System and method for secure and authenticated information transfer
DESCRIPTION
TECHNICAL FIELD
The present disclosure generally relates to the field of electronic transactions, and more
particularly, to systems and methods for implementing information exchange between
two SIM enabled devices.
BACKGROUND TO THE INVENTION:
Money transfer systems, especially within emerging markets, may be run through a
network of third party agents, which are not usually managed centrally. Management of
the agent network is an overhead for the operator providing the service and therefore
increases cost. Improvement in agent management can both provide better customer
experience for a critical aspect of the service (depositing and withdrawing cash from a
account) and reduce the overheads of the operator who is running the service.
There is a tremendous need to develop efficient systems and methods that would
provide means for improving electronic transaction capabilities. There is a need to
reduce the number of transactions requiring real time connectivity to core banking
network. There is a need to reduce the number of transactions coming to a central node
for validation. There is need to enable non-POS or ATM e-money transactions,
especially enabling transactions between two individuals offline without the need for a
third party or intermediary. There is a further need to develop systems and methods that
can provide uninhibited freedom to users for utilizing electronic money.
Moreover, there is a need to reduce or remove physical money as much as possible
thus reducing the last mile problem of cash management without using an internet
enabled device. Accordingly, there remains a need for a system that can efficiently and
securely authenticate and transfer the information between two SIM enabled wireless
devices.
SUMMARY:
According to the one embodiment of the present invention, a system and a method for
the secure and authenticated information transfer between a first user device and a
second user device comprises sending an information embedded in a short message
service (SMS) from the first device to a SMS gateway, processing the received
information by the SMS gateway, passing the processed information by SMS gateway
to a Server, authenticating the processed information by the server, wherein the
authentication of the received information is done by either calling first user device
through an IVRS (Interactive Voice Response System) or through another SMS that is
received and responded by an application in the first user device and transferring the
authenticated information by the server to the second user device.
According to another embodiment of the present invention, a system and a method for
the secure and authenticated information transfer between a first user device and a
second user device comprises sending an information embedded in a short message
service (SMS) from the first device to a SMS gateway, processing the received
information by the SMS gateway, passing the processed information by SMS gateway
to a Server, authenticating the processed information by the server, wherein the
authentication of the received information is done by calling both first user device and
second user device through an IVRS (Interactive Voice Response System) or through
another SMS that is received and responded by an application in the first device and
transferring the authenticated information by the server to the second user device.
According to yet another embodiment of the present invention, a system and a method
for the secure and authenticated information transfer between a first user device and a
second user device comprises sending an information embedded in a short message
service (SMS) from the first device to a SMS gateway, processing the received
information by the SMS gateway, passing the processed information by SMS gateway
to a Server, authenticating the processed informailon by the server, wherein the
authentication of the received information is done by sending a authentication request
for the first user to the second user device and the first user authenticates by entering a
PIN or through biometric authentication through second user device and transferring the
authenticated information by the server to the second user device.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS:
FIG. 1 illustrates the different phases of a system for authenticated information
exchange between a first user device and the second user device, using SMS according
to an embodiment of the present invention;
FIG. 2 illustrates the different phases of secured and authenticated SMS based
commun~cation between the first user device and the second user device with
authentication of the first user through the first user device and of the second user
through the second user device according to an embodiment of the present invention;
FIG. 3 illustrates the different phases of secured and authenticated SMS based
communication between the first user device and the second user device with first user
being authenticated through second user device according to an embodiment of the
present invention; and
FIG. 4 illustrates the architecture of the system required for authenticated information
exchange between a first user device and the second user device.
DETAILED DESCRIPTION OF DRAWINGS
Cell phone based money transfer systems provide a facility for transferring funds
between mobrle users. Cash may be exchanged for electronic money, which may be
sent to family and friends, to pay bills etc. Such systems are designed to work on limited
functionality mobile handsets using an installed SIM toolkit (STK) to provide additional
menus dedicated to funds transfer, Unstructured Supplementary Service Data (USSD)
sessions or interactive voice response (IVR) systems. SMS messages may be used to
confirm to a sender and a receiver that an amount has been transferred following a
transaction or payment. Cash may be redeemed or exchanged for electronic money (or
"e-money") at outlets, which may be grocery stores or airtime resellers, etc.
FIG. 1 illustrates the different phases of the invented system for authenticated
information exchange between a first user device and the second user device, using
SMS. The devices could be any two devices including, but not limited to phones,
smartphones, PCs, laptops, automobiles, scooters, Internet of Things (IOT) devices etc.
The server has pre-registered authentication information of the two devices.
A first user having a first user device (Device 1) initiates exchange of information with a
second user having a second user device (Device 2), using plain SMS (short messaging
system), which is received by an SMS gateway. The SMS gateway processes the SMS
and passes it to the server that then calls back Device 1 to receive a Personal
Information Number (PIN) from Device 1, in order to authenticate the information
received over SMS. Based on the authentication, the information exchange mentioned
in the SMS from Device 1 is effected and Device 1 and Device 2 exchange information.
The system illustrated in Figure 1 transfers information form device 1 to device 2 using
eight steps as explained below.
In step 100, Device 1 sends one or more SMS's to the server. The SMS may contain
information that identifies the intended recipient and either carries the information to be
exchanged or carries the meta-information that indicates what information needs to be
exchanged, or carries both. For example, if the intended information exchange is
payment information, then the SMS may carry the phone number of the intended
recipient and also carry the amount to be paid. If this information is being sent by an
App in Device 1, then the message may even be encrypted so as to protect the
contents of the information and may have the Personal ldentification Number of the user
of Device 1, embedded in the message.
In Step 110, the message is received through an SMS gateway and the same is
decrypted if it was sent as an encrypted message.
In Step 120, the server fetches the details of the intended recipient of the information
based on the parameters sent in the message from Device 1, from the list of preregistered
user information. It also finds details of Device 1 based on the Caller Line
ldentification (CLI), comparing the same with the list of pre-registered users, to access
information such as the encrypted PIN of Device 1. For example, if the message from
Device 1 contains the phone number of the intended recipient, then the server fetches
the name of the intended recipient and fetches details of Device 1 such as encrypted
PIN and phone number.
In Step 130, The server then calls Device 1 and through a protocol such as an
Interactive Voice Recorded System (IVRS), plays out the details of the information to be
exchanged and the details of the intended recipient.
In Step 140, User 1 provides authentication to the intended information exchange by
providing the Personal ldentification Number (PIN)/ biometric through Device 1,
verifying the information provided by the server. This may even be done by an App or
through biometric.
In Step 150, server authenticates the PIN/ biometric provided by Device 1 by validating
against the encrypted PIN/ biometric of User 1, stored in its pre-registered user1 device
information.
In Step 160, based on the authentication of the PIN, the server effects the required
information exchange. For example, if the required information was to transfer INR 100
to Device 2, the server debits the ledger of UserIDevice 1 and credits the ledger of
UserIDevice 2 with INR 100.
In Step 170 and Step 175, a confirmation message may be sent to Device 1 and to
Device 2 respectively, confirming the transaction. This may be in the form of an SMS.
In Step 180, any further information may be exchanged between Device 1 and Device
2, based on the information stored at the server.
FIG. 2 illustrates the different phases of the invented system for authenticated
information exchange between two devices, using SMS. The system comprises the
eight steps. The server has pre-registered authentication information of the two devices.
Device 1 initiates exchange of information to Device 2, using plain SMS (short
messaging system), which is received by an SMS gateway. The SMS gateway
processes the SMS and passes it to the server which then calls back Device 1 to
receive a Personal Information Number (PIN) from Device 1, in order to authenticate the
information received over SMS. Based on the authentication, the information exchange
mentioned in the SMS from Device 1 is effected and Device 1 and Device 2 exchange
information.
In step 200, Device 1 sends one or more SMS's to the server. The SMS may contain
information that identifies the intended recipient and either carries the information to be
exchanged or carries the meta-information that indicates what information needs to be
exchanged, or carries both. For example, if the intended information exchange is
payment information, then the SMS may carry the phone number of the intended
recipient and also carry the amount to be paid. If this information is being sent by an
App in Device 1, then the message may even be encrypted so as to protect the
contents of the information and may have the Personal ldentification Number of the user
of Device 1, embedded in the message.
In Step 210, the message is received through an SMS gateway and the same is
decrypted if it was sent as an encrypted message.
In Step 220, the server fetches the details of the intended recipient of the information
based on the parameters sent in the message from Device 1, from the list of preregistered
user information. It also finds details of Device 1 based on the Caller Line
ldentification (CLI), comparing the same with the list of pre-registered users, to access
information such as the encrypted PIN of Device 1. For example, if the message from
Device 1 contains the phone number of the intended recipient, then the server fetches
the name of the intended recipient and fetches details of Device 1 such as encrypted
PIN and phone number.
In Step 230, The server then calls Device 1 and through a protocol such as an
Interactive Voice Recorded System (IVRS), plays out the details of the information to be
exchanged and the details of the intended recipient.
In Step 240, User 1 provides authentication to the intended information exchange by
providing the Personal ldentification Number (PIN) through Device 1, verifying the
information provided by the server. This may even be done by an App or through
biometric.
In Step 245, User 2 provides authentication to the intended information exchange by
providing the Personal Identification Number (PIN)/ biometric through Device 2,
verifying the information provided by the server. This may even be done by an App or
through biometric.
In Step 250, server authenticates the PIN/ biometric provided by Device 1 and by
Device 2 by validating against the encrypted PIN/ biometric of User 1 and of User 2
respectively, stored in its pre-registered user/ device information.
In Step 260, based on the authentication of the PIN, the server effects the required
information exchange. For example, if the required information was to transfer INR 100
to Device 2, the server debits the ledger of UserIDevice 1 and credits the ledger of
UserIDevice 2 with INR 100.
In Step 270 and Step 275, a confirmation message may be sent to Device 1 and to
Device 2 respectively, confirming the transaction. This may be in the form of an SMS.
In Step 280, any further information may be exchanged between Device 1 and Device
2, based on the information stored at the server.
FIG. 3 illustrates the different phases of the invented system for authenticated
information exchange between two devices, using SMS. The system comprises the
eight steps. The server has pre-registered authentication information of the two devices.
User 1 initiates exchange of information through Device 1 to Device 2, using plain SMS
(short messaging system), which is received by an SMS gateway. The SMS gateway
processes the SMS and passes it to the server that then sends the request for
authentication of User 1 to Device 2. User 1 then provides authentication through
Device 2, either as a PIN or as a biometric authentication. Based on the authentication,
the information exchange mentioned in the SMS from Device 1 is effected and Device 1
and Device 2 exchange information.
In step 300, Devrce 1 sends one or more SMS's to the server. The SMS may contain
information that identifies the intended recipient and either carries the information to be
exchanged or carries the meta-information that indicates what information needs to be
exchanged, or carries both. For example, if the intended information exchange is
payment information, then the SMS may carry the phone number of the intended
recipient and also carry the amount to be paid. If this information is being sent by an
App in Device 1, then the message may even be encrypted so as to protect the
contents of the information and may have the Personal ldentification Number of the user
of Device 1, embedded in the message.
In Step 310, the message is received through an SMS gateway and the same is
decrypted if it was sent as an encrypted message.
In Step 320, the server fetches the details of the intended recipient of the information
based on the parameters sent in the message from Device 1, from the list of preregistered
user information. It also finds details of Device 1 based on the Caller Line
Identification (CLI), comparing the same with the list of pre-registered users, to access
information such as the encrypted PIN or biometric of User 1. For example, if the
message from Device 1 contained the phone number of the intended recipient, then the
server fetches the name of the intended recipient and fetches details of User 1 such as
encrypted PIN/ biometrict photograph and phone number.
In Step 330, the server then sends request for authentication of Us'er 1 to Device 2.
In Step 340, User 1 enters through Device 2, the authentication information which could
be PIN or biometric or both. Device 2 may also show the photograph of User 1 as an
authentication aide. This also confirms the intention to exchange the information.
In Step 350, server authenticates the PIN1 biometric of User 1 provided through Device
2 by validating against the encrypted PIN1 biometric of User 1, stored in its preregistered
user/ device information.
In Step 360, based on the authentication of the PIN, the server effects the required
information exchange. For example, if the required information was to transfer INR 100
to Device 2, the server debits the ledger of UserIDevice 1 and credits the ledger of
UserIDevice 2 with INR 100.
In Step 370 and Step 375, a confirmation message may be sent to Device 1 and to
Device 2 respectively, confirming the transaction. This may be in the form of an SMS.
In Step 380, any further information may be exchanged between Device 1 and Device
2, based on the information stored at the server.
FIG. 4 illustrates the architecture of the system required for authenticated information
exchange between a first user device and the second user device.
The system 100 includes a server 10 connected with a first user device (Device 1) and
a second device (Device 2). Device 1 and Device 2 both have SMS Gateways for
connecting with the server. Server 10 is also configured to connect with the database 20
whenever the process for the authentication of first user and the second user is
required.
The first user device and the second user device could be any two devices including,
but not limited to phones, smartphones, PCs, laptops, automobiles, scooters, Internet of
Things (IOT) devices etc. The server has pre-registered authentication information of
the two devices.
The database 20 can be the private one associated with the present system only or it
can be a public database associated with some already existing system such as'
Aadhar.
Database 20 includes a storage means for storing financial or user's personal
information. Examples of information includes, but are not limited to, transaction
information, various currency types, Unique Identification (PIN), Biometrics information,
Social Security Number (SSN), Aadhar number, Driver's License (DL) Number, loyalty
points information, club membership information, and the like, for one or more users.
As will be appreciated by the skilled person, details of the above embodiment may be
varied without departing from the scope of the present invention, as defined by the
appended claims.
For example, other types of mobile telephones may be used such as for example, smart
phones. Mobile Apps may be used to carry out the transactions and so avoid the menu
based systems used with more limited functionality handsets. Other notifications may be
sent. Different mobile technologies may be utilized.
It can be seen by one skilled in the art that this system for providing high volume
transactions as well as unconnected transactions has many uses outside of the banking
and financial industry
Many combinations, modifications, or alterations to the features of the above
embodiments will be readily apparent to the skilled person and are intended to form part
of the invention. Any of the features described specifically relating to one embodiment
or example may be used in any other embodiment by making the appropriate changes

WE CLAIM:
1) A method for the secure and authenticated information transfer between a first user
device (device 1) and a second user device (device 2) comprising:
sending an information embedded in a short message service (SMS) from the first
device to a SMS gateway;
processing the received information by the SMS gateway;
passing the processed information by SMS gateway to a Server (10);
authenticating the processed information by the server, wherein authentication involves
communication of the server (10) with the first user device (device 1) to receive an
unique identification data associated with the first user device (device 1); and
transferring the authenticated information by the server (10) to the second user device
(device 2).
2) The method as claimed in claim 1, wherein the authentication of the received
information is done by either calling first user device through an IVRS (Interactive Voice
Response System) or through another SMS that is received and responded by an
application in the first user device.
3. The method as claimed in claim 1, wherein the authentication of the received
information is done by calling both first user device and second user device through an
IVRS (Interactive Voice Response System) or through anther SMS that is received and
responded by an application in the first device.
4. The method as claimed in claim 1, wherein the authentication of the received
information is done by sending a authentication request for the first User to the second
user device and the first user authenticates by entering a PIN or through biometric
authentication through second user device.
5. The method as claimed in claim 1, wherein the server is configured to receive preregistered
authentication information of the first user device and the second user device
from an internallexternal database.
6) A system for the secure and authenticated information transfer between a first user
device (device 1) and a second user device (device 2) comprises:
an SMS gateway associated with the first user device (device I ) and the second user
device (device 2), wherein the SMS gateway receives an information embedded in a
short message service (SMS) from the first user device (device 1) and processes the
received information; and
a server (1 0) connected with the SMS gateway, wherein the server (I 0) is configured to
receive processed information from the SMS gateway, authenticate the received
information and transferring the authenticated information to the second user device
(device 2).
7) The system as claimed in claim 6, wherein the authentication of the received
information is done by either calling first user device through an IVRS (Interactive Voice
Response System) or through another SMS that is received and responded by an
application in the first user device.
8) The system as claimed in claim 6, wherein the authentication of the received
information is done by calling both first user device and second user device through an
IVRS (Interactive Voice Response System) or through another SMS that is received and
responded to by an application in the first device.
9) The system as claimed in claim 6, wherein the authentication of the received
information is done by sending a authentication request for the first User to the second
user device and the first user authenticates by entering a PIN or through biometric
authentication through second user device.
10) The system as claimed in claim 6, wherein the server is configured to receive preregistered
authentication information of the first user device and the second user device
from an database.