Browse Prior Art Database

USSD Operation to get Authenticated Payment Token for Charging Purposes

IP.com Disclosure Number: IPCOM000019033D
Published in the IP.com Journal: Volume 3 Issue 9 (2003-09-25)
Included in the Prior Art Database: 2003-Sep-25
Document File: 1 page(s) / 53K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

If a GSM/UMTS (Global System for Mobile Communication/ Universal Mobile Telecommunications System) subscriber wants to use his Mobile Network Operator (MNO) charging account to pay for goods and services provided to him, currently the most common option is to use a credit card number, which is sent from the user via the mobile network to the provider in a secure transaction environment. Nevertheless, this still bears the risk of the credit card number being intercepted and used maliciously. Furthermore, the subscriber has to have access to a credit card in order to use this method. To improve the security of the transaction, we propose to use an Authorized Payment Token (APT) instead of the credit card number for the purchase. The APT, a digit string of a certain maximum length, is generated by the MNO and granted to the subscriber for secure payment. This method can be applied if a trustworthy relation between the provider of the goods and the MNO exists, or if the MNO itself is the provider. It refers in particular to scenarios in which the subscriber wants to pay by a prepaid account or by his credit card account. In the latter case, the credit card number is deposited in his subscriber data at the MNO.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 1

S

© SIEMENS AG 2003 file: 2003J09676.doc page: 1

USSD Operation to get Authenticated Payment Token for Charging Purposes

Idea: Manfred Leitgeb, AT-Vienna; Hagen Scheibe, DE-Munich; Roland Ernst, DE-Bad Hersfeld; Petra Kastl, DE-Bad Hersfeld

If a GSM/UMTS (Global System for Mobile Communication/ Universal Mobile Telecommunications System) subscriber wants to use his Mobile Network Operator (MNO) charging account to pay for goods and services provided to him, currently the most common option is to use a credit card number, which is sent from the user via the mobile network to the provider in a secure transaction environment. Nevertheless, this still bears the risk of the credit card number being intercepted and used maliciously. Furthermore, the subscriber has to have access to a credit card in order to use this method.

To improve the security of the transaction, we propose to use an Authorized Payment Token (APT) instead of the credit card number for the purchase. The APT, a digit string of a certain maximum length, is generated by the MNO and granted to the subscriber for secure payment. This method can be applied if a trustworthy relation between the provider of the goods and the MNO exists, or if the MNO itself is the provider. It refers in particular to scenarios in which the subscriber wants to pay by a prepaid account or by his credit card account. In the latter case, the credit card number is deposited in his subscriber data at the MNO.

To retrieve the APT from the MNO, the user sends a USSD (Unstructured Supplementary Services Data) string to the MNO. The content of which i...