[go: up one dir, main page]

WO2009009852A2 - A system and a method for transferring credits using a mobile device - Google Patents

A system and a method for transferring credits using a mobile device Download PDF

Info

Publication number
WO2009009852A2
WO2009009852A2 PCT/BR2008/000209 BR2008000209W WO2009009852A2 WO 2009009852 A2 WO2009009852 A2 WO 2009009852A2 BR 2008000209 W BR2008000209 W BR 2008000209W WO 2009009852 A2 WO2009009852 A2 WO 2009009852A2
Authority
WO
WIPO (PCT)
Prior art keywords
credit
mobile device
payee
otp
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/BR2008/000209
Other languages
French (fr)
Other versions
WO2009009852A3 (en
Inventor
Mara Regina Morelli
Fabrizio Vargas De Moraes
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Itautec SA
Original Assignee
Itautec SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Itautec SA filed Critical Itautec SA
Publication of WO2009009852A2 publication Critical patent/WO2009009852A2/en
Publication of WO2009009852A3 publication Critical patent/WO2009009852A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/203Dispensing operations within ATMs

Definitions

  • the present invention refers to a system for transferring credits that is implemented by data handling equipment, and more particularly refers to the transference of credits using processing resources present in mobile devices such as cellular telephones, handheld computers and palm tops.
  • the payer uses his/her magnetic card at a terminal, and must also insert/inform his/her PIN number; furthermore, the method includes the insertion of complementary information such as a name, a secret password having 6 or more digits, the amount to be transferred, the name of the payee, the address of the payee, the number of the account to be debited, etc.
  • the terminal Upon the payer having confirmed such data, that is displayed onscreen, the terminal prints a record of the transaction wherein is included a reference number generated at the terminal and which will be informed to the payee together with the secret password and the amount of the transfer. With this information, the payee uses an ATM to withdraw the funds, without needing to use a card. Still according with the above mentioned document, the payer's account will only be debited upon withdrawal of the corresponding amount by the payee.
  • one object of the present invention consists in the provision of a credit transfer system able to provide enhanced security protection against interception as compared with the systems known in the art, in addition to obviating the need of magnetic cards of any type, or equivalent means such as optical cards, induction cards or cards equipped with chips, in order to use the credit.
  • One other object consists in the provision of a credit transfer system capable of being used in a wide variety of situations, comprising the withdrawal of cash at an automatic teller (ATM), at the teller office of a financial institution, or yet in a transaction conducted at a point of sale of a commercial establishment.
  • ATM automatic teller
  • a system that comprises means to allow a payer to access a financial credit institution, a credit authorization unit, a mobile communications device carried by a payee, a specific application provider, a password validation unit, at least one location where the credit is made available and data communication means interconnecting all the elements that constitute the system.
  • the said financial credit institution may consist in a bank, a credit cooperative, a mutual assistance institution, a credit card management entity, etc.
  • the said mobile device consists in an electronic apparatus intended for personal use, provided with means to process application software programs stored in a memory.
  • the said electronic apparatus for personal use consists in a cellular telephone, a handheld computer, a palm top or similar device.
  • the use of the credit is released by means of a single instance password (OTP - one time password).
  • such single instance password - OTP - can only be generated solely and exclusively at that exact moment, by the software application installed in the payee's mobile device, upon the insertion of the payee's personal password.
  • This password is not transmitted by any means of communication, either public or proprietary.
  • the use of the credit by the payee is conditional upon the activation of the respective mobile device, the said activation comprising the generation, by the said software application, of a registration code which in addition to being stored in the memory of the said mobile device, is transmitted to a password validation unit and stored therein.
  • the said registration code is used by the cited validation unit to authenticate the single instance password OTP.
  • Figure 3 is a flow diagram whereby is illustrated a first part of the presently proposed method, comprising the provision of availability of credit transactions by the initiative of the payer.
  • Figure 4 there is illustrated the part of the system that participates in the process of activation of a mobile device, according to the principles of the invention.
  • Figure 5 is a flow diagram whereby is illustrated the second part of the presently proposed method, to wit, the process of activation of a mobile device intended for the personal use of the payee.
  • Figure 7 is a flow diagram whereby is illustrated the third part of the presently proposed method, to wit, the process of provision of the transfer of credit to the payee.
  • the proposed system consists, on the payer's side, of means to access the financial institution where the payer keeps an account, such access being possibly provided by communication equipment, selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13.
  • communication equipment selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13.
  • the system further comprises a public communication network 14, able to transmit voice and data by means of a physical line or via radio / cellular communication, a mobile device carried by the payee, which in the present example consists in a cellular telephone 15, a specific software application provider 16 enabled with means for external access from the said public network, a password validation unit which may consist in data processing equipment 17 able to be accessed from the said public network, as well as a credit authorization unit 18 associated to the financial entity wherein the payer holds an account, where the said authorization unit controls, by means of a data communications network, a plurality of financial service terminals 19 and 20.
  • the said terminals may be connected by means of a specific network, such as, for example: X25, frame relay, ISDN, ADSL or equivalent.
  • such terminals are represented by ATM's - automatic teller machines, that is, self-service electronic terminals - however, such terminals may consist in bank branch tellers, checkout counters or points of sale in shops, supermarkets or equivalent establishments, etc., where the places where such terminals are located are generically designated as "credit availability provision locations".
  • the system uses other software applications, comprising among others, the payees recording software, the communication software and the software for access via radio, etc.
  • the presently illustrated system may be split into various modules, each module corresponding to a given functionality.
  • Such functionalities comprise the following: - Registration of one or more payees at the financial institution, performed by the holder of the account; Registration and activation of the cellular apparatus of the payee; Funds transfer transaction.
  • Fig. 2 shows, in the form of a block diagram, the units of the system that participate in the first of the above functionalities, which consists in the registration of one or more payees.
  • the process that corresponds to this functionality is illustrated by the flow diagram of Fig. 3, the first part of the method, which consists in the process of provision of availability of credit transactions, including therein the registration of payees.
  • the payer accesses the services of a credit authorization institution, by means of a connection established using a cellular telephone 10, a fixed line telephone 11 , a computer terminal 12, an ATM terminal 13 or any other means allowing access to the data or voice communications network 14.
  • Such payer may be an individual or an institution that owns credits or values at a credit authorization institution, where the latter may consist in a bank, a financial credit entity, a credit cooperative, a credit card management entity, etc.
  • the payer requests, by means of a menu or by another means, a credit transfer service to a certain payee. If the latter has not yet been registered at the authorizing institution, the payer provides the necessary data for registration, and the said data is entered into the database of the said institution. More specifically, the database may be comprised in an authorization unit 18. Once registered, the system checks whether the mobile device of the payee was activated, and if it was not activated, it sends a message (dashed line in Fig.
  • Fig. 4 there are illustrated, by means of a block diagram, the system units that participate in the activation of the payee's mobile unit, where the corresponding process is that which is detailed in the flow diagram of Fig. 5.
  • the process of activation takes place upon the receipt, by the payee, of a message (dashed line) issued by the credit authorization institution or by the OTP password authorization means, requesting the payee to perform the activation process steps.
  • the initial step comprises the copying of the specific software application stored in the provider 16, where the said copy may be provided by means of any digital medium that allows the transfer of information, such as a CD-ROM, the Internet or a digital radio communications link.
  • this copy is loaded directly to the mobile device by means of a wireless connection.
  • the specific software application should be installed in the mobile device and initialized.
  • Such initialization comprises the reception of an initialization code supplied by the OTP password authorization means 17, and the said reception may be effected automatically by means of a radio connection between the mobile device and the said OTP password authorization means by means of the communication network 14.
  • the payee shall be due to obtain the initialization code using any means of communication, such as by e-mail, letter, facsimile, telephone, Internet, WAP network or SMS, entering this code manually in the mobile device.
  • the payee defines a personal numeric or alphanumeric password, that is also keyed in the mobile device upon being requested by the specific software application.
  • This data is processed by the mobile device in accordance with the instructions comprised in the specific software application, further combining unique data such as the date and time as well as, optionally, the number that identifies the processor chip of the said device, and there is thereby generated a registration code.
  • This code in addition to being stored in the memory of the mobile device 15, is transmitted to the OTP password authorization means 17 by a data transmission means using a radio communication link, a WAP connection or SMS.
  • the OTP password authorization means Upon receiving the said code, the OTP password authorization means generates, using software associated with the specific application, a verification code that is returned to the mobile device, such that the software application installed in the mobile device may be able to confirm the correct reception of the registration code by the OTP password authorization means.
  • OTPs single instance passwords
  • the said single-use password (OTP) may only be recognized by an OTP password authorization means 17 wherein the information of that device (15) were already previously registered.
  • Fig. 6 illustrates the system units activated during the performance of the credit utilization transaction by the payee, where the corresponding process is that which is shown in the flow diagram of Fig. 7.
  • the payee will receive a notification (dashed line in Fig. 6) regarding the existence of a certain amount sent by the payer.
  • the said notification can be transmitted using any means of communication, comprising the mobile device 15 itself, a fixed line telephone, a message sent via facsimile, etc.
  • the payee will proceed to the location where the credit is to be made available, which location may consist in an ATM 19, a teller desk at a bank or a credit institution, a point of sale terminal, etc. Subsequently, the payee accesses the authorization institution and requests a part or the whole amount of the credit, using the mobile device for that purpose. The institution responds to the request by checking whether the mobile device has been activated, and in the affirmative, requests a single-use password OTP. Otherwise, the institution requests the payee to activate his or her mobile device (Fig- 5).
  • the payee runs the specific software application in the mobile device 15, and during that operation the payee keys in his or her personal password.
  • the payee may also key in the amount of the transaction or other information pertaining thereto. Such information is used together with the data comprised in the registration code and other confidential information stored in the memory of the mobile device, in order that the software application may generate an OTP password that is displayed on the display screen of the said device.
  • this TOP password is valid for one sole transaction only, and should also be used within a certain delay.
  • the sending of the OTP password to the authorizing institution may be performed by keying the same in an ATM terminal, a terminal in a teller desk of a financial institution or a point of sale terminal, or yet by automatic transmission via a wireless link or by SMS. It should be pointed out that, although an OTP password transmitted via wireless link is subject to interception, it will not be able to be used by the interceptor, since as it is a single use password, the very event of reception thereof by the credit authorization institution blocks any subsequent attempt of reutilization thereof.
  • the authorization institution Upon receiving the OTP password, the authorization institution requests the respective credit authorization unit 18 to send the OTP password to the OTP authorization means 17 which determines the authenticity thereof, using the data comprised in the registration code stored in its memory.
  • this information is transmitted to the authorization unit 18 which releases the credit at the location where the same is to be made available, and the said credit may be used either entirely or partially. If there occurs an error in the sending of the OTP password to the authorization institution, the credit is not released, and this fact may be informed to the payee by means of a message displayed on the display means of the ATM or the terminal.
  • the system can be programmed to initiate one or several repetitions of this part of the process, or to block any new attempt to use the credit.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a system and method for transferring credits with the use of a mobile device, using the resources provided by wireless communication networks and the processing resources present in mobile devices such as cellular telephones, palm tops, handheld computers and similar devices. The system comprises a credit authorization unit (18), a provider (16) comprising a memory able to store at least one specific software application capable of generating one-time passwords (OTPs) as well as means to transfer the said software application to the memory of a mobile device (15) carried by a payee, and also a one-time password (OTP) authentication unit (17). The said mobile device comprises means for processing software programs and data, as well as a capability to establish wireless communication links. The method comprises the loading in the said mobile device (15) of a software capable of generating one-time passwords (OTPs) based on exclusive data of the payee, where such data may further include the value of the credit used and other information. The credit can be used at a location where the credit is to be made available, provided with an ATM, a point of sale terminal, a teller desk of a financial institution or similar

Description

"A SYSTEM AND A METHOD FOR TRANSFERRING CREDITS USING A MOBILE DEVICE"
Field of the invention The present invention refers to a system for transferring credits that is implemented by data handling equipment, and more particularly refers to the transference of credits using processing resources present in mobile devices such as cellular telephones, handheld computers and palm tops.
Description of the prior art
Systems and methods for transfer of information by means of computer networks are already known and widely used. Thus, for example, electronic mail messages may be sent by means of internet systems, and this medium may further be used for transferring funds. However, many of the known methods require that both individuals or entities involved in the transaction have access to a common means of transfer. In this regard, there are commonly known systems that allow the holder of an account at a certain bank to instantaneously transfer funds to another holder of an account at the same bank. In the case that the payee is the holder of an account at another bank, the known systems allow the transfer of funds by means of an interbank transfer operation named DOC in Brazil, and in such cases the funds are credited to the account of the payee only on the first day subsequently to the transaction.
In patent document No. US 5,963,647 "Method and system for transferring funds from an account to an individual" there is described a system and method intended to allow transfers to payees that are not holders of an account at the same banking institution of the payer. The operation comprises the transmission of a first password created by the payer, together with a second password that is randomly generated by the system, where both passwords are informed to the payee. More specifically, the payer uses his/her magnetic card at a terminal, and must also insert/inform his/her PIN number; furthermore, the method includes the insertion of complementary information such as a name, a secret password having 6 or more digits, the amount to be transferred, the name of the payee, the address of the payee, the number of the account to be debited, etc. Upon the payer having confirmed such data, that is displayed onscreen, the terminal prints a record of the transaction wherein is included a reference number generated at the terminal and which will be informed to the payee together with the secret password and the amount of the transfer. With this information, the payee uses an ATM to withdraw the funds, without needing to use a card. Still according with the above mentioned document, the payer's account will only be debited upon withdrawal of the corresponding amount by the payee.
Among the drawbacks of the above invention, there may be cited the lack of security, since the codes are transmitted by telephone. Furthermore, if the payee does not withdraw the funds immediately upon receiving the above cited information, it might happen that the payer comes to use, for other purposes, an amount from his or her account that results in an account balance of a lesser amount than that which is intended to be paid to the payee, who in such case will be unable to proceed with the said withdrawal due to lack of sufficient funds in the account. In patent document No. WO 2007/061505 "Internet funds transfer using ATM pickup" there is described a method whereby the payer accesses a specific Web page, and fills the appropriate fields therein with data to identify the payer and the payment vehicle to provide the funds for the transfer. A central system generates an authorization code for the transaction, which is informed to both the payer and the payee, online, thereby entailing a security breach since online transmissions are subject to being intercepted.
Objects of the invention In light of what has been set forth above, one object of the present invention consists in the provision of a credit transfer system able to provide enhanced security protection against interception as compared with the systems known in the art, in addition to obviating the need of magnetic cards of any type, or equivalent means such as optical cards, induction cards or cards equipped with chips, in order to use the credit.
One other object consists in the provision of a credit transfer system capable of being used in a wide variety of situations, comprising the withdrawal of cash at an automatic teller (ATM), at the teller office of a financial institution, or yet in a transaction conducted at a point of sale of a commercial establishment.
Brief description of the invention
The above and other objects are achieved by the invention by means of the provision of a system that comprises means to allow a payer to access a financial credit institution, a credit authorization unit, a mobile communications device carried by a payee, a specific application provider, a password validation unit, at least one location where the credit is made available and data communication means interconnecting all the elements that constitute the system.
According to another characteristic of the invention, the said financial credit institution may consist in a bank, a credit cooperative, a mutual assistance institution, a credit card management entity, etc.
According to another characteristic of the invention, the said mobile device consists in an electronic apparatus intended for personal use, provided with means to process application software programs stored in a memory.
According to another characteristic of the invention, the said electronic apparatus for personal use consists in a cellular telephone, a handheld computer, a palm top or similar device.
According to another characteristic of the invention, the use of the credit is released by means of a single instance password (OTP - one time password).
According to another characteristic of the invention, such single instance password - OTP - can only be generated solely and exclusively at that exact moment, by the software application installed in the payee's mobile device, upon the insertion of the payee's personal password. This password is not transmitted by any means of communication, either public or proprietary. According to another characteristic of the invention, the use of the credit by the payee is conditional upon the activation of the respective mobile device, the said activation comprising the generation, by the said software application, of a registration code which in addition to being stored in the memory of the said mobile device, is transmitted to a password validation unit and stored therein. The said registration code is used by the cited validation unit to authenticate the single instance password OTP.
According to another characteristic of the invention, both in the generation of the registration code and in the generation of the OTP password by the said software application, there is used identification data associated with the payee, as well as a personal password of the payee.
Description of the figures The remaining characteristics and advantages of the invention will become more apparent by means of the description of a non-limitative embodiment thereof, which is hereby provided as an example, and of the figures referring thereto, wherein:
In Figure 1 there is depicted the proposed system in one of its preferred embodiments, by means of a functional block diagram.
In Figure 2 there is illustrated the part of the system that participates in the initial phase of the proposed method.
Figure 3 is a flow diagram whereby is illustrated a first part of the presently proposed method, comprising the provision of availability of credit transactions by the initiative of the payer.
In Figure 4 there is illustrated the part of the system that participates in the process of activation of a mobile device, according to the principles of the invention.
Figure 5 is a flow diagram whereby is illustrated the second part of the presently proposed method, to wit, the process of activation of a mobile device intended for the personal use of the payee.
In Figure 6 there is depicted the portion of the system that participates in the process of provision of the transfer of credit to the payee.
Figure 7 is a flow diagram whereby is illustrated the third part of the presently proposed method, to wit, the process of provision of the transfer of credit to the payee.
Detailed description of the invention As shown in Fig. 1, the proposed system consists, on the payer's side, of means to access the financial institution where the payer keeps an account, such access being possibly provided by communication equipment, selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13. The system further comprises a public communication network 14, able to transmit voice and data by means of a physical line or via radio / cellular communication, a mobile device carried by the payee, which in the present example consists in a cellular telephone 15, a specific software application provider 16 enabled with means for external access from the said public network, a password validation unit which may consist in data processing equipment 17 able to be accessed from the said public network, as well as a credit authorization unit 18 associated to the financial entity wherein the payer holds an account, where the said authorization unit controls, by means of a data communications network, a plurality of financial service terminals 19 and 20. The said terminals may be connected by means of a specific network, such as, for example: X25, frame relay, ISDN, ADSL or equivalent. In the figures that exemplify the system, such terminals are represented by ATM's - automatic teller machines, that is, self-service electronic terminals - however, such terminals may consist in bank branch tellers, checkout counters or points of sale in shops, supermarkets or equivalent establishments, etc., where the places where such terminals are located are generically designated as "credit availability provision locations". In addition to the said specific software application, the system uses other software applications, comprising among others, the payees recording software, the communication software and the software for access via radio, etc.
According to the principles of the invention, the presently illustrated system may be split into various modules, each module corresponding to a given functionality. Such functionalities comprise the following: - Registration of one or more payees at the financial institution, performed by the holder of the account; Registration and activation of the cellular apparatus of the payee; Funds transfer transaction.
Fig. 2 shows, in the form of a block diagram, the units of the system that participate in the first of the above functionalities, which consists in the registration of one or more payees. The process that corresponds to this functionality is illustrated by the flow diagram of Fig. 3, the first part of the method, which consists in the process of provision of availability of credit transactions, including therein the registration of payees. Initially, the payer accesses the services of a credit authorization institution, by means of a connection established using a cellular telephone 10, a fixed line telephone 11 , a computer terminal 12, an ATM terminal 13 or any other means allowing access to the data or voice communications network 14. Such payer may be an individual or an institution that owns credits or values at a credit authorization institution, where the latter may consist in a bank, a financial credit entity, a credit cooperative, a credit card management entity, etc. Upon effecting the said access, the payer requests, by means of a menu or by another means, a credit transfer service to a certain payee. If the latter has not yet been registered at the authorizing institution, the payer provides the necessary data for registration, and the said data is entered into the database of the said institution. More specifically, the database may be comprised in an authorization unit 18. Once registered, the system checks whether the mobile device of the payee was activated, and if it was not activated, it sends a message (dashed line in Fig. 2) to notify the said payee on the need to activate, such activation comprising a second part of the proposed method, as will be described in the following. In Fig. 4 there are illustrated, by means of a block diagram, the system units that participate in the activation of the payee's mobile unit, where the corresponding process is that which is detailed in the flow diagram of Fig. 5. According to Figures 4 and 5, the process of activation takes place upon the receipt, by the payee, of a message (dashed line) issued by the credit authorization institution or by the OTP password authorization means, requesting the payee to perform the activation process steps. The initial step comprises the copying of the specific software application stored in the provider 16, where the said copy may be provided by means of any digital medium that allows the transfer of information, such as a CD-ROM, the Internet or a digital radio communications link. Preferably, this copy is loaded directly to the mobile device by means of a wireless connection. Upon this copy being secured, the specific software application should be installed in the mobile device and initialized. Such initialization comprises the reception of an initialization code supplied by the OTP password authorization means 17, and the said reception may be effected automatically by means of a radio connection between the mobile device and the said OTP password authorization means by means of the communication network 14. Alternatively, if such automatic reception does not take place, the payee shall be due to obtain the initialization code using any means of communication, such as by e-mail, letter, facsimile, telephone, Internet, WAP network or SMS, entering this code manually in the mobile device. To complement the said manual entry, the payee defines a personal numeric or alphanumeric password, that is also keyed in the mobile device upon being requested by the specific software application. This data is processed by the mobile device in accordance with the instructions comprised in the specific software application, further combining unique data such as the date and time as well as, optionally, the number that identifies the processor chip of the said device, and there is thereby generated a registration code. This code, in addition to being stored in the memory of the mobile device 15, is transmitted to the OTP password authorization means 17 by a data transmission means using a radio communication link, a WAP connection or SMS. Upon receiving the said code, the OTP password authorization means generates, using software associated with the specific application, a verification code that is returned to the mobile device, such that the software application installed in the mobile device may be able to confirm the correct reception of the registration code by the OTP password authorization means. It should be pointed out that the said activation enables the mobile device 15 to generate single instance passwords (OTPs), that are exclusive for the cited device, for that user and for that exact moment. Furthermore, the said single-use password (OTP) may only be recognized by an OTP password authorization means 17 wherein the information of that device (15) were already previously registered.
Fig. 6 illustrates the system units activated during the performance of the credit utilization transaction by the payee, where the corresponding process is that which is shown in the flow diagram of Fig. 7. Initially, the payee will receive a notification (dashed line in Fig. 6) regarding the existence of a certain amount sent by the payer. The said notification can be transmitted using any means of communication, comprising the mobile device 15 itself, a fixed line telephone, a message sent via facsimile, etc. Assuming that the mobile device will already have been activated, according to the process illustrated in Figures 4 and 5, the payee will proceed to the location where the credit is to be made available, which location may consist in an ATM 19, a teller desk at a bank or a credit institution, a point of sale terminal, etc. Subsequently, the payee accesses the authorization institution and requests a part or the whole amount of the credit, using the mobile device for that purpose. The institution responds to the request by checking whether the mobile device has been activated, and in the affirmative, requests a single-use password OTP. Otherwise, the institution requests the payee to activate his or her mobile device (Fig- 5).
In order to obtain the single-use password (OTP), the payee runs the specific software application in the mobile device 15, and during that operation the payee keys in his or her personal password. In a preferred embodiment, the payee may also key in the amount of the transaction or other information pertaining thereto. Such information is used together with the data comprised in the registration code and other confidential information stored in the memory of the mobile device, in order that the software application may generate an OTP password that is displayed on the display screen of the said device. As already mentioned, this TOP password is valid for one sole transaction only, and should also be used within a certain delay. The sending of the OTP password to the authorizing institution may be performed by keying the same in an ATM terminal, a terminal in a teller desk of a financial institution or a point of sale terminal, or yet by automatic transmission via a wireless link or by SMS. It should be pointed out that, although an OTP password transmitted via wireless link is subject to interception, it will not be able to be used by the interceptor, since as it is a single use password, the very event of reception thereof by the credit authorization institution blocks any subsequent attempt of reutilization thereof. Upon receiving the OTP password, the authorization institution requests the respective credit authorization unit 18 to send the OTP password to the OTP authorization means 17 which determines the authenticity thereof, using the data comprised in the registration code stored in its memory. Upon confirming the validity of the OTP password, this information is transmitted to the authorization unit 18 which releases the credit at the location where the same is to be made available, and the said credit may be used either entirely or partially. If there occurs an error in the sending of the OTP password to the authorization institution, the credit is not released, and this fact may be informed to the payee by means of a message displayed on the display means of the ATM or the terminal. The system can be programmed to initiate one or several repetitions of this part of the process, or to block any new attempt to use the credit.

Claims

1. A system and method for the transfer of credits with the use of a mobile device comprising means for access of a payer to a financial credit institution, at least one location where the credit is to be made available (19, 20) to a payee and a set of data communication means (14), characterized by comprising a credit authorization unit (18), a provider (16) having a memory able to store at least one specific software application capable of generating onetime passwords (OTP) as well as means to transfer the said software application to the memory of a mobile device (15) carried by a payee, and also a unit for authentication ( 17) of one-time passwords (OTP).
2. A system, as claimed in claim 1, characterized in that the said mobile device (15) comprises means for processing programs and data.
3. A system, as claimed in claim 1 or claim 2, characterized in that the said mobile device (15) is able to establish wireless communication links.
4. A system, as claimed in claim 1, characterized in that the said payer is an individual, a company or an institution that is the owner of credits or amounts at a financial institution associated with the said credit authorization unit.
5. A system, as claimed in claim 1, characterized in that the said location where the credits are to be made available is provided with an element selected from the set which comprises automatic teller machines (ATMs), teller desks of financial institutions, checkout counters of commercial establishments, point of sale terminals and equivalent elements.
6. A system, as claimed in claims 1 to 5, characterized in that the said authorization unit is provided with means for communicating, via a public or private network, with the said automatic teller machines (ATMs), teller offices of a financial institution, checkout counters of commercial establishments, point of sale terminals and equivalent elements.
7. A method for transferring credits with the use of a mobile device, characterized in that a credit is made available thereby to a payee previously registered at a financial credit institution, such registration being performed by a payer that is the owner of the credits or amounts at the said institution, the said use of the cited credit being conditional upon the use of a one-time password (OTP) generated by software installed in a mobile device carried by the said payee.
8. A method, as claimed in claim 7, characterized by comprising the transfer to the said mobile device, from a software application provider accessed via any means of communication, of a software application program capable of generating one-time passwords (OTPs).
9. A method, as claimed in claim 7 or claim 8, characterized in that the generation of the said one-time password (OTP) is conditional upon a prior process of activation of the mobile device after the said one-time password (OTP) generator software was loaded therein.
10. A method, as claimed in claim 9, characterized in that the said activation process comprises a process whereby the mobile device (15) is enabled to generate one-time passwords (OTPs), that are unique for that device, that user, at that exact moment.
11. A method, as claimed in any of the precedent claims, characterized in that the performance of a transaction of utilization of the transferred credits comprises the following steps: reception by the payee, via any means of communication, of a message informing the availability of a certain credit; confirmation, by the authorization unit (17) of the activation of the payee's mobile device; displacement of the payee to a location where the credit is to be made available; access of the payee to the authorization institution using any means of communication; running, by the authorization institution, of a software program in the credit authorization unit to request an OTP password to conclude the transaction; running of the software application by the payee in the mobile device
(15), by keying in his or her personal password and other data required for the transaction; generation, by the application software, of an OTP password, using data that comprises the said personal password and the registration code and other data of the transaction; sending of the OTP password to the credit authorization unit (18); transmission of the said OTP password by the credit authorization unit to the OTP password authorization unit (17); - if the OTP password is authenticated by the OTP password authorization unit, an information is provided to such effect by the latter to the credit authorization unit (18); release of the credit by the credit authorization unit at the location where the credit is to be made available.
12. A method, as claimed in claim 10 or claim 11, characterizedat the said one-time password (OTP) is only recognized by an OTP password authorization unit (17) wherein the information pertaining to that device (15) was already previously registered.
PCT/BR2008/000209 2007-07-19 2008-07-21 A system and a method for transferring credits using a mobile device Ceased WO2009009852A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BRPI0703112-2A BRPI0703112A2 (en) 2007-07-19 2007-07-19 system and method for mobile credit transfer
BRPI0703112-2 2007-07-19

Publications (2)

Publication Number Publication Date
WO2009009852A2 true WO2009009852A2 (en) 2009-01-22
WO2009009852A3 WO2009009852A3 (en) 2009-11-12

Family

ID=40260115

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2008/000209 Ceased WO2009009852A2 (en) 2007-07-19 2008-07-21 A system and a method for transferring credits using a mobile device

Country Status (2)

Country Link
BR (1) BRPI0703112A2 (en)
WO (1) WO2009009852A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010101476A1 (en) 2009-03-02 2010-09-10 Encap As Method and computer program for generation and verification of otp between server and mobile device using multiple channels
WO2016014125A1 (en) 2014-07-21 2016-01-28 Ebay Inc. Secure cardless cash withdrawal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI19992343A7 (en) * 1999-10-29 2001-04-30 Nokia Mobile Phones Ltd Method and arrangement for reliable user identification in a computer system
JP3678417B2 (en) * 2002-04-26 2005-08-03 正幸 糸井 Personal authentication method and system
US20040139014A1 (en) * 2003-01-09 2004-07-15 Yuh-Shen Song Anti-fraud remote cash transaction system
ES2263344B1 (en) * 2004-07-30 2007-11-16 Jose Ignacio Bas Bayod METHOD FOR PERFORMING SECURE PAYMENT OR COLLECTION TRANSACTIONS, USING PROGRAMMABLE MOBILE PHONES.
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010101476A1 (en) 2009-03-02 2010-09-10 Encap As Method and computer program for generation and verification of otp between server and mobile device using multiple channels
NO332479B1 (en) * 2009-03-02 2012-09-24 Encap As Procedure and computer program for verifying one-time password between server and mobile device using multiple channels
WO2016014125A1 (en) 2014-07-21 2016-01-28 Ebay Inc. Secure cardless cash withdrawal
US9536240B2 (en) 2014-07-21 2017-01-03 Paypal, Inc. Secure cardless cash withdrawal
US10853778B2 (en) 2014-07-21 2020-12-01 Paypal, Inc. Secure cardless cash withdrawal

Also Published As

Publication number Publication date
WO2009009852A3 (en) 2009-11-12
BRPI0703112A2 (en) 2009-07-21

Similar Documents

Publication Publication Date Title
RU2698767C2 (en) Remote variable authentication processing
CA2838655C (en) A system and method for conducting financial transactions using a mobile device
JP5241736B2 (en) Method and system for authenticating through a communication terminal using a short message
US9699183B2 (en) Mutual authentication of a user and service provider
CN111357025A (en) Secure QR Code Service
MX2011002067A (en) System and method of secure payment transactions.
JP7461241B2 (en) Customer information management server and customer information management method
CN101072384A (en) Mobile phone payment method and system based on mobile phone bank
US20120303527A1 (en) Process and host and computer system for card-free authentication
EP2171661A2 (en) Method and system for safety and simple paying with mobile terminal
WO2008015637A2 (en) Mobile payment method and system
KR20080009242A (en) Direct payment service system using mobile communication terminal
TWM637453U (en) Fido identity verification system based on chip financial card
WO2009009852A2 (en) A system and a method for transferring credits using a mobile device
KR100862098B1 (en) How to handle financial product subscription
KR20070097874A (en) Direct payment service system using mobile communication terminal
WO2008052592A1 (en) High security use of bank cards and system therefore
KR20050010606A (en) Method for preventing illegal use of service informations registered and System using the same
KR20170077459A (en) System and method for providing financial system
WO2005109998A2 (en) Billing system according to ordering by telephone and method thereof
TWI901928B (en) Method and system for identity verification applied to financial system
RU2351984C2 (en) Method for money withdrawal from atm without application of plastic card by means of payment order via sms service
EP3588413A1 (en) Identification method with strong authentication for the enabling of a computer system
KR20090081742A (en) Payment settlement processing method and system using micro loan based on Vonville credit rating
AU2016259435A1 (en) A system and method for facilitating finacial transactions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08783103

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08783103

Country of ref document: EP

Kind code of ref document: A2