database 10.2 stored by the data storage medium 122.
Although fig. 1 illustrates the data storage medium 122 as a single entity, the invention is not so limited. For example, some data regarding the client device IP database 10.1 may be stored in memory of the user mobile device 183 (as discussed further below).
In one embodiment of the invention, the network 109 linked tracking system 130 includes an application server 134 (comprising a plurality of computer or processor mounted application servers) and a memory 135. The tracking system 130 operates in conjunction with a plurality of user mobile devices 183 and computing devices 189, an AP107 linked to the network 109, an access device 185 that handles mobile device 183 account related operations, and a geolocation system 133 to track and record the geolocation of the user mobile devices 183 with respect to time.
The geolocation system 133 is a ground or satellite based Global Navigation Satellite System (GNSS) including the beidou navigation system, Differential GPS (DGPS), Eurofix (RTM) DGPS, Global Positioning System (GPS). In other trilateration-based positioning systems, the geographic location system 133 includes a system that provides a reference point or cellular communication tower that transmits RF signals that are received by the user mobile devices 183.
Application server 134 may be any processor-installed and software-embedded device capable of facilitating two-way data communication with a plurality of user mobile devices 183 and computing devices 189 (and access devices 185, in another embodiment) over network 109; application server 134 is configured to receive via network 109 and record in memory 135 of probe 108 information including identifier-related proximity data from host 105, user mobile device 183, access device 185, and computing device 189, as well as user mobile device 183 or computing device 189 mobility data. In another embodiment, the application server 134 passes the matchingThe pairing includes short-range wireless "pairing" and "unpairing" (using, as an example, Bluetooth @)TMWiFi) to match the AP107 (with the geographic location associated with the AP107 identifier stored by the location database 10.2) transmitted by the communicatively paired user mobile device 183 or computing device 189 to determine the geographic location of the user mobile device 183 or computing device 189. In one embodiment, the client application 250 (shown in FIG. 2A) embedded by the user's mobile device 183 shares existing proximity data with a software program running in the application server 134, which the application server 134 records and interprets (as described in more detail below).
A library of predefined geofence boundaries, constant or variable frequency polling intervals to direct data records between the application server 134 and the user mobile device 183 or computing device 189, quantitative calculations performed by the application server 134, and other information, e.g., personal data, that is the user of the user mobile device 183 or computing device 189, are stored in the memory 135 and retrieved by the application server 134.
Data storage medium 122, working with or within communicatively coupled approval processor 121, may be any device, including magnetic, optical, or solid state memory; the information stored therein may be changed by the approval processor 121 or the application server 134. The data storage medium 122 stores instructions and code that, when executed by one or more processors of the approval processor 121, cause the one or more processors to perform the methods discussed in connection with fig. 3-8.
Network 109 may include the internet in addition to Local Area Networks (LANs), Wide Area Networks (WANs), direct links (e.g., through a Universal Serial Bus (USB) port), other forms of computer-readable media, or any combination thereof. On a set of interlinked LANs, including LANs based on different architectures and protocols, a router acts as a link between LANs, enabling messages to be sent from one to another: communication links within LANs typically include twisted wire pair or coaxial cable; the communication links between the networks may utilize analog telephone lines, all or portions of dedicated digital lines including T1, T2, T3, and T4, Integrated Services Digital Networks (ISDN), Digital Subscriber Lines (DSL), wireless links including satellite links, or other communication links known to those skilled in the art. The network 109 can take any form of computer-readable medium for communicating information from one electronic device to another, configured to couple various user mobile devices 183 and computing devices 189 to one another via wireless links. Essentially, network 109 includes any communication method by which information may be transferred from one device to another, and network 109 transfers information to one or more other networks; remote computers and other related electronic devices can be remotely linked to either LANs or WANs via a modem and temporary telephone link.
In an indoor tracking environment, the network 109 wireless and landline communication infrastructure typically includes a combination of ethernet and WLAN. The user mobile device 183 and the computing device 189, having short-range wireless communication components and functionality, are continuously tracked through an AP107 node-based mesh network (not shown) that includes a plurality of short-range wireless APs 107 that send signals to the user mobile device 183 or the computing device 189 and transmit return signals to the application server 134. However, in an outdoor environment, the network 109 includes a combination of wireless and landline communication infrastructures, such as a cellular telecommunications system and the internet.
The user mobile device 183 is in a wireless communication system with a Radio Frequency (RF) based system (802.11 based Bluetooth)TMProcessor and memory equipped devices for use in a digital cellular system for NFC, WiMAX, Zigbee, WiFi), short-range wireless, wireless telematics communication functions ("telematics functions") capable of sending, requesting, and receiving data over network 109, and user mobile device 183 may be a Personal Digital Assistant (PDA), a cellular mobile phone, or a smart phone, for exampleApparatus orOperating with a subscriber-based wireless data communication network (e.g., a 3G network or a 4G network, Code Division Multiple Access (CDMA), EvDO, EDGE network, enhanced dedicated mobile radio (ESMR), Personal Communication System (PCS), or any combination thereof); which displays a graphical user interface and is capable of activating a client application 250 having a function as a web browser, by which client application 250 a user can implement a theme for performing user authentication processing-related operations.
The user mobile device 183 is also configured to obtain and record current proximity data by receiving and processing signals transmitted by the geolocation system 133 using embedded hardware or software components or a combination of both; some exemplary technologies may include GPS, and the like. In another embodiment, the user mobile device 183 determines its geographic location by participating in the trilateration process and sends an encoded wireless message (including the unique identifier and current geographic location, or a geofence center projected ahead of time from a location (as discussed further below)) to the application server 134 at a constant or variable specific temporal frequency according to a periodic or intermittent polling interval pre-configured in the operational settings; optionally, the user mobile device 183 transmits the encoded wireless message, either individually or at defined polling intervals, in accordance with a received separate or periodic probe request sent by the application server 134.
Computing device 189 is a Bluetooth (R) with short-range wireless, Radio Frequency (RF) based systemTMNFC, WiMAX, Zigbee, WiFi or 802.11 based wireless communication) without telematics functionality, such asIn general, the user mobile devices 183 and computing devices 189 are configured to generate and record pairing records with the AP107 with respect to time, and configured with operating parameters to generate and transmit to the tracking system 130 at any given time, including concurrent proximity dataOr an encoded wireless message of a unique identifier of AP107 (at a certain time frequency, constant or variable, according to a preconfigured polling interval or upon detection of a pairing). The application server 134 may also be configured to generate and record a pairing record in the memory 135.
The user mobile device 183 and the computing device 189 may be configured to communicate messages via a protocol and are not limited to: email, Jabber, Internet Relay Chat (IRC), Instant Messaging (IM), Multimedia Messaging Service (MMS), Short Message Service (SMS), among each other, another device, etc. The user mobile device 183 and computing device 189 may also be configured to include software applications for receiving, sending messages as described above, receiving text messages and displaying information contained in the messages, or the client application 250 configured to provide information identifying itself, including capabilities, identifiers, IP addresses, names, types, linked AP107 IP addresses, and the like.
Consider now a communication device 230 as depicted in fig. 2A in conjunction with fig. 1, 2A, and 2C. The communication device 230 in which the client application 250 is embedded includes:
a controller 240 having a telematics function as the user mobile device 183; or
A controller 240.8 without telematics functionality as the computing device 183.
In one embodiment, the client application 250 includes, for example, a number of functional features, a web browser, text and voice communication channels, and is capable of exporting the obtained and stored mobility data (including web browsing history related to web pages browsed using the client application 250 or other installed web browsers) and proximity data to the probe 108. The client application 250 is also configured to extract information imported by the importer 253 for storage in the memory of the communication device 230.
As used herein, client application 250 includes program modules, applications, programs, mobile applications, software, firmware, operating system code, methods, routines, etc., and may also include a client portion of a program application that works in connection with communication device 230 and application server 134, and is not limited to a stand-alone application running autonomously as a client on communication device 230, but rather refers to an application on communication device 230 that communicates with a corresponding server application hosted by application server 134.
The client application 250 interacts with the probe 108 to provide application services, access web browsing history of other web browsers embedded in the communication device 230, access web content, and the like, according to some variations of the client-server relationship. In various embodiments, the probe 108 registers and invokes the communication device 230 through communication with the embedded client application 250.
The client application 250 may communicate with the probe 108 to manage enrollment of the new client application 250 and can determine that the record corresponds to the application characteristics of the communication device 230. In operation, for example, when the probe 108 detects the installation of a new client application 250 in the communication device 230, the probe 108 invokes the installed client application 250 to determine its characteristics. These features, such as proximity data relating to the communication device 230 (as discussed further below), a user password and a first identifier of the client application 250, are stored in the memory 242 of the controller 240 or the memory 242.8 of the controller 240.8 until they can be provided to the probe 108.
If a full configuration is specified, the first client application 250 is installed and configured on the communication device 230. For example, a web browser as the client application 250 may be installed in the communication device 230 and configured with a profile according to account information of the user or the user's mobile device 183. Conversely, if the basic configuration is specified, the client application 250 determines whether a supported client application 250 is already installed in the communication device 230. If the supported client application 250 is installed, the communication device 230 embedded in the client application 250 automatically configures the supported client application 250. For example, the client application 250 may specify a plurality of supported client applications 250, such as other applications installed during full configuration, a web browser, or the same client application 250.
If the supported client application 250 is not installed, the communication device 230 embedded in the client application 250 performs an auxiliary configuration process. In some implementations, the auxiliary configuration process provides user instructions to configure the plurality of second client applications 250. For example, the auxiliary configuration process may provide user instructions for configuring a POP3 mail account or configuring one of a plurality of freely available web browsers. In some implementations, the auxiliary configuration process may be an installation of the client application 250 installed in a complete configuration. For example, an installation may be approved by the probe 108 because such an installation may incur a license fee for each seat.
If unauthenticated response data is received at the communication device 230, the communication device 230 excludes the configuration of the client application 250; for example, a notification is displayed indicating that the user's identification data is not authenticated, or that the user is authenticated but not authorized to install client application 250 or is configured with a pre-existing client application 250.
The components contained in client application 250 include:
1. history recorder 251 — configured to record a web browsing history with respect to time in the communication device 230 memory (controller 240 memory 242 or controller 240.8 memory 242.8) for each of a series of web pages browsed by other web browsers that are web browser client applications 250 and embedded in the communication device 230;
2. client manager 252 — configured to export the stored web browsing history and information stored in the communication device 230 memory to another communicatively linked device via exporter 254, and to import information including the probe 108 sent message via importer 253;
3. importer 253-for importing, with respect to time, a web browsing history for each of a series of web pages browsed by web browsers embedded by other communication devices 230; and messages sent by the probe 108 or another communicatively linked communication device 230;
4. exporter 254-for exporting data and information to the probe 108, which includes information about the communication device 230 and the client application 250, the web browsing history of the client application 250 as a web browser, and other web browsers embedded by the communication device 230.
In an alternative embodiment, client application 250 is a web-based service; once activated, the web page provides those functions of client application 250 (as described above). In general, the client application 250 may be any software, program, application, embedded in any processor-installed communication device 230 having a graphical user interface, or a web-based URL (as discussed further below) that performs the above-described functions when accessed by the communication device 230 (e.g., the user mobile device 183 or the computing device 189) via the internet.
Referring to fig. 2B, controller 240 (short range wireless link capable with telematics functionality) includes processor 241, memory 242, network interface 243, display and input/output ("I/O") 244, geolocation processor 241, and wireless data network device 246. The processor 241 is communicatively coupled to a computer-readable storage medium memory 242. Memory 242 may have stored thereon one or more programs of executable instructions that, when executed by processor 241, perform at least some of the operations of controller 240, historian 251, and client manager 252. Network interface 243 may include its own memory to store its identifier, and utilize techniques such as Ultra Wideband (UWB), BluetoothTMIEEE802.15 or IEEE802.11, to exchange transceivers for network communications. Geographic receiver 245 receives the geographic position system 133 (fig. 1) signals processed by processor 241 to obtain geographic position data 336 (fig. 3). Wireless data network device 246 (sometimes referred to as a transceiver, transceiving device, or Network Interface Card (NIC)) includes circuitry for coupling communication device 230 to one or more networks and is configured for interfacing withOne or more communication protocols are used with techniques including, but not limited to, CDMA, General Packet Radio Service (GPRS), Global System for Mobile communications (GSM), Time Division Multiple Access (TDMA), Transmission control protocol/Internet protocol (TCP/IP), User Datagram Protocol (UDP), SIP/RTP, SMS, Ultra Wide Band (UWB), WAP, IEEE802.16 worldwide interoperability for microwave Access (WiMax), or any of a variety of other wireless communication protocols.
In fig. 2C, a controller 240.8 with short range wireless link capability but no telematics functionality includes components similar to the controller 240 in fig. 2B, including: processor 241.8, memory 242.8, network interface 243.8, display and I/O244.8.
Fig. 3 depicts the communication system operating in conjunction with the environment 300 of fig. 1-2C, according to an example embodiment. The AP107 with the identifier 31200:14:78: EE:19: F8 communicatively linked to the network 109 relays the different networks and sets the route as a router (e.g., compliant with the wireless protocol IEEE 802.11) to provide communication within at least one subnet between one or more user mobile devices 183 and the computing device 189 over the short-range wireless link 319, and in one example, accesses the network 109 (e.g., the internet) via a data switch such as a DSL modem by using the IP address 311 in the assignment: WAN IP 160.13.19.17 for network 109, LAN IP192.160.0.1 for link 319, and device IP address 313 (192.168.0.103, 192.168.0.109, respectively) linked with user mobile device 183 and computing device 189. The AP107 can uniquely identify itself by any one of an identifier including a code, a device identifier, a MAC address, or a password.
The short-range wireless link 319 is a wireless communication channel between the user mobile device 183 and the computing device 189 via the AP107 to link to the network 109 and any communication device on which the processor is installed, receives, stores, and transmits information using any of the various application layer protocols of the OSI layered protocols including, but not limited to, HTTP, SMTP, RTP/SIP, FTP, etc., and using various transport layer protocols of the OSI layered protocols including, for example, but not limited to, Stream Control Transmission Protocol (SCTP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), etc. For example, link 319 may comprise a radio link implemented using a protocol such as IEEE 802.11.
User mobile device 183, having identifiers 33200: 0F:66:0C:64:40, obtains subnet IP address 331192.168.0.103 assigned by AP107 and is communicatively linked to network 109 via link 319; the user mobile device 183 proximity data includes: subnet IP address 331, AP IP address 333(IP address 311), AP identifier 334 (identifier 312), communicatively linked AP link device IP address and identifiers 335192.168.0.109 and bc50b27a, and geolocation data 336; however, proximity log 337 is "proximity," which indicates that user mobile device 183 is communicatively paired with AP 107.
The computing device 189 having the identifier 392bc50b27a obtains the subnet IP address 391192.168.0.109 assigned by the AP107 and is communicatively linked with the network 109 via the link 319; the computing device 189 approaches the data including: subnet IP address 391, AP IP address 393(IP address 311), AP identifier 394 (identifier 312), communicatively linked AP link device IP address and identifier 395192.168.00.103 and 00:0F:66:0C:64: 40; however, the proximity log 396 is "proximity," which indicates that the computing device 189 is communicatively paired with the AP 107.
The unique identifier discriminates the devices, including the AP107, the user mobile device 183, and the computing device 189, by way of the embedded client application 250, a user password, a user characteristic, a MAC address, or any number including numbers and letters combining one or more of the foregoing identifiers. The user mobile device 183 may include additional information in the unique identifier including a phone number, Mobile Identification Number (MIN), and other mobile device identifiers. The unique identifier may be included in the message and sent by the user mobile device 183, computing device 189 to the probe 108, other communication device 230, etc.
Fig. 4A, in conjunction with fig. 1, 2B, 3, depicts the probe 108 registering an authorized user of the account (e.g., a member account issued by the facilitator 103 as a member club, or a payment network-related credit card issued by the issuer 104 as a bank) with the user mobile device 183 (including the controller 240), with the user mobile device 183 account number or secure account information (table 1). Based on the locale relationship center database 400 stored by the data storage medium 122 recorded in the memory 108, and the computing device 189 (including the controller 240.8, without telematics functionality) as being peer-to-peer associated with the user mobile device 183, the probe 108 identifies the user mobile device 183 as being locale associated with the environment 300 in the exemplary embodiment, which includes:
near time span 401: starting at 2015-12-1 and ending at 2015-12-14;
pairing span 402: identifier 33200: 0F:66:0C:64:40 the relevant user mobile device 183 is periodically paired with an AP107 located in association with the environment 300 premises, identifier 00:14:78: EE:19: F8, exceeding a second threshold (e.g., 10 pairing counts and 50 hours pairing during two weeks) -probe 108 obtains pairing span 402 data transmitted by AP107 or user mobile device 183; the identifier 392bc50b27a associated computing device 189 is periodically paired with the AP107 located in association with the environment 300 site, identifier 31200:14:78: EE:19: F8, exceeding a second threshold — the probe 108 obtains the paired span 402 data transmitted by the AP107 or computing device 189;
position 403: coordinates in the geographic location data 336 sent by the user mobile device 183-due to the difference in distance from the address or venue (not shown) of the user mobile device 183 recorded by the probe 108 being within a proximity threshold;
state 404: "relevant" indicates that the probe 108 confirms that the user mobile device 183 is relevant as the environment 300 locale and allows for user authentication processing based on the user mobile device 183 account information;
peer state 405: "relevant" indicates that the probe 108 confirmed the computing device 189 as being peer-to-peer with the user mobile device 183, context 300, and allowed to perform a user authentication process based on the user mobile device 183 account information.
Fig. 4B, in conjunction with fig. 1, 2C-4A, depicts an exemplary embodiment of probe 108 that confirms peer-to-peer association of devices as user mobile devices 183 in a peer-to-peer relationship center client device IP database 10.1 stored in data storage media 122 database 410, client device IP database 10.1 comprising:
master identifier 411.1: site-related device identifiers confirmed by probe 108-e.g., identifiers 33200: 0F:66:0C:64:40 of mobile devices 183 of site-related users of environment 300; the venue-related user mobile device 183 may have a plurality of master device identifiers 411.1. n;
auxiliary device identifier 411.2: primary device peer-related device identifier confirmed by probe 108-e.g., identifier 392bc50b27a of computing device 189 peer-related to user mobile device 183 associated with the environment 300 venue; the computing device 189 may have multiple secondary device identifiers
State 412.1: "related" indicates that the primary device identifier 411.1 related device is confirmed by the probe 108 as related to the environmental venue;
state 412.2: "related" indicates that the secondary device identifier 411.2 is associated with a device that the probe 108 confirms as being associated with an environmental venue;
AP identifier 413: environment venue-related AP identifiers confirmed by the probe 108-e.g., identifiers 33400: 14:78: EE:19: F8 of the venue-related environment 300 in which the AP107 is located;
position 414: an environment associated with the primary device identifier 411.1-related device and secondary device identifier 411.2-related device location-e.g., environment 300 with coordinates 44.09,0.02 at a geographic location;
peer state 415: "related" indicates that secondary device identifier 411.2 is a related device that the probe 108 confirms is peer-to-peer related to primary device identifier 411.1 and is allowed to operate with the related account of the primary device identifier 411.1 related device;
IP address 416: a device IP address associated with a valid secondary device identifier 411.2 (e.g., 192.168.0.109 of computing device 189).
Fig. 4C, in conjunction with fig. 1, 2A, 3, 5A, depicts an exemplary embodiment of a master proximity data storage structure 420 of a location database 10.2 stored by a data storage medium 122 recorded by a probe 108, comprising:
1. valid proximity data of the tracked user mobile device 183;
2. valid proximity data and latest description information for multiple masters 105 having different physical locations.
The location database 10.2 may be configured to store some or all of the proximity data associated with the various masters 105, the data identifying existing user authentication process-related access devices 185 operated by the masters 105, including:
location name 421: consisting of a name or other identifier (e.g., Y6NN22C) of the location of the master 105 operating the access device 185;
geographic location 422 (e.g., GPS coordinates 48,0.2), or any other information suitable for identifying the location of the host 105 operating the access device 185, including address, city, state, ZIP code (e.g., ZIP)TMCode), country;
HID 423: a principal identifier (e.g., 0121), or a principal category code ("HCC"), for the principal 105 associated with the access device 185;
TID 424: a unique identifier associated with the access device 185 assigned by the respective manufacturer or any other party (e.g., 0025);
location access device characteristics 425: the protocol, technology, manufacturer's characteristics or description of the access device 185 located at the host 105;
location-based verification status 426: indicating whether user authentication processing can be performed according to the host 105 location;
organization identifier 427: a unique identifier (e.g., 460999) of the issuer 104, or the facilitator 103 associated with the principal 105 operating the access device 185;
location description 428: a text string description including a location associated with the access device 185 (e.g., hong kong son center, jacquen, canada);
other location characteristics 429: including, for example, any information associated with a location not previously mentioned, a network identifier 501 "NET _ GEAR80 EE" indicating an available field AP107 providing a network link including the internet through short-range wireless pairing.
In some cases, the consumer may query the location database 10.2 directly by entering information (e.g., location name, longitude and latitude coordinates, zip code or address) (e.g., entering data into a web browser or client application 250), or the data may be automatically generated by an integrated location detector (e.g., a GPS program on a mobile device or by using an IP address). The current location of the consumer may then be compared with the location data stored by the location database 10.2 and the consumer is enabled to identify that the location based user authentication process is able to access the device 185 and the corresponding host 105.
In some embodiments, to enable a customer having a user mobile device 183 and a computing device 189 to find a nearby location of an access device 185 associated with providing user authentication processing, systems and methods may be provided to enable, for example, a server 103, an issuer 104, a host 105 to use a general purpose locator that can upload location or any other desired mobility or proximity data into a location database 10.2, including but not limited to:
server 103 associated master 105: restaurants, stores and shops;
issuer 104 associated principal 105: ATM (automated teller machine) locations, banking locations, prepaid payment device purchase locations, houses, apartments and commercial buildings, hotels and lodging facilities, and automobiles.
Fig. 5A depicts, in conjunction with fig. 3, a venue AP list 500, which includes a network identifier 501 "NET _ GEAR80EE," and a network identifier 502 "NET _ GEAR90EE," associated with an AP107 installed in the environment 300, that may be used to provide pairing for one or more user mobile devices 183 or computing devices 189 to access the network 109 via a short-range wireless link 319.
Referring to fig. 5B, in conjunction with fig. 2A-2C, a web browsing history 510 of a browsed web page formulated by the user mobile device 183 is stored in a memory of the communication device 230-the memory 242 of the controller 240 or the memory 242.8 of the controller 240.8; each element of web browsing history 510 may be a data structure having separate fields 511-516 that include:
-thumbnails 511 of the browsed web pages;
a group 512 associated with a web page;
-universal resource indicator ("URI") 513 of the browsed web page;
the date and time the web browsing occurred 514;
-browsing or accessing a previous web page 515 via the web browser immediately preceding the web page corresponding to the web browsing history 510;
-browsing or accessing a subsequent web page 516 immediately following the web page corresponding to the web browsing history 510 by means of the web browser;
where web browsing history 510 corresponds to a recently browsed web page, the latter web page 516 may be empty.
A "uniform resource indicator" (URI) is a generic name of a "uniform resource locator" (URL) or a "uniform resource name" (URN). In further furtherance, the previous web page 515 and next web page 516 fields may be pointers to other web page browsing history 510 elements corresponding to the previous web page 515 and next web page 516.
Referring to FIG. 5C in conjunction with FIGS. 1-2C, the mobile device 183 is configured to obtain the geo-location data location d1-d5 based on the location signal received from the geo-location system 133; the tracking system 130 receives proximity data transmitted by the user mobile device 183 (including the controller 240), locations d1-d5 and venue AP lists I1-I5 recorded at instant times t1-t5, due to the time-based user block chain path 520, including:
[ Table 2: proximity data relating to the user's mobile device 183
Instantaneous time tn Position dn(GPS coordinates) Venue AP List In
t1At 9:00.00 d1 45,0 I1
t2At 10:00.00 d2 44.08,0.02 I2
t3At 11:00.00 d3 44.06,0.03 I3
t4At 12:00.00 d4 44.04,0.07 I4
t5At 13:00.00 d5 44.02,0.08 I5
On the other hand, the user blockchain path 520 of the computing device 189 (including the controller 240.8) includes information about the instant time tnRecorded including InBut does not include location dn
Proximity data (by user mobile device 183 at instant time t) associated with user blockchain path 520nPosition d of recordingnVenue AP List In) Stored in memory 242 of controller 240 (operating as data storage medium 122) and sent to probe 108 according to preconfigured operating parameters or as response information to probe 108 prompt requests. The probe 108 stores the user blockchain path 520 in the memory 135 of the tracking system 130 or in a data storage medium 122, the data storage medium 122 being a memory entity other than the memory 242 of the user mobile device 183 controller 240.
In an exemplary user authentication process, master 105 associated user authentication request message 110 includes an authentication time tv"11: 30 a.m" and by extrapolating the position d from the mean traversal velocity v3(recently acquired user Mobile 183 associated user blockchain path 520), the probe 108 receives the concurrent location dvWhich explores a verified velocity v with a proximity thresholdvThe method comprises the following steps:
at an advance time period Δ t1(including t)3And tvTime difference therebetween) to the formula [1 ]]Substituting the slave position d3To position dvChange of (d) positionvWithin the proximity threshold: probe 108 ascertains location dvCorresponding to the user block chain path 520 at an advanced time period Δ t1From position d3To verification time tvRelative position dvThe position change of (2): the probe 108 considers the authentication request message 110 to be "valid" with respect to the user authentication process (as discussed further below).
Fig. 6A shows the arrangement 600 in conjunction with fig. 1, 2A, 3 and 4B: the probe 108 is configured to identify and record venue related user mobile devices 183 and peer related computing devices 189 in the client device IP database 10.1. Computing device 189 displays a Quick Response (QR) code 616 generated by client application 250, including information such as identifier 392bc50b27a or other identification code. In one embodiment, the probe 108 probes the computing device 189 as peer-to-peer with the user mobile device 183 embedded with the client application 220, which includes: the user mobile device 183 captures the QR code 616;
the user mobile device 183 locates the region of the QR code 616 by combining criteria determinations, including pixel Dynamic Scale (DS), black cell ratio (BR), and Edge Intensity Sum (EIS), performed by the user mobile device 183 or the probe 108, to identify the QR code 616.
The probe 108 records the QR code 616 sent by the user mobile device 183, confirming that the computing device 189 is permitted to process the online user authentication process including account information for the user mobile device 183 as being peer-to-peer with the user mobile device 183. In another embodiment, the user mobile device 183 displays the payment QR617 and the string code 618 generated by the client application 250, as will be discussed below.
Similarly, in another embodiment, a printed QR code (not shown) including a unique identifier of the identifying means 684 may be scanned by the user mobile device 183 for transmission to the probe 108, which confirms the identifying means 684 as being peer-to-peer with the user mobile device 183 and records it in a database; wherein the computing device 189 is enabled to process an online user authentication process that includes user mobile device 183 account information, assuming that the computing device 189 and the identifying means 684 are within a distance that does not exceed the proximity threshold.
FIG. 6B illustrates a website 650 associated with the online store merchant 105 in conjunction with FIG. 6A, which will be discussed below.
FIG. 6C depicts a communication group 680 for online transfers, which will be discussed below.
Fig. 7 presents a flow diagram of an online user authentication process 700 in conjunction with fig. 2A-2C, 3, 4B, 5B, 6A, and 6B. The processing logic resides in several entities and devices as described below.
At step 701, a user mobile device 183 (including a telematics-enabled controller 240) is communicatively linked with a network 109; the computing device 189 (including the controller 240.8 without telematics functionality) is communicatively linked to the network 109 by obtaining an IP address assigned by the communicatively paired AP107 via the short-range wireless link 319.
At step 702, the probe 108 receives a user mobile device 183 account issued by the issuer 104 (e.g., a payment card, credit card issued by a bank or financial institution) and a merchant 105 related user verification request message 110 (generated and sent by any of the merchant 105 related acquirer 103, the issuer 104, the merchant 105, the user mobile device 183 account related payment network (not shown), or the client application 250 upon detecting input of account information for the user mobile device 183) that includes information for the selected acquirer 103 issued merchant 105 account, the issuer 104 name and identifier, the user mobile device 183 account, or the secure account information for the user mobile device 183 account (Table 1). Probe 108 acknowledges user authentication request message 110 as being used for authentication based on authentication time tvMerchant 105 key online operationsA request is made ("online operation") for correlation with the user mobile device 183 account and an online user authentication process is performed.
At step 703, the probe 108 searches the client device IP database 10.1 stored by the data storage medium 122 for the IP address 416 of the active computing device 189 — in one embodiment, upon detecting entry of selected information of the user's mobile device 183 account in the browsed website 650, the computing device 189 embedded in the client application 250 derives proximity data to the probe 108 via the exporter 254, which includes the computing device 189 associated auxiliary device identifier 411.2 and the IP address 416; in another embodiment, the user's mobile device 183 embedded in the client application 250 obtains and sends the secondary device identifier 411.2 and the IP address 416 of the computing device 189 to the probe 108 upon detecting the computing device 189 over the short-range wireless link 319.
At step 704, the probe 108 successfully obtains the valid IP address 416 from the client device IP database 10.1 and requests mobility data from the computing device 189 in a probe request message 641 sent over the network 109. In response to the probe request message 641 being imported by the importer 253 of the embedded client application 250, the computing device 189 sends a response message 642 to the probe 108 over the network 109 that includes the time-based computing device 189 retrieved by the client manager 252 at the time of inclusion of the verification time tvThe web browsing history 510 recorded with respect to time in the memory 242.8 of the controller 240.8.
Optionally, at step 705, the probe 108 fails to obtain a valid IP address 416 and requests mobility data from the user mobile device 183 in a probe request message 641 sent over the network 109. In response to the confirmation request message 641, the user mobile device 183 sends a response message 642 to the probe 108 over the network 109 that includes the client manager 252 retrieving the record for time in the memory 242 of the controller 240 over a period of time and at the verification time tvTime or verification time t with minimal differencevNetwork browsing of user mobile device 183 based on time recordedThe history 510 is reviewed.
At step 706, probe 108 performs a user authentication process by verifying the correlation of the web portal required for online operation with respect to user authentication request message 110 and web browsing history 510 containing response message 642.
At step 707, as a confirmation of the correlation of the online operation to the user mobile device 183 account, the probe 108 ends the user authentication process with a status indicator of "valid", which includes:
web browsing history 510 containing the display relevance of response message 642- -at time t containing verificationvThe date and time 514 at which the URI 513 was recorded, at the verification time tvThe one or more web pages to be viewed include the web site 650 of the online store merchant 105 required to perform the online operation associated with the user authentication request message 110.
Instead, at step 708, probe 108 ends the online user authentication process with the status indicator "invalid," which includes:
at inclusion verification time tvThe date and time 514 at which the URI 513 was recorded, at the verification time tvAt this point, the one or more web pages browsed are not related to the online operation related to the user authentication request message 110; or
Probe 108 does not receive response message 642.
At step 709, the probe 108 sends a result message 643, including a status indicator "valid," or a status indicator "invalid," to the receiving node over the network 109, including one or more of:
the order taker 103;
an issuer 104;
a merchant 105;
a user mobile device 183;
user mobile device 183 account related payment network("Payment network") clearing and settlement services Payment authorization services (e.g., Payment network)Payment card system switching network and VisanetTM)。
As an example, the receiving nodes associated with the acquirer 103, issuer 104, merchant 105, payment network may include a code driven processor and memory installed application server or control system. As an option, the results message 643 may include an alert with a status indicator of "invalid".
The online operation may include any financial transaction that requires transfer of a settlement total from the user mobile device 183 bank account or the user mobile device 183 account associated with the issuer 104 and the payment network to the merchant 105 account through the web portal.
Fig. 8 presents a flow diagram of a user authentication process 800 in conjunction with fig. 2A-3, 4C, 5A, and 6A. The processing logic resides in several entities and devices as described below.
Process 800 begins at step 1: the probe 108 associates the user mobile device 183 (including the controller 240) with the account issued by the issuer 104 by recording the user mobile device 183 identifier and secure account information associated with the user mobile device 183 account (table 1). In one embodiment, the venue AP list 500 (including the network identifier 501 "NET _ GEAR80 EE", 502 "NET _ GEAR90 EE", belonging to the AP107 installed in the environment 600 associated with the host 105, which may be used to provide pairing and access to the network 109 over the short-range wireless link 319) is captured and transmitted by one or more of the APs 107 at frequency and time intervals according to preset operating parameters; alternatively, venue AP list 500 is captured and transmitted by AP107 equipped access device 185 or host 105 associated computing device 189 located in environment 600. Probe 108 receives and stores venue AP list 500 as a venue reference profile in data storage medium 122.
At step 2, the probe 108 receives the issuer 104 transmissionThe bank's user mobile device 183 account (e.g., payment card, credit card issued by a bank or financial institution) and the host 105 related user authentication request message 110 (generated and sent by any of the host 105 related facilitator 103, issuer 104, host 105 related access device 185, or user mobile device 183 account related payment network (not shown)) includes the location database 10.2, the facilitator 103 issuing the host 105 account, the name and identifier of the issuer 104, and selected information of the user mobile device 183 account. Optionally, the access device 185 associated with the principal 105 is configured to process, for example, user mobile device 183 account-related operations, the number or security account information for the user mobile device 183 account number (Table 1), and the verification time T for "access device 185 proximity dataVIs obtained and included in the user authentication request message 110 or in a separate message that includes: current geographic location data ("transaction location") calculated based on signals transmitted by the geographic location system 133; or, the current venue AP list 500; alternatively, the access device 185 is provided with an AP107 associated identifier 501 "NET _ GEAR80 EE".
At step 3, probe 108 acknowledges user authentication request message 110 as an authentication based on authentication time tvThe key access device 185 operates ("transacts") a request for correlation with the user's mobile device 183 account. The probe 108 requests "proximity data" from the user's mobile device 183 via an acknowledgement request message 641 sent by the network 109, which includes any one or combination of the following: the current geographic location of the mobile device, the memory 242 of the controller 240 stores one or more geographic locations of the user blockchain path 520, a current venue AP list 500 of detected short-range wireless APs 107 available for communication links with the mobile device, and a proximity log 337. In one embodiment, probe 108 includes user mobile device 183 proximity data sent over network 109 to access device 185 in a confirmation request message 641. Optionally, probe 108 includes access device 185 proximity data in an acknowledgement request message 641 sent to user mobile device 183 through network 109.
In one embodiment, in response to the probe request message 641, the user mobile device 183 sends a response message 642 containing proximity data to the probe 108 via the network 109, which includes:
a current venue AP list 500 obtained by the embedded client application 250; the selected location d of the user blockchain path 520 recorded with respect to time in the memory 242 of the controller 240 over a period of timenAnd at verification time tvTime or verification time t with minimal differencevAnd (6) recording.
Optionally, the user mobile device 183 retrieves the proximity data stored by the memory 242 of the controller 240 to verify the correlation with the access device 185 proximity data according to a user authentication process.
At step 4, the probe 108 or user mobile device 183 or access device 185 performs a user authentication process by verifying the correlation of the proximity data of the user mobile device 183 with the proximity data of the access device 185, which includes:
verifying the association of the venue AP list 500 included in the access device 185 proximity data with the current venue AP list 500 obtained by the user mobile device 183; or
Verifying the correlation of the access device's 185 proximity data, including the identifier 501 "NET _ GEAR80 EE" or another AP identifier 502 "NET _ GEAR90 EE" related to the AP107 with which the access device 185 is equipped, with the current venue AP list 500 obtained by the user's mobile device 183; or
Determining at and verifying time tvTime or verification time t with minimal differencevWhether the distance between the access device 185-associated transaction location and the user mobile device 183 geographic location 336 is within the proximity threshold 525 or exceeds the proximity threshold 525.
At step 5, as confirmation of the correlation of the transaction to the user mobile device 183 account, the probe 108 or user mobile device 183 or access device 185 ends the user authentication process with a status indicator of "valid", which includes one or more of:
the access device 185 proximity data includes a venue AP list 500 and a current venue AP list 500 obtained by the user mobile device 183, both of which include an identifier 501 "NET _ GEAR80 EE" or another AP identifier 502 "NET _ GEAR90 EE" associated with the access device 185 equipped with the AP 107; or
Proximity log 337 is "proximity", indicating that user mobile device 183 is communicatively paired with AP107 equipped with access device 185, AP107 including identifier 501 "NET _ GEAR80 EE"; or
At and verification time tvTime or verification time t with minimal differencevAt position d of the user mobile device 1834And transaction location dvIs within proximity threshold 525.
Instead, at step 6, the probe 108 or user mobile device 183 or access device 185 ends the user authentication process with the status indicator "invalid," which includes any of the following:
the current venue AP list 500 obtained by the user mobile device 183 is independent of the access device 185 proximity data, wherein the access device 185 is provided with an AP107 whose associated identifier 501, "NET _ GEAR80 EE" or another AP identifier 502, "NET _ GEAR90 EE" does not exist; or
Proximity log 337 is not "proximity," meaning that user mobile device 183 is not communicatively paired with AP107 equipped with access device 185, AP107 including identifier 501 "NET _ GEAR80 EE"; or
At and verification time tvTime or verification time t with minimal differencevAt position d of the user mobile device 1838And transaction location dvExceeds the proximity threshold 525.
In the case where the user mobile device 183 performs the user authentication process, the user mobile device 183 transmits a response message 642 including the status index "valid" or the status index "invalid" to the probe 108 via the network 109. In the case where the access device 185 performs the user authentication process, the access device 185 sends a response message 642 including the status indicator "valid" or the status indicator "invalid" to the probe 108 through the network 109.
At step 7, the probe 108 sends a result message 643, including a status indicator "valid," or a status indicator "invalid," to the receiving node over the network 109, including one or more of:
a server 103;
an issuer 104;
a master 105;
a user mobile device 183;
an access device 185;
the user mobile device 183 accounts for the relevant payment network.
As an example, the receiving nodes associated with the facilitator 103, issuer 104, principal 105, payment network may include a code driven processor and memory installed application server or control system. As an option, the results message 643 may include an alert with a status indicator of "invalid". However, the transaction may include payment to the host 105 bank account through the access device 185 as a point of sale terminal ("POS terminal") to a user mobile device 183 account (e.g., a payment card, credit card issued by a bank or financial institution), or a bank withdrawal through the access device 185 as an automated teller machine ("ATM"), such as: in the option, the transaction location dvAccess device 185 at performs a validation-based time t based on the status indicator "valid" according tovOr the access device 185 rejects the transaction requested by the user mobile device 183 based on the status indicator being "invalid," an alert is triggered.
FIG. 8 presents a flowchart of an embodiment in a variation of process 810 in conjunction with FIG. 2A, FIG. 2B, and FIG. 6A. The processing logic resides in several entities and devices as described below.
At step 1, the host 105 associated computing device 189 generates (e.g., with the embedded client application 250) a QR code 616 including information of the host 105 account issued by the service 103 and settlement credits (e.g., $ 100.00 in currency) to be deposited into the host 105 account. QR code 616 may also contain a valid IP address and identifier (e.g., a unique identifier of host 105HCC/HID, computing device 189).
The user mobile device 183 (including the controller 240) obtains the QR code 616 and thus the contained information by data transmission via optical scanning or NFC via the network 109 or the short-range wireless link 319. Some or all of the received information containing the QR code 616 is selectively displayed by the user mobile device 183 by the display of the user mobile device 183 and the I/O244. The user mobile device 183 sends to the issuer 104 a verification time tvThe embedded client application 250, which includes:
the issuer 104 issues user mobile device 183 account information for authorizing transfer of settlement credits to the principal 105 account associated with the QR code 616;
a user mobile device 183 identifier;
recorded verification time tv
As a possibility, the request message 111 may also include biometric information related to the user's mobile device 183 (e.g. information related to iris, fingerprint), an electronic signature or a password.
At step 2, the probe 108 receives a user verification request message 110 generated and sent by the issuer 104 or client application 250 upon detection of input of user mobile device 183 account information, including selected information of the request message 111 or secure account information related to the user mobile device 183 account (Table 1). Probe 108 acknowledges user authentication request message 110 as being used for authentication based on authentication time tvAnd a request for correlation of the settlement credit with the user mobile device 183 account, and performs a user authentication process. Probe 108 is connected via a pass-through networkThe acknowledgement request message 641 sent by 109 requests "mobility data" from the user mobile device 183.
At step 3, in response to the confirmation request message 641, the user mobile device 183 sends a response message 642 containing mobility data to the probe 108 over the network 109, including the verification time tvA record of the correlation request message 111.
At step 4, probe 108 performs a user authentication process that includes verifying the correlation of mobility data sent by user mobile device 183 with information containing user authentication request message 110.
At step 5, as confirmation of the correlation of the user authentication request message 110 with the user mobile device 183, the probe 108 ends the user authentication process with a status indicator "valid", which includes a record of the request message 111 containing the mobility data of the user mobile device 183.
Instead, at step 6, probe 108 ends the user authentication process with the status indicator "invalid", which includes:
response message 642, which contains information unrelated to the information used to record request message 111 in user authentication request message 110; or
Probe 108 does not receive response message 642.
At step 7, the probe 108 sends a result message 643, including a status indicator "valid," or a status indicator "invalid," to the receiving node over the network 109, including one or more of:
the issuer 104 associated receiving node (e.g., an application server or control system including a code driven processor and memory installation);
a user mobile device 183;
the QR code 616 is associated with the computing device 189.
In one embodiment, the result message 643 contains a blockchain code marking each credit in a settlement-related monetary unit (e.g., $ 1.00) deposited into the host 105 account with the user's mobile device 183 account as the depositor's traceable information including, for example:
($git clone https://github.com/openchain/docker.git openchain
$cd openchain$cp templates/server.yml docker-compose.yml
$mkdir data)
as an option, the results message 643 may include an alert with a status indicator of "invalid". In other embodiments, the user's mobile device 183 request to transfer settlement credits is in the form of a received graphic, image, etc., and is therefore not limited to inclusion in the QR code 616.
FIG. 8 presents a flowchart of the online user authentication process 820 in conjunction with FIG. 1, FIG. 2A, FIG. 2B, FIG. 6A, and FIG. 6B. The processing logic resides in several entities and devices as described below.
At step 1, a user mobile device 183 (including a telematics-capable controller 240) belonging to the customer is communicatively linked to the network 109. In one embodiment, the customer purchases the selected merchandise from the merchant 105, for example, checkout at a checkout counter; optionally, the customer completes the purchase transaction from the merchant 105 online store website 650, for example by clicking on the checkout icon button 651 — providing an input as an indication of an intent to pay for the selected item using the methods described herein. The website 650 then displays a form 652 that requests that account information be entered as code 653 for the user's mobile device 483 in relation to the account or payment card issued by the issuer 104.
The user mobile device 183 (preconfigured to or through the embedded client application 250) generates and records in memory a code for archiving payment, authorizing payment for a purchase transaction and relating to information including any one or combination of the following: encrypted unique code, verification time t while generating payment code in clock synchronization with the application server 134 of the probe 108vUser movementMobile device 183 phone number, purchase transaction amount, user mobile device 183 associated payment card information, such as the name of the payment card holder, payment card number, corresponding payment network and issuer 104, etc. In one embodiment, an account is selected among a plurality of user mobile device 183 accounts (e.g., credit card account, bank account, payment card, debit card account), and the payment code is generated as payment QR617, which may be obtained (e.g., by scanning or RF/network transmission) by POS terminal 185 (or computing device 189) and transmitted to the acquirer 103, or payment network associated with the selected user mobile device 183 payment card account, along with the purchase transaction amount and payment card number associated with the user mobile device 183. Optionally, the payment code is generated as a string code 618 including numbers and letters, which may be entered into website 650 as code 653. The string code 618 is then sent to the acquirer 103 or payment network associated with the merchant 105-in one aspect, the payment request is sent to the payment card issuer 104. The payment QR617 and the string code 618 may or may not include the user mobile device 183 payment card number, and may or may not be time-based.
In one example, the user mobile device 183 generates a QR617 for payment obtained by the POS terminal 185 based on an algorithm and records in memory as an archive, which includes:
payment QR617 generated verification time tv(e.g., date 2017-02-10, time 15: 23: 10.00) -date and time clock-synchronized with the probe 108;
+44(0) 2082828080 — user mobile device 183 phone number;
adam Smith — name of the payment card holder;
01-publisher 104 code;
VisaNetTM-a payment network of payment cards.
In another example, the user mobile device 183 generates code 653 based on an algorithm for entering the form 652 and records the string code 618 in memory as an archive, which includes:
01442082828080abxc2017021015231000, for example, includes the purchase transaction amount ($ 128), the verification time tv(date 2017-02-10, time 15: 23: 10.00), payment card information associated with the user mobile device 183, such as the name of the payment card holder, the payment card number, the corresponding payment network. In another embodiment, the user mobile device 183 sends a request message for the code to the probe 108 over the network 109 and replies to receive a payment QR617 or string code 618 from the probe 108 — the approval processor 121 of the probe 108 is set to generate the payment QR617 or string code 618.
At step 2, the probe 108 receives the issuer 104 issued user mobile device 183 payment card account and the merchant 105 associated user verification request message 110 generated and sent by any one of the merchant 105 associated acquirer 103, the issuer 104, the merchant 105 associated POS terminal 185, or the user mobile device 183 payment card account associated payment network — the user verification request message 110 includes information of the payment QR617 or the string code 618. Probe 108 acknowledges user authentication request message 110 as a request for authentication based on authentication time tvThe merchant 105 of (1) requests a correlation of the key purchase transaction with the user mobile device 183 payment card account and performs a user authentication process. The probe 108 requests "mobility data" from the user mobile device 183 via an acknowledgement request message 641 sent over the network 109.
At step 3, in response to the confirmation request message 641, the user mobile device 183 sends to the probe 108, through the network 109, a response message 642 containing archived mobility data, which includes a record of the generated or imported payment QR617, or a record of the string code 618.
At step 4, probe 108 performs a user authentication process by authenticating information comprising user authentication request message 110 with a record comprising response message 642 sent by user mobile device 183.
At step 5, as confirmation of the validity of the user authentication request message 110 with respect to the merchant 105 to pay the key purchase transaction charge of the card account for the user mobile device 183, the probe 108 ends the user authentication process with a status indicator "valid", which includes:
a response message 642 containing the payment record QR 617; or
A response message 642 containing a record of the string code 618.
Instead, at step 6, probe 108 ends the user authentication process with the status indicator "invalid", which includes:
a response message 642 that does not include the payment QR617, or a record of the string code 618; or
Probe 108 does not receive response message 642.
At step 7, the probe 108 sends a result message 643, including a status indicator "valid," or a status indicator "invalid," to the receiving node over the network 109, including one or more of:
the order taker 103;
an issuer 104;
a merchant 105;
a user mobile device 183;
POS terminal 185 (or computing device 189);
the user mobile device 183 accounts for the relevant payment network.
As an example, the receiving nodes associated with the facilitator 103, issuer 104, merchant 105, payment network may include a code driven processor and memory installed application server or control system. As an option, the results message 643 may include an alert with a status indicator of "invalid".
FIG. 8 presents a flowchart of another embodiment of a process 830 incorporating FIGS. 1, 2A-2C, 4B, 4C, 5A, and 6A. The processing logic resides in several entities and devices as described below.
Process 800 begins at step 1: the venue AP list 500 (including network identifiers 501 "NET _ GEAR80 EE", 502 "NET _ GEAR90 EE", belonging to the host 105 associated with the environment 600 installed AP107 that may be used to provide pairing to access the network 109 over the short-range wireless link 319) is captured and transmitted by the AP107 or one or more of the communication devices operated by the host 105 at frequency and time intervals according to preset operating parameters. Probe 108 receives and stores venue AP list 500 as a venue reference profile in data storage medium 122.
At step 2, probe 108 supports authorization of user mobile device 183 (including controller 240) and computing device 189 to activate state change operations (e.g., locking/unlocking) of short-range wireless link-linked access device 185 set up by environment 600 — probe 108 registers client device IP database 10.1 into data storage medium 122, which includes:
master identifier 411.1: an identifier of the user mobile device 183;
auxiliary device identifier 411.2: an identifier of the computing device 189;
state 412.1: the user mobile device 183 is a probe 108 that is associated with the access device 185 based on a user mobile device 183 account (e.g., employee account, hotel rental, property rental or ownership, member account of a club providing sports or leisure facilities, with optional availability throughout a period of time) issued by a principal 105 (e.g., hotel, property owner, property operator, club) — there may be multiple user mobile devices 183 associated with the venue;
state 412.2: computing device 189 is identified by probe 108 as being associated with access device 185, there may be multiple computing devices 189. n;
AP identifier 413: an identifier of an access device 185 of an AP107 set in a communication link environment 600;
position 414: the geographic location of the environment 600, which is confirmed by the probe 108 as being relevant to the access device 185 location;
peer state 415: "related" indicates that the computing device 189 is identified by the probe 108 as being peer-to-peer with the user mobile device 183 and is allowed to perform access device 185 state change operations;
there may be a plurality of peer related user mobile devices 183.n, computing devices 189. n;
IP address 416: valid computing device 189 device IP address (if present).
At step 3, the user mobile device 183 is communicatively linked with the probe 108 by pairing with a short-range wireless link 319. User mobile device 183 at authentication time tvAn activation request message 112 is sent to the probe 108-related to activating a state change operation of the access device 185. In further embodiments, the activation request message 112 also contains proximity data related to the user's mobile device 183-the venue AP list 500 of the capture environment 600 and is included in the activation request message 112. Probe 108 acknowledges activation request message 112 as a validation time t for verificationvThe associated access device 185 state changes requests to operate on the association with the user mobile device 183 account and performs user authentication processing. In an alternative embodiment, the probe 108 detects a user mobile device 183 that is paired with a short-range wireless link 319 linked to an AP107 associated with the access device 185.
The probe 108 also requests proximity data from the user's mobile device 183 via an acknowledgement request message 641 sent by the network 109. In response to the confirmation request message 641, the user mobile device 183 sends a response message 642 containing relevant proximity data to the probe 108 via the network 109, which includes any of the following:
an identifier of the user mobile device 183;
a current venue AP list 500;
an identifier of a communicatively linked short-range wireless access point, AP;
the selected location d of the user blockchain path 520 recorded with respect to time in the memory 242 of the controller 240 over a period of timenAnd at verification time tvTime or verification time t with minimal differencevAnd (6) recording.
At step 4, probe 108 performs a user authentication process by authenticating the proximity data sent by user mobile device 183, which includes:
verifying the identifier of the user mobile device 183 against the client device IP database 10.1 stored by the data storage medium 122;
verify the relevance of venue AP list 500, including response message 642, to the venue reference profile stored by data storage medium 122;
the user blockchain path 520 of the user mobile device 183 stored with the data storage medium 122 probes the location d contained in the response message 642n
The verification time t transmitted by the user mobile device 183 is investigated on the basis of the geographical position 422 ("operating position") of the transaction-relevant principal 105 stored in the position database 10.2vThe associated geographic location.
At step 5, as confirmation of the correlation of the activation request message 112 with the access device 185 state change operation, the probe 108 ends the user authentication process with a state indicator of "valid", which includes one or more of the following:
in the client device IP database 10.1 stored in the data storage medium 122, at the verification time tvAn identifier of the user mobile device 183 that is registered and valid;
the venue AP list 500 including the response message 642 and the venue reference profile, both including the network identifier 501 "NET _ GEAR80EE," are associated with the AP107 to which the access device 185 is communicatively linked;
location d contained in response message 642 in user blockchain path 520 of user mobile device 183 stored with data storage medium 122n
The user mobile device 183 included in the response message 642 is at the verification time tvTo position d4At a distance d from the operating positionvIs within the approach threshold.
Instead, at step 6, probe 108 ends the user authentication process with the status indicator "invalid", which includes:
in the client device IP database 10.1 stored in the data storage medium 122, at the verification time tvAn identifier of the user mobile device 183 that is invalid;
the response message 642 includes the venue AP list 500 with no network identifiers present regardless of the venue reference profile;
position d contained in response message 642nIndependent of the user blockchain path 520 of the user mobile device 183 stored by the data storage medium 122;
the user mobile device 183 included in the response message 642 is at the verification time tv(from operating position dv) Position d of8Exceeding the proximity threshold 525;
probe 108 does not receive response message 642.
At step 7, probe 108 generates and sends the results of the user authentication process over network 109, which includes any of the following:
status indicator "valid" -approval processor 121, by sending command signal 644 to access device 185 via AP107 installed in selected environment 600, actuates the operating state from locked to unlocked;
the command signal 644 may comprise, among other things, a code;
status indicator "invalid" -approval processor 121 sends result message 643 for receipt by a host 105 associated receiving node (e.g., an application server or control system that includes a code-driven processor and a memory installation); wherein the access device 185 inhibits actuation of the operational state from locked to unlocked. Alternatively, the results message 643 may include an alert with a status indicator of "invalid" and recorded by the probe 108 in the data storage medium 122. The recipient nodes may include tenants, owners, property operators, facility operators, employees, and visitors.
In an alternative embodiment, at step 3, the computing device 189 verifies time tvAn activation request message 112 is sent to the probe 108 relating to activation of a state change operation of the access device 185. At step 4, probe 108 transmits an activation request message 112 to user mobile device 183, wherein probe 108 sends a request to computing device 189 for user mobile device 183 in connection with capturing and sending real-time imaging of the computing device 189 user. At step 5, the user mobile device 183 sends a status indicator "valid" to the probe 108; instead, at step 6, the user mobile device 183 sends a status index "invalid" to the probe 108. At step 7, probe 108 generates and sends results over network 109 through AP107 installed in selected environment 600, which includes:
a command signal 644 to the access device 185 for status indicator "active", the access device 185 actuates the operational state from locked to unlocked; or
The access device 185 inhibits actuation of the operational state from locked to unlocked in a result message 643 to the computing device 189 for status indicator "invalid".
FIG. 8 presents a flowchart of a further embodiment of process 840 in conjunction with FIG. 2B, FIG. 3, FIG. 4C, FIG. 5A, FIG. 5C, and FIG. 6A. The processing logic resides in several entities and devices as described below.
At step 1: user mobile device 183 (including controller 240) registers an account with attendant 103 to authorize an operational state change ("actuation") to activate co-located appliances 487.1 and 487.2 (not shown) by controlling access device 185, which includes:
juxtaposition 487.1 — operating state 1, associated with the mechanism position, allowing the door embedded therein to be opened; an operating state 2 relating to the position of the mechanism, with the door locked in position;
parallel device 487.2 — operating state 1, constituting an operating implement, machine; the operation state 2 is a state in which the appliance or the device is not operated.
The side-by-side device 487.1 generally includes a control mechanism for an automobile door lock, a flat panel door, or a safe door. In an exemplary embodiment, the parallel device 487.2 pertains to a power circuit of an appliance or relay that controls the operating mode of the appliance. In another embodiment, the paralleling 487.2 pertains to an automotive electronic or electric starting system for a battery, fuel cell, or gasoline powered engine, or a hybrid combination thereof; the operating state 1 constitutes a dynamic power generation mechanism for pushing the host 105 as a running displacement of the vehicle, while the operating state 2 constitutes a static power generation mechanism for disabling the host 105 from running. In a further embodiment, the access device 185 is a network-connected programmable processor-mounted control unit or central control hub capable of processing data and controlling the operational state of the parallel devices 487.1 and 487.2 in the master 105 as a car, house, safe.
By registering the client device IP database 10.1 in the data storage medium 122, the probe 108 validates or issues the user mobile device 183 account (e.g., ownership account, membership account, or rental account having validity for the entire period of time) from the server 103 (e.g., vehicle owner, vehicle rental operator, property operator, tenant) -the access device 185 peers the relevant user mobile device 183 and is thus authorized to actuate the operational state change of the relevant side by side 487.1 and 487.2 of the principal 105 through the access device 185. The server 103 operating the master 105 imposes operational restrictions ("restrictions") on one or more user mobile devices 183 in the operation of the master 105, such as: upper limits on the speed and geographic area of the master 105, the operating time span valid for a week or a month, hours and minutes of a day, displacement distance of a day or population over one or more operating time spans, or any combination of the above.
At step 2, the user mobile device 183 is in proximity to the principal 105 in the environment 600; the master 105 is equipped with an AP107 linked by an access device 185 and a network 109, with an AP that provides a short-range wireless link 319 (e.g., using Bluetooth @)TMWiFi) capability for data transmission with the capability to handle data communications through the communicatively linked AP 107. User mobile device 183 at authentication time tvAn actuation request in an operational state change from operational state 2 to 1 of either collocated device 487.1 or collocated device 487.2 is sent to communicatively paired AP107 linked access device 185 via short range wireless link 319. The master 105 associated access device 185 is configured to obtain the transmitted signal from the geolocation system 133 and transmit the current geolocation data, or for the AP107 identifier 502 "NET _ GEAR90 EE" received by the probe 108, either contained in the user authentication request message 110, or in a separate message during the processing of the user mobile device 183 associated operations.
The probe 108 receives a user authentication request message 110 generated and sent by the user mobile device 183 or access device 185 regarding the user mobile device 183 account and principal 105, which includes selected user mobile device 183 account information and current geographic location data ("actuation location"). Probe 108 acknowledges user authentication request message 110 as being used for authentication based on authentication time tvThe key access device 185 actuates a request for correlation with the user mobile device 183 account. In one embodiment, the probe 108 in the probe request message 641 sent via the network 109 requests "proximity data" from the user mobile device 183; in another embodiment, probe 108 sends a probe request message 641 to access device 185 requesting "access device 185 is close to data" including: an actuation position calculated based on signals sent by the geolocation system 133; or, the current venue AP list 500; or with access device 185The AP107 of the network identifier 502 "NET _ GEAR90 EE".
At step 3, in response to the probe request message 641, the user mobile device 183 sends a response message 642 containing proximity data to the probe 108, which comprises:
a current venue AP list 500 obtained by the embedded client application 250;
the selected location d of the user blockchain path 520 recorded with respect to time in the memory 242 of the controller 240 over a period of timenAnd at verification time tvTime or verification time t with minimal differencevAnd (6) recording.
In another embodiment, access device 185 sends a response message 642 to probe 108 containing access device 185 proximity data. Optionally, the probe 108 transmits the proximity data of the user mobile device 183 to the access device 185 via the network 109. In a further embodiment, probe 108 sends the proximity data of access device 185 to user mobile device 183 via network 109; the user mobile device 183 retrieves the proximity data stored by the memory 242 of the controller 240 for verifying the correlation with the access device 185 proximity data according to a user authentication process.
At step 4, the probe 108 or user mobile device 183 or access device 185 performs a user authentication process that includes:
verifying the association of access device 185 proximity data including venue AP list 500 with the current venue AP list 500 obtained by user mobile device 183; or
Verifying the correlation of the access device's 185 proximity data, including the identifier 502 "NET _ GEAR90 EE" or another AP identifier 501 "NET _ GEAR80 EE" related to the AP107 with which the access device 185 is equipped, with the current venue AP list 500 obtained by the user's mobile device 183; or
Determining at and verifying time tvTime or verification time t with minimal differencevAccess device for processing records185 relative actuation position and the user mobile device 183 geographical position 336 is within the proximity threshold 525 or exceeds the proximity threshold 525.
At step 5, as confirmation of the correlation of the principal 105 with the user mobile device 183 account, the probe 108 or user mobile device 183 or access device 185 ends the user authentication process with a status indicator of "valid", which includes one or more of:
the access device 185 proximity data includes a venue AP list 500 and a current venue AP list 500 obtained by the user mobile device 183, both of which include an identifier 502 "NET _ GEAR90 EE" or another AP identifier 501 "NET _ GE AR80 EE" associated with the AP107 with which the access device 185 is equipped; or
The proximity log 337 is "proximity," indicating that the user mobile device 183 is communicatively paired with the AP107 with which the access device 185 is equipped, the AP107 including an identifier 502 "NET _ GEAR90 EE"; or
At and verification time tvTime or verification time t with minimal differencevAt position d of the user mobile device 1834And transaction location dvIs within proximity threshold 525.
Instead, at step 6, the probe 108 or user mobile device 183 or access device 185 ends the user authentication process with the status indicator "invalid," which includes any of the following:
the current venue AP list 500 obtained by the user's mobile device 183 is independent of the access device's 185 proximity data, where the access device 185 is provided with an AP's 107 correlation identifier 502 "NET _ GEAR90 EE" or another AP identifier 501 "NET _ GEAR80 EE" does not exist; or
Proximity log 337 is not "proximity," meaning that user mobile device 183 is not communicatively paired with AP107 equipped with access device 185, AP107 includes 502 "NET _ GEAR90 EE"; or
At and verification time tvTime with minimal difference orVerification time tvAt position d of the user mobile device 1838And transaction location dvExceeds the proximity threshold 525.
In the case where the user mobile device 183 performs the user authentication process, the user mobile device 183 transmits a response message 642 including the status index "valid" or the status index "invalid" to the probe 108 via the network 109. In the case where the access device 185 performs the user authentication process, the access device 185 sends a response message 642 including the status indicator "valid" or the status indicator "invalid" to the probe 108 through the network 109.
At step 7, the probe 108 sends a result message 643 to the access device 185 via the network 109, or the probe 108 receives the sent result message 643 from the access device 185 via the network 109 and sends it to the user mobile device 183, which includes:
status indicator "valid" -access device 185 actuates collocation 487.1 from operating state 2 to operating state 1, authorizing actuation of collocation 487.2 from operating state 2 to operating state 1; or
Status indicator "invalid" -access device 185 inhibits actuation of collocation 487.1 from operating state 2 to operating state 1 and inhibits actuation of collocation 487.2 from operating state 2 to operating state 1.
Alternatively, the results message 643 may include an alarm with a status indicator of "invalid" while the access device 185 triggers an alarm (not shown) and the probe 108 is recorded in the data storage medium 122. The access device 185 performs the user mobile device 183 request actuation according to the status indicator "active", or the access device 185 rejects the user mobile device 183 request actuation according to the status indicator "inactive", in the option an alarm is triggered.
In another embodiment, when existing AP107 of master 105 is paired via short-range wireless link 319, probe 108 confirms that user mobile device 183 associated with master 105 is away from master 105 by a distance exceeding a proximity threshold corresponding to a proximity threshold of a valid pairing range, and the pairing link is removed. In accordance with the operating protocol, access device 185 actuates the parallel 487.1,487.2 to change the active operating state 1 to operating state 2.
In yet another embodiment, the user mobile device 183 is independent of the server 103, and therefore independent of the principal 105; a computing device 189 associated with the host 105 or communicatively linked with the access device 185 displays a QR code 616 encrypted payment amount (e.g., $ 10.00) for settlement that must be settled and paid with a user mobile device 183 account (e.g., bank account, payment card, credit card account) issued by the issuer 104-the access device 185, upon receiving a message from the acquiring bank 103 associated with the host 105 over the network 109 as confirmation to process the payment, actuates the parallel arrangement 487.1 to change from operating state 2 to operating state 1, ensuring that all settlement outstanding has been transferred from the user mobile device 483 account to the acquiring bank 103 account (e.g., bank account) associated with the host 105 in accordance with a result message 643 with a status indication "valid".
FIG. 8 presents a flowchart of an embodiment in a variation of process 850 in conjunction with FIGS. 2B, 6A, and 6C. The processing logic resides in several entities and devices as described below.
At step 1, the probe 108 receives account information (e.g., including account names and numbers) issued by the issuer 104.1,104.2,104.3,104.4,104.5, respectively, from a user mobile device 183.1,183.2,183.3,183.4,183.5 embedded by a plurality of client applications 250; in one embodiment, the explorer 108 explores account information with multiple issuers 104.1-5; as previously described, the probe 108 can also probe account addresses by tracking the venue-related location of the user mobile device 183.1-5 according to a second threshold.
At step 2, user mobile device 183.5 participates as an administrator of client application 250 corresponding to and operating communication group 680 to receive requests from user mobile devices 183.1-4 or responses to user mobile device 183.5 prompt requests; the user mobile device 183.5 accepts the user mobile device 183.4 as a non-paying participant who may optionally exit the communication group 680 and accepts the user mobile devices 183.1-3 as paying participants who require authorization of the user mobile device 183.5 to exit the communication group 680. Thus, the number of non-paying participants is 1, while the number of paying participants is 3.
In an exemplary embodiment, at step 3, the user mobile device 183.1 enters the communication group 680 pricing map 681-personal use item.
At step 4, the user mobile device 183.5 unicasts to the paying participants according to a settlement total 685 (e.g., $ 100) that is input by the user mobile device 183.5 or imported by the importer 253 of the client application 250 embedded by the user mobile device 183.5 to be sent by the merchant 105, which includes:
a sub-dollar amount 691 to the user mobile device 183.1 ═ (total 685-pricing map 681)/4+ pricing map 681;
the sub-amount 692 to the user mobile device 183.2 ═ (total 685-pricing map 681)/4;
the sub-amount 693 to the user mobile device 183.3 is (total 685-pricing map 681)/4.
At step 5, the user mobile device 183.1 settles the fund amount 691 through the web site or URL of the issuer 104.1 in the communication group 680; communication group 680 has web browser functionality, including:
select Administrator 686 — retrieve the registered user mobile device 183.5 account number and issuer 104.5 code as input to receive the account;
selecting due 688-retrieving a fund 691 for transfer from the issuer 104.1 associated user mobile device 183.1 account to the issuer 104.5 associated mobile device 183.5 account in the receiving 689.
At step 6, the mobile device 183.2 ignores the prompted settlement request.
At step 7, the communication group 680 is displayed via the display on the user's mobile device 183.1-5 and the I/O244, which includes the completion transfer 683.
In one aspect, the account includes a savings account, a payment card account, a credit card account; the explorer 108 receives confirmation of the transfer of the sub-amount 691 from the issuer 104.1-the explorer 108 explores the user mobile device 183.5 and other participants over the communication group 680 where the user mobile device 183.1 has transferred the sub-amount 691 from the issuer 104.1 associated user mobile device 183.1 account to the issuer 104.5 associated user mobile device 183.5 account.
Alarm triggering strategy
The probe 108 activates an alarm and sends to any one or combination of the attendant 103, the issuer 104, the principal 105, the account-related user mobile device 183, the communication device 183, the access device 185, different receiving nodes of the payment network, according to an alarm triggering process, which includes: (1) an instant messaging message; (2) notification by email; (3) voice notification over an automatic telephone; (4) informing through multimedia messages; (5) activating an alarm installed on the host 105; (6) activating an alarm equipped with the access device 185; (7) the processed alarm trigger is recorded to the data storage medium 122.
Short-range wireless communication
As described herein, short-range wireless communication over a wireless communication path may use any of a variety of different physical and protocol layer communication methods. For example, the communication technology may include optical, infrared, radio transmission, RFID, or any other suitable communication technology, and may include IEEE802.11, 802.15, BluetoothTMPCS, WiFi or any other suitable communication method or standard.
Account
The discussed embodiments may also include user mobile device 183 accounts (e.g., identification cards, driver's licenses, shopper's payment cards) confirmed or issued by other principals 105 (any organization requiring a personal ID, such as a library, government, airplane, ship, berth, building pass, land pass, merchandise vendor, etc.).
Those skilled in the art will recognize that the above-described aspects, features, embodiments and advantages are intended to be illustrative, and thus, are strictly illustrative, and not limiting of the appended claims, unless it is explicitly stated in the claims that the practice according to the combined embodiments may be such that activation of one mechanism may be followed or replaced by another mechanism. For example, a user account may be issued by an issuer, an attendant, a third party, or a probe; while the access device may be under the operation of a master, issuer, or server. web browsing history, transaction location exploration and user blockchain paths may be formulated in any embodiment without being limited by sequence and computation. In further embodiments, the access device may be replaced by a communication device with or without telematics functionality.
In the description, certain components of the invention may be described in terms of algorithms and/or steps executed by software applications. In many cases, such descriptions are intended to set forth the invention using representations commonly used by those skilled in the art. Accordingly, various terms such as "probing," "determining," "calculating," "processing," and the like may be used herein. These terms are intended to refer to processes performed by software and/or hardware devices, such as computer systems. Furthermore, the present invention may be implemented as a method, system, computer program product, smart phone, software application with application functionality, user interface, ATM, car navigation system, car door lock system, electronic door lock, rotary gate, POS terminal, smart home control hub, or any combination thereof.

Claims (16)

1. A method of probing operations relating to a mobile device associated account based on mobile device data, the method comprising the steps of:
associating the mobile device with the account or financial issuance account by recording a mobile device-related identifier having the account number or a code related to the account number in a database;
obtaining, over a network, information of an operation related to a payment to a recipient with a mobile device-associated account; or
Obtaining, over a network, information for a transaction related to a payment to a recipient with a mobile device associated account; or
Obtaining, over a network, information relating to actuating a device with a mobile device associated account upon a change in an operational state;
sending a message to request proximity data from the mobile device, the proximity data including a current geographic location of the mobile device, or one or more geographic locations of a blockchain path stored in a memory of the mobile device, or a current list of detected short-range wireless access points available for a communication link with the mobile device, or an identifier of a communicatively linked short-range wireless access point; or
Sending a message to request mobility data from a mobile device, the mobility data comprising a record of websites browsed during a certain period of time, or a record of mobile device associated account related messages transmitted to a receiving node, or a record of code for performing an operation;
receiving proximity data of a mobile device over a network; or
Receiving mobility data of a mobile device over a network;
determining the correlation between the mobile equipment associated account and the operation aiming at the key moment of the operation;
the results are sent over the network to one or more receiving nodes.
2. The method of claim 1, the step of obtaining information related to the operation comprising:
receiving, by the website, information related to making a payment for a purchase from the online store using the mobile device-associated account; or
Information relating to a payment transfer from the mobile device associated account to the receiving account is received via the website.
3. The method of claim 1, the step of obtaining information relating to a transaction comprising:
receiving, from the mobile device, geographic information recorded at or having a minimal time difference from the critical moment of operation, or a list of communicatively linked short-range wireless access points available at the transaction location, or an identifier of a communicatively linked short-range wireless access point; or
Receiving, from the access device, geographic information recorded at or having a minimal time difference from the critical moment of operation, or a list of short-range wireless access points available for communication links at the transaction location, or an identifier of the short-range wireless access points.
4. The method of claim 4, further comprising:
sending, to the access device, mobile device-related geographic information recorded by the mobile device at the moment of operation or having a minimum time difference from the moment of operation, or a list of communicatively linked short-range wireless access points available at the transaction location, or an identifier of the communicatively linked short-range wireless access points; or
Sending, to the mobile device, access device-related geographic information recorded by the access device at the moment of operation or having a minimum time difference from the moment of operation, or a list of short-range wireless access points available for communication links at the transaction location, or an identifier of the short-range wireless access points.
5. The method of claim 1, the step of obtaining information about the actuation device upon a change in operating state comprising:
receiving a list of short range wireless access points or geographic locations that are available for communication links in relation to a location of a building in which the door lock is provided as a device;
information is received from a control device or a mobile device regarding actuation of a change in an operational state of a door lock at a building location with a mobile device associated account, wherein the operational state change includes locking of unlocking.
6. The method of claim 1, the step of obtaining information about the actuation device upon a change in operating state further comprising:
receiving information related to actuation of a change in an operational state of a door lock system of a vehicle with a mobile device-associated account, wherein the operational state change includes a locking pair unlocking; or
Information is received regarding actuation of a change in an operational state of a vehicle starting system with a mobile device associated account, wherein the operational state change includes an operational pair not operational.
7. The method of claim 1, the step of receiving proximity data from a mobile device comprising any one or a combination of the following steps:
receiving a current geographic location of a mobile device;
receiving an identifier of a communicatively linked short-range wireless access point;
a current list of short-range wireless access points available for a communication link with a mobile device is received.
8. The method of claim 1, the step of receiving mobility data from the mobile device comprising any one of the following steps:
receiving a record relating to a website viewed during a period of time, the period of time including a time at which an online operation was performed;
receiving a record of mobile device associated account related messages transmitted to a receiving node;
a record of code for performing the operation is received, wherein the code is generated or imported by the mobile device or an embedded client application.
9. The method of claim 1, the step of determining the relevance of mobile device associated accounts and operations for the moment of truth of the operation comprising any one or a combination of the following steps:
receiving a website related to operation;
receiving and recording the geographic position of the terminal equipment; or
Receiving a geographic location of a control device;
the relevance of a web browsing record sent by a mobile device relating to a moment of criticality of operation of a website required for operation is verified.
10. The method of claim 1, the step of determining a relevance of the mobile device associated account and operation for the moment of truth of operation further comprising any one or a combination of the following steps:
probing for inclusion by an access point installed at an operational location in a current list of short-range wireless access points transmitted by the mobile device that are recorded at or have a minimum time difference from a critical moment of operation;
probing identifiers of short-range wireless access points communicatively linked by the mobile device, recorded at or having a minimum time difference from the critical moment of operation;
determining whether a distance of the geographic location of the mobile device recorded at or having a minimum time difference from the critical moment of operation from the geographic location of the operation location is within or exceeds a proximity threshold;
determining whether a projected user blockchain path-related geographic location based on the recorded geographic location at the time having the least difference from the key moment of operation is within or above a proximity threshold distance from the geographic location of the operation location.
11. The method of claim 1, the step of determining a relevance of the mobile device associated account and operation for the moment of truth of operation further comprising any one or a combination of the following steps:
verifying the existence of a record of sent messages for transfers related to an account associated with the mobile device;
the presence of a record stored in the mobile device memory for code generated or imported to perform the operation is verified.
12. The method of claim 1, the step of sending the results to one or more receiving nodes comprising any one or a combination of the following steps:
sending a correlation of the validated web browsing records sent by the mobile device in relation to the operation;
sending the inclusion of the probed access point installed at the operational location in a current list of short-range wireless access points sent by the mobile device, recorded at or having a minimum time difference from the critical moment of operation;
transmitting a distance of the determined geographic location of the mobile device, recorded at or having a minimum time difference from the critical moment of operation, from the geographic location of the operation location, whether within or above a proximity threshold;
transmitting a distance of the determined projected user blockchain path-related geographic location based on the recorded geographic location at the time having the least difference from the critical moment of operation from the geographic location of the operation location, whether within or above a proximity threshold;
transmitting a correlation of the verified geographic location transmitted by the one or more mobile devices with the geographic location transmitted by the mobile device originating from the record of user blockchain paths;
sending a verified presence of a record of sent messages for transfers related to the mobile device associated account;
sending a verified presence of a record stored in the mobile device memory for executing the generated or imported code of the operation;
the blockchain code marked to the single currency is sent in the payment transfer.
13. The method of claim 1, the step of sending the results to one or more receiving nodes further comprising sending an alert related to the operation determined to be invalid, the step of sending the results comprising any one or a combination of the following steps:
notifying any one or combination of different groups of receiving nodes by sending a message to a mobile device or computing device via a network, wherein the message comprises: e-mail, signal, instant messaging message, automated phone voice, multimedia message;
notifying selected users in a first set of receiving nodes, the selected users including tenants, owners, property operators, facility operators, employees, and visitors;
notifying selected users in a second set of receiving nodes, the selected users including an acquiring bank, an account issuing bank, a merchant, a payment network;
sending a signal/data to a communicatively linked access device as a third receiving node during the triggering of the alarm, the access device receiving the alarm signal and rejecting the change in operational state from locked to unlocked or from operational to non-operational;
the triggered alarm is recorded in the processing system memory.
14. The method of claim 1, the one or more receiving nodes comprising:
an application server or control system installed with a processor and a memory that manages an issuing bank of mobile device associated accounts;
an application server or control system of an acquiring bank managing merchant-associated accounts, equipped with a processor and a memory;
an application server or control system of an organization that manages user accounts, the application server or control system having a processor and memory installed;
a control device that controls the apparatus;
the mobile device is associated with a mobile device of a user of the account.
15. The method of claim 1, the account or financial issuance account comprising any one of:
a bank account issued by a bank;
a bank-issued credit card account;
a credit card account issued by a payment network;
a debit card account issued by a financial institution;
employee accounts issued by employee companies;
club issued member accounts;
a payment card issued by a financial institution;
a residential account issued by the property owner;
a rental account issued by a bank, hotel or accommodation facility;
a vehicle account issued by the vehicle owner;
a car rental company issued car rental customer account.
16. A system for probing account-related operations based on data of an account-associated mobile device, the system comprising:
an application server installed with a processor;
a memory working with or within an application server installed with a communicatively coupled processor, the memory storing instructions and code that when executed by the processor performs the following;
associating the mobile device with the account or financial issuance account by recording a mobile device-related identifier having the account number or a code related to the account number in a database;
obtaining, over a network, information of an operation related to a payment to a recipient with a mobile device-associated account; or
Obtaining, over a network, information for a transaction related to a payment to a recipient with a mobile device associated account; or
Obtaining, over a network, information relating to actuating a device with a mobile device associated account upon a change in an operational state;
sending a message to request a current geographical location of a control device; or
Sending a message to request proximity data from the mobile device, the proximity data including a current geographic location of the mobile device, or one or more geographic locations of a blockchain path stored in a memory of the mobile device, or a current list of detected short-range wireless access points available for a communication link with the mobile device, or an identifier of a communicatively linked short-range wireless access point; or
Sending a message to request mobility data from a mobile device, the mobility data comprising a record of websites browsed during a certain period of time, or a record of mobile device associated account related messages transmitted to a receiving node, or a record of code for performing an operation;
receiving a current geographic location of a control device over a network; or
Receiving proximity data of a mobile device over a network; or
Receiving mobility data of a mobile device over a network; or
Determining the correlation between the mobile equipment associated account and the operation aiming at the key moment of the operation;
the results are sent over the network to one or more receiving nodes.
HK19122042.5A 2016-02-18 2017-02-18 System of ascertainment HK1262135A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US62/296,625 2016-02-18

Publications (1)

Publication Number Publication Date
HK1262135A1 true HK1262135A1 (en) 2020-01-10

Family

ID=

Similar Documents

Publication Publication Date Title
US20180240101A1 (en) System of ascertainment
US11695780B2 (en) Automated delivery security system
US9033225B2 (en) Method and system for authenticating internet users
US8770477B2 (en) Method for identifying the georgrapic location of a router
US20180039975A1 (en) Method of reducing fraud in on-line transactions
US11461780B2 (en) Shared authentication for limited use of an associated account based on user location and connected devices
JP5997858B1 (en) Vehicle rental system and vehicle rental management method
CN109684811A (en) Pinpoint personal identification method, device and the server of authorization
US20150178715A1 (en) Authenticating entities engaging in automated or electronic transactions or activities
US20130091058A1 (en) Electronic Commerce System
EP3417413B1 (en) System of ascertainment
US20150161585A1 (en) Electronic commerce system
US20100198725A1 (en) Method for securing transactions, transaction device, bank server, mobile terminal, and corresponding computer programs
US10131531B1 (en) System and method for managing a fuel dispensing account
WO2013067122A1 (en) Transaction validation by location based services (lbs)
US11818287B2 (en) Method and system for monitoring and validating electronic transactions
JP2017512325A (en) Method for processing service data, user terminal, and service terminal
CN109564661B (en) Connected device transaction code system
US20200168015A1 (en) Systems, devices, methods, and program products enhancing structure walkthroughs
HK1262135A1 (en) System of ascertainment
HK1263416A1 (en) Ascertainment system
JP7521185B2 (en) Payment device, control method, program, and system
US12309311B2 (en) Method and system for validating electronic transactions
KR102019959B1 (en) Method and system using door lock
JP2017151946A (en) Vehicle rental system and vehicle rental management method