CLIAMS:What is claimed is:
1. A method for making an electronic payment, the method comprising:
a. receiving a money transfer order, wherein the money transfer order comprises a mobile identity of a payee and a transaction amount;
b. receiving an identifier associated with a recipient;
c. seeking authorization from the payee to initiate the electronic payment, using the mobile identity;
d. receiving an authorization response from the payee;
e. verifying the authorization response; and
f. initiating the electronic payment of the transaction amount, upon verification of the authorization response.
2. The method as claimed in claim 1, further comprising notifying at least one of the payee and the recipient, on verification of the authorization response.
3. The method as claimed in claim 1, wherein the mobile identity comprises at least one of an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, and a mobile digital signature of a mobile device of the payee.
4. The method as claimed in claim 1, wherein the authorization response is digitally signed.
5. The method as claimed in claim 1, wherein the authorization response comprises a security passcode.
6. A system for making an electronic payment, the system comprising:
a. a receiver, wherein the receiver is configured to receive
a money transfer order comprising a mobile identity of a payee and a transaction amount,
an identifier associated with a recipient, and
an authorization response from a payee;
b. a transmitter, wherein the transmitter is configured to seek authorization from the payee by transmitting a message to a mobile device of the payee;
c. a storage module, wherein the storage module is configured to store mobile device information associated with the mobile identity; and
d. one or more processors, wherein the one or more processors are configured to verify the authorization response and initiate the electronic payment of the transaction amount.
7. The system as claimed in claim 6, wherein the transmitter is configured to notify at least one of the payee and the recipient.
8. The system as claimed in claim 6, wherein the mobile identity comprises at least one of an International Mobile Subscriber Identity (IMSI), Mobile Subscriber Integrated Services Digital Network (MSISDN) number, a mobile digital signature of the mobile device of the payee.
9. The system as claimed in claim 6, wherein the authorization response is digitally signed.
10. The system as claimed in claim 6, wherein the authorization response comprises a security passcode.
,TagSPECI:METHOD AND SYSTEM FOR SECURE ELECTRONIC PAYMENT
FIELD OF INVENTION
[0001] The present invention relates to electronic commerce and in particular, it relates to electronic payment systems of electronic commerce.
BACKGROUND OF THE INVENTION
[0002] Electronic commerce (e-commerce) has become a part and parcel of daily life. E-commerce offers users convenience and simplicity, as it allows users to integrate shopping and other commercial activities into their hectic lifestyle.
[0003] E-commerce transactions often conclude with electronic payments, which are managed by an electronic payment system. The electronic payment system manages transfer of funds between a customer and a merchant through a secure electronic channel. In addition to providing the secure channel, the electronic payment system ensures that the transfer of funds is performed only by an authorized entity. Since electronic transactions are not done in person, verification of identity is necessary.
[0004] Current approaches to electronic payment rely on a third party payment gateway. In one approach, when the customer completes his or her electronic transaction and proceeds to pay the merchant, he or she is redirected to the third party payment gateway. The customer transmits his or her personal financial details, such as bank account number, credit card number, etc., to the third party payment gateway. The third party payment gateway verifies the customer’s identity and then validates the entered information. Afterwards, the third party payment gateway encrypts the entered information and transmits the encrypted information to a bank for processing.
[0005] In another approach, a payment application is installed on a mobile device belonging to the customer (See US 2010/0332351, Stone). When the customer completes his or her transaction, he or she uses the payment application to contact the third party payment gateway. Using the payment application, the customer transmits his or her personal financial details, such as bank account number, credit card number, etc., along with a personal identification code to the third party payment gateway. The transmission of information can be performed over an unstructured supplementary service data (USSD) session (See US 2012/0197801, Jimenez). The third party payment gateway verifies the personal identification code and then validates the entered information. Afterwards, the third party payment gateway encrypts the entered information and transmits the encrypted information to a bank for processing.
[0006] However, due to the usage of third party payment gateway, the present process of making electronic payments is often lengthy, tedious, and time consuming. Moreover, due to the lengthy nature of the process, there is a distinct possibility that the process will get interrupted, due to network fault or network lag. Such an interruption can cause the electronic transaction to fail.
[0007] Furthermore, it is often cumbersome to use mobile devices, such as cell phones, palmtops, etc., for making electronic payments using the present process due to their limited input capabilities. Entering personal financial details through these mobile devices is cumbersome and error prone. Moreover, installing payment application on the mobile device takes time, and can tax the limited storage of the mobile device.
[0008] Additionally, since the customer’s personal financial details are transmitted over an electronic medium, there is a possibility that this information can be intercepted or compromised.
[0009] In light of the above discussion, there is a need for a method and system which overcomes all the above stated problems.

BRIEF DESCRIPTION OF THE INVENTION
[0010] The above-mentioned shortcomings, disadvantages and problems are addressed herein which will be understood by reading and understanding the following specification.
[0011] In embodiments, the present invention provides a method for making an electronic payment. The method includes receiving a money transfer order, receiving an identifier associated with a recipient, seeking authorization from a payee to initiate the electronic payment, receiving an authorization response from the payee, verifying the authorization response, and initiating the electronic payment of a transaction amount. The money transfer order includes a mobile identity of the payee and the transaction amount. The mobile identity of the payee is used to seek authorization from the payee to initiate the electronic payment.
[0012] In an embodiment, the method further includes notifying at least one of the payee and the recipient, on verification of the authorization response.
[0013] In an embodiment, the mobile identity of the payee includes at least one of an International Mobile Subscriber Identity (IMSI), Mobile Subscriber Integrated Services Digital Network (MSISDN) number, and a mobile digital signature of a mobile device of the payee.
[0014] In an embodiment, the authorization response is digitally signed. In another embodiment, the authorization response includes a security passcode.
[0015] In another aspect, the present invention provides a system for making an electronic payment. The system includes a receiver, a transmitter, a storage module, and one or more processors. The receiver is configured to receive the money transfer order, the identifier associated with the recipient, and the authorization response from the payee. The money transfer order includes the mobile identity of the payee and the transaction amount. The transmitter is configured to seek authorization from the payee by transmitting a message to the mobile device of the payee. The storage module is configured to store mobile device information associated with the mobile identity. The one or more processors are configured to verify the authorization response and initiate the electronic payment of the transaction amount.
[0016] In an embodiment, the transmitter is configured to notify at least one of the payee and the recipient.
[0017] Systems and methods of varying scope are described herein. In addition to the aspects and advantages described in this summary, further aspects and advantages will become apparent by reference to the drawings and with reference to the detailed description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS
[0018] Figure 1 illustrates a system for making electronic payment, in accordance with various embodiments of the present invention;
[0019] Figure 2 illustrates a flowchart for making the electronic payment, in accordance with various embodiments of the present invention;
[0020] Figure 3 illustrates a block diagram of a payment system for making electronic payments, in accordance with various embodiments of the present invention;
[0021] Figure 4 illustrates a flowchart of for making the electronic payment, in accordance with various embodiments of the present invention;
[0022] Figure 5 illustrates a screenshot of a mobile device of a payee on receiving a message to authorize the electronic payment, in accordance with various embodiments of the present invention;
[0023] Figure 6 illustrates a screenshot of the mobile device of the payee requesting the payee to enter security pin, in accordance with various embodiments of the present invention;
[0024] Figure 7 illustrates a screenshot of the mobile device of the payee on sending an authorization response, in accordance with various embodiments of the present invention;
[0025] Figure 8 illustrates a sequence diagram of a method for making the electronic payment, in accordance with various embodiments of the present invention; and
[0026] Figure 9 is a block diagram of a subscriber identification module (SIM) card, in accordance with various embodiments of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0027] In the following detailed description, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration specific embodiments, which may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments, and it is to be understood that other embodiments may be utilized and that logical, mechanical, electrical and other changes may be made without departing from the scope of the embodiments. The following detailed description is, therefore, not to be taken in a limiting sense.
[0028] Figure 1 illustrates a system 100 for making electronic payment, in accordance with various embodiments of the present invention. The system 100 includes a payee 110 with a mobile device 120, a payment terminal 130 and a payment verifier 140.
[0029] The term “payee” 110 refers to a user who transfers money to a recipient. In an embodiment, the payee 110 is a customer and the recipient is a merchant. The customer, upon completing a sale, pays the merchant. In another embodiment, the payee 110 is an employer and the recipient is an employee. The employer pays the employee remuneration for the services rendered by the employee.
[0030] The term “mobile device” 120 refers to a handheld electronic device that can be used to communicate over a communication network. Examples of the mobile device 120 include a cell phone, a smart phone, a personal digital assistant (PDA), a wireless email terminal, a laptop, a tablet computer, etc. Examples of the communication network include a local area network, a wide area network, a wireless network, a telecommunication network, etc. Types of the telecommunication network include global system for mobile communication (GSM) network, general packet radio service (GPRS) network, code division multiple access (CDMA) system, enhanced data GSM environment (EDGE), wideband CDMA (WCDMA), etc.
[0031] The term “payment terminal” 130 refers to an electronic device over which a money transfer order is generated and transmitted. The money transfer order is a payment order for transferring money from the payee 110 to the recipient. In an embodiment, the payment terminal 130 is a server located at the merchant’s end. The server generates the money transfer order upon receiving a purchase order from the customer. In another embodiment, the payment terminal 130 is a general-purpose computer of the payee 110. The general-purpose computer generates the money transfer order at the behest of the payee 110. In yet another embodiment, the payment terminal 130 is the mobile device 120. In yet another embodiment, the payment terminal 130 is a point of sale (POS) terminal.
[0032] The term “payment verifier” 140 refers to an electronic device which receives the money transfer order generated by the payment terminal 130 and verifies the money transfer order. In an embodiment, the payment verifier 140 is a server located at a bank’s end. In another embodiment, the payment verifier 140 is a server managed by a third party. After verification of the money transfer order, the server informs the bank about the verified money transfer order.
[0033] Figure 2 illustrates a flowchart 200 for making the electronic payment, in accordance with various embodiments of the present invention. The flowchart initiates at step 210. At step 220, the payment verifier 140 receives the money transfer order. The money transfer order includes a mobile identity of the payee 110 and a transaction amount. Transaction amount indicates the amount of money or funds which are to be transferred from the payee 110 to the recipient.
[0034] The term “mobile identity” essentially relates to an extension of digital identity provided via mobile devices and communication networks. The mobile identity relates to a manner of verifying personal identity using mobile devices. The mobile identity is based on a combination of knowledge factor, possession factor, and inherence factor.
[0035] Knowledge factor refers to set of parameters that a user would remember. Examples of knowledge factors include a password, a security code, a security question, etc. Possession factor refers to set of parameters that are within the user’s possession. Examples of possession factor include an encrypted subscriber identification module (SIM), an encryption module on the mobile device 120 that generates security passcodes, an identification communication tag on the mobile device 120, one time password delivered to the mobile device 120, mobile digital signature contained on the mobile device 120, etc. Inherence factor refers to set of parameters that are inherent to the user. Examples of inherence factor include the biometric signature of the user, etc.
[0036] In an embodiment, the mobile identity relates to digital signatures and digital certificates. In an embodiment, a subscriber identification module (SIM) card holds digital signature of the payee 110 and in order to use the digital signature, the payee 110 has to enter a personal secret code. The mobile device 120 then verifies the entered personal secret code and allows access to the digital signature of the payee 110, stored on the subscriber identification module (SIM) card. In another embodiment, a mobile digital signature application is present on the mobile device 120. The mobile digital signature application on the mobile device 120 receives a digital signature from a security server upon the registration of the mobile device 120 for creation of mobile identity.
[0037] In another embodiment, the mobile identity is an identity code unique to the mobile device 120. Examples of the identity code include an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber Integrated Services Digital Network (MSISDN) number of the mobile device 120. In another example, a key generator present on the mobile device 120 generates the identity code. The identity code is used to identify the mobile device 120, thereby serving the purpose of a unique identifier.
[0038] In yet another embodiment, the mobile identity relates to biometric signatures and digital signatures. The payee 110 scans payee 110’s thumbprint on the mobile device 120. The mobile device 120 generates and transmits a response containing digital signature of the payee 110 and the scanned thumbprint. The digital signature is stored on the subscriber identification module (SIM) card or on the mobile device 120.
[0039] In an embodiment, the payee 110 provides the transaction amount and the mobile identity of the payee 110 to the payment terminal 130. The payment terminal 130 generates the money transfer order, which includes the transaction amount and the mobile identity of the payee 110.
[0040] At step 230, the payment verifier 140 receives an identifier associated with the recipient. In an embodiment, the payment verifier 140 uses the identifier to identify the financial information of the recipient, such as account number, etc., for the transfer of the transaction amount from the payee 110 to the recipient. In an embodiment, the received identifier is an account number of the recipient. In another embodiment, the received identifier is a mobile identity of the recipient. The payment verifier 140 uses the identifier to lookup and retrieve financial information of the recipient. In another embodiment, the payment verifier 140 passes the identifier to a payment server along with the verified money transfer order.
[0041] At step 240, the payment verifier 140 seeks authorization from the payee 110 to initiate the electronic payment. The mobile identity of the payee 110 is used to retrieve device information of the mobile device 120 associated with the mobile identity. Using the device information, the payment verifier 140 sends a message to the mobile device 120 of the payee 110. The message informs the payee 110 about the money transfer order. In an embodiment, the message contains the identifier associated with the recipient and the transaction amount.
[0042] At step 250, the payment verifier 140 receives an authorization response from the payee 110. In an embodiment, the mobile device 120 of the payee 110 sends the authorization response. In an embodiment, the authorization response includes a password, a security code, etc. The payment verifier 140 verifies the authenticity of authorization response by verifying the password.
[0043] In another embodiment, the payee 110 uses the digital signature on the mobile device 120 to digitally sign the authorization response. In an embodiment, the mobile digital signature application on the mobile device 120 can generate the digital signature. In another embodiment, the mobile digital signature application obtains the digital signature from a secure third party server for the purpose of signing the authorization response.
[0044] At step 260, the payment verifier 140 verifies the validity of authorization response. In an embodiment, the payment verifier 140 verifies the received authorization response to ensure the authenticity of the authorization response. In an embodiment, the payee 110 uses the mobile device 120 to digitally sign the authorization response using a digital signature associated with the mobile identity. On receiving the authorization response, the payment verifier 140 retrieves a public key associated with the mobile identity. The payment verifier 140 verifies the signed authorization response using the public key. In another embodiment, a verification server verifies the authorization response.
[0045] At step 270, if the authorization response is valid then the payment verifier 140 initiates the electronic payment of the transaction amount. In an embodiment, the payment verifier 140 retrieves account number of the payee 110 using the mobile identity of the payee 110. The payment verifier 140 retrieves account number of the recipient using the identifier associated with the recipient. Then, the payment verifier 140 transfers an amount equal to the transaction amount from the payee 110 to the recipient.
[0046] In another embodiment, the payment verifier 140 informs the payment server regarding the verified money transfer order. The payment verifier 140 transmits the verified money transfer order and the identifier associated with the recipient to the payment server. The payment server retrieves the account number of the payee 110 using the mobile identity of the payee 110. The payment server retrieves the account number of the recipient using the identifier associated with the recipient. Then, the payment server transfers an amount equal to the transaction amount from the payee 110 to the recipient.
[0047] In an embodiment, the payment verifier 140 notifies at least one of the payee 110 and the recipient, on verification of the authorization response. The payment verifier 140 sends a notification message to the mobile device 120 of the payee 110 and an electronic device of the recipient. The notification message informs the payee 110 and the recipient regarding the verification of the authorization response.
[0048] Figure 3 illustrates a block diagram 300 of a payment system 310 for making the electronic payment, in accordance with various embodiments of the present invention.
[0049] The payment system 310 includes a receiver 320, a storage module 330, a transmitter 340, and one or more processors 350.
[0050] The receiver 320 receives the money transfer order, the identifier associated with the recipient, and the authorization response from the payee 110.
[0051] The money transfer order is a payment order for transferring money from the payee 110 to the recipient. The payment terminal 130 generates and transmits the money transfer order.
[0052] The money transfer order includes the mobile identity of the payee 110 and the transaction amount. Transaction amount indicates the amount of money or funds which are to be transferred from the payee 110 to the recipient. The mobile identity relates to a manner of verifying personal identity using mobile devices.
[0053] In an embodiment, the mobile identity relates to digital signatures and digital certificates. In an embodiment, the subscriber identification module (SIM) card holds digital signature of the payee 110 and in order to use the digital signature, the payee 110 has to enter the personal secret code. The mobile device 120 then verifies the entered personal security code and allows access to the digital signature of the payee 110, stored on the subscriber identification module (SIM) card. In another embodiment, the mobile digital signature application is present on the mobile device 120. The mobile digital signature application on the mobile device 120 receives the digital signature from the security server upon the registration of the mobile device 120 for creation of mobile identity.
[0054] The payment system 310 uses the identifier associated with the recipient to identify the financial information of the recipient, such as account number, etc., for the transfer of the transaction amount from the payee 110 to the recipient. In an embodiment, the received identifier is the account number of the recipient. In another embodiment, the received identifier is the mobile identity of the recipient. The payment system 310 uses the identifier to lookup and retrieve financial information of the recipient. In another embodiment, the payment system 310 passes the identifier to the payment server along with the verified money transfer order.
[0055] In an embodiment, the receiver 320 receives the authorization response from the mobile device 120 of the payee 110. In an embodiment, the authorization response includes a password, a security code, etc. The system 310 verifies the authenticity of the authorization response by verifying the password.
[0056] The storage module 330 stores mobile device information associated with the mobile identity of the payee 110. Examples of the mobile device information include an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, etc., of the mobile device 120 associated with the mobile identity of the payee 110. In an embodiment, the storage module 330 is preloaded with mobile device information associated with the mobile identity of the payee 110. In another embodiment, the payment system 310 fetches the mobile device information from a third party server and then stores the mobile device information on the storage module 330.
[0057] The transmitter 340 seeks authorization from the payee 110 by transmitting a message to the mobile device 120 of the payee 110. The mobile identity of the payee 110 is used to retrieve the mobile device information of the mobile device 120. Using the mobile device information, the transmitter 340 sends a message to the mobile device 120 of the payee 110. The message informs the payee 110 about the money transfer order. In an embodiment, the message contains the identifier associated with the recipient and the transaction amount.
[0058] The one or more processors 350 verify the authorization response and initiate the electronic payment of the transaction amount. In an embodiment, the payee 110 uses the mobile device 120 to digitally sign the authorization response using a digital signature associated with the mobile identity of the payee 110. On the receiver 320 receiving the authorization response, the one or more processors 350 retrieve a public key associated with the mobile identity of the payee 110. The one or more processors 350 verify the signed authorization response using the public key.
[0059] In an embodiment, the one or more processors 350 retrieve the account number of the payee 110 using the mobile identity of the payee 110. The one or more processors 350 retrieve the account number of the recipient using the identifier associated with the recipient. Then, the one or more processors 350 transfer an amount equal to the transaction amount from the payee 110 to the recipient.
[0060] In another embodiment, the one or more processors 350 inform the payment server regarding the verified money transfer order. The one or more processors 350 transmit the money transfer order and the identifier associated with the recipient to the payment server. The payment server retrieves the account number of the payee 110 using the mobile identity of the payee 110. The payment server retrieves the account number of the recipient using the identifier associated with the recipient. Then, the payment server transfers an amount equal to the transaction amount from the payee 110 to the recipient.
[0061] In an embodiment, the transmitter 340 notifies at least one of the payee 110 and the recipient. The transmitter 340 sends a notification message to the mobile device 120 of the payee 110 and an electronic device of the recipient. The notification message informs the payee 110 and recipient regarding the verification of the authorization response.
[0062] Figure 4 illustrates a flowchart 400 of for making the electronic payment, in accordance with various embodiments of the present invention. The steps 410-480 of the flowchart 400 are same as the steps 210-280 of the flowchart 200.
[0063] Figure 5 illustrates a screenshot 500 of the mobile device 120 of the payee 110 on receiving the message to authorize the electronic payment, in accordance with various embodiments of the present invention. On receiving the message, the mobile device 120 presents the payee 110 with options to either authorize the payment or exit and deny the payment. Button 510 is for authorizing the electronic payment and button 520 is for exiting and denying the payment.
[0064] Figure 6 illustrates a screenshot 600 of the mobile device 120 of the payee 110 requesting the payee 110 to enter security pin, in accordance with various embodiments of the present invention. As explained above, the payee 110 has to enter the personal secret code to use the digital signature. Button 610 is for submitting the personal secret code after entering the personal secret code.
[0065] Figure 7 illustrates a screenshot 700 of the mobile device 120 of the payee 110 on sending an authorization response, in accordance with various embodiments of the present invention. The mobile device 120 displays a submission message to confirm the sending.
[0066] Figure 8 illustrates a sequence diagram 800 of a method for making the electronic payment, in accordance with various embodiments of the present invention. The sequence diagram 800 has three participants: the mobile device 120 of the payee 110, the payment terminal 130, and the payment verifier 140. The actions 810-860, displayed in the sequence diagram 800 as same as the steps 220-270 of the flowchart 200.
[0067] Figure 9 is a block diagram 900 of a subscriber identification module (SIM) card 910, in accordance with various embodiments of the present invention. In an embodiment, as explained above, the subscriber identification module (SIM) card 910 is for storing the digital signature of the payee 110. The subscriber identification module (SIM) card 910 follows Java Card specifications. Java-based applets and applications are run on the subscriber identification module (SIM) card 910.
[0068] The subscriber identification module (SIM) card 910 includes a hardware crypto processor 920, a SIM application 930, a symmetric encryption key 940, a secure key storage module 950 and an Integrated Circuit Card Identifier (ICCID) storage module 960.The hardware crypto processor 920 is a true random number generator. The hardware crypto processor 920 generates random numbers for cryptography.
[0069] The SIM application 930 refers to a SIM Application Toolkit (STK) installed on the subscriber identification module (SIM) card 910. The SIM application 930 is responsible for overall control of the digital signature on the subscriber identification module (SIM) card 910. For example, the SIM application 930 generates the digital signature using the hardware crypto processor 920. In another example, as explained above, the SIM application 930 requires the payee 110 to enter a security pin to access the digital signature.
[0070] The symmetric encryption key 940 refers to an encryption key unique to the subscriber identification module (SIM) card 910. The symmetric encryption key 940 is stored in subscriber identification module (SIM) card 910 during the generation of the subscriber identification module (SIM) card 910. The symmetric encryption key 940 is used for secure communication. The mobile device 120 encrypts all incoming and outgoing communication arising from the SIM application 930 with the symmetric encryption key 940. In an embodiment, a copy of the symmetric encryption key 940 is present with a messaging server. The messaging server receives communication from the mobile device 120, decrypts the communication using the symmetric encryption key 940 and then forwards the decrypted communication in a secure manner.
[0071] The secure key storage module 950 stores public key-private key pairs associated with the mobile device 120. In an embodiment, the secure key storage module 950 includes sixteen key slots. The key slots store two types of keys: a weaker key type for authentication purpose and a stronger key type for non-repudiation purpose.
[0072] The ICCID storage module 960 stores the Integrated Circuit Card Identifier (ICCID). ICCID uniquely identifies Subscriber Identification Module (SIM) card internationally. In an embodiment, the public key is associated with a combination of the ICCID and the MSISDN.
[0073] The present invention makes electronic payments simple and short. Additionally, the present invention provides for better security as no financial information of the payee is transmitted between the participants. Moreover, by shortening the span of electronic payment, the present invention reduces the probability of a network error happening during the electronic payment. Additionally, since the present invention does not rely on installing an application on the mobile device, it is memory efficient.
[0074] This written description uses examples to describe the subject matter herein, including the best mode, and also to enable any person skilled in the art to make and use the subject matter. The patentable scope of the subject matter is defined by the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal language of the claims.