WO2000067448A1 - Secure wap transactions using voice based authentication - Google Patents

Secure wap transactions using voice based authentication Download PDF

Info

Publication number
WO2000067448A1
WO2000067448A1 PCT/SE2000/000648 SE0000648W WO0067448A1 WO 2000067448 A1 WO2000067448 A1 WO 2000067448A1 SE 0000648 W SE0000648 W SE 0000648W WO 0067448 A1 WO0067448 A1 WO 0067448A1
Authority
WO
WIPO (PCT)
Prior art keywords
wml
voice
authentication
user
application
Prior art date
Application number
PCT/SE2000/000648
Other languages
French (fr)
Inventor
Knut Brandrud
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to AU44432/00A priority Critical patent/AU4443200A/en
Publication of WO2000067448A1 publication Critical patent/WO2000067448A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification
    • G10L17/22Interactive procedures; Man-machine interfaces
    • G10L17/24Interactive procedures; Man-machine interfaces the user being prompted to utter a password or a predefined phrase
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation

Definitions

  • This invention relates to an arrangement and method for providing user authentication when performing Wireless Electronic Commerce transactions using a mobile device.
  • SIM card based security This requires either that the microbrowser is located on the SIM card, or that there exists standard solutions for a phone microbrowser to access the SIM card security functions.
  • SIM card solutions are limited to GSM systems.
  • a SIM Application Toolkit based browser has certain limitations due to proprietary SIM technology, limited functionality in the SIM Toolkit standards and no support outside GSM.
  • WAP 1.0 based solutions there is a need for intermediate solutions using WAP 1.0 based solutions, which has not solved the security aspects .
  • the present invention has as its objective to provide user authentication security when performing Wireless Electronic Commerce transactions on a mobile device without security functions above standard security provided by the network.
  • the invention is applicable in Wireless Electronic Commerce and other Wireless Application Protocol (WAP) based applications requiring user authentication above what is provided by the wireless network itself.
  • WAP Wireless Application Protocol
  • the invention is applicable in wireless networks like GSM, D-AMPS and CDMA.
  • Figure 1 is a schematic diagram showing the various entities involved in a transaction using the present invention.
  • Figure 2 shows a network architecture example for systems using the invention.
  • Figure 3 shows an example of a message flow for a transaction using the invention.
  • FIG. 1 shows the various entities involved when a user wishes to access a WML based application (wireless E- commerce, Intranet access gateway, premium service access, etc.), 4, via a mobile device, and using a method and system according to the present invention.
  • the user starts a WML based diaglogue involving a WML based browser, 1, a microbrowser with the ability to display Wireless Mark-up Language (WML) •
  • WML Wireless Mark-up Language
  • the browser can be located in a phone or other type of wireless device, like a Personal Digital Assistant (PDA).
  • PDA Personal Digital Assistant
  • parts of the browser may be implemented in a server.
  • An example of this, is a GSM phone using the GSM Phase 2 USSD feature together with a proxy server that converts WML content to USSD text strings that is displayed on the phone.
  • the mobile device is connected in a wireless network, 2, including a WAP gateway.
  • This entity consists of all wireless switching components like Base Station System (BSS) and Mobile Switching Centre (MSC) .
  • BSS Base Station System
  • MSC Mobile Switching Centre
  • the WAP gateway converts between the WAP protocol and and bearer services on the radio side, and Internet protocols on the Internet side.
  • the user accesses the WML based application, 4.
  • This entity is an application that uses the WAP defined Wireless Mark ⁇ up Language (WML) for dialogue with a user. At a certain stage in the dialogue an authentication is required.
  • the application, 4 uses a voice password handling enrity, 3, for authentication of the user.
  • This entity is a network component that handles voice recognition and voice based dialogue with the user. It will also handle the password and personal voice detection mechanisms. This entity will typically be based on an Integrated Voice Response (IVR) system. . .
  • IVR Integrated Voice Response
  • the authentication can be performed by presenting a WML card (page) to the user that includes a menu entry initiating a voice call to an IVR based authentication centre using basic Wireless Telephony Application functionality (the ability to make a phone call by selecting an entry in a WAP based menu) .
  • the authentication is performed using a voice-based password that may provide both a user password and verification of the user's voice.
  • the result of the authentication is returned to the WML based application, which continues or finalises the transaction.
  • the voice password handling entity may instead initiate a call to the user after the WML dialogue is finished, to perform the authentication.
  • the voice password handling entity may identify the user that shall be authenticated by his/her calling ID (phone number) .
  • phone number phone number
  • extra identification of the user is required for the voice password handling entity. This can be accomplished using a B-number that provides extra information, or by informing the voice password handling entity in advance that an authentication of a specific user is to be taken place from the given phone number.
  • the actual algorithm used by the Voice password handling entity for performing the authentication may differ for different implementations of a voice password handling entity.
  • An example of an algorithm is using a personal PIN code combined with recognition of a personal voice.
  • the voice password handling entity will request the entire PIN code, or alternatively a random digit within the PIN code. The latter will secure that the entire PIN code is never passed at the same time.
  • Personal voice recognition will provide a verification of a specific person's own voice within an acceptable level of accuracy.
  • the voice password handling entity pass information on the result of the authentication using a secured link towards the WML based application .
  • A The interface between the device containing the WML based browser and the wireless network.
  • connection with the ability to transport digital coded voice. This may be a 56/64 kbits/s circuit using a signalling scheme like Signalling System #7 or ISDN. g
  • An interface carrying WML content This is normally an IP based interf ce.
  • the protocol carrying WML can be the WAP stack, HTTP or HTTP ⁇ .
  • the two entities may be connected directly or via a secure network connection.
  • FIG. 2 An exemplary physical embodiment of an arrangement according to the invention is shown in Fig. 2 as a network architecture.
  • the user accesses an application of interest located on a Wireless E-commerce server from a cellular phone with a microbrowser installed.
  • the wireless E-commerce server is connected to an IVR server which performs the authentication.
  • the connection uses a proprietary link for security reasons.
  • the interfaces involved are as defined above.
  • the procedure for establishing the WAP session is shown as a message sent from the user terminal to the application.
  • This message triggers off a message from the application to the voice password handling entity.
  • This in turn initiates an exchange of call ontrol messages between the browser (on the user terminal) and the voice password handling entity (on the IPV server) .
  • the voice password handling entity sends an Authentication OK message to the application.
  • the application may then complete the transaction.
  • the advantage of the inventive arrangement and method is that it provides enhanced user authentication features on first phase WAP/WML based devices.
  • Voice password based security solution are being implemented e.g. in bank systems, i.e. this solution will fulfil financial institution requirements to user authentication security.
  • this function By using the click-to-call' feature of WAP, this function will be easy to use for the end user.
  • the invention may be used for any type of WML based transactions that requires authentication security above what is provided by basic WAP and the cellular network. This may be home banking access, access to restricted information (e.g. corporate information), an extra security for passing an Intranet firewall for WAP access, etc.
  • restricted information e.g. corporate information
  • an extra security for passing an Intranet firewall for WAP access etc.
  • GSM Global System for Mobile Communications. A digital cellular phone technology based on TDMA that is widely deployed in Europe and throughout the world.
  • Gateway A gateway is a network point that acts as an entrance to another network.
  • a proxy server acts as a gateway between the internal network and the Internet.
  • a gateway may also be any device that passes packets from one network to another network in their trip across the Internet.
  • HTTP The Hypertext Transfer Protocol
  • HTTP is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet) , HTTP is an application protocol.
  • Protocol is a Web protocol built into a browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server.
  • HTTPS is really just the use of Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layer.
  • SSL Secure Socket Layer
  • IVR Interactive Voice Response An automated telephone answering system that responds with a voice menu and allows the user to make choices and enter information via the keypad. IVR systems are widely used in call centres as well as a replacement for human switchboard operators. The system may also integrate database access and fax response.
  • J. Microbrovser A slimmer variant of a WWW browser tailored for thin clients with small displays and low bandwidth communication. Examples of a microbrowser is the browser on a WAP client, e.g. a WAP enabled phone.
  • K. Password In the context of the invention, a secret pattern shared between the user and the entity providing the authorisation.
  • the password may be a spoken word, or e.g. a PIN code consisting of a number of digits.
  • SIM card is a special type of smart card that is used for security, subscription data and storage in a GSM phone.
  • the SIM Application Toolkit standard in GSM also enables simple applications to be stored and executed on the SIM card.
  • WAP Wireless Application Protocol A wireless standard initially proposed by Motorola, Ericsson and Nokia for providing small wireless devices like phones and PDAs access to Internet type content.
  • WAP uses the Wireless Markup Language (WML) for presenting Internet content.
  • WML Wireless Markup Language
  • WTA provides telephony functions that may be used in association with WAP.
  • the WTA functionality required is the ability to make a phone call by selecting an entry in a WAP based menu.

Abstract

This invention relates to an arrangement and method for providing user authentication when performing Wireless Electronic Commerce transactions using a mobile device. This is achieved by combining a WML (WAP mark-up language) based microbrowser on the mobile device and voice based authentication in the network.

Description

SECURE WAP TRANSACTIONS USING VOICE BASED AUTHENTICATION
TECHNICAL FIELD
This invention relates to an arrangement and method for providing user authentication when performing Wireless Electronic Commerce transactions using a mobile device.
PRIOR ART
The problem is to provide a satisfactory level of security when someone is performing Wireless Electronic Commerce transactions on a mobile device . From prior art there are known some solutions to this problem, including:
1. Using SIM card based security. This requires either that the microbrowser is located on the SIM card, or that there exists standard solutions for a phone microbrowser to access the SIM card security functions.
The SIM card solutions are limited to GSM systems. A SIM Application Toolkit based browser has certain limitations due to proprietary SIM technology, limited functionality in the SIM Toolkit standards and no support outside GSM. There is standardisation going on to provide SIM/smart card security within WAP, but the standards are not finished. Hence there is a need for intermediate solutions using WAP 1.0 based solutions, which has not solved the security aspects .
2. Using security functions on a smart card that can be read from the phone with an extra card reader.
The limitation with this solution is that a phone with extra smart card reader is required. There is limited availability of these phones, the solution is not standardised yet, and the phones tend to be larger and more expensive.
3. Using external security devices like password calculators that generates single time passwords and requires a personal PIN code to be activated.
It is not very convenient to carry with you a password calculator, and it takes time to use it (first type PIN, then type generated password on phone) . Furthermore, the cost of the solution for the end user increases.
OBJECTS OF THE INVENTION
The present invention has as its objective to provide user authentication security when performing Wireless Electronic Commerce transactions on a mobile device without security functions above standard security provided by the network.
This is achieved by combining a WML (WAP mark-up language) based microbrowser on the mobile device and voice based authentication in the network.
The invention is applicable in Wireless Electronic Commerce and other Wireless Application Protocol (WAP) based applications requiring user authentication above what is provided by the wireless network itself. The invention is applicable in wireless networks like GSM, D-AMPS and CDMA.
The exact scope of the invention is as defined in the appended claims.
BRIEF DESCRIPTION OF DRAWINGS Figure 1 is a schematic diagram showing the various entities involved in a transaction using the present invention.
Figure 2 shows a network architecture example for systems using the invention.
Figure 3 shows an example of a message flow for a transaction using the invention.
DETAILED DESCRIPTION OF THE INVENTION
Figure 1 shows the various entities involved when a user wishes to access a WML based application (wireless E- commerce, Intranet access gateway, premium service access, etc.), 4, via a mobile device, and using a method and system according to the present invention. The user starts a WML based diaglogue involving a WML based browser, 1, a microbrowser with the ability to display Wireless Mark-up Language (WML) • The browser can be located in a phone or other type of wireless device, like a Personal Digital Assistant (PDA). For simpler wireless devices, parts of the browser may be implemented in a server. An example of this, is a GSM phone using the GSM Phase 2 USSD feature together with a proxy server that converts WML content to USSD text strings that is displayed on the phone.
The mobile device is connected in a wireless network, 2, including a WAP gateway. This entity consists of all wireless switching components like Base Station System (BSS) and Mobile Switching Centre (MSC) . In addition to that it contains the WAP gateway. The WAP gateway converts between the WAP protocol and and bearer services on the radio side, and Internet protocols on the Internet side.
The user accesses the WML based application, 4. This entity is an application that uses the WAP defined Wireless Mark¬ up Language (WML) for dialogue with a user. At a certain stage in the dialogue an authentication is required. The application, 4, uses a voice password handling enrity, 3, for authentication of the user. This entity is a network component that handles voice recognition and voice based dialogue with the user. It will also handle the password and personal voice detection mechanisms. This entity will typically be based on an Integrated Voice Response (IVR) system. . .
The authentication can be performed by presenting a WML card (page) to the user that includes a menu entry initiating a voice call to an IVR based authentication centre using basic Wireless Telephony Application functionality (the ability to make a phone call by selecting an entry in a WAP based menu) . The authentication is performed using a voice-based password that may provide both a user password and verification of the user's voice. The result of the authentication is returned to the WML based application, which continues or finalises the transaction.
If the browser does not support this menu feature (click- to-call) , the voice password handling entity may instead initiate a call to the user after the WML dialogue is finished, to perform the authentication. The voice password handling entity may identify the user that shall be authenticated by his/her calling ID (phone number) . In case of several users connected to the same phone number, or in case* of a phone that is not owned by the user, extra identification of the user is required for the voice password handling entity. This can be accomplished using a B-number that provides extra information, or by informing the voice password handling entity in advance that an authentication of a specific user is to be taken place from the given phone number.
The actual algorithm used by the Voice password handling entity for performing the authentication may differ for different implementations of a voice password handling entity. An example of an algorithm is using a personal PIN code combined with recognition of a personal voice. The voice password handling entity will request the entire PIN code, or alternatively a random digit within the PIN code. The latter will secure that the entire PIN code is never passed at the same time. Personal voice recognition will provide a verification of a specific person's own voice within an acceptable level of accuracy.
The voice password handling entity pass information on the result of the authentication using a secured link towards the WML based application .
In Figure 1, the letters A to D denotes the interfaces between the various entities, which interfaces are:
A. The interface between the device containing the WML based browser and the wireless network.
B- A connection with the ability to transport digital coded voice. This may be a 56/64 kbits/s circuit using a signalling scheme like Signalling System #7 or ISDN. g
C. An interface carrying WML content. This is normally an IP based interf ce. The protocol carrying WML can be the WAP stack, HTTP or HTTPΞ.
D. This can be any type of open or proprietary interface between the two entities. The two entities may be connected directly or via a secure network connection.
An exemplary physical embodiment of an arrangement according to the invention is shown in Fig. 2 as a network architecture. In this example the user accesses an application of interest located on a Wireless E-commerce server from a cellular phone with a microbrowser installed. The wireless E-commerce server is connected to an IVR server which performs the authentication. The connection uses a proprietary link for security reasons. The interfaces involved are as defined above.
In the message flow scheme in Figure 3 the procedure for establishing the WAP session is shown as a message sent from the user terminal to the application. This message triggers off a message from the application to the voice password handling entity. This in turn initiates an exchange of call ontrol messages between the browser (on the user terminal) and the voice password handling entity (on the IPV server) . If the result of the authentication process is satisfactory, the voice password handling entity sends an Authentication OK message to the application. The application may then complete the transaction.
The advantage of the inventive arrangement and method is that it provides enhanced user authentication features on first phase WAP/WML based devices. Voice password based security solution are being implemented e.g. in bank systems, i.e. this solution will fulfil financial institution requirements to user authentication security. By using the click-to-call' feature of WAP, this function will be easy to use for the end user.
The invention may be used for any type of WML based transactions that requires authentication security above what is provided by basic WAP and the cellular network. This may be home banking access, access to restricted information (e.g. corporate information), an extra security for passing an Intranet firewall for WAP access, etc.
DEFINITIONS AND ABBREVIATIONS
E. GSM Global System for Mobile Communications. A digital cellular phone technology based on TDMA that is widely deployed in Europe and throughout the world.
F. Gateway A gateway is a network point that acts as an entrance to another network. In a company network, a proxy server acts as a gateway between the internal network and the Internet. A gateway may also be any device that passes packets from one network to another network in their trip across the Internet.
G. HTTP The Hypertext Transfer Protocol (HTTP) is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet) , HTTP is an application protocol. H. HTTPS Secure Hypertext Transfer
Protocol is a Web protocol built into a browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layer.
I. IVR Interactive Voice Response. An automated telephone answering system that responds with a voice menu and allows the user to make choices and enter information via the keypad. IVR systems are widely used in call centres as well as a replacement for human switchboard operators. The system may also integrate database access and fax response.
J. Microbrovser A slimmer variant of a WWW browser tailored for thin clients with small displays and low bandwidth communication. Examples of a microbrowser is the browser on a WAP client, e.g. a WAP enabled phone.
K. Password. In the context of the invention, a secret pattern shared between the user and the entity providing the authorisation. The password may be a spoken word, or e.g. a PIN code consisting of a number of digits.
L. PIN Personal Identification Number. A personal password used for identification purposes.
M. SIM Subscriber Identity Module. The
SIM card is a special type of smart card that is used for security, subscription data and storage in a GSM phone. The SIM Application Toolkit standard in GSM also enables simple applications to be stored and executed on the SIM card. N. USSD Unstructured Supplementary
Service Data. A GSM protocol for passing service data via the control plane of the GSM protocol. Many supplementary services use USSD for signalling (e.g. format of type *123#)
O. WAP Wireless Application Protocol. A wireless standard initially proposed by Motorola, Ericsson and Nokia for providing small wireless devices like phones and PDAs access to Internet type content. WAP uses the Wireless Markup Language (WML) for presenting Internet content.
P.WTA Wireless Telephony Application.
WTA provides telephony functions that may be used in association with WAP. In this invention the WTA functionality required is the ability to make a phone call by selecting an entry in a WAP based menu.

Claims

P a t e n t c l a i m s
1. Arrangement for providing user authentication security when performing Wireless Electronic Commerce using a mobile device, with a WML (Wireless Mark-up Language) based browser (1) , c h a r a c t e r i s e d i n that said arrangement includes a wireless network, which in turn includes
• a WAP (Wireless Application Protocol) gateway (2) that connects between the WAP protocol and bearer service on the radio side, and Internet protocols on the other side,
• a wireless e-commerce server running a WML based application (4) for performing Wireless Electronic Commerce transactions,
■ a server which includes a voice password handling entity (3) based on an Integrated Voice Response (IVR) system that handles recognition and verification of the users voice and voice password authentication.
2. Arrangement according to claim 1, c h a r a c t e r i s e d i n that said WML based browser is a microbrowser.
3. Arrangement according to claim 1 or 2, c h a r a c t e r i s e d i n that said WML based browser is implemented in part in a proxy server that converts WML content to USSD (Unstructured Supplementary Service Data) text strings that is displayed on said mobile device.
4. Arrangement according to any of the preceding claims, c h a r a c t e r i s e d i n that communication between said WML based application and said voice password handling entity takes place over a proprietary secure link.
5. Method for performing Wireless Electronic Commerce transactions using a mobile device, said method comprising the following steps:
• to initiate a WML based browser on the mobile device,
• to access a WML based application (4), which includes the Electronic commerce application, and thereby initiate a first dialogue,
c h a r a c t e r i s e d i n that at a certain stage in the first dialogue,
• the WML based application (4) addresses a voice password handling entity (3) for authentication of the user,
• said voice password entity (3) is adapted to handle voice recognition and initiate a second voice based dialogue with the user, and also handles password and personal voice detection mechanisms,
• the result of the authentication process is passed on to the WML based application (4),
• after which the WML based application (4) completes the first dialogue with the user.
6. Method according to claim 5, c h a r a c t e r i s e d i n that the WML based application (4) communicates with voice password entity (3) over a proprietary secure link.
PCT/SE2000/000648 1999-04-29 2000-04-25 Secure wap transactions using voice based authentication WO2000067448A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU44432/00A AU4443200A (en) 1999-04-29 2000-04-25 Secure wap transactions using voice based authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO19992071 1999-04-29
NO19992071A NO313949B1 (en) 1999-04-29 1999-04-29 Authentication in mobile networks

Publications (1)

Publication Number Publication Date
WO2000067448A1 true WO2000067448A1 (en) 2000-11-09

Family

ID=19903265

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2000/000648 WO2000067448A1 (en) 1999-04-29 2000-04-25 Secure wap transactions using voice based authentication

Country Status (4)

Country Link
AR (1) AR023799A1 (en)
AU (1) AU4443200A (en)
NO (1) NO313949B1 (en)
WO (1) WO2000067448A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001097105A2 (en) * 2000-06-12 2001-12-20 Accenture Properties (2) Bv Mobile commerce
EP1209639A2 (en) * 2000-11-22 2002-05-29 Fujitsu Limited Net shopping method, system therefor, and automatic payment transfer device
WO2002065415A1 (en) * 2001-02-13 2002-08-22 Sagem S.A. Method for electronically ordering products at a sales outlet
FR2824688A1 (en) * 2001-05-14 2002-11-15 Device Inc E Internet telecommunications protocol distant site contents display using Internet standard HTTP/TCP/IP/PPP protocols not WAP protocols.
WO2003019856A2 (en) * 2001-08-30 2003-03-06 Wmode Inc. Authentication of a subscriber on a public network
EP1302917A2 (en) * 2001-08-16 2003-04-16 Siemens Aktiengesellschaft Method and apparatus for electronic payment of goods and services, in particular for an application on a data network
WO2003047208A1 (en) * 2001-11-29 2003-06-05 Mobile Commerce Limited Credit card payment by mobile phone
WO2004107285A1 (en) * 2003-05-12 2004-12-09 Briza Technologies, Inc. Credit card sms portal transmission system and process
WO2004107284A1 (en) * 2003-05-30 2004-12-09 Koninklijke Kpn N.V. Method and system for recovery of an electronic voucher and content received using an electronic voucher
EP1708172A1 (en) * 2005-03-30 2006-10-04 Top Digital Co., Ltd. Voiceprint identification system for E-commerce
WO2009000190A1 (en) * 2007-06-22 2008-12-31 Huawei Technologies Co., Ltd. A safety status estimate method, apparatus and system
WO2010147944A1 (en) * 2009-06-15 2010-12-23 John Mikkelsen Mobile dialogue system and mobile content delivery solutions
CN101110980B (en) * 2006-07-18 2010-12-29 中兴通讯股份有限公司 System and method for implementing access voice interactive business
CN101267456B (en) * 2008-03-31 2011-04-13 中国联合网络通信集团有限公司 Method and system for preventing CP subscription simulation
EP2626826A1 (en) * 2012-02-07 2013-08-14 Voice Commerce Group Technologies Limited A system and method for processing transactions
CN102483833B (en) * 2009-06-15 2016-12-14 约翰·米克尔森 Mobile conversational system and mobile content transmission scheme

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5897616A (en) * 1997-06-11 1999-04-27 International Business Machines Corporation Apparatus and methods for speaker verification/identification/classification employing non-acoustic and/or acoustic models and databases

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5897616A (en) * 1997-06-11 1999-04-27 International Business Machines Corporation Apparatus and methods for speaker verification/identification/classification employing non-acoustic and/or acoustic models and databases

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XP002901136 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001097105A3 (en) * 2000-06-12 2003-03-13 Accenture Properties 2 Bv Mobile commerce
WO2001097105A2 (en) * 2000-06-12 2001-12-20 Accenture Properties (2) Bv Mobile commerce
EP1209639A3 (en) * 2000-11-22 2003-09-17 Fujitsu Limited Net shopping method, system therefor, and automatic payment transfer device
EP1209639A2 (en) * 2000-11-22 2002-05-29 Fujitsu Limited Net shopping method, system therefor, and automatic payment transfer device
US7319978B2 (en) 2000-11-22 2008-01-15 Fujitsu Limited Net shopping method, system therefor, and automatic payment transfer device
WO2002065415A1 (en) * 2001-02-13 2002-08-22 Sagem S.A. Method for electronically ordering products at a sales outlet
FR2824688A1 (en) * 2001-05-14 2002-11-15 Device Inc E Internet telecommunications protocol distant site contents display using Internet standard HTTP/TCP/IP/PPP protocols not WAP protocols.
WO2002093870A2 (en) * 2001-05-14 2002-11-21 E-Device Inc. Method for using wml protocol in a tcp/ip environment, component, equipment and system
WO2002093870A3 (en) * 2001-05-14 2003-03-20 Device Inc E Method for using wml protocol in a tcp/ip environment, component, equipment and system
EP1302917A3 (en) * 2001-08-16 2004-01-02 Siemens Aktiengesellschaft Method and apparatus for electronic payment of goods and services, in particular for an application on a data network
EP1302917A2 (en) * 2001-08-16 2003-04-16 Siemens Aktiengesellschaft Method and apparatus for electronic payment of goods and services, in particular for an application on a data network
WO2003019856A2 (en) * 2001-08-30 2003-03-06 Wmode Inc. Authentication of a subscriber on a public network
WO2003019856A3 (en) * 2001-08-30 2003-07-17 Wmode Inc Authentication of a subscriber on a public network
WO2003047208A1 (en) * 2001-11-29 2003-06-05 Mobile Commerce Limited Credit card payment by mobile phone
WO2004107285A1 (en) * 2003-05-12 2004-12-09 Briza Technologies, Inc. Credit card sms portal transmission system and process
WO2004107284A1 (en) * 2003-05-30 2004-12-09 Koninklijke Kpn N.V. Method and system for recovery of an electronic voucher and content received using an electronic voucher
EP1708172A1 (en) * 2005-03-30 2006-10-04 Top Digital Co., Ltd. Voiceprint identification system for E-commerce
CN101110980B (en) * 2006-07-18 2010-12-29 中兴通讯股份有限公司 System and method for implementing access voice interactive business
WO2009000190A1 (en) * 2007-06-22 2008-12-31 Huawei Technologies Co., Ltd. A safety status estimate method, apparatus and system
CN101267456B (en) * 2008-03-31 2011-04-13 中国联合网络通信集团有限公司 Method and system for preventing CP subscription simulation
WO2010147944A1 (en) * 2009-06-15 2010-12-23 John Mikkelsen Mobile dialogue system and mobile content delivery solutions
CN102483833A (en) * 2009-06-15 2012-05-30 约翰·米克尔森 Mobile dialogue system and mobile content delivery solutions
CN102483833B (en) * 2009-06-15 2016-12-14 约翰·米克尔森 Mobile conversational system and mobile content transmission scheme
EP2626826A1 (en) * 2012-02-07 2013-08-14 Voice Commerce Group Technologies Limited A system and method for processing transactions

Also Published As

Publication number Publication date
AR023799A1 (en) 2002-09-04
AU4443200A (en) 2000-11-17
NO313949B1 (en) 2002-12-30
NO992071D0 (en) 1999-04-29
NO992071L (en) 2000-10-30

Similar Documents

Publication Publication Date Title
US6647260B2 (en) Method and system facilitating web based provisioning of two-way mobile communications devices
EP1430452B1 (en) Point-of-sale (pos) voice authentication transaction system
US7209903B1 (en) Method and system for facilitation of wireless e-commerce transactions
EP1216538B1 (en) Method and apparatus for executing secure data transfer in a wireless network
Schwiderski-Grosche et al. Secure mobile commerce
US7191234B2 (en) Deployment of smart card based applications via mobile terminals
US7933589B1 (en) Method and system for facilitation of wireless e-commerce transactions
WO2000067448A1 (en) Secure wap transactions using voice based authentication
KR100458917B1 (en) Accessing a server computer
US6795924B1 (en) Sat back channel security solution
WO2009109775A2 (en) Method and system for enabling personalised shared mobile phone usage
US10897711B2 (en) Method and a server for authenticating a user with a mobile device
US20030003898A1 (en) Utilizing parallel available services over a wireless network
Guthery et al. How to turn a GSM SIM into a web server
CN100562166C (en) The method that position information of mobile terminal is handled
WO2001052575A1 (en) Representation of applications in a telecommunication system
WO2000044130A1 (en) A method, system and arrangement for providing services on the internet
EP2218240A1 (en) Methods for establishing authenticated network connection in a packet-switched message to a short message service server (smsc)
KR101072930B1 (en) Method for approving the telephone number change request
KR20030024127A (en) System and Method for automatically transferring member information
Kehr et al. Mobile security for Internet applications
KR20060012735A (en) Settlement proxy method of cyber money through specification mobile communication network
Kehr¹ et al. 2SAP AG
WO2003107623A1 (en) System and procedure for payment of a service at a communications system
KR20080010367A (en) Method for prviding information

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP