Description:A) TECHNICAL FIELD
[0001] The present invention is generally related to electronic payments and transactions. The present invention is particularly related to safe electronic payments and transactions. The present invention is more particularly related to a system and method for securing transactions using mobile network identification. The present invention especially discloses a system and a method for securing transactions using mobile network identification to perform real-time authentication of users using mobile network parameters of their mobile devices for authorizing and securing transactions, for example, financial transactions or payment transactions, login transactions, etc.
B) BACKGROUND OF THE INVENTION
[0002] Different forms of communication and managing transactions have emerged through digital platforms, where the number of consumers that access online platforms and perform digital transactions, for example, financial transactions or payment transactions, has increased rapidly. Digital payments in countries such as India have witnessed a compound annual growth rate (CAGR) of, for example, about 61% in terms of volume and about 19% in terms of value over the past few years, demonstrating a steep shift towards digital payments, particularly through mobile devices. Banks and non-banks are partnering to offer a combination of trust and innovation to the consumers, leading to 91% of electronic commerce (ecommerce) transactions being completed on mobile devices.
[0003] Digital payment systems such as the United Payments Interface (UPI), cards, and internet banking platforms contribute to more than about 90% of retail digital payment volumes. While the growth has been rapid, increasing fraudulent transactions are becoming a deterrent for further adoption of digital payment systems. Frauds have steadily gained traction with more than 200% annual growth and new fraudulent methods have created a sense of fear of device control and identity theft. Some fraudulent mobile or internet-based applications intercept, replicate, or manipulate dynamic passwords such as one-time passwords (OTPs) that are sent to mobile devices for authenticating transactions.
[0004] Hence, there is a long-felt need for a system and a method for securing transactions using mobile network identification, while addressing the above-recited problems associated with the related art.
[0005] Further there is a need for a system and a method for securing transactions using mobile network identification to perform real-time authentication of users using mobile network parameters of their mobile devices for authorizing and securing transactions, for example, financial transactions or payment transactions, login transactions, etc.
[0006] Yet there is a need for a system and a method to perform seamless, smart authentications that are independent of form factors such as device, onetime passwords (OTPs), mobile applications, etc.
[0007] Yet there is a need for a system and a method to facilitate a secure real-time interaction with a user via a network and an integrated circuit, for example, a subscriber identification module (SIM) that securely stores a unique mobile identifier associated with a user and a user device owned by the user.
[0008] Yet there is a need for a system and a method to generate and render an interactive, secure authorization notification, for example, a real-time, interactive, secure push notification, on a user interface of a user device using the user’s unique mobile network identifier, where the interactive, secure authorization notification is rendered as a flash message on the user interface external to a messaging component of the user device to ensure that a user response is captured in real time for authorizing a transaction.
[0009] Yet there is a need for a system and a method to notify a user on their registered mobile number about any registered use case or transaction being performed on their behalf, irrespective of a platform used for executing the transaction.
[0010] The above-mentioned shortcomings, disadvantages and problems are addressed herein, and which will be understood by reading and studying the following specification.
C) OBJECT OF THE INVENTION
[0011] A primary object of the present invention is to provide a system and a method for securing transactions using mobile network identification.
[0012] Another object of the present invention is to perform real-time authentication of users using mobile network parameters of their mobile devices for authorizing and securing transactions, for example, financial transactions or payment transactions, login transactions, etc.
[0013] Yet another object of the present invention is to perform seamless, smart authentications that are independent of form factors such as device, onetime passwords (OTPs), mobile applications, etc.
[0014] Yet another object of the present invention is to facilitate a secure real-time interaction with a user via a network and an integrated circuit, for example, a subscriber identification module (SIM), that securely stores a unique mobile identifier associated with a user and a user device owned by the user.
[0015] Yet another object of the present invention is to generate and render an interactive, secure authorization notification, for example, a real-time, interactive, secure push notification, on a user interface of a user device using the user’s unique mobile network identifier, where the interactive, secure authorization notification is rendered as a flash message on the user interface external to a messaging component of the user device to ensure that a user response is captured in real time for authorizing a transaction.
[0016] Yet another object of the present invention is to notify a user on their registered mobile number about any registered use case or transaction being performed on their behalf for the registered use case, irrespective of a platform used for executing the transaction.
[0017] These and other objects and advantages of the present invention will become readily apparent from the following detailed description taken in conjunction with the accompanying drawings.
[0018] The objects disclosed above will be realized and achieved at least by the elements, features, and combinations particularly pointed out in the detailed description of the invention. The objects disclosed above have outlined, rather broadly, the features of the embodiments disclosed herein in order that the detailed description that follows is better understood. The objects disclosed above are not intended to determine the scope of the claimed subject matter and are not to be construed as limiting of the embodiments disclosed herein. Additional objects, features, and advantages of the embodiments herein are disclosed below. The objects disclosed above, which are believed to be characteristic of the embodiments disclosed herein, both as to its organization and method of operation, together with further objects, features, and advantages, will be better understood and illustrated by the technical features broadly embodied and described in the following description when considered in connection with the accompanying drawings.
D) SUMMARY OF THE INVENTION
[0019] The following details present a simplified summary of the embodiments herein to provide a basic understanding of the several aspects of the embodiments herein. This summary is not an extensive overview of the embodiments herein. It is not intended to identify key/critical elements of the embodiments herein or to delineate the scope of the embodiments herein. Its sole purpose is to present the concepts of the embodiments herein in a simplified form as a prelude to the more detailed description that is presented later.
[0020] The other objects and advantages of the embodiments herein will become readily apparent from the following description taken in conjunction with the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
[0021] The various embodiments of the present invention provide a method and system for securing transactions using mobile network identification. The method and system disclosed herein employs a secure transaction engine configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification.
[0022] The embodiments of the present invention provide a method for securing transactions using mobile network identification. The method disclosed herein comprises the steps of employing a secure transaction engine (STE), configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification. On receiving a request by the STE for a transaction on an account held by a user with an account management entity from a requesting entity, the STE determines a unique mobile network identifier of the user. The unique mobile network identifier comprises an international mobile subscriber identity (IMSI) number or a mobile phone number associated with a subscriber identification module (SIM) or a SIM card of a user device of the user. As used herein, the “account management entity” is an entity that maintains and manages accounts of the user and “requesting entity” is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction. The method further includes generating and rendering an interactive, secure authorization notification on a user interface of the user device using the user’s unique mobile network identifier by the STE. The interactive, secure authorization notification is configured as an interactive, real-time, secure push notification or a secure Over-The-Air (OTA) push notification. The secure transaction engine (STE) generates the interactive, secure authorization notification irrespective of a platform from where the user initiates the transaction. The secure transaction engine (STE) renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component, for example, a short message service (SMS) message inbox, of the user device. In addition, the method includes receiving a user input by the STE comprising an acceptance input or a rejection input through the interactive, secure authorization notification to proceed with the transaction from the user device. Based on the user input, the secure transaction engine (STE), in communication with the account management entity, processes the request to complete the transaction.
[0023] According to one embodiment of the present invention, the STE through the interactive, secure authorization notification, the secure transaction engine notifies the user on the user’s registered mobile number about any use case or transaction being performed on the user’s behalf for the registered use case. For example, at the time of receiving a transaction for a registered use case, the secure transaction engine invokes a push notification to the registered mobile number of that user directly on the SIM card of the user device. Since this push notification lands directly on the SIM card of the user device using preregistered mobile network parameters of the SIM card, the push notification cannot be intercepted and/or bypassed. The push notification cautions the user regarding the transaction. If the user wants to continue the transaction, the user must respond with an acceptance input on the push notification to allow the secure transaction engine to proceed with the transaction, in communication with the account management entity. If the user does not want to continue the transaction, the user must respond with a rejection input on the push notification to discontinue the transaction. The method disclosed herein, therefore, performs real-time authentication using mobile network parameters for authorizing a transaction, and counters frauds attempted in transactions such as retail payment transactions using a United Payments Interface (UPI), cards, and internet banking.
[0024] According to one embodiment of the present invention, the method disclosed herein secures the users with an additional layer of safety called third factor of authorization for payments through their bank UPI handle and net banking at any online site or offline platform. The method disclosed herein allows the account management entity or the bank to notify the user on their registered mobile number about the transaction being performed on the user’s account held with the bank. This notification is irrespective of where/which platform the user is transacting from. At the time of receiving a transaction for the user’s account, the bank platform invokes a push notification on the registered mobile number of that account using the secure transaction engine (STE).
[0025] According to one embodiment of the present invention, a system for securing transactions using mobile network identification is disclosed. The system comprises an account management entity configured to maintain and manage accounts of a user. The account management entity is operably coupled to a secure Over-The-Air (OTA) server and transfers an OTA application message over a secure communication protocol, for example, hypertext transfer protocol secure (HTTPS) to the secure Over-The-Air (OTA) server. The account management entity transfers the OTA application message in an encrypted format to the secure OTA server. Furthermore, the communication between the account management entity and the secure OTA server is secured, for example, using a secure sockets layer (SSL)/transport layer security (TLS) technology for ensuring secure communication, data integrity, privacy, and security. The system further comprises a secure transaction engine (STE) implemented on a secure Over-The-Air (OTA) server, and configured to generate and render an interactive, secure authorization notification on a user interface of a user device through a plurality of modules. The secure Over-The-Air (OTA) server is a computing device and creates a secured packet for a subscriber identification module (SIM) card embedded on the user device of the user. Moreover, the secure (OTA) server adds a security header, for example, a command header to the OTA application message and applies security to a part of the command header and the full OTA application message of the resulting secured packet. In addition, the secure OTA server applies security as follows. The secure OTA server adds a security counter that prevents a man-in-the-middle attack and SIM cloning. The secure OTA server also adds a cryptographic checksum (CC) that ensures message integrity. Furthermore, the secure OTA server encrypts the resulting secured packet with a security key and a triple data encryption algorithm (3DEA) or 3DES that ensures message security, and generates a binary message, which is not a plain text message. Furthermore, the system comprises a short message service centre (SMSC) configured to receive the resulting secured packet from the secure OTA server through GSM 03.48 protocol. The SMSC forwards the resulting secured packet to the SIM card of the user device based on a distributed control system (DCS) and proportional-integral-derivative (PID) implementation. On receiving the resulting secured packet, the SIM card executes secure validation on the resulting secured packet by reading the security header, decrypting data using the security key, validating the command header, validating the checksum, and validating the counter. Following secure validation if the resulting secured packet passes validation, the SIM card renders the resulting secured packet, that is, the interactive, secure authorization notification on the user interface of the user device, for example, a flash short message service (SMS) message.
[0026] According to one embodiment of the present invention, the secure transaction engine (STE) is device-agnostic and provides a SIM based secure OTA message with the following security. The secure transaction engine provides message security such that no entity in the network would be able to view and read the SMS text being transferred to an end user device; provides message integrity such that no entity in between would be able to change incoming content; precludes spoofing such that no mobile application would be able to read the incoming content on the user device; and implements security at rest such that the message will be secured, when the message is at rest inside the secure OTA server.
[0027] According to one embodiment of the present invention, the secure OTA server encrypts the SMS message, which is later decrypted in the user device. The secure OTA server delivers the encrypted SMS message outside the SMS inbox of the user device directly into the SIM card of the user device. Furthermore, the inherent property of the SIM card allows reading of the encrypted SMS message.
[0028] According to one embodiment of the present invention, the secure transaction engine (STE) is accessible to the user through a broad spectrum of technologies and the user devices such as smart phones, tablet computing devices and/or endpoint devices with access to a network, for example, a short-range network or a long-range network. The network is for example, mobile telecommunication network including global system for mobile (GSM) communication network, a code division multiple access (CDMA) network, a third generation (3G) mobile communication network, a fourth generation (4G) mobile communication network, a fifth generation (5G) mobile communication network, a long- term evolution (LTE) mobile communication network, a public telephone network, internet or a network formed from any combination of these networks.
[0029] According to one embodiment of the present invention, the computing device is an electronic device including one or more personal computers, a tablet computing device, a mobile computer, a portable computing device, a laptop, a workstation, a server, a portable electronic device, a network enabled computing device or combinations of multiple pieces of computing equipment. Furthermore, the computing device comprises at least one processor and a non-transitory, a data bus, a display unit, a network interface, common modules, and a computer-readable storage medium including a memory unit for storing computer program instructions defined by the plurality of modules. Moreover, the at least one processor is operably and communicatively coupled to the memory unit. The processor comprises one or more microprocessors, central processing unit (CPU) devices, finite state machines, computers, microcontrollers, digital signal processors, logic, a logic device, an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a chip or combination thereof.
[0030] According to one embodiment of the present invention, the data bus permits communication between the plurality of modules. The display unit through a graphical user interface (GUI) displays information, display interfaces and user interfaces including checkboxes and input text fields. Furthermore, the network interface enables connection of the secure transaction engine (STE) to the network and the network interface comprises one or more of infrared interfaces, interfaces implementing Wi-Fi® of Wi-Fi Alliance Corporation, universal serial bus interfaces, FireWire® interfaces of Apple Inc., interfaces based on transmission control protocol/internet protocol, interfaces based on wireless communications technology including satellite technology, radio frequency technology and near field communication. Moreover, the common modules comprise input/output (I/O) controllers, input devices, output devices, fixed media drives such as hard drives, removable media drives for receiving removable media.
[0031] According to one embodiment of the present invention, the plurality of modules of the secure transaction engine (STE) comprises a request handler, a mobile network identification module, a notification generation module, and a database. The request handler is configured to receive a request for a transaction on an account held by the user with the account management entity such as bank from a requesting entity. The requesting entity is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction. The mobile network identification module is coupled to the request handler, on receiving the request from the request handler the mobile network identification module determines a unique mobile network identifier including an international mobile subscriber identity (IMSI) number, or a mobile phone number associated with the subscriber identification module (SIM) of the user device of the user. Furthermore, the notification generation module is configured to generate and render an interactive, secure authorization notification on the user interface of the user device using the user’s unique mobile network identifier. The interactive, secure authorization notification is configured as an interactive, secure real-time push notification or a secure Over-The-Air (OTA) push notification. The notification generation module renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component such as short message service (SMS) message inbox of the user device. Furthermore, the database of the plurality of the modules is optional and the database stores the mobile network identification information of the user device. In addition, the plurality of modules is configured as software executed by the processor, implemented completely in a hardware, logic circuits to carry out respective functions or combination of hardware and software.
[0032] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating the preferred embodiments and numerous specific details thereof, are given by way of an illustration and not of a limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
E) BRIEF DESCRIPTION OF THE DRAWINGS
[0001] The other objects, features, and advantages will occur to those skilled in the art from the following description of the preferred embodiment and the accompanying drawings in which:
[0002] FIG. 1 illustrates a method for securing transactions using mobile network identification, according to an embodiment of the present invention.
[0003] FIG. 2 illustrates a high-level block diagram of a system for securing transactions using mobile network identification, according to an embodiment of the present invention.
[0004] FIG. 3A-3B exemplarily illustrates a screenshot of an interactive, secure authorization notification rendered by a secure transaction engine as a flash message on a user interface of a user device, according to an embodiment of the present invention.
[0005] FIG. 4A-4D exemplarily illustrate screenshots of user interfaces rendered on a user device for activating the secure transaction engine, according to one embodiment of the present invention.
[0006] FIG. 5 illustrates a block diagram showing a process flow executed by the secure transaction engine for securing payment transactions using mobile network identification, according to an embodiment of the present invention.
[0007] FIG. 6 illustrates a flow diagram showing transactional processes executed between different components of the system for securing payment transactions using mobile network identification, according to an embodiment of the present invention.
[0008] FIG. 7A-7H exemplarily illustrates screenshots of user interfaces rendered on a user device for enabling and disabling the secure transaction engine, according to an embodiment of the present invention.
[0009] FIG. 8A-8E exemplarily illustrates screenshots of graphical user interfaces rendered by the secure transaction engine for securing a United Payments Interface (UPI) transaction using mobile network identification, according to an embodiment of the present invention.
[0010] FIG. 9A-9F exemplarily illustrate screenshots of graphical user interfaces rendered by the secure transaction engine for securing an internet banking transaction using mobile network identification, according to an embodiment of the present invention.
[0011] FIG. 10 illustrates an architectural block diagram of an exemplary implementation of the system for securing transactions using mobile network identification, according to an embodiment of the present invention.
[0012] Although the specific features of the present invention are shown in some drawings and not in others. This is done for convenience only as each feature may be combined with any or all of the other features in accordance with the present invention.
F) DETAILED DESCRIPTION OF THE INVENTION
[0013] In the following detailed description, a reference is made to the accompanying drawings that form a part hereof, and in which the specific embodiments that may be practiced is shown by way of illustration. These embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments and it is to be understood that the logical, mechanical, and other changes may be made without departing from the scope of the embodiments. The following detailed description is therefore not to be taken in a limiting sense.
[0014] The various embodiments of the present invention provide a method and system for securing transactions using mobile network identification. The method and system disclosed herein employs a secure transaction engine configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification.
[0015] The present invention addresses the above-recited need for a system and a method for securing transactions using mobile network identification. The system disclosed herein comprises a secure transaction engine configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification. The system disclosed herein further comprises a non-transitory, computer-readable storage medium, for example, a memory unit, operably and communicatively coupled to the processor(s) and configured to store the computer program instructions executable by the processor(s). In the method disclosed herein, the secure transaction engine receives a request for a transaction on an account held by a user with an account management entity, for example, a bank, from a requesting entity. The requesting entity is any platform, for example, an electronic commerce (ecommerce) platform used for initiating the transaction. On receiving the request, the secure transaction engine determines a unique mobile network identifier of the user. The unique mobile network identifier is, for example, an international mobile subscriber identity (IMSI) number, a mobile phone number, etc., associated with a subscriber identification module (SIM) of a user device of the user.
[0016] According to an embodiment of the present invention, the secure transaction engine generates and renders an interactive, secure authorization notification on a user interface of the user device using the user’s unique mobile network identifier. In an embodiment, the interactive, secure authorization notification is configured as an interactive, real-time, secure push notification or a secure over-the-air (OTA) push notification. The secure transaction engine renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component, for example, a short message service (SMS) message inbox, of the user device. The secure transaction engine receives a user input comprising an acceptance input or a rejection input through the interactive, secure authorization notification to proceed with the transaction from the user device. Based on the user input, the secure transaction engine, in communication with the account management entity, processes the request to complete the transaction.
[0017] The various embodiments of the present invention provide a method for securing transactions using mobile network identification. The method disclosed herein comprises the steps of employing a secure transaction engine (STE), configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification. On receiving a request by the STE for a transaction on an account held by a user with an account management entity from a requesting entity, the STE determines a unique mobile network identifier of the user. The unique mobile network identifier comprises an international mobile subscriber identity (IMSI) number or a mobile phone number associated with a subscriber identification module (SIM) or a SIM card of a user device of the user. As used herein, the “account management entity” is an entity that maintains and manages accounts of the user and “requesting entity” is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction. The method further includes generating and rendering an interactive, secure authorization notification on a user interface of the user device using the user’s unique mobile network identifier by the STE. The interactive, secure authorization notification is configured as an interactive, real-time, secure push notification or a secure Over-The-Air (OTA) push notification. The secure transaction engine (STE) generates the interactive, secure authorization notification irrespective of a platform from where the user initiates the transaction. The secure transaction engine (STE) renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component, for example, a short message service (SMS) message inbox, of the user device. In addition, the method includes receiving a user input by the STE comprising an acceptance input or a rejection input through the interactive, secure authorization notification to proceed with the transaction from the user device. Based on the user input, the secure transaction engine (STE), in communication with the account management entity, processes the request to complete the transaction.
[0018] According to one embodiment of the present invention, the STE through the interactive, secure authorization notification, the secure transaction engine notifies the user on the user’s registered mobile number about any use case or transaction being performed on the user’s behalf for the registered use case. For example, at the time of receiving a transaction for a registered use case, the secure transaction engine invokes a push notification to the registered mobile number of that user directly on the SIM card of the user device. Since this push notification lands directly on the SIM card of the user device using preregistered mobile network parameters of the SIM card, the push notification cannot be intercepted and/or bypassed. The push notification cautions the user regarding the transaction. If the user wants to continue the transaction, the user must respond with an acceptance input on the push notification to allow the secure transaction engine to proceed with the transaction, in communication with the account management entity. If the user does not want to continue the transaction, the user must respond with a rejection input on the push notification to discontinue the transaction. The method disclosed herein, therefore, performs real-time authentication using mobile network parameters for authorizing a transaction, and counters frauds attempted in transactions such as retail payment transactions using a United Payments Interface (UPI), cards, and internet banking.
[0019] According to one embodiment of the present invention, the method disclosed herein secures the users with an additional layer of safety called third factor of authorization for payments through their bank UPI handle and net banking at any online site or offline platform. The method disclosed herein allows the account management entity or the bank to notify the user on their registered mobile number about the transaction being performed on the user’s account held with the bank. This notification is irrespective of where/which platform the user is transacting from. At the time of receiving a transaction for the user’s account, the bank platform invokes a push notification on the registered mobile number of that account using the secure transaction engine (STE). Consider an example where a fraudulent entity compromises a mobile personal identification number (MPIN) of a bank account holder, for example, using social engineering, phishing, vishing, etc. Using the compromised MPIN, the fraudulent entity attempts to transact on an ecommerce platform and initiates a payment using the bank account holder’s compromised details. The bank platform receives a request from the ecommerce platform for the fraudulent transaction. On receiving the request, the bank platform executes the secure transaction engine to trigger a push notification as an interactive flash message in real time on a user interface of the user device associated with a registered mobile number of the bank account holder. The interactive flash message cautions the user that a transaction for amount X is about to be performed on the ecommerce platform. If the user wants to stop the transaction, the user can press a rejection tab on the same interactive flash message
[0020] According to one embodiment of the present invention, a system for securing transactions using mobile network identification is disclosed. The system comprises an account management entity configured to maintain and manage accounts of a user. The account management entity is operably coupled to a secure Over-The-Air (OTA) server and transfers an OTA application message over a secure communication protocol, for example, hypertext transfer protocol secure (HTTPS) to the secure Over-The-Air (OTA) server. The account management entity transfers the OTA application message in an encrypted format to the secure OTA server. Furthermore, the communication between the account management entity and the secure OTA server is secured, for example, using a secure sockets layer (SSL)/transport layer security (TLS) technology for ensuring secure communication, data integrity, privacy, and security. The system further comprises a secure transaction engine (STE) implemented on a secure Over-The-Air (OTA) server, and configured to generate and render an interactive, secure authorization notification on a user interface of a user device through a plurality of modules. The secure Over-The-Air (OTA) server is a computing device and creates a secured packet for a subscriber identification module (SIM) card embedded on the user device of the user. Moreover, the secure (OTA) server adds a security header, for example, a command header to the OTA application message and applies security to a part of the command header and the full OTA application message of the resulting secured packet. In addition, the secure OTA server applies security as follows. The secure OTA server adds a security counter that prevents a man-in-the-middle attack and SIM cloning. The secure OTA server also adds a cryptographic checksum (CC) that ensures message integrity. Furthermore, the secure OTA server encrypts the resulting secured packet with a security key and a triple data encryption algorithm (3DEA) or 3DES that ensures message security, and generates a binary message, which is not a plain text message. Furthermore, the system comprises a short message service centre (SMSC) configured to receive the resulting secured packet from the secure OTA server through GSM 03.48 protocol. The SMSC forwards the resulting secured packet to the SIM card of the user device based on a distributed control system (DCS) and proportional-integral-derivative (PID) implementation. On receiving the resulting secured packet, the SIM card executes secure validation on the resulting secured packet by reading the security header, decrypting data using the security key, validating the command header, validating the checksum, and validating the counter. Following secure validation if the resulting secured packet passes validation, the SIM card renders the resulting secured packet, that is, the interactive, secure authorization notification on the user interface of the user device, for example, a flash short message service (SMS) message.
[0021] According to one embodiment of the present invention, the secure transaction engine (STE) is device-agnostic and provides a SIM based secure OTA message with the following security. The secure transaction engine provides message security such that no entity in the network would be able to view and read the SMS text being transferred to an end user device; provides message integrity such that no entity in between would be able to change incoming content; precludes spoofing such that no mobile application would be able to read the incoming content on the user device; and implements security at rest such that the message will be secured, when the message is at rest inside the secure OTA server.
[0022] According to one embodiment of the present invention, the secure OTA server encrypts the SMS message, which is later decrypted in the user device. The secure OTA server delivers the encrypted SMS message outside the SMS inbox of the user device directly into the SIM card of the user device. Furthermore, the inherent property of the SIM card allows reading of the encrypted SMS message.
[0023] According to one embodiment of the present invention, the secure transaction engine (STE) is accessible to the user through a broad spectrum of technologies and the user devices such as smart phones, tablet computing devices and/or endpoint devices with access to a network, for example, a short-range network or a long-range network. The network is for example, mobile telecommunication network including global system for mobile (GSM) communication network, a code division multiple access (CDMA) network, a third generation (3G) mobile communication network, a fourth generation (4G) mobile communication network, a fifth generation (5G) mobile communication network, a long- term evolution (LTE) mobile communication network, a public telephone network, internet or a network formed from any combination of these networks.
[0024] According to one embodiment of the present invention, the computing device is an electronic device including one or more personal computers, a tablet computing device, a mobile computer, a portable computing device, a laptop, a workstation, a server, a portable electronic device, a network enabled computing device or combinations of multiple pieces of computing equipment. Furthermore, the computing device comprises at least one processor and a non-transitory, a data bus, a display unit, a network interface, common modules, and a computer-readable storage medium including a memory unit for storing computer program instructions defined by the plurality of modules. Moreover, the at least one processor is operably and communicatively coupled to the memory unit. The processor comprises one or more microprocessors, central processing unit (CPU) devices, finite state machines, computers, microcontrollers, digital signal processors, logic, a logic device, an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a chip or combination thereof.
[0025] According to one embodiment of the present invention, the data bus permits communication between the plurality of modules. The display unit through a graphical user interface (GUI) displays information, display interfaces and user interfaces including checkboxes and input text fields. Furthermore, the network interface enables connection of the secure transaction engine (STE) to the network and the network interface comprises one or more of infrared interfaces, interfaces implementing Wi-Fi® of Wi-Fi Alliance Corporation, universal serial bus interfaces, FireWire® interfaces of Apple Inc., interfaces based on transmission control protocol/internet protocol, interfaces based on wireless communications technology including satellite technology, radio frequency technology and near field communication. Moreover, the common modules comprise input/output (I/O) controllers, input devices, output devices, fixed media drives such as hard drives, removable media drives for receiving removable media.
[0026] According to one embodiment of the present invention, the plurality of modules of the secure transaction engine (STE) comprises a request handler, a mobile network identification module, a notification generation module, and a database. The request handler is configured to receive a request for a transaction on an account held by the user with the account management entity such as bank from a requesting entity. The requesting entity is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction. The mobile network identification module is coupled to the request handler, on receiving the request from the request handler the mobile network identification module determines a unique mobile network identifier including an international mobile subscriber identity (IMSI) number, or a mobile phone number associated with the subscriber identification module (SIM) of the user device of the user. Furthermore, the notification generation module is configured to generate and render an interactive, secure authorization notification on the user interface of the user device using the user’s unique mobile network identifier. The interactive, secure authorization notification is configured as an interactive, secure real-time push notification or a secure Over-The-Air (OTA) push notification. The notification generation module renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component such as short message service (SMS) message inbox of the user device. Furthermore, the database of the plurality of the modules is optional and the database stores the mobile network identification information of the user device. In addition, the plurality of modules is configured as software executed by the processor, implemented completely in a hardware, logic circuits to carry out respective functions or combination of hardware and software.
[0027] FIG. 1 illustrates a method for securing transactions using mobile network identification, according to an embodiment of the present invention. With regard to FIG. 1, represents an exemplary method 100 disclosed herein employs a secure transaction engine configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification. In the method disclosed herein, the secure transaction engine receives 101 a request for a transaction on an account held by a user with an account management entity from a requesting entity. As used herein, “account management entity” refers to an entity that maintains and manages accounts of users. For example, the account management entity is a financial institution such as a bank where a user holds an account for depositing and withdrawing money for financial transactions or payment transactions. Also, as used herein, “requesting entity” refers to any platform, for example, an electronic commerce (ecommerce) platform, used for initiating a transaction. On receiving the request, the secure transaction engine determines 102 a unique mobile network identifier of the user. The unique mobile network identifier is, for example, an international mobile subscriber identity (IMSI) number, a mobile phone number, etc., associated with a subscriber identification module (SIM) or SIM card of a user device of the user. The secure transaction engine generates and renders 103 an interactive, secure authorization notification on a user interface of the user device using the user’s unique mobile network identifier. In an embodiment, the interactive, secure authorization notification is configured as an interactive, real-time, secure push notification or a secure over-the-air (OTA) push notification. The secure transaction engine generates the interactive, secure authorization notification irrespective of a platform from where the user initiates the transaction. The secure transaction engine renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component, for example, a short message service (SMS) message inbox, of the user device. The secure transaction engine receives 104 a user input comprising an acceptance input or a rejection input through the interactive, secure authorization notification to proceed with the transaction from the user device. Based on the user input, the secure transaction engine, in communication with the account management entity, processes 105 the request to complete the transaction.
[0028] Through the interactive, secure authorization notification, the secure transaction engine notifies the user on the user’s registered mobile number about any use case or transaction being performed on the user’s behalf for the registered use case. For example, at the time of receiving a transaction for a registered use case, the secure transaction engine invokes a push notification to the registered mobile number of that user directly on the SIM card of the user device. Since this push notification lands directly on the SIM card of the user device using preregistered mobile network parameters of the SIM card, the push notification cannot be intercepted and/or bypassed. The push notification cautions the user regarding the transaction. If the user wants to continue the transaction, the user must respond with an acceptance input on the push notification to allow the secure transaction engine to proceed with the transaction, in communication with the account management entity. If the user does not want to continue the transaction, the user must respond with a rejection input on the push notification to discontinue the transaction. The method disclosed herein, therefore, performs real-time authentication using mobile network parameters for authorizing a transaction, and counters frauds attempted in transactions such as retail payment transactions using a United Payments Interface (UPI), cards, and internet banking.
[0029] The method 100 disclosed herein secures bank users with an additional layer of safety for payments through their bank UPI handle and net banking at any online site or offline platform. The method disclosed herein allows a bank to notify a user on their registered mobile number about the transaction being performed on the user’s account held with the bank. This notification is irrespective of where/which platform the user is transacting from. At the time of receiving a transaction for the user’s account, the bank platform invokes a push notification 8 on the registered mobile number of that account using the secure transaction engine. Consider an example where a fraudulent entity compromises a mobile personal identification number (MPIN) of a bank account holder, using social engineering, phishing, vishing, etc. Using the compromised MPIN, the fraudulent entity attempts to transact on an ecommerce platform and initiates a payment using the bank account holder’s compromised details. The bank platform receives a request from the ecommerce platform for the fraudulent transaction. On receiving the request, the bank platform executes the secure transaction engine to trigger a push notification as an interactive flash message in real time on a user interface of the user device associated with a registered mobile number of the bank account holder. The interactive flash message cautions the user that a transaction for amount X is about to be performed on the ecommerce platform. If the user wants to stop the transaction, the user can press a rejection tab on the same interactive flash message.
[0030] FIG. 2 illustrates a high-level block diagram of a system 200 for securing transactions using mobile network identification, according to an embodiment of the present invention. In an embodiment, the secure transaction engine is implemented on a secure over-the-air (OTA) server 202 as exemplarily illustrated in FIG. 2. The secure OTA server 202 is operably coupled to an account management entity 201, for example, a bank, and a network element in a mobile telephone network, for example, a short message service center (SMSC) 203, as exemplarily illustrated in FIG. 2. When a user initiates a transaction at a platform, for example, an ecommerce platform, the ecommerce platform communicates with the account management entity 201 to process the transaction. The account management entity 201 transfers an OTA application message over a secure communication protocol, for example, hypertext transfer protocol secure (HTTPS) to the secure OTA server 202. The account management entity 201 transfers the application message in an encrypted format to the secure OTA server 202. The communication between the account management entity 201 and the secure OTA server 202 is secured, for example, using a secure sockets layer (SSL)/transport layer security (TLS) technology for ensuring secure communication, data integrity, privacy, and security. In an embodiment, the secure OTA server 202 implements a global system for mobile communications (GSM) 03.48 protocol for communicating with the SMSC 203. The secure OTA server 202 creates a secured packet for a subscriber identification module (SIM) card 205 of a user device 204 of the user. The secure OTA server 202 adds a security header, for example, a command header, to the application message and applies security to a part of the command header and the full application message. In an embodiment, the secure OTA server 202 applies security as follows. The secure OTA server 202 adds a security counter that prevents a man-in-the-middle attack and SIM cloning. The secure OTA server 202 adds a cryptographic checksum (CC) that ensures message integrity. The secure OTA server 202 encrypts the resulting packet with a security key and a triple data encryption algorithm (3DEA) or 3DES that ensures message security, and generates a binary message, that is, not a plain text message. The secure OTA server 202 transfers the resulting secured packet to the SMSC 203 using the GSM 03.48 protocol. The SMSC 203 forwards the secured packet to the SIM card 205 of the user device 204 based on a distributed control system (DCS) and proportional-integral-derivative (PID) implementation. On receiving the secured packet, the SIM card 205 executes secure validation on the secured packet by reading the security header, decrypting data using the security key, validating the command header, validating the checksum, and validating the counter. If the secured packet passes validation, the SIM card 205 renders the secured packet, that is, the interactive, secure authorization notification, on a user interface of the user device 204, for example, as a flash short message service (SMS) message.
[0031] Furthermore, the secure transaction engine is device-agnostic and provides a SIM-based secure OTA message with the following security. The secure OTA server 202 encrypts the SMS text, which is later decrypted in the user device 204. The secure OTA server 202 delivers the encrypted SMS text outside the SMS inbox of the user device 204 directly into the SIM card 205 of the user device 204. The inherent property of the SIM card 205 allows reading of the encrypted SMS text. The secure transaction engine provides message security such that no entity in the network would be able to view and read the SMS text being transferred to an end user device 204; provides message integrity such that no entity in between would be able to change incoming content; precludes spoofing such that no mobile application would be able to read the incoming content on the user device 204; and implements security at rest such that the message will be secured, when the message is at rest inside the secure OTA server 202.
[0032] FIG. 3A-3B exemplarily illustrates a screenshot of an interactive, secure authorization notification 302 rendered by a secure transaction engine as a flash message on a user interface 301 of a user device, according to an embodiment of the present invention. The secure transaction engine renders the interactive, secure authorization notification 302, for example, as a GSM 03.48 short message service (SMS) flash message on the user interface 301 outside an SMS inbox of the user device. As exemplarily illustrated in FIG. 3A-3B, the interactive, secure authorization notification 302 provides options to accept or reject a transaction.
[0033] FIGS. 4A-4D exemplarily illustrate screenshots of a user interface 401 rendered on a user device for activating the secure transaction engine, according to an embodiment of the present invention. In an embodiment, the secure transaction engine allows registration of use cases for triggering generation of interactive, secure authorization notifications, for example, interactive, secure network-based push notifications via a mobile application as exemplarily illustrated in FIGS. 4A-4D. In another embodiment, the secure transaction engine allows registration of use cases for triggering generation of interactive, secure authorization notifications via a short message service (SMS), a call center, unstructured supplementary service data (USSD), etc. In an embodiment, the mobile application provides an interface element, for example, a “Safe Pay” toggle button 401a on the user interface 401 for securing transactions as exemplarily illustrated in FIG. 4A. When a user clicks on the “Safe Pay” toggle button 401a, the mobile application renders an option 401b, for example, similar to an over-the-air (OTA) message, to enable or activate the secure transaction engine on the user interface 401 as exemplarily illustrated in FIG. 4B. When the user performs an accept action by clicking on an “Accept” button provided on the user interface 401, the mobile application confirms the activation of the secure transaction engine on the user interface 401 as exemplarily illustrated in FIG. 4C and activates the “Safe Pay” toggle button 401a on the user interface 401 for transactions such as net banking transactions and United Payments Interface (UPI) transactions as exemplarily illustrated in FIG. 4D.
[0034] FIG. 5 illustrates a block diagram showing a process flow executed by the secure transaction engine for securing payment transactions using mobile network identification, according to an embodiment of the present invention. For purposes of illustration, the detailed description refers to securing financial transactions or payment transactions such as United Payments Interface (UPI) transactions, net banking transactions, etc.; however, the scope of the system and the method disclosed herein is not limited to securing financial transactions or payment transactions, but may be extended to secure any type of transaction that requires authentication such as a login transaction or any other transaction as per a use case requirement. Consider an example where a user, herein referred to as a “payer” holds a bank account with an account management entity 201 and wishes to make a payment to an ecommerce platform, herein referred to as a “payee”, through a UPI transaction. The payee provides their virtual address to the payer and the payer initiates a money transfer using a payment system player (PSP) application 503. A UPI 502 is a middle entity that routes the payment to a beneficiary bank, for example, ABC bank 504, after resolving the virtual address of the payee. The payee initiates the UPI transaction and requests for funds from the payer’s account held at the account management entity 201 using an XYZ UPI application. The payer’s virtual address flows to the UPI 502 for address resolution and authorization through a payee PSP, for example, XYZ bank PSP 501. After address resolution and authorization, the UPI 502 communicates with the account management entity 201. The secure transaction engine operably coupled to the account management entity 201 generates and renders an interactive, real-time, secure push notification or a secure over-the-air (OTA) push notification on a user interface of the user device using the user’s unique mobile network identifier as disclosed in the detailed descriptions of FIGS. 1-2. If the payer agrees to pay the amount requested by the payee, the payer clicks on an acceptance option provided on the push notification. On receiving this acceptance input, the secure transaction engine communicates with the account management entity 201 to transfer the payment to ABC bank 504 via the UPI 502.
[0035] FIG. 6 illustrates a flow diagram showing transactional processes executed between different components of the system for securing payment transactions using mobile network identification, according to an embodiment of the present invention. Consider an example where an account management entity 201 receives a payment request for a transaction on an account held by a user with the account management entity 201 from any platform, for example, an ecommerce platform. As illustrated in FIG. 6, the secure transaction engine implemented on the secure over-the-air (OTA) server 202 receives the payment request from the account management entity 201. The secure transaction engine transmits an acknowledgement message to the account management entity 201 and securely delivers an interactive, secure authorization notification, for example, an interactive, real-time, secure push notification, to a subscriber identification module (SIM) card of a user device 204. The user device 204 delivers an acknowledgement message to the secure transaction engine. The secure transaction engine delivers an acknowledgement message in a callback to the account management entity 201. The secure transaction engine is configured as a gateway on the final leg of transaction for the account management entity 201 and the platform and indicates a positive/negative response from the user to the account management entity 201 and the platform. The user device 204 delivers a user input, for example, an acceptance input or a rejection input to the secure transaction engine to proceed with the transaction. The secure transaction engine delivers the user input to the account management entity 201 for proceeding or terminating the transaction with the platform based on the user input.
[0036] FIGS. 7A-7J exemplarily illustrates screenshots of user interfaces rendered on a user device for enabling and disabling the secure transaction engine, according to an embodiment of the present invention. FIGS. 7A-7E exemplarily illustrates screenshots of user interfaces rendered on a user device for enabling the secure transaction engine. In order to enable secure transaction engine firstly, the user needs to download the mobile application and login into bank payment section. Once, logged into the bank payment section, user will be able to view an interface element, for example, a “Safe Pay” toggle button on the top right corner of the screen as illustrated in FIG. 7A. Once, the user clicks on the interface element, for example, a “Safe Pay” toggle button FIG. 7B is viewed. Further, the user interface provides an option for the user to enable the interface element, for example “Safe Pay”. In order to enable the interface element, the user can click on the toggle button present in the top right. Additionally, the user is able to view an OTA alert on the user interface to enable the toggle button as illustrated in FIG. 7C. The upfront alert is provided to the user to make sure that the user understands the feature and is comfortable using the interface element for the subsequent transactions. Once the user clicks on ‘OK’ on the OTA on the user interface to enable the secure transaction engine as illustrated in FIG. 7C, the system sets the user interface for Net banking or UPI transaction using Payment Bank account on any merchant or mobile application. Further, the user is enabled to view a confirmation on the successful enablement of secure transaction engine on the user interface as illustrated in FIG. 7D. Finally, the user can view the Safe status on the home screen tab which is changed to enable post as illustrated in FIG. 7E. Furthermore, in order to disable the secure transaction engine, the user initiate the disable toggle button as illustrated in FIG. 7F. To disable the secure transaction engine, the user receives OTA alert in real time to process for disabling the security protocol. Further, the user has the option to click on ‘OK’ on the OTA alert on the screen to disable the secure transaction engine as illustrated in Fig 7G. As secure transaction engine is a security feature, disabling the same is required to be authenticated by the user making sure that the user has disable the system as per their own wish and there has been no masquerader. System disables it for Net banking or UPI transaction through user’s Payments Bank account on any merchant or mobile application. Finally, the user can view the Disabled on the home screen as illustrated in FIG. 7H.
[0037] By enabling the secure transaction engine, a unique mobile network based real-time 3rd factor authentication (3FA) compared to the industry norm of two-factor authentication begins, thereby the feature sends the alerts to the Customer device using the SIM number with all the transaction details. Furthermore, by enabling the secure transaction engine a real-time confirmation is sought before debiting the bank account, such that no transaction goes through without user’s consent and also no additional charges are levied on the user.
[0038] FIGS. 8A-8E exemplarily illustrate screenshots of graphical user interfaces (GUIs) rendered by the secure transaction engine for securing a United Payments Interface (UPI) transaction using mobile network identification according to an embodiment of the present invention. After activating the secure transaction engine as disclosed in the detailed description of FIGS. 4A-4D, the secure transaction engine proceeds to secure transactions initiated by a user on the user device. Consider an example where the user initiates a UPI payment transaction using a mobile application via a GUI illustrated in FIG. 8A. The user enters a payee’s address, a payment amount, and information of a bank account through which the payment should be remitted, on the GUI illustrated in FIG. 8A. The mobile application renders a message on the GUI for confirming the payment as illustrated in FIG. 8B. On receiving a confirmation from the user, the mobile application renders a GUI for entering a mobile personal identification number (MPIN) as illustrated in FIG. 8C. On receiving the MPIN entered by the user, the security transaction engine generates and renders an interactive, secure authorization notification 302, for example, an interactive, real-time, secure push notification, to a subscriber identification module (SIM) card of a user device as illustrated in FIG. 8D. If the user provides an acceptance input by clicking on an “Accept” button provided on the interactive, secure authorization notification 302, the security transaction engine communicates the acceptance to the user’s bank where the bank account is held. On receiving the acceptance from the security transaction engine, the user’s bank proceeds to complete the UPI transaction by remitting the amount from the bank account and confirms a successful UPI transaction on the GUI as illustrated in FIG. 8E.
[0039] FIG. 9A-9F exemplarily illustrate screenshots of graphical user interfaces (GUIs) rendered by the secure transaction engine for securing an internet banking transaction using mobile network identification, according to an embodiment of the present invention. After activating the secure transaction engine as disclosed in the detailed description of FIGS. 4A-4D, the secure transaction engine proceeds to secure transactions initiated by a user on the user device. Consider an example where the user initiates an internet or net banking payment transaction using a mobile application via a GUI illustrated in FIG. 9A. The user selects a bank account through which the payment should be remitted, on the GUI illustrated in FIG. 9A. The mobile application renders a GUI for logging into the bank account using a mobile number as illustrated in FIG. 9B. On receiving the mobile number entered by the user, the mobile application renders a GUI for entering a one-time password (OTP) sent to the user’s mobile phone as illustrated in FIG. 9C. On receiving the OTP entered by the user, the security transaction engine generates and renders an interactive, secure authorization notification 302, for example, an interactive, real-time, secure push notification, to a subscriber identification module (SIM) card of a user device as illustrated in FIG. 9D. If the user provides an acceptance input by clicking on an “Accept” button provided on the interactive, secure authorization notification 302, the security transaction engine communicates the acceptance to the user’s bank where the bank account is held. On receiving the acceptance from the security transaction engine, the user’s bank proceeds to complete the net banking transaction by requesting the user to enter a mobile personal identification number (MPIN) on the GUI as illustrated in FIG. 9E. On validating the MPIN, the user’s bank remits the amount from the bank account and confirms a successful net banking transaction on the GUI as illustrated in FIG. 9F.
[0040] FIG. 10 illustrates an architectural block diagram of an exemplary implementation of the system 200 for securing transactions using mobile network identification, according to an embodiment of the present invention. In an embodiment, the secure transaction engine 1004 of the system 200 disclosed herein is deployed in a computing device 1001 as exemplarily illustrated in FIG. 10. The computing device 1001 is a computer system programmable using high-level computer programming languages. The computing device 1001 is an electronic device, for example, one or more personal computer, a tablet computing device, a mobile computer, a portable computing device, a laptop, a workstation, a server, a portable electronic device, a network enabled computing device, any other suitable computing equipment, combinations of multiple pieces of computing equipment, etc. In an embodiment, the secure transaction engine 1004 is implemented in the computing device 1001 using programmed and purposeful hardware. In an embodiment, the secure transaction engine 1004 is a computer embeddable system that secures transactions using mobile network identification.
[0041] According to one embodiment, the secure transaction engine 1004 is accessible to users, for example, through a broad spectrum of technologies and user devices such as smart phones, tablet computing devices, endpoint devices, etc., with access to a network 1009, for example, a short-range network or a long-range network. The computing device 1001 communicates with a user device 204, for example, a mobile computer, a mobile phone, a smart phone, a personal digital assistant, a client device, etc., via the network 1009. The network 1009 is, for example, one of a mobile telecommunication network such as a global system for mobile (GSM) communications network, a code division multiple access (CDMA) network, a third generation (3G) mobile communication network, a fourth generation (4G) mobile communication network, a fifth generation (5G) mobile communication network, a long-term evolution (LTE) mobile communication network, a public telephone network, etc., the internet, etc., or a network formed from any combination of these networks.
[0042] As illustrated in FIG. 10, the computing device 1001 comprises at least one processor 1002 and a non-transitory, computer-readable storage medium, for example, a memory unit 1003, for storing computer program instructions defined by modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004. In an embodiment, the modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004 are stored in the memory unit 1003 as illustrated in FIG. 10. The processor 1002 is operably and communicatively coupled to the memory unit 1003 for executing the computer program instructions defined by the modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004 for securing transactions using mobile network identification. The processor 1002 refers to any one or more microprocessors, central processing unit (CPU) devices, finite state machines, computers, microcontrollers, digital signal processors, logic, a logic device, an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a chip, etc., or any combination thereof, capable of executing computer programs or a series of commands, instructions, or state transitions. The secure transaction engine 1004 is not limited to employing the processor 1002. In an embodiment, the secure transaction engine 1004 employs one or more controllers or microcontrollers.
[0043] As illustrated in FIG. 10, the computing device 1001 comprises a data bus 1008, a display unit 1005, a network interface 1006, and common modules 1007. The data bus 1008 permits communications between the modules, for example, 1002, 1003, 1005, 1006, and 1007. The display unit 1005, via a graphical user interface (GUI), displays information, display interfaces, user interface elements such as checkboxes, input text fields, etc., for example, for allowing a user to invoke and execute the secure transaction engine 1004, input data, and perform input actions for triggering various functions of the method disclosed herein.
[0044] The network interface 1006 enables connection of the secure transaction engine 1004 to the network 1009. The network interface 1006 is, for example, one or more of infrared interfaces, interfaces implementing Wi-Fi® of Wi-Fi Alliance Corporation, universal serial bus interfaces, FireWire® interfaces of Apple Inc., interfaces based on transmission control protocol/internet protocol, interfaces based on wireless communications technology such as satellite technology, radio frequency technology, near field communication, etc. The common modules 1007 of the computing device 1001 comprise, for example, input/output (I/O) controllers, input devices, output devices, fixed media drives such as hard drives, removable media drives for receiving removable media, etc. Computer applications and programs are used for operating the secure transaction engine 1004. The programs are loaded onto fixed media drives and into the memory unit 1003 via the removable media drives. In an embodiment, the computer applications and programs are loaded into the memory unit 1003 directly via the network 1009.
[0045] According to one embodiment, the secure transaction engine 1004 comprises modules defining computer program instructions, which when executed by the processor 1002, cause the processor 1002 to secure transactions using mobile network identification. In an embodiment, the modules of the secure transaction engine 1004 comprise a request handler 1004a, a mobile network identification module 1004b, a notification generation module 1004c, and optionally a database 1004d. The database 1004d stores, for example, mobile network identification information of user devices. The request handler 1004a receives a request for a transaction on an account held by a user with an account management entity, for example, a bank, from a requesting entity. On receiving the request, the mobile network identification module 1004b determines a unique mobile network identifier, for example, an international mobile subscriber identity (IMSI) number, a mobile phone number, etc., associated with a subscriber identification module (SIM) of a user device 204 of the user.
[0046] The notification generation module 904c generates and renders an interactive, secure authorization notification on a user interface of the user device 204 using the user’s unique mobile network identifier as disclosed in the detailed descriptions of FIGS. 1-2. In an embodiment, the interactive, secure authorization notification is configured as an interactive, secure real-time push notification or a secure over-the-air (OTA) push notification. The notification generation module 1004c renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component, for example, a short message service (SMS) message inbox, of the user device 1004. The request handler 1004a receives a user input comprising an acceptance input or a rejection input through the interactive, secure authorization notification to proceed with the transaction from the user device 204. Based on the user input, the request handler 1004a, in communication with the account management entity, processes the request to complete the transaction.
[0047] The request handler 1004a, the mobile network identification module 904b, and the notification generation module 1004c are disclosed above as software executed by the processor 1002. In an embodiment, the modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004 are implemented completely in hardware. In another embodiment, the modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004 are implemented by logic circuits to carry out their respective functions disclosed above. In another embodiment, the secure transaction engine 1004 is also implemented as a combination of hardware and software including one or more processors, for example, 1002, that are used to implement the modules, for example, 1004a, 1004b, 1004c, etc., of the secure transaction engine 1004. The processor 1002 retrieves instructions defined by the request handler 1004a, the mobile network identification module 1004b, and the notification generation module 1004c from the memory unit 1003 for performing respective functions disclosed above.
[0048] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments.
[0049] It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modifications.
G) ADVANTAGES OF THE INVENTION
[0001] The various embodiments of the present invention provide a system and method for secure transaction using mobile network identification. The main advantage of the system and method for secure transaction using mobile network identification is that the system uses mobile network parameters to authenticate users and creates seamless, smart authentications that are independent of form factors such as devices, one-time passwords (OTPs), and mobile applications, thereby countering emerging frauds in payment modes such as United Payments Interface (UPI), cards, net banking, etc. In addition to payment transactions, the present invention is applicable for authenticating users during logins, identity authentications, payment authorizations, authentications alternative to OTPs, and other transactions as per use case requirements. The present invention performs real-time authentication independent of external form factors such as device, mobile applications, etc. The present invention is based on the preregistered details of the subscriber identification module (SIM) of the user device, which are difficult to replicate or intercept. The preregistered details comprise, for example, a SIM number, an international mobile subscriber identity (IMSI) number, a mobile number, etc.
[0002] The present invention uses short message service (SMS) services to generate the secure over-the-air (OTA) push notification on a user device. The present invention provides flexibility as no user registration or application download is required. The present invention operates with all devices, including feature phones, smart phones, etc., without any mobile operating system or mobile application dependency, and implements global system for mobile communications (GSM) security standards and protocols. The server and device side of the present invention use GSM 03.48 security mechanisms to encrypt and decrypt SMS messages. The present invention operates without any data connectivity and requires access to a mobile network. The present invention cannot be intercepted, replicated, or manipulated by any mobile application or internet-based application. The present invention provides an interactive push to ensure that a user response can be captured in real time.
[0003] The present invention provides an improvement over typical two-factor authentication methods, for example, the UPI payment mode that implements SIM binding and UPI PIN, and the net banking payment mode that implements login identification/password and secret question/OTP. The present invention is useful in banking, digital mobile applications with authentication requirements, and payments.
[0004] Hence, the present invention provides protection from most technology led payment frauds including phishing or vishing frauds, stolen credentials during online transaction, phone/ application cloning such as SMS code misuse through social engineering, screen share and remote access.
[0005] Furthermore, as the system and method for secure transactions using mobile network identification uses OTA over SMS, the secure transaction engine implemented on the OTA server uses a functionality to allow user to see alerts and take actions even on the Lock screen unlike OTP SMS which can be viewed after the user unlocks the screen. The click to action feature is available in the alerts pushed via OTA unlike the SMS which allow users to interact and respond in real time. The alerts pushed via OTA can be made time bound and post the duration there is no history left on the user’s devise unlike traditional SMS. Furthermore, OTP over SMS can be compromised however the user has to respond on the alert on their phone. Moreover, the secure transaction engine uses technology which has higher channel bandwidth on the delivery in low network areas unlike OTP delivered over an SMS which many times fail to reach the users. The secure transaction engine is also considered as a third factor of authentication enabled along with the industry standard of two Factor authentication applicable on online financial transactions.
[0006] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such as specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments.
[0007] It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modifications. However, all such modifications are deemed to be within the scope of the claims.
, C , Claims:CLAIMS
We claim:
1. A method for securing transactions using mobile network identification comprising the steps of:
employing a secure transaction engine (STE), and wherein the secure transaction engine (STE) is configured to define computer program instructions executable by at least one processor for securing transactions using mobile network identification;
receiving a request by the STE for a transaction on an account held by a user with an account management entity from a requesting entity, and wherein the account management entity is an entity that maintains and manages accounts of the user, and wherein the requesting entity is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction;
determining a unique mobile network identifier of the user by the STE, and wherein the unique mobile network identifier comprises an international mobile subscriber identity (IMSI) number or a mobile phone number associated with a subscriber identification module (SIM) or a SIM card of a user device of the user;
generating and rendering an interactive, secure authorization notification on a user interface of the user device using the user’s unique mobile network identifier by the STE, and wherein the interactive, secure authorization notification is configured as an interactive, real-time, secure push notification or a secure Over-The-Air (OTA) push notification;
receiving a user input comprising an acceptance input or a rejection input through the interactive, secure authorization notification; and
processing the request to complete the transaction by the STE based on the user input in communication with the account management entity;
Characterized in that:
wherein the interactive, secure authorization notification generated by the STE is irrespective of a platform from where the user initiates the transaction and wherein the interactive, secure authorization notification rendered by the STE is a flash message on the user interface, and wherein the STE through the interactive, secure authorization notification, notifies the user on the user’s registered mobile number about any use case or transaction being performed on the user’s behalf for the registered use case, and wherein STE secures the users with an additional layer of safety called third factor of authorization for payments through their bank UPI handle and net banking at any online site or offline platform.
2. The method as claimed in Claim 1, wherein the secure push notification is invoked by the STE to the registered mobile number of the user directly on the SIM card of the user device, and wherein the push notification lands directly on the SIM card of the user device using preregistered mobile network parameters of the SIM card, and wherein the push notification cannot be intercepted and/or bypassed.
3. A system for securing transactions using mobile network identification comprising:
an account management entity configured to maintain and manage accounts of a user; and wherein the account management entity is operably coupled to a secure Over-The-Air (OTA) server, and wherein the account management entity transfers an OTA application message over a secure communication protocol to the secure Over-The-Air (OTA) server in an encrypted format; and wherein the secure communication protocol includes hypertext transfer protocol secure (HTTPS);
a secure transaction engine (STE) is configured to generate and render an interactive, secure authorization notification on a user interface of a user device through a plurality of modules, and wherein the secure transaction engine (STE) is implemented on a secure Over-The-Air (OTA) server; and wherein the secure Over-The-Air (OTA) server is a computing device and creates a secured packet for a subscriber identification module (SIM) card embedded on the user device of the user, and wherein the secure Over-The-Air (OTA) server adds a security header including a command header to the OTA application message and applies security to a part of the command header and the full OTA application message of the resulting secured packet; and wherein the secure OTA server encrypts the resulting secured packet with a security key and a triple data encryption algorithm (3DEA) or 3DES, and wherein the 3DEA or 3DES ensures message security and generates a binary message, which is not a plain text message;
a short message service centre (SMSC) configured to receive the resulting secured packet from the secure OTA server through GSM 03.48 protocol, and wherein the SMSC forwards the resulting secured packet to the SIM card of the user device based on a distributed control system (DCS) and proportional-integral-derivative (PID) implementation, and wherein the SIM card on receiving the resulting secured packet executes secure validation on the resulting secured packet and the SIM card renders the resulting secured packet which passes secure validation, that is the interactive, secure authorization notification on the user interface of the user device; and wherein the interactive, secure authorization notification includes a flash short message service (SMS) message;
wherein the secure transaction engine (STE) comprises a plurality of modules, and wherein the plurality of modules includes a request handler, a mobile network identification module, a notification generation module and a database, and wherein the request handler is configured to receive a request for a transaction on an account held by the user with the account management entity from a requesting entity, and wherein the requesting entity is a platform, including an electronic commerce (e-commerce) platform used for initiating a transaction, and wherein the mobile network identification module is coupled to the request handler, on receiving the request from the request handler the mobile network identification module determines a unique mobile network identifier including an international mobile subscriber identity (IMSI) number, or a mobile phone number associated with the subscriber identification module (SIM) of the user device of the user;
wherein the plurality of modules are configured as software executed by the processor, implemented completely in a hardware, logic circuits to carry out respective functions or combination of hardware and software;
characterized in that:
wherein the secure transaction engine (STE) is device-agnostic and provides SIM based secure OTA message, and wherein the STE provides message security such that no entity in the network is enabled to view and read the SMS text being transferred to the user device and message integrity such that no entity in between is able to change incoming content, precludes spoofing such that no mobile application is able to read the incoming content on the user device, and wherein the STE implements security at rest such that the message is secured, when the message is at rest inside the secure OTA server;
wherein the secure OTA server encrypts the SMS message, which is later decrypted in the user device, and wherein the secure OTA server delivers the encrypted SMS message outside the SMS inbox of the user device, which is directly into the SIM card of the user device, and wherein the SIM card allows reading of the encrypted SMS message;
wherein the notification generation module is configured to generate and render an interactive, secure authorization notification on the user interface of the user device using the user’s unique mobile network identifier; and wherein the interactive, secure authorization notification is configured as an interactive, secure real-time push notification or a secure Over-The-Air (OTA) push notification, and wherein the notification generation module renders the interactive, secure authorization notification as a flash message on the user interface external to a messaging component of the user device, and wherein the messaging component includes a short message service (SMS) message inbox, and wherein the database of the plurality of the modules is optional and the database stores the mobile network identification information of the user device;
wherein STE secures the users with an additional layer of safety called third factor of authorization for payments through their bank UPI handle and net banking at any online site or offline platform.
4. The system as claimed in Claim 3, wherein the secure (OTA) server applies security which comprises security to counter and prevent man-in-middle attack and SIM cloning, a cryptographic checksum (CC) to ensure message integrity.
5. The system as claimed in Claim 3, wherein the secure validation executed by the SIM card includes reading the security header, decrypting data using the security key, validating the command header, validating the checksum, and validating the counter.
6. The system as claimed in Claim 3, wherein the secure transaction engine (STE) is accessible to the user through a broad spectrum of technologies and the user devices with access to a network, and wherein the user devices include smart phones, tablet computing devices and/or endpoint devices, and wherein the network comprises mobile telecommunication network including global system for mobile (GSM) communication network, a code division multiple access (CDMA) network, a third generation (3G) mobile communication network, a fourth generation (4G) mobile communication network, a fifth generation (5G) mobile communication network, a long- term evolution (LTE) mobile communication network, a public telephone network, internet or a combination thereof.
7. The system as claimed in Claim 3, wherein the computing device is an electronic device including one or more personal computers, a tablet computing device, a mobile computer, a portable computing device, a laptop, a workstation, a server, a portable electronic device, a network enabled computing device or combinations of multiple pieces of computing equipment, and wherein the computing device comprises at least one processor and a non-transitory, a data bus, a display unit, a network interface, common modules and a computer-readable storage medium including a memory unit for storing computer program instructions defined by the plurality of modules.
8. The system as claimed in Claim 3, wherein the at least one processor is operably and communicatively coupled to the memory unit, and wherein the processor comprises one or more microprocessors, central processing unit (CPU) devices, finite state machines, computers, microcontrollers, digital signal processors, logic, a logic device, an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a chip or combination thereof.
9. The system as claimed in Claim 3, wherein the data bus permits communication between the plurality of modules; and wherein the display unit through a graphical user interface (GUI) displays information, display interfaces and user interfaces including checkboxes and input text fields; and wherein the network interface enables connection of the secure transaction engine (STE) to the network, and wherein the network interface comprises one or more of infrared interfaces, interfaces implementing Wi-Fi® of Wi-Fi Alliance Corporation, universal serial bus interfaces, FireWire® interfaces of Apple Inc., interfaces based on transmission control protocol/internet protocol, interfaces based on wireless communications technology including satellite technology, radio frequency technology and near field communication.
10. The system as claimed in Claim 3, wherein the common modules comprises input/output (I/O) controllers, input devices, output devices, fixed media drives, and wherein the fixed media drives includes hard drives, removable media drives for receiving removable media.

Place: Bangalore
Date: 13-July-22