CN102449653A - Selection of transaction functions based on user identity - Google Patents

Selection of transaction functions based on user identity Download PDF

Info

Publication number
CN102449653A
CN102449653A CN2010800242123A CN201080024212A CN102449653A CN 102449653 A CN102449653 A CN 102449653A CN 2010800242123 A CN2010800242123 A CN 2010800242123A CN 201080024212 A CN201080024212 A CN 201080024212A CN 102449653 A CN102449653 A CN 102449653A
Authority
CN
China
Prior art keywords
transaction
parties
trading
trading server
radio communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010800242123A
Other languages
Chinese (zh)
Inventor
斯特凡·霍特贝格
M·韦斯特林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Accumulate AB
Original Assignee
Accumulate AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Accumulate AB filed Critical Accumulate AB
Publication of CN102449653A publication Critical patent/CN102449653A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to methods, a device and a computer program product for a secure transaction utilizing a portable radio communication device (10), wherein possible transaction functions are only accessible for a user upon verification of transaction part verifying data.

Description

Selection based on the trading function of ID
Technical field
Present invention relates in general to transaction, and relate to the Secure Transaction of using portable radio communication equipment particularly, portable radio communication equipment is such as being mobile phone, personal digital assistant or portable computer etc.
Background technology
The transaction of for example initiating and carrying out via the Internet is very general at present.In addition, utilize mobile phone or similar equipment, at present can be through carry out transaction and relevant action via the data communication of radio communication.Through always in hand, holding electronic authentication equipment, this provides the mode of carrying out Secure Transaction very easily, and this can be used as complete wallet/bank's solution.Yet this also provides handles transaction system with side in the deception transaction or both sides' multiple mode.
Summary of the invention
Therefore, an object of the present invention is security improvement, relevant with transaction to be provided for portable radio communication equipment.
Except other, according to the present invention, this purpose is to realize through liking the method, trading server and the computer program that limit in the claim enclosed.
The invention provides method, trading server and the computer program of realizing Secure Transaction, wherein, possible trading function is addressable for the user of the authentication of passing through the parties verify data only.By this way, obtained the security relevant of improvement with transaction.This also makes it possible to more dynamically and to the user multiple trading function is provided neatly.Can also customize the mixing of trading function for different user.
According to a modification of the present invention, the trading function that also provides appointment how to present selected trading function to certified transaction software presents data, and this makes it possible to present available function to user flexibility ground.
Through both sides in the transaction, that be connected to pre arranged trading server (wherein transaction be associated with transaction ID) are provided, and approval is concluded the business independently, has obtained higher security.
Can be only during particular transaction, it is unique keeping transaction ID, thereby can the quantity of necessity of transaction ID be remained at the trading server place very low, only for the parallel transaction that is used to handle the trading server place.
Can be by trading server in response to from the request of first parties and create unique transaction ID, this is that first parties provides guaranteed solution.Alternatively, can create transaction ID by second parties, this is convenient to the transaction to first parties.In addition, for example, can use predetermined transaction ID to the login of the Internet bank.
Other features and advantages of the present invention will become obvious from following description.
Description of drawings
According to detailed description and accompanying drawing to embodiment that hereinafter provides, the present invention will obtain more comprehensively understanding, and embodiment and accompanying drawing only provide with illustrative mode, and not be restrictive to the present invention thus, wherein:
Fig. 1 schematically shows according to the communication between the parties of an embodiment of the invention;
Fig. 2 schematically show the application that provides by the transaction software in the portable radio communication equipment performed, be used to initiate the method step with the transaction session of trading server;
Fig. 3 schematically shows as the user and uses the application that the transaction software in the portable radio communication equipment provides and when initiating transaction session, the method step of being carried out by trading server;
Fig. 4 schematically shows the method step according to the method that is used for Secure Transaction of an embodiment of the invention.
Embodiment
In the following description, for explain and and unrestriced purpose, set forth specific detail (such as particular technology and application), so that complete understanding of the present invention is provided.Yet, with it is apparent to those skilled in the art that the present invention can realize in other embodiments that break away from these specific detail.In other instances, omitted detailed description, in order to avoid unnecessary details has been obscured description of the invention to known method and device.
At first will an embodiment of the invention be described with reference to Fig. 1, Fig. 2 and Fig. 3.
All-links in order to ensure transaction can be installed in transaction software 9 with the mode of safety in first parties or user's the portable communication device 10, wherein with the mode identifying user of safety, and the user is bound with installing.A kind of secured fashion is for example at office of bank or other known department places; In the portable radio communication equipment of first parties, transaction software is installed, perhaps gives to have the memory cards or the similar devices of the installation procedure that is used for first parties above that.With the installation of transaction software or send the owner's who checks portable radio communication equipment explicitly sign.Replacement is perhaps directly checked and should be identified in other known department places in office of bank, for example can use the registration letter that sends to the user who expects to verify the user's of expection sign.At this, also can register the sign of portable radio communication equipment to subsequently checking.At last, transaction software is connected to the account in bank or other departments, such as credit card, user account, stored value card etc.Another secured fashion that transaction software is installed is for example to locate in certified the Internet office of bank or similar department, connects (for example, https connection) through safety and in the portable radio communication equipment of first parties, transaction software is installed.For example come and the sign that the owner who checks portable radio communication equipment explicitly is installed through the PIN that constitutes user identifier.At last, transaction software is connected to the account in bank or other departments, such as credit card, user account, stored value card etc.The transaction software of installing also has the transaction software identifier usually.
Transaction software is set in the time will carrying out Secure Transaction, communicates with predetermined trading server 12.In the time will concluding the business, can be at the trading server place direct pre arranged trading software be connected to the information of which account, perhaps trading server is from this information of first parties visit.Preferably before any termination of transaction, carry out account balance and similarly inspection.
When the Internet safe in utilization is installed, preferably Mobile Directory Number is distributed website, this distribution website sends the text message (such as SMS) with download URL in response to above-mentioned giving to Mobile Directory Number, that is, and so-called aerial installation (OTA installation).Through in mobile phone, following this link transaction software is installed in the mobile phone.This telephone number can also use in checking subsequently.In order to start application for the first time, can import the distribution active coding that website gave by the transaction software operation.In addition, also need import PIN with this application of operation.
After carrying out this type of installation, can carry out transaction then.According to the present invention, when the user starts the application that transaction software 9 provides in phone 10 (step 24), the user at first is asked to import user identifier, and this user identifier is PIN advantageously, such as above-mentioned PIN.Use and receive ID thus.Here, do not receiving user identifier or do not providing in the given time under the situation of user identifier, transaction application can be closed.
After like this, use and obtain the transaction software identifier alternatively, that is, and the code of the specific copy of sign transaction software.Here, user identifier and optional transaction software identifier constitute the parties verification msg,, are used to verify the data of the parties of supposition that is, and the parties of this supposition is the user normally.By this way, use acquisition parties verification msg (step 26).
Use the request (step 28) of sending to transaction session to trading server 10 then.In this embodiment, this is asked with parties verification msg (step 29), and this parties verification msg can also comprise the portable radio communication equipment identifier in addition.Send it to trading server through encrypting wireless connections.
When trading server receives this request (step 36) and parties verification msg (step 37), its continuation and checking parties verification msg (step 38).Here; This user identifier that generally includes received user identifier and the previously stored user of being directed against compares; The transaction software sign is compared with the known sign that will be installed in the transaction software on the portable radio communication equipment; And possible, portable radio communication equipment identifier and the comparison of the identifier of registration before.
Under the situation of relatively indicating parties verification msg correct (that is, the parties of being queried is verified), the trading function (step 40) that trading server 12 is selected to the user.These can be a plurality of trading functions, and the mixing of these functions customizes to the user.These functions can be included in non-existent new trading function in the transaction session early in addition.Here, these trading functions are provided by trading server 12, and are provided through special function interface 16,18,20 and 22 by trading server further.As an example, there are four transaction interface 16,18,20 and 22, each transaction interface provides through corresponding API (API).After having selected function, send to the link (step 42) of the interface of selected function to portable radio communication equipment.This type of link can be handle, pointer or for example be URL (URL).Here, trading server can also send trading function and presents data (step 44).This type of trading function presents data can comprise the instruction that will how and where to present function about via the portable radio communication equipment display of this equipment (for example, via).Transaction application might have this type of trading function and present data, in this case, can not need it be transmitted.And these data advantageously use the encryption wireless connections to transmit.
Application in the portable radio communication equipment receives to the link (step 30) of the interface of selected trading function thus, and possibly also receive trading function and present data (step 32).Afterwards, this application presents trading function (step 34) via portable radio communication equipment, so that the user can option dealing function and execution transaction.This can fetch through the chain that is presented to function usually and carry out, and can fetch the function on user's transmitted transaction server through presenting chain.This function can also comprise and presents the function input window and function presents window; Wherein, The link that use receives will be input to the function on data transmission to the server of concluding the business in the function input window, and appear in function and to present the data of collecting from trading function via link in the window.Here, these type of data are also sent via wireless encryption communication.By this way, a kind of security framework is provided, the user can carry out various transaction and some other activities in this security framework.
, should recognize that as the modification of above-mentioned embodiment, request can be at first only sent in application, and is receiving to the subsequent stage after the request of these type of data of parties verification msg from trading server, and the parties verification msg is provided here.In this case, after using this type of request that has received to the parties verification msg, might point out the user to import user identifier.
The actual execution of a transaction will be described referring to figs. 1 through Fig. 4 now.
When will concluding the business 13 the time, wherein second parties is based on the Internet, and such as certified trade company secure internet website 11 or secure log, transaction may further comprise the steps." transaction " function of the user of portable radio communication equipment (that is first parties) option dealing software.When user's selection function, the interface that the connection of passing through to be associated of selecting data to be sent to trading server defines.Trading server 12 receives via functional interface thus and selects data.Trading server 12 starts the corresponding trading function to the user then.Relevant with trading function this startup on trading server, there is the activity of first parties 10 on the trading server 12, this activity is carried out through the radio communication of encoded/encrypted.Thereby trading server 12 places first parties 10 on trading server 12 and enlivens stateful transaction.Alternatively, can with the checking of above-mentioned parties executed activity relatively.
First parties 10 preferably remains on trading server 12 and enlivens stateful transaction, up to the non-stateful transaction that enlivens of first parties, 10 requests.Alternatively, after overtime, first parties 10 will be placed the non-stateful transaction that enlivens by trading server 12.In addition, trading server 12 can also place non-active state with first parties 10 after transaction stops.Through first parties being placed the request of waiting for before the non-active state, obtained such advantage, that is, the user can carry out a plurality of chain transactions and need not " transaction " part of gravity treatment transaction software.Yet this preferably combines with overtime, has following advantage like this, that is, the user can not forget portable radio communication equipment is placed non-active state, if another person has taken this portable radio communication equipment, and will be risky.From the angle of safety, it is useful after accomplishing transaction, also first parties being placed the non-stateful transaction that enlivens.
First parties is subsequently through initiating transaction via the transaction ID of encoded/encrypted wireless communication request trading server.This radio communication for example can be carried out through GPRS, 3G data, Wi-Fi or WiMAC (all these can have certain built-in sign checking) or even infrared or bluetooth (yet these are anonymous), and can require some additional sign checking.Trading server carries out corresponding through sending (14) transaction ID to first parties; Transaction ID is unique at whole trading time period; But preferably, transaction can reuse after stopping; Valuably, directly after transaction stops (that is, when sending transaction when receiving) can reuse.
The transaction ID that first parties input (46) is returned at trade company's secure internet website 11 (that is second parties 11).Therefore, second parties 11 is connected to trading server 12 (step 48).Second parties is sent the information of the transaction of correlating with transaction ID subsequently to trading server 12, this information is preferably encrypted.Can in an action, carry out the following information of this connection and transaction.The Transaction Information from second parties that sends with transaction can change, but generally includes the title of second parties and the trading volume of purchase, and possibly also comprise name of product.The title of second parties can alternatively be extracted the login from second parties to system, and does not send with transaction, so that guarantee that this type of information is undistorted.This carries out via land-line communication usually, but also can carry out via radio communication.Second parties is previous to have registered account with the similar mode of first parties execution at trading server.Need not to give second parties with the accounts information or the similar information of first parties, vice versa, because trading server is known this type of information, thus, this type of information should not give second parties, and vice versa.
Trading server 12 is discerned first parties through the unique transaction ID that is sent by second parties, and preferably asks the checking of the Transaction Information that (50) first parties pair and transaction ID correlate through the encoded/encrypted radio communication.Application request (52) for example PIN as the checking of Transaction Information, the title and the trading volume of this Transaction Information such as second parties.Return checking through the encoded/encrypted radio communication to trading server with the transaction ID connection.
After the checking that receives from first parties, trading server stops the transaction of (54) and unique transaction ID connection, and passes through the encoded/encrypted radio communication to first parties and the two the transmission transaction reception of second parties.Only under the situation that the account of first parties and second parties is all accepted to conclude the business, just stop transaction.Thus, be different from being connected between trading server and second parties being connected between trading server and first parties.This means that employed access path is different.Here, communicating by letter between first parties and the trading server also carried out via the functional interface of trading server.And here, second parties can be communicated by letter with trading server via this interface.
Portable radio communication equipment is being described transaction as first parties and under with the situation of trade company as second parties.Yet, also be possible on the contrary, wherein, unique transaction ID of trade company's requests transaction server in this case, is preferably asked through land-line communication.Then unique transaction ID is sent to portable radio communication equipment from trade company.Yet once more from the information of trade company to the transaction of predetermined trading server transmission and unique transaction ID connection, this predetermined trading server is through the information of radio communication to the transaction of portable radio communication equipment transmission and unique transaction ID connection.Still verify through the user rs authentication pair and the transaction of unique transaction ID connection at the portable radio communication equipment place, be sent to trading server with the checking of unique transaction ID connection.Afterwards, based on information and this unique transaction ID of concluding the business, the transaction of termination and unique transaction ID connection, and from the transaction reception of trading server to the transaction of first parties and second parties transmission termination.And in this opposite process, first parties is enlivened stateful transaction with himself placing on trading server.Be not under the situation of enlivening stateful transaction in first parties, will do not stop transaction.
Similarly method can be used for the secure log or the safety certification of for example the Internet bank login or other kinds.Replacement is from trading server requests transaction sign, and the predetermined sign of using first parties and trading server all to know, such as Social Security Number or account number etc.Preferably input should predeterminedly identify the user of first parties at the second parties place, and initiates the login at the second parties place thus.Alternatively, first parties and second parties for example are equipped with electronic communication device, thereby provide first parties to import the predetermined possibility that the user manually carries out that identifies and need not at the second parties place.The user of first parties goes back option dealing software " secure log " part, so that portable radio communication equipment is connected to trading server, thereby first parties is placed active state on trading server.
When receive predetermined sign at the second parties place after, second parties is enlivened stateful transaction based on predetermined being identified on the trading server with himself placing, and request is connected to the checking of the login of trading server.Trading server enlivens stateful transaction and checks with the corresponding portable radio communication equipment of predetermined sign and be connected to trading server through check that first parties is on trading server at least.Preferably; Trading server additionally asks to be connected to the checking from the login of first parties; Check alternatively that perhaps the portable radio communication equipment of first parties opens, this user at portable radio communication equipment has no under the situation of active action and carries out.
Checking in the portable radio communication equipment for example is PIN.Trading server will be when both parties be in active state; If perhaps use checking then after checking; Send checking to second parties, verified that to confirm portable radio communication equipment this will allow first parties to sign in to second parties.In this case, do not connect transmission PIN or other passwords via the Internet.In addition, between the trading server and second parties, do not transmit PIN.Second parties only receives the affirmation that sign is verified.Afterwards, can be according to the transaction at the execution second parties place of previous description.
The example of different transaction for example is that point of sale (POS) transaction, Human To Human (P2P) transmission, small amount payment, people are to machine (automatic vending machine) transaction, security identification, electronic recognition, safety certification etc.
When carrying out this type of transaction, first parties (that is user) can be bought the product (like material object or service) that is provided by the service provider.This series products for example can be ticket, for example with the form of image, it can be stored by trading server.Then, through the application in the transaction software that starts portable radio communication equipment during the requests transaction session, this series products can be transferred into application subsequently the user.This has such advantage,, in the security framework background of following appropriate users identification, product is provided that is.Product can also be stored in the third party system, and when the user need use product, from the third party system, obtains.In order to verify that being actually the user obtains this product from this third party system, this storage can be associated with user identifier (resembling user's pre arranged trading identifier or transaction software identifier).
Several examples about the parties verification msg have below been described.Another example about the parties verification msg is the privately owned encryption key that in transaction software, provides.These can be privately owned encryption keys, and are soft then or hard privately owned encryption key.This means that the parties verification msg of just being verified is the encryption key that is used by transaction software.In addition, this checking can be carried out through encipherment scheme, and wherein trading server uses the PKI of transaction software, uses private key and use.
Here, as an example, trading server can need the enciphered data that should be used in the transaction software, and data can be known text strings.Being applied to is to encrypt this string, and sends it to trading server.The trading server use is that stored to come data decryption with the corresponding PKI of private key transaction software.Under it managed with the situation that string is deciphered, trading server knew that key is correct.
In another example, this can carry out to the RSA PKI that the application transmission is associated with session through trading server.Be applied to be to use this RSA PKI to come encrypted identifier (for example, the transaction software identifier), and send this identifier of encrypting thus to trading server.Trading server is in being to use corresponding RSA private key to decipher identifier, and discerns this transaction software thus.Based on this identifier, trading server is confirmed the position of the RSA PKI of transaction software then, uses this RSA PKI of transaction software to encrypt AES (Advanced Encryption Standard) key, and sends encrypted AES key to using.If it is correct transaction software, then using is the unique part that can use its RSA private key that AES key is deciphered.By this way, can also verify the encryption key of transaction software.
Can be through using one or more processors and comprising that the storer of computer program code realizes trading server, the function of computer program code actuating equipment when being moved by this type processor.
Be apparent that the present invention can be according to multiple mode modification.Such modification does not think to depart from the scope of the present invention that is limited appended book claims.As it is apparent to those skilled in the art that the modification all is intended to be included in the scope of the present invention that is limited appended claims.

Claims (19)

1. a use portable radio communication equipment (10) is realized the method for the Secure Transaction between user and the trading server, said method comprising the steps of:
-in said trading server, receive (36) request to transaction session from portable radio communication equipment;
-in said trading server, receive (37) parties verification msg from said portable radio communication equipment;
-checking (38) said parties verification msg;
-select a plurality of trading functions of (40) said user-accessible based on said checking; And
-to said portable radio communication equipment (42) link to the interface (16,18,20,22) of said trading server is provided, be addressable at the selected trading function of said interface.
2. method according to claim 1 wherein, uses wireless encryption communication to carry out communicating by letter between said trading server and the said portable radio communication equipment.
3. method according to claim 1 and 2; Said method is further comprising the steps of: provide (44) trading function to present data to said portable radio communication equipment, said trading function presents data and specifies how to present selected trading function via said portable radio communication equipment.
4. according to each described method in the aforementioned claim, said method is further comprising the steps of:
-after the said parties verification msg of empirical tests; On said trading server, said portable radio communication equipment placed and enliven stateful transaction, initiate the transaction (13) of correlating between said first parties that allows the transaction software in using said portable radio communication equipment thus and second parties (11) of using service provider's software with transaction ID as first parties;
-going up the initiation that receives said second parties at said pre arranged trading server (12), said thus second parties is placed on said trading server and enlivens stateful transaction;
-will be from message pick-up (15) to said pre arranged trading server said second parties and said transaction said transaction ID connection;
-on said trading server, discern said first parties and said second parties through said transaction ID, and check that said first parties and said second parties are in the said stateful transaction that enlivens on said trading server;
-stop the said transaction with said transaction ID connection based on the said information of said transaction and said transaction ID; And
-receive with the transaction that stops concluding the business that said transaction ID correlates to said first parties and said second parties transmission (14,15) from said trading server.
5. method according to claim 4, wherein, said transaction ID in response to from the request of said first parties and create, and is sent to said first parties by said trading server.
6. method according to claim 5, wherein, said transaction ID is unique transaction ID, and said transaction ID can reuse for another transaction after sending said transaction reception.
7. method according to claim 5, wherein, said transaction ID is scheduled to, and is known by said parties and said first parties.
8. according to each described method among the claim 4-7, said method comprising the steps of:
-sends the said information of the said transaction that (14) and said transaction ID correlate to said first parties from said pre arranged trading server through encrypted wireless communication; And
-from the user rs authentication (6) of said first parties reception with the said transaction of said transaction ID connection.
9. method according to claim 8, wherein, said checking is carried out through input Personal Identification Number in said portable radio communication equipment.
10. one kind is directed against the trading server (12) that the user who uses portable radio communication equipment (10) realizes Secure Transaction, and said trading server is configured to be used for:
-receive request from said portable radio communication equipment to transaction session;
-receive the parties verification msg from said portable radio communication equipment;
The said parties verification msg of-checking;
-select a plurality of trading functions of said user-accessible based on said checking; And
-be provided to the link of the interface (16,18,20,22) of said trading server to said portable radio communication equipment, be addressable at the selected trading function of said interface.
11. trading server according to claim 10; Said trading server also is arranged to: provide trading function to present data to said portable radio communication equipment, said trading function presents data and specifies how to present selected trading function via said portable radio communication equipment.
12. according to claim 10 or 11 described trading servers, said trading server also is arranged to:
-after the said parties verification msg of empirical tests; Said portable radio communication equipment placed enliven stateful transaction, initiate the transaction (13) of correlating between said first parties that allows the transaction software in using said portable radio communication equipment thus and second parties (11) of using service provider's software with transaction ID as first parties;
-receiving the initiation of said second parties, said second parties is placed in thus enlivens stateful transaction;
-from the information of said second parties reception (15) with the said transaction of said transaction ID connection;
-discern said first parties and said second parties through said transaction ID, and check that said first parties and said second parties are in the said stateful transaction that enlivens on said trading server;
-stop the said transaction with said transaction ID connection based on the said information of said transaction and said transaction ID; And
-receive with the transaction that stops concluding the business that said transaction ID correlates to said first parties and said second parties transmission (14,15).
13. trading server according to claim 12, said trading server also is arranged to: in response to from the request of said first parties and create said transaction ID, and said transaction ID is sent to said first parties.
14. according to claim 12 or 13 described trading servers, said trading server also is arranged to:
-sends the said information of the said transaction that (14) and said transaction ID correlate to said first parties through encrypted wireless communication; And
-from the user rs authentication (6) of said first parties reception with the said transaction of said transaction ID connection.
15. a method that carry out, that be used to realize the Secure Transaction between user and the trading server (12) in portable radio communication equipment (10) said method comprising the steps of:
-acquisition (26) parties verification msg;
-send (28) request to said trading server (12) to transaction session;
-submit (29) said parties verification msg to said trading server; And
-receiving (30) link to the interface (16,18,20,22) of said trading server, a plurality of trading functions of selecting at the said trading server of said interface are addressable.
16. method according to claim 15, said method is further comprising the steps of: receive trading function and present data (32), said trading function presents data and specifies how to present selected trading function via said portable radio communication equipment.
17. according to claim 15 or 16 described methods, wherein, the step that obtains the parties verification msg comprises from said user and receives user identifier.
18. according to each described method among the claim 15-17, wherein, the step that obtains the parties verification msg comprises that the transaction software from said portable radio communication equipment obtains software identifiers.
19. that on computer readable means, provide, as to be used to realize Secure Transaction computer program; Said computer program comprises computer program code; Said computer program code is configured to when said computer program code moves on portable radio communication equipment, makes said portable radio communication equipment (10) carry out following steps:
-acquisition parties verification msg;
-send request to said trading server (12) to transaction session;
-submit said parties verification msg to said trading server; And
-receiving the link of the interface (16,18,20,22) of said trading server, a plurality of trading functions of selecting at the said trading server of said interface are addressable.
CN2010800242123A 2009-06-04 2010-05-17 Selection of transaction functions based on user identity Pending CN102449653A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
SE0950406-9 2009-06-04
SE0950406A SE533449C2 (en) 2009-06-04 2009-06-04 Selection of transaction functions based on user identity
PCT/SE2010/050531 WO2010140955A1 (en) 2009-06-04 2010-05-17 Selection of transaction functions based on user identity

Publications (1)

Publication Number Publication Date
CN102449653A true CN102449653A (en) 2012-05-09

Family

ID=43243881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010800242123A Pending CN102449653A (en) 2009-06-04 2010-05-17 Selection of transaction functions based on user identity

Country Status (4)

Country Link
EP (1) EP2438558A4 (en)
CN (1) CN102449653A (en)
SE (1) SE533449C2 (en)
WO (1) WO2010140955A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794686A (en) * 2014-09-25 2021-12-14 电子湾有限公司 Transaction verification by enhanced authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1334537A (en) * 2000-07-18 2002-02-06 北京东方金网通科技有限公司 Integrated securities information service network system
US20050108707A1 (en) * 2003-11-14 2005-05-19 Taylor Thomas M. Systems and methods for creating and managing a virtual retail store on end-user client computers within a network
GB2428126A (en) * 2005-07-08 2007-01-17 Secoren Ltd System for processing transactions
US20080010193A1 (en) * 2006-07-06 2008-01-10 Firethorn Holdings, Llc Methods and Systems For Payment Method Selection by a Payee in a Mobile Environment
US20080078831A1 (en) * 2006-09-29 2008-04-03 Johnson P Marc System and method for presenting multiple transaction options in a portable device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1334537A (en) * 2000-07-18 2002-02-06 北京东方金网通科技有限公司 Integrated securities information service network system
US20050108707A1 (en) * 2003-11-14 2005-05-19 Taylor Thomas M. Systems and methods for creating and managing a virtual retail store on end-user client computers within a network
GB2428126A (en) * 2005-07-08 2007-01-17 Secoren Ltd System for processing transactions
US20080010193A1 (en) * 2006-07-06 2008-01-10 Firethorn Holdings, Llc Methods and Systems For Payment Method Selection by a Payee in a Mobile Environment
US20080078831A1 (en) * 2006-09-29 2008-04-03 Johnson P Marc System and method for presenting multiple transaction options in a portable device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794686A (en) * 2014-09-25 2021-12-14 电子湾有限公司 Transaction verification by enhanced authentication
CN113794686B (en) * 2014-09-25 2024-04-26 电子湾有限公司 Transaction verification by enhanced authentication

Also Published As

Publication number Publication date
EP2438558A1 (en) 2012-04-11
WO2010140955A1 (en) 2010-12-09
SE0950406A1 (en) 2010-10-05
EP2438558A4 (en) 2012-10-31
SE533449C2 (en) 2010-10-05

Similar Documents

Publication Publication Date Title
EP2701416B1 (en) Mobile Electronic Device And Use Thereof For Electronic Transactions
CN102057386B (en) Trusted service manager (TSM) architectures and methods
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions
CN101010903B (en) Method for generating and verifying an electronic signature
US10045210B2 (en) Method, server and system for authentication of a person
US9344896B2 (en) Method and system for delivering a command to a mobile device
US10504110B2 (en) Application system for mobile payment and method for providing and using mobile means for payment
EP2690589A1 (en) Method and system for security information interaction based on internet
CA2930752A1 (en) System and method for location-based financial transaction authentication
KR20090031672A (en) Authentication method for wireless transactions
JP2013514556A (en) Method and system for securely processing transactions
EP2690840B1 (en) Internet based security information interaction apparatus and method
CN103123706A (en) Management method, device and system of bill payment for another
CN101340294A (en) Cipher keyboard apparatus and implementing method thereof
WO2012103210A2 (en) Secure transaction facilitator
CN101861595A (en) A method for secure transactions
CN102460491A (en) A method for secure transactions
JP4033865B2 (en) Personal information management system and mediation system
US20130117815A1 (en) Method of Authorizing a Person, an Authorizing Architecture and a Computer Program Product
CN105072136B (en) A kind of equipment room safety certifying method and system based on virtual drive
Tepandi et al. Wireless PKI security and mobile voting
CN102449653A (en) Selection of transaction functions based on user identity
US20090095809A1 (en) Method of transmitting a secret code, card reading terminal, management server and corresponding computer software programmes
TW201042964A (en) Mobile phone service system for e-commerce dual identity check
EP3145117B1 (en) A method and a system for shared digital signing of a document

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120509