WO2002029732A2 - Automatic identification apparatus and identification method - Google Patents
Automatic identification apparatus and identification method Download PDFInfo
- Publication number
- WO2002029732A2 WO2002029732A2 PCT/EP2001/011333 EP0111333W WO0229732A2 WO 2002029732 A2 WO2002029732 A2 WO 2002029732A2 EP 0111333 W EP0111333 W EP 0111333W WO 0229732 A2 WO0229732 A2 WO 0229732A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identification
- instance
- password
- user
- automatic identification
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/33—Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
Definitions
- the invention concerns an automatic identification apparatus for the identification of an instance, wherein the instance transmits account details to the automatic identification apparatus.
- the instance can be a natural person or a legal entity, for example a user, a closed user group of a corporation or a theatre. It is also possible to envisage a process which for example runs in a computer.
- Transmission of the account details can be effected both orally directly over the telephone or by way of data-processing equipment.
- the known automatic apparatuses suffer from the disadvantage that they implement exclusively a plausibility check, that is to say they check the general existence of the specified bank connection, but not whether the user is authorised to access the stated account.
- a user could specify someone else's account details to which he has gained access, as being his own, and those account details are confirmed as being in existence in the context of the plausibility checking procedure.
- numerous undertakings list the bank details on their letterheads.
- account details are increasingly specified, which are not actually to be associated with the respective user but which by virtue of the positively executed plausibility check are sufficient for identification purposes and which subsequently result in incorrect billing.
- the object of the present invention is to further develop an automatic identification apparatus as set forth in the opening part of this specification, in such a way that user identification can be more securely implemented.
- the automatic identification apparatus works out a password and transmits same to the address represented by the account details.
- password means an item of secret information which is recognisable only to a limited user group; the user group can include one or more persons.
- the password comprises a numerical or alphanumeric character chain or string.
- the length of string is determined in accordance with the required degree of security, in which respect just two alphanumeric characters can represent a level of security which is adequate for the banking sector.
- the plausibility check which is known from the state of the art is thus enlarged by the production of a password which is transmitted to the account details and which can only be called up by the user who has authorised access for that account so that the password is also only accessible to the user.
- the access authorisation does not have to be limited to an individual person but can exist for example for a group of users, such as for example in the case of a number of persons in an undertaking or corporation, who are authorised to access a business account. In that respect, for communication of the password from the banking system to the user, recourse is made to an existing, secured transmission path, in respect of which the user access authorisation has already been checked.
- Transmission of the password is preferably effected as a purpose of use in a regular bank transaction.
- the bank transaction can be effected in the form of a debit entry or a credit entry (for example as a remittance) .
- At least the password must be representable on a statement of account or a comparably secure medium.
- Transmission of the account details from the user to the automatic identification apparatus is preferably effected by way of data processing, in particular by way of the Internet. Transmission of the bank transaction with the password to the address represented in the account details is effect optionally manually directly, by telephone or preferably also by way of data processing.
- the known protocols HBCI, DTA or other protocols which are suitable for paperless data carrier exchange are then used for that purpose.
- the automatic identification apparatus can also be used for mobile commerce (m- commerce) .
- m- commerce mobile commerce
- the user transmits his account details to the automatic identification apparatus with a call from his mobile telephone whose call number can be determined by CLI (calling line identification) .
- CLI calling line identification
- the user can also send an SMS with his account details to the automatic identification apparatus.
- the automatic identification apparatus then transmits the password to the specified account details.
- the password is a secret telephone number which the user has to call up for enablement purposes (identification) .
- identity secret telephone numbers which are associated with the automatic identification apparatus as a reserved circle of numbers.
- the automatic identification apparatus by virtue of the association of the telephone number of the calling mobile telephone with the secret telephone number, can check identification of the user and the authority for access to the stated account details and, if the result is positive, enable the user or record same in a registration database.
- transmission of the account details to the automatic identification apparatus is preferably effected in encrypted form with a public key of the automatic identification apparatus.
- asymmetric encryption process each user can encrypt his account information, but only the automatic identification apparatus can decrypt the account details.
- a known asymmetrical encryption process is RSA (Rivest Shamir Adleman) .
- the automatic identification apparatus produces a public key and a private key, of which it makes only the public key available to the users.
- the password can be used for identification purposes for at least one transaction.
- the term transaction is used to denote any action between two instances, for example implementation of a purchase, calling up items of information, access to proprietary data, making a booking, visiting a cultural event and so forth.
- the identifications can be implemented by way of the automatic identification apparatus according to the invention or directly with an automatic identification apparatus which is known from the state of the art and which only requires the input of a password, for example a RADIUS system.
- An Internet Service Provider can thus ensure that only a clearly identified customer can claim the services thereof.
- the Internet Service Provider can debit the use charges for the services requested by way of the account details of the requesting user. It can implement that by virtue of operation of an automatic identification apparatus according to the invention, which permits the association of a password with the account details or it can cause it to be carried out as a service by an operator of an automatic identification apparatus according to the invention. For example this may involve various servers in the Internet.
- the password can be valid for a limited time or can be used only for a predetermined number of transactions.
- the password can be in widely varying formats.
- the password serves only for unique identification of the user in relation to another instance (automatic identification apparatus, information supplier, Internet Service Provider, theatre, and the like); it thus performs the function of a certificate for proving the identity of an instance or a user. That means that further items of user information (call number of a mobile telephone or telephone specified by the user, his pass number, his social security number, his finger print, further biometric features of a user, a public key and so forth) can be transmitted in certified form with the password.
- the communication of a further password which for example satisfies a higher security level or which is accessible to a user circle other than the first one is something that can also be envisaged.
- the particular attraction is that only the items of information which are transmitted by the user, and no further items, are known to the automatic identification apparatus; at any event however those items of information permit billing with the user by the automatic identification apparatus. If the instance operating the automatic identification apparatus differs from the instance in respect of which a user wishes to afford proof of his identity the user enjoys an anonymity which is equivalent to a cash payment.
- the password is the key for a symmetrical encryption process.
- Those encryption processes are generally known; a known encryption process of that kind is DES (Data Encryption Standard) which uses a 56 bit- long key.
- DES Data Encryption Standard
- Secure communication is now possible between automatic identification apparatus and user as the password is known to both sides. In the same way, a communication is possible between the user and further information suppliers to whom the password/the key is notified or the computing path for production of the password is known.
- a particularly high level of security is offered by a key which can be used for the decryption of a public key used by the user (asymmetrical encryption process) .
- That public key can either be produced by the user himself or it can be transmitted to the user by a further instance, for example on a smart card.
- the automatic identification apparatus can lastingly check the identity of the user with the public key, with conventional challenge-response procedures, by requiring the user to encrypt an item of information with the private key which is known exclusively to the user, which can then be decrypted with the public key associated with the user.
- Identity of the items of information sent and received by the automatic identification apparatus ensures the identity of the user.
- the public key is associated with a private key of the user, which is contained in an encryption device in such a way that it cannot be read out.
- the encryption device for the private key can be for example a money card, a smart card or a dongle. It can also be integrated in a mobile telephone or the like.
- the invention also concerns an identification method for the identification of an instance, in which the instance transmits to an identification instance at least one item of information of the instance, which includes account details.
- the object of the present invention is to further develop such an identification method, in such a way that identification of the instance can be more securely implemented.
- a password is ascertained or produced by the identification instance, and the password is then transmitted to the account details of the instance.
- a second configuration provides that the first instance to be identified firstly transmits a password to the identification instance which detects that password for identification of the first instance for still following further identifications.
- the invention concerns an identification method for the identification of an instance to be identified, in which a bank system transmits to an identification instance at least an item of information of the instance, which contains account details.
- This invention is also based on the above-indicated object.
- the identification instance produces or ascertains a password and transmits it to the account details.
- an already existing and secure information path of the banking system can be used for transmission of the passwords.
- only the target instance - that is to say either the identification instance or the instance to be identified - has access authorisation to the respectively specified account details so that only the target instance can call up the password.
- the methods according to the invention additionally ensure that the specified account number exists. As recourse is made to already existing communication paths, communication of the password to the target instance can be quickly implemented.
- the identification instance can be a natural person who receives the account details of the instance directly or by telephone, produces a password or ascertains it for example from a table, and transmits it in the form of a bank transaction to the account details specified by the instance or the bank system.
- the identification instance is in the form of an automatic apparatus, for example in the form of a server in a data network.
- a particular advantage of the identification methods is that closed user groups or LAN/WAN-users can also be easily, quickly and inexpensively identified therewith. Those users cannot be uniquely identified solely by way of the IP address. Thus for example given providers attribute a new IP address to the user for each session. In addition, anonymisers can modify the IP addresses. Finally, IP addresses are repeatedly allocated.
- the further alternative of transmission of the credit card number is insecure, as stated above, and does not afford a definite and unambiguous identification option. In comparison the method according to the invention is secure and inexpensive as this only involves incurring the costs of a bank transaction for the identification instance. In the optimum case transmission of the password to the first instance can be carried out in real time .
- the first instance is a user.
- Entering the password to the specified account details can be in the form of a debit entry or a credit entry (for example a credit transfer or remittance) .
- the account details are transmitted in encrypted form with a public key to the identification instance in order to ensure that only the identification instance having the private key associated with the public key can read the account details. If the message is sent for example to a wrong address, the receiver cannot see the account information.
- the use fee for calling up proprietary data (content) can be debited against the account details.
- the operation of checking the password can be effected both by the identification instance and also by the server providing the data element, to which the password was previously transmitted.
- the identification method does not necessary have to be initiated by the instance.
- the bank system or the instance managing customer data can transmit the account details to the identification instance for the production of passwords, which transmits the account details together with the passwords back to the bank connection details. In that manner, banks and institutions managing customer accounts can cause passwords to be generated in the preliminary stage in relation to the specific inquiry of a customer, which passwords the customer can if necessary read off his statement of account and thus call up proprietary information (content) for which the password is required.
- the password can be accompanied by further items of information which are associated with use of the password, for example the name of the supplier who accepts the password, the location and the time of an event in respect of which tickets were reserved with the password, the financial standing of the user or the number of use options of the password and the like. It can also be provided that, before transmission of the password, firstly the financial standing of the user is checked .
- the methods according to the invention are particularly suitable for being employed in uses which are relevant in terms of security. It will be appreciated that, in regard to the methods according to the invention, it is also possible to use the passwords for the areas of use which were described hereinbefore in connection with the automatic identification apparatus.
- the instance to be identified is a user who operates a mobile telephone and who initiates the method by transmitting his account details to the identification instance
- the user can specify as his password the number of his mobile telephone so that the identification instance directly receives the account details and the telephone number of the mobile telephone and can for example record those items of information for enablement purposes in a registration database provided at the identification instance.
- the password which is transmitted from the identification instance to the specified account details is used only for enablement of the instance to be identified, in particular a user, but cannot be used repeatedly.
- the instance to be identified specifies that password and is immediately required independently to establish a fresh password which is used in future. Detection of the fresh password can also be effected with the initial detection of the account details and enabled by input of the password transmitted by the identification instance. In that way, both identification of the instance to be identified is completed and also access to the specified account details is guaranteed. It will be appreciated that in that way services requested by the instance to be identified can also be billed by way of the account details.
- That fresh password can now be used as a symmetrical or asymmetrical key in the above-described manner for the certified communication between the various instances.
- the fresh password can include a user name to be determined by the user (for example a username or pseudonym) .
- Figure 1 is a diagrammatic view of the mode of operation of a conventional automatic identification apparatus
- Figure 2 is a diagrammatic view of the mode of operation of a automatic identification apparatus according to the invention.
- FIG. 3 is a diagrammatic view of an automatic identification apparatus according to the invention with passwords which can also be used by other automatic identification apparatuses which do not operate in accordance with the invention
- Figure 4 is a diagrammatic view of an identification method according to the invention which takes place in an alternative fashion
- Figure 5 is a diagrammatic view of the implementation of a further alternative of the identification method according to the invention.
- the automatic identification apparatus is identified by A, the user by C and the bank system by B.
- the automatic identification apparatus A forms the identification instance and the user C an instance to be identified.
- the bank system can include one or more financial institutions or may comprise institutions managing customer accounts, for example a department store, an airline, a telephone company or an automobile club.
- the transmitted items of information are represented at the arrows connecting the instances A, . B and C, in the boxes therebehind. The arrows identify the direction of the flow of information; the communication paths between the instances A, B and C are identified by broken lines.
- the automatic identification apparatus A shown in Figure 1 in accordance with the state of the art operates as follows: the customer C transmits to the automatic identification apparatus A in step 1 account details II, generally comprising the following pieces of information: name, account number and bank sort code. In the case of a credit card, the credit card number, name and expiry date are the transmitted items of information.
- the automatic identification apparatus forwards those items of information to the bank system B in step 2.
- the bank B sends to the automatic identification apparatus A the information 12 which states whether the account specified in 11 exists. Under some circumstances the financial standing of the account is also specified. No check is made to ascertain whether the user C is actually authorised to access the specified bank details II.
- the entire communication is effected for example over the Internet E.
- FIG. 2 in contrast shows the basic mode of operation of the automatic identification apparatus and method according to the invention.
- the customer C again sends the information II by way of a known communication medium, for example the Internet E, to the automatic identification apparatus A.
- the automatic identification apparatus thereupon generates a password PW and in step 2 transmits the information II with the password PW in the form of a usual account transaction, in particular a remittance, to the bank system B.
- the transmission from the bank system B to the customer C involves an already established path D of the bank system B, which ensures access authorisation on the part of the customer to the account details. That transaction can be transmitted within the bank system from a bank account associated with the automatic identification apparatus to a bank account corresponding to II.
- the user C calls up his statement of account including the password PW from the bank system B. Accordingly, the user C obtains the password only when he actually has access authorisation for the account identified by II.
- Figure 3 shows a password PW which is accepted both by the automatic identification apparatus A according to the invention and also by automatic identification apparatuses X,Y and Z which are not designed in accordance with the invention.
- the automatic identification apparatus A can generate passwords for other instances, for example for an Internet Service Provider or an information supplier.
- the identification method shown in Figure 4 is modified in relation to the above-described methods insofar as, in the first step, the user C transmits the items of information II (account number and a name for that account) with a first password PWl to the automatic identification apparatus A.
- the automatic identification apparatus A then produces a second PW2 and transmits same to the bank system B. That second password PW2 can now be called up by the user C.
- Both passwords PWl and PW2 must be present for identification of the user C in relation to the automatic identification apparatus A.
- the first password PWl can include for example a pseudonym or username selected by the user.
- the password PWl can be used for secure communication of the user C with the automatic identification apparatus A or third-party instances to which the password PWl has been previously passed.
- FIG. 5 diagrammatically shows an identification method according to the invention in which a user C transmits a password PW to account details of the automatic identification apparatus A.
- the user C actuates a bank remittance (electronically or by means of paper) to the account details of the automatic identification apparatus A, which is specified for example on the homepage of the automatic identification apparatus A.
- the automatic identification apparatus calls up that password PW from the account details.
- the password can now be used for the above-described uses for the purposes of the verified communication between the user C, the automatic identification apparatus A and further instances to which the password is notified.
- a automatic identification apparatus A automatic identification apparatus
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10196684T DE10196684T1 (en) | 2000-10-02 | 2001-10-01 | Automatic identification machine and identification method |
AU2002223577A AU2002223577A1 (en) | 2000-10-02 | 2001-10-01 | Automatic identification apparatus and identification method |
Applications Claiming Priority (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00121582 | 2000-10-02 | ||
EP00121582.1 | 2000-10-02 | ||
EP00123516.7 | 2000-10-27 | ||
EP00123516 | 2000-10-27 | ||
EP00126074.4 | 2000-11-29 | ||
EP00126074 | 2000-11-29 | ||
EP00127684.9 | 2000-12-18 | ||
EP00127684 | 2000-12-18 | ||
EP01100361.3 | 2001-01-05 | ||
EP01100361A EP1199691A3 (en) | 2000-10-02 | 2001-01-05 | Identification device and method |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002029732A2 true WO2002029732A2 (en) | 2002-04-11 |
WO2002029732A3 WO2002029732A3 (en) | 2003-10-09 |
Family
ID=27513042
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2001/011333 WO2002029732A2 (en) | 2000-10-02 | 2001-10-01 | Automatic identification apparatus and identification method |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1199691A3 (en) |
AU (1) | AU2002223577A1 (en) |
DE (1) | DE10196684T1 (en) |
WO (1) | WO2002029732A2 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4630201A (en) * | 1984-02-14 | 1986-12-16 | International Security Note & Computer Corporation | On-line and off-line transaction security system using a code generated from a transaction parameter and a random number |
US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
US5991738A (en) * | 1996-02-05 | 1999-11-23 | Ogram; Mark E. | Automated credit card processing |
US5991408A (en) * | 1997-05-16 | 1999-11-23 | Veridicom, Inc. | Identification and security using biometric measurements |
-
2001
- 2001-01-05 EP EP01100361A patent/EP1199691A3/en not_active Withdrawn
- 2001-10-01 AU AU2002223577A patent/AU2002223577A1/en not_active Abandoned
- 2001-10-01 WO PCT/EP2001/011333 patent/WO2002029732A2/en active Application Filing
- 2001-10-01 DE DE10196684T patent/DE10196684T1/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4630201A (en) * | 1984-02-14 | 1986-12-16 | International Security Note & Computer Corporation | On-line and off-line transaction security system using a code generated from a transaction parameter and a random number |
US5991738A (en) * | 1996-02-05 | 1999-11-23 | Ogram; Mark E. | Automated credit card processing |
US5991408A (en) * | 1997-05-16 | 1999-11-23 | Veridicom, Inc. | Identification and security using biometric measurements |
US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
Also Published As
Publication number | Publication date |
---|---|
WO2002029732A3 (en) | 2003-10-09 |
DE10196684T1 (en) | 2003-08-21 |
EP1199691A3 (en) | 2003-06-25 |
EP1199691A2 (en) | 2002-04-24 |
AU2002223577A1 (en) | 2002-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10769297B2 (en) | Centralized identification and authentication system and method | |
RU2320014C2 (en) | Electronic billing system | |
RU2292589C2 (en) | Authentified payment | |
RU2438172C2 (en) | Method and system for performing two-factor authentication in mail order and telephone order transactions | |
US7356837B2 (en) | Centralized identification and authentication system and method | |
EP2149084B1 (en) | Method and system for authenticating a party to a transaction | |
EP1280115A2 (en) | Electronic payment method, system, and devices | |
CN108476227A (en) | System and method for equipment push supply | |
US20030154376A1 (en) | Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using | |
US20040030659A1 (en) | Transaction system and method | |
US20020046092A1 (en) | Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites | |
KR20100054757A (en) | Payment transaction processing using out of band authentication | |
US20030069792A1 (en) | System and method for effecting secure online payment using a client payment card | |
WO2001069549A1 (en) | Payment authorisation method and apparatus | |
WO2001039085A1 (en) | Dual transaction authorization system and method | |
KR20030019466A (en) | Method and system of securely collecting, storing, and transmitting information | |
US20100043064A1 (en) | Method and system for protecting sensitive information and preventing unauthorized use of identity information | |
JP2002514839A (en) | Cryptographic system and method for electronic commerce | |
KR20040075321A (en) | Method for registering and enabling pki functionalities | |
US20070118749A1 (en) | Method for providing services in a data transmission network and associated components | |
US20140164269A1 (en) | Using successive levels of authentication in online commerce | |
GB2366432A (en) | Secure electronic payment system | |
KR20010085115A (en) | The payment system by using the wireless terminal | |
JP2008502045A (en) | Secure electronic commerce | |
WO2001092982A2 (en) | System and method for secure transactions via a communications network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
RET | De translation (de og part 6b) |
Ref document number: 10196684 Country of ref document: DE Date of ref document: 20030821 Kind code of ref document: P |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10196684 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |