Note: Descriptions are shown in the official language in which they were submitted.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
1
SERVICE CARD TRANSACTIONS
OVER A WIRELESS LAN
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a mobile terminal having service-card
transaction functions, and a transaction system and method involving such
a mobile terminal.
BACKGROUND OF THE INVENTION
The need to use service cards, such as credit cards, cash cards and company-
identity cards, in place at shops, stores, company locations and public
utilities
is well known. Today, this need is satisfied through various plastic cards
interworking with card readers in a known manner. The card is normally
inserted into a card slot in the card reader, and subsequently the card reader
reads information from the card. For certain types of smart cards, information
can also be transferred to the card. Modern card readers for credit cards
normally have a keypad for entering a PIN-code (Personal Identification
Number Code) and accepting the transaction. Cash cards do not normally
require a PIN-code; only an acceptance or a rejection of the transaction. The
card reader may also have functions to handle cash register sums from an
electronic cash register and functions for on-line control of credit card
numbers.
Although the use of credit cards and other types of service cards has become
very popular, conventional card and card reader systems has certain
drawbacks which provide a barrier to more widespread use and prevent new
applications.
For example, conventional card readers are a limiting factor for using smart
cards. In an effort to alleviate this problem to some extent, so-called
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
2
contactless smart cards have been introduced. Contactless smart cards use a
radio contact of very short distance (typically up to 40 centimeters), and a
connection is established between the card reader and the smart card by
energizing the card through a radio signal from the card reader.
Another limiting factor is the amount of plastic cards to be handled. It is
not
unusual for an individual to have a dozen different plastic cards, and this is
of
course quite inconvenient.
In addition, with ordinary plastic cards it is sometimes necessary to hand
over
the card to for example a waiter at a restaurant in order to pay. In that
case,
the cardholder is not in control of the card during payment.
RELATED ART
Motorola, Siemens and Alcatel offer a dual-slot mobile phone by which it is
possible to insert a cash-card into an extra card slot in the phone. The
mobile
phone is provided with a card reader for cash cards, and by using the
conventional radio interface of the mobile phone it is envisaged that a
connection may established with a special server in a bank for loading the
cash-card.
The international patent application WO 97/45814 discloses a wireless
terminal used for remote purchase and bill payment transactions as well as
transfer of telecash to other terminals without using the GSM network. More
specifically, the terminal is a mobile phone, which can also operate as an
electronic wallet. By using the terminal the user is able to send/receive
payment messages and electronic cash directly to/from another terminal
under a small adjustable terminal-to-terminal radio coverage. The terminal-to-
terminal radio coverage is adjusted such that only the payer and the payee
will
be able to exchange information and telecash, without using the network.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
3
Microsoft Corporation offers an electronic wallet software in which
information,
such as card number and expiry date, associated with a plastic card can be
stored in a personal computer and used for the purpose of Internet commerce.
U.S. Patent 5,796,832 discloses a financial information and transaction
system in which a portable terminal is connected to a financial institution
via a
wireless or cellular telephone hook-up. Smart cards are utilized to verify
authorization for transactions to minimize potential security problems, which
could otherwise result from the use of a mobile terminal. The system according
to U.S. Patent 5,796,832 seems to be adapted for transactions over longer
distances, in similarity to electronic commerce over the Internet.
SUMMARY OF THE INVENTION
The present invention overcomes these and other drawbacks of the prior art
arrangements.
It is a general object of the present invention to provide an improved
transaction system and method.
In particular, it is important that the transaction system is more flexible
than
conventional systems, and capable of handling various different transaction
conditions in an efficient manner.
It is another object of the invention to provide a mobile terminal, which is
convenient to use for local service card transactions.
These and other objects are met by the invention as defined by the
accompanying patent claims.
The general idea according to the present invention is to use a wireless local
area network, a so-called wireless LAN, and one or more mobile terminals that
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
4
are connectable to the wireless LAN, as a platform for service card
transactions.
The transaction system according to a preferred embodiment of the invention
comprises at least one wireless LAN having at least one transaction terminal,
and at least one mobile terminal. The mobile terminal comprises service-card
transaction functions, and means for implementing at least one virtual service
card such as a credit card or a cash card. Preferably, the service-card
transaction functions are implemented as a general platform, for example in
the form of an electronic wallet, which is capable of handling virtual service
cards. F~.trthermore, the mobile terminal is connectable to the wireless LAN
to
enable a service card transaction between the mobile terminal and a
transaction terminal via the wireless LAN. Together with the electronic
wallet,
the virtual service cards in the mobile terminal can be used for local service
card transactions over the wireless LAN.
In this way, an efficient and flexible transaction system is obtained.
By using a wireless LAN, relatively long distances between a transaction
terminal and a mobile terminal can be handled. The system is also capable of
handling a transaction environment in which many transactions are
performed more or less in parallel between several parties, irrespective of
the
distance between the parties. In addition, the transaction system according to
the invention is independent of the operators of larger public networks such
as
the GSM network, as well as blocking and fault conditions in such networks.
By implementing the service cards as virtual service cards in a mobile
terminal
the need for plastic cards is reduced, and maybe eliminated in the longer
term.
The electronic wallet of the mobile terminal may act as a platform for a
number
of virtual service cards.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
,
In addition, the capabilities of mobile terminals such as mobile phones and
personal digital assistants (PDAs) open up for new applications, such as
reading and storing information in connection with the service card
transactions. For example, receipts and other information associated with a
5 service card transaction may be stored in the mobile terminal, possibly for
later transfer to a personal computer.
According to a preferred embodiment of the invention, a number of parameter
values identifying a session to be completed by a service card transaction are
transmitted by the mobile terminal to the transaction terminal. For example,
the session may be a purchase or an order of goods or services. When the
session has been identified, the transaction terminal normally transmits
information about the session, e.g. in the form of a bill, to the mobile
terminal
such that the service card transaction can be accepted or rejected based on
this information. When the service card transaction has been accepted by the
user of the mobile terminal, the transaction terminal commits the transaction.
An alternative embodiment of the invention involves a mobile terminal that
includes a card reader provided with a card slot for insertion of a real
service
card. In the case of a mobile phone, which already has a card place for a
conventional SIM card, an additional caxd slot for the service card is
provided
in the mobile phone. The mobile terminal further comprises means for
connecting the mobile terminal to the wireless LAN to enable a service card
transaction, related to the service card, between the mobile terminal and a
transaction terminal via the wireless LAN. In a restaurant for example,
instead
of leaving the plastic card to a waiter, which takes the card and goes away to
perform the service card transaction using an ordinary card reader, the user
just inserts the service card into the mobile terminal, and the service card
transaction is then performed over the wireless LAN.
Although the service card transactions performed over the wireless LAN
preferably are financial transactions such as credit card and cash card
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
6
10
transactions, it should be understood that other types of transactions are
feasible as well; for example transactions made when borrowing books at a
library or when recording and giving discounts to users or clients, or even
transactions between an electronic key and an electronic door lock.
In the same way, it should be understood that the term service card not only
relates to credit cards and cash cards, but also to other types of cards such
as
discount cards, bonus cards, membership cards, identity cards, company-
identity cards, electronic key cards and combined cards including a
combination of such cards.
The invention offers the following advantages:
- A flexible transaction system and method;
- The need for ordinary plastic cards is reduced;
- Local transactions over relatively long distances are allowed;
- Several parallel transactions are easily handled;
- Public network independency;
- No need to hand over the service card to outside individuals; and
- Possibility to read and store information, such as receipts, associated
with the service card transactions.
Other advantages offered by the present invention will be appreciated upon
reading of the below description of the embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention, together with further objects and advantages thereof, will be
best understood by reference to the following description taken together with
the accompanying drawings, in which:
Fig. 1 is a schematic diagram of a mobile terminal according to a preferred
embodiment of the invention;
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
7
Fig. 2 is a diagram of a layered representation of the service card
functionality
and its environment in the mobile terminal of Fig. 1;
Fig. 3 is a schematic diagram illustrating a first example of a transaction
system according to a preferred embodiment of the invention;
Fig. 4 is a schematic diagram illustrating a second example of a transaction
system according to a preferred embodiment of the invention;
Fig. 5 is a schematic diagram of screen displays in a mobile terminal,
illustrating a procedure for identifying a session according to a preferred
embodiment of the invention;
Fig. 6 is a schematic flow diagram of a transaction method according to a
preferred embodiment of the invention;
Fig. 7 is a schematic diagram illustrating a third example of a transaction
system according to a preferred embodiment of the invention;
Fig. 8 is a diagram illustrating a first example of a communication session
performed in a system such as that illustrated in Fig. 7;
Fig. 9 is a diagram illustrating a second example of a communication session
performed in a system such as that illustrated in Fig. 7;
Fig. 10 is a schematic diagram illustrating a fourth example of a transaction
system according to a preferred embodiment of the invention;
Fig. 11 is a diagram illustrating a third example of a communication session
performed in a system such as that illustrated in Fig. 10; and
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
8
Fig. 12 is a schematic diagram of a transaction system according to an
alternative embodiment of the invention;
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
Throughout the drawings, the same reference characters will be used for
corresponding or similar elements.
In order to avoid misconceptions, the following definitions are made:
A virtual service card is a set of data, or a set of software-implemented
operations and associated data, issued by a card issuer and used by a
cardholder for the purpose of service card transactions. When using the card,
the cardholder has to observe the policies and rules that may be requested by
the card issuer. For example, a cash-card, which traditionally is represented
on a smart card, will include software as well as data when implemented as a
virtual card, whereas a simple virtual service card will include only data.
A service card transaction is an activity or a series of activities related to
a
service card and involving at least two parties. In general, the activity is
carried
on to conclusion, and results in information being transferred from/ to the
service card. An example of a service card transaction is an operation on a
credit card such as reading data or changing data, eventually resulting in
funds being transferred from one account to another account. Other examples
of service card transactions are reading information from a key card, and
checking the authority of a cardholder. A transaction may of course be
composed of a sequence of smaller transactions, but in the following the
concept of a session is introduced for a sequence of transactions and/or other
events. The purpose is to reduce ambiguity and increase clarity.
A session is a sequence of events and/or transactions performed for a certain
purpose. Throughout the disclosure, a session is normally associated with a
service card transaction. In that case, the service card transaction
constitutes
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
9
a part of the session, and typically the session is completed by the service
card
transaction. An example of a session is the purchase of goods in a shop, which
at least involves registering of the selected items and paying with a credit
card
or cash card. Another example of a session is the opening of an electronic
lock
with an electronic key, which at least involves reading key information,
checking the authority of the key holder and maybe registering the event.
According to the present invention, a wireless local area network (wireless
LAN)
and one or more mobile terminals connectable to the wireless LAN are used as
a platform for service card transactions.
Fig. 1 is a schematic diagram of a mobile terminal according to a preferred
embodiment of the invention. Preferably, the mobile terminal is based on a
mobile telephone or a personal digital assistant (PDA). The mobile terminal 10
is by way of example illustrated as a mobile telephone. As a mobile telephone,
the terminal 10 has a conventional memory (not shown), a display 2, a key pad
4, a radio interface and antenna 5, a processing environment 6 such as a
microprocessor, and a conventional microphone and speaker system (not
shown).
Furthermore, service-card transaction functions are implemented in the
mobile terminal, for example as software in the processing environment 6. The
service-card transaction functions are preferably implemented as a general
platform, a so-called electronic wallet, in the mobile terminal. In addition,
a
number of virtual service cards are implemented in the processing
environment 6. The virtual service cards are used together with the electronic
wallet platform for service card transactions over the wireless LAN, and the
platform preferably provides functionality that can be used by several virtual
service cards.
A virtual service card is generally a set of data or a combination of software
functions and associated data that can replace the functionality of its
plastic
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
card counterpart. Card information, such as card number, expiry date,
cardholder and card issuer, associated with each one of the virtual cards is
stored in mobile terminal 10.
5 Fig. 2 is a diagram of a layered representation of the service card
functionality
and its environment in the mobile terminal of Fig. 1. The bottom layer
includes
the mobile terminal 10 with its processing capabilities, memory devices, power
equipment, user interfaces and a wireless LAN interface. Preferably, a Java
Virtual Machine (JVM) 12 is implemented in the mobile terminal. Java is an
10 example of a programming language that can be used to implement the
electronic wallet platform 14 and a number of virtual service cards (1, 2, 3,
4)
16. Java is an object-oriented language, and as such it involves the
encapsulation of software functions and data into objects, and is therefore
suitable for preventing interference between the software and/or data of
different virtual cards. Normally, the electronic wallet 14 provides general
service-card transaction functions, whereas each one of the virtual service
cards 16 may include card specific data and/or software. The general service-
card transaction functions of the electronic wallet platform include
activation
of selected virtual service cards, and reading and possibly writing relevant
card
information from and to the virtual service cards.
In a more general sense, the electronic wallet may be viewed as the electronic
counterpart of a real wallet, including the general transaction functions as
well
as the virtual service cards.
In use, the electronic wallet in the mobile terminal 10 is normally accessed
by
entering a PIN-code. Next, the electronic wallet 14 with its transaction
functions and virtual service cards is operated, for example by using the
display 2 and the keypad 4.
Different cards may have different requirements on security support and
input/output capabilities. The mobile terminal to be used must fulfill all
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
11
requirements for the card, or otherwise the card will not be installed. Since
different mobile terminals may have different hardware and software functions,
the virtual card in itself is normally configured to handle different types of
terminals. During installation of a virtual card, the card normally finds out
which kind of mobile terminal that is used, and then stores information about
the capabilities of the terminal.
Examples of virtual service cards are credit cards, cash cards, discount
cards,
bonus cards, membership cards, identity cards and electronic key cards.
Furthermore, two or more cards can be combined into a combination card
such as a combination of a credit card and a bonus card.
It is advantageous to show, at command, a visual representation 3 of one or
more virtual service cards on the display 2. In general, each virtual service
card has its own characteristic appearance on the display 2 so as to
facilitate
the selection of service card. It is also possible to use a characteristic
acoustic
signal for each virtual card.
The mobile terminal 10 also comprises a wireless LAN interface 8, which
enables connection to a wireless LAN. Any wireless LAN interface known to the
art, such as a conventional infrared LAN interface or a radio LAN interface,
can
be used by the invention. Preferably, however, a radio LAN chip based on
Bluetooth technology is provided in the mobile terminal 10. The Bluetooth
technology will be described in more detail later on.
In addition, the mobile terminal 10 may have a protecting circuit 7, also
referred to as a protected circuit, for encapsulation, protection and/or
encryption of sensitive information such as private keys, PIN-codes and
possibly biometric codes such as electronic fingerprints. Preferably, the
protecting circuit 7 is a physically encapsulated integrated circuit that
includes a non-erasable memory such as a read only memory (ROM) in which
data and/or software are stored.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
12
Fig. 3 is a schematic diagram illustrating a first example of a transaction
system according to a preferred embodiment of the invention. The transaction
system basically comprises a number of mobile terminals 10A, lOB, and a
wireless LAN 20 that includes a number of transaction terminals 22, 24, 26.
Each one of the transaction terminals 22, 24, 26 in the wireless LAN 20 has
service-card transaction functions and circuitry 23, 25 and 27, respectively
for
enabling communication with other terminals within the LAN 20.
Each one of the mobile terminals 10A, lOB is identical to the mobile terminal
described in connection with Figs. l and 2. Consequently, each mobile
terminal is provided with circuitry for implementing service-card transaction
functions and for implementing one or more virtual service cards. The mobile
terminal is also provided with circuitry for connecting the mobile terminal to
the wireless LAN 20 so as to enable a service card transaction, related to a
virtual service card, between the mobile terminal and a transaction terminal
via the wireless LAN 20.
In Fig. 3, the transaction terminals 22, 24, 26 as well as the mobile
terminals
10A, lOB are connected to and constitute part of the wireless LAN 20, as
indicated by the dotted circle. The transaction system according to the
invention is particularly useful for local service card transactions,
financial
and other service card transactions, at place in for example shops, stores,
companies and public utilities.
In general, a wireless LAN is a local area network which does not utilize
physical wires or cables as transmission medium. The two types of media
normally used for wireless LANs are radio waves and infrared optical signals.
Radio LANs are direction insensitive and generally have a greater range of
coverage than infrared LANs.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
13 '
According to a preferred embodiment of the invention, the wireless LAN is a
radio LAN based on Bluetooth, which is a local radio interface developed by
the
Bluetooth Special Interest Group promoted by Ericsson, Nokia, IBM, Toshiba
and Intel.
However, it should be understood that Bluetooth is merely an example of a
wireless LAN technology that can be used by the invention. Other examples of
wireless LANs include radio LANs such as HyperLAN, and even infrared LANs.
In fact, any wireless LAN that fulfils the following requirements may be used
by the invention: The terminals should be able to establish a connection,
which may carry protocols involved in a session. This connection should be
established either autonomously when entering the coverage area of a wireless
LAN, or on demand when the terminal is within that area. The delay until the
connection has been successfully established should be short, at most a few
seconds. Further, it is advantageous if no configuration in advance for a
certain terminal or user is required.
In the following, the invention will mainly be described with reference to
Bluetooth as base technology for the wireless LAN. Bluetooth is a radio
interface in the 2.45 GHz frequency band that enables terminals to connect
and communicate wirelessly via short-range local area networks (wireless
LANs). Bluetooth is particularly suitable for, but not limited to, so-called
ad
hoc networks.
In Bluetooth, each unit can simultaneously communicate with several other
units. Bluetooth uses a frequency-hop spread spectrum technique dividing the
frequency band into several hop channels. During a connection, the radio
transceivers in the LAN hop from one channel to another in a pseudo-random
way. Bluetooth channels use a frequency-hop/time-division-duplex (FH/TDD)
scheme, and each channel is divided into 625 ~.s intervals, so-called slots,
where a different hop frequency is used for each slot.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
14
In Bluetooth, two or more units sharing the same channel form a so-called
piconet (a LAN), in which one unit acts as a master, controlling the traffic
in
the piconet, and the other units act as slaves. Each piconet has a unique set
of
master parameters that are used in creating a unique channel. In each slot, a
packet can be exchanged between the master and one of the slaves. Packets
have a fixed format in Bluetooth, and each packet begins with a 72-.bit access
code that is derived from the master identity, and unique for the channel. The
access code is used for packet identification, synchronization and offset
compensation in the wireless LAN. A header trails the access code, and a
payload of up to 2,745 bits may trail the header.
Bluetooth units that are within range of each other can establish so-called ad
hoc connections. Unlike ordinary cellular systems, there is no a priori
distinction between terminals and base stations in Bluetooth. As mentioned
above, two or more Bluetooth units that share a channel form a piconet. To
regulate traffic on the channel, one of the participating units becomes a
master
of the piconet. Any unit can become a master, but by definition, the unit that
establishes the piconet assumes this role. All other participants are slaves.
Participants may change roles if a slave wants to take over the master role.
However, only one master at a time may exist in a piconet. When units are not
participating in a piconet, they enter standby mode, from which they
periodically listen for page messages.
Furthermore, Bluetooth allows several piconets to be created with overlapping
coverages. Each piconet then adheres to its own hopping sequence.
More detailed information on Bluetooth can be found, e.g. in the article
Bluetooth - The universal radio interface for ad hoc, wireless connectivity by
J.
Haartsen, Ericsson Review, No. 3, 1998, pages 110-117.
It should be understood that the Bluetooth technology is an example of a base
technology used to enable local communication between terminals, and that
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
the service card transactions and the associated exchange of information are
performed on top of this underlying technology.
By using a wireless LAN, especially a radio LAN such as Bluetooth, for local
5 service card transactions, relatively long distances between transaction
terminals and mobile terminals can be handled. The system is also capable of
handling several transactions performed more or less in parallel between
several parties, and irrespective of the distance between the parties, as long
as
the transactions are performed over the wireless LAN.
With reference once again to Fig. 3, each one of the transaction terminals 22,
24, 26 in the wireless LAN 20 is preferably provided with a wireless LAN chip
based on Bluetooth technology. Normally, one of the transaction terminals acts
as master station of the wireless LAN 20. The master station 22 is often
connected in a known manner via the public network and/or hard wire to a
host server 32. In a conventional manner, the host server 32 may provide
additional functionality not included in the transaction terminals themselves.
If the transaction terminals are used in connection with ordinary cash
registers, the transaction terminals may have functions to handle cash
register
sums from a cash register. Furthermore, the transaction terminals may have
functions for on-line control of credit card numbers, and functions to
transfer
information about the transactions to servers or host computers 32 of a bank
or credit card company.
In addition to the transaction functions used for the virtual service cards,
the
transaction terminals may also include conventional card readers, such as
ordinary card readers and card readers for contactless cards so as to be
capable of handling virtual service cards as well as ordinary plastic cards.
In
that case, the conventional card readers and the functionality used for the
virtual service cards preferably share the same cash register functions and
have common functions for communication with host servers.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
16
It is of course also possible to utilize the security arrangements used for
conventional cards and card readers in connection with service card
transactions performed between terminals over a wireless LAN as well. Far
example, if authentication by an identity card such as a driver's license and
a
real signature on a receipt is required for a certain plastic card, this
procedure
may also be used for the virtual counterpart of the plastic card. However,
full
advantage of the virtual card concept according to the invention is obtained
when authentication and confirmation are performed over the wireless LAN by
using the electronic wallet and its capabilities. In general, mutual
authentication and confirmation may be required. The SET (Secure Electronic
Transaction) protocol, for example, is capable of handling mutual
authentication and confirmation.
Although the transaction system of Fig. 3 is illustrated as having two mobile
terminals, and three transaction terminals, it should be understood that only
one mobile terminal and one transaction terminal are required in the wireless
LAN to perform a service card transaction. The transaction terminals are not
necessarily fixed terminals, but may be mobile.
In addition to credit cards and cash cards, which are well known, a few other
types of service cards that may be implemented as virtual service cards in a
mobile terminal according to the invention will be discussed briefly below.
A library card is a sort of identity card by which a user can be identified as
a
registered user at a library. Information about a number of borrowed books
together with a last day for return may be transferred from a transaction
terminal at the library to the mobile terminal, and the user may then accept
the loan. The virtual library card may have a World Wide Web (WWW) link to
the home page of the library where information on e.g. opening and closing
hours, late return fees, etc. can be found.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
17
An electronic key card is a virtual card that replaces a conventional key or a
conventional plastic key card for a door. A transaction terminal provided in
connection to the door lock controls if the user of the virtual key card in
the
mobile terminal is authorized for access through the door.
A membership card is a service card that confirms membership in an
association or club. For example, it is possible to use the virtual membership
card as a combined membership and discount card if membership in the
association in question entitles to discounts in certain shops and stores. If
the
association has a clubhouse, the virtual card could also be used as a virtual
electronic key.
A company-identity card can be used as a virtual electronic key and as a
means for identification in general. In addition, the virtual card may be used
for payments e.g. in a company restaurant. The company may have
agreements with shops, stores and gyms, and the card can then be used to get
discounts.
In Sweden, the pharmacy card is a sort of bonus card, on which a purchase at
a pharmacy will be registered and a discount given in accordance with
predetermined rules.
Preferably, the service card transactions over the wireless LAN are financial
transactions such as credit card and cash card transactions. In the following,
an example of how to perform a financial service card transaction between two
parties or terminals in a wireless LAN will be described with reference to
Figs.
4and5.
Fig. 4 is a schematic diagram illustrating a second example of a transaction
system according to a preferred embodiment of the invention. The transaction
system comprises a number of at least partially overlapping wireless LANs. In
the example of Fig. 4, three wireless LANs A, B and C are illustrated, each of
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
18
which has a transaction terminal 22, 24 and 26, respectively. The transaction
system further comprises two mobile terminals 10A, lOB that are within the
coverage of at least one of the LANs. The mobile terminal lOB is within the
coverage of two of the LANs A and B.
Assume by way of example that a transaction is to be performed between a
mobile terminal lOB operated by a user and a transaction terminal of a
wireless LAN operated by a salesman or merchant. In a connectivity layer of
the wireless LAN, a connection between the mobile terminal and the
transaction terminal is established. If the transaction terminal involved acts
as
master station of the wireless LAN, the mobile terminal and the transaction
terminal communicate directly with each other. However, if the transaction
terminal involved in the transaction is not a master station, communication
between transaction terminal and mobile terminal is normally, although not
necessarily, performed via the master station of the wireless LAN.
For financial transactions over the wireless LAN, a procedure is normally
required to identify the session to be completed by the payment transaction
and to ensure that payment is performed with the relevant transaction parties
involved. The relevant transaction parties and the relevant session are
identified by a number of parameter values transferred over the wireless LAN.
The number of parameter values necessary for this identification varies from
case to case. Normally, the transaction terminal of the salesman knows which
parameters are required to identify a session among a number of on-going
sessions in the local network. The transaction terminal preferably transmits
information about which parameters that are requested, or information on
selectable parameter values for each one of the parameters to the mobile
terminal, and the mobile terminal then responds by transmitting the
parameter values.
If there is only one salesman and one transaction terminal, the session is
identified in a quite straightforward manner. The same applies if there are
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
19
several transaction terminals, but only one active session to be completed by
a
transaction.
However, if there are several transaction terminals with many active sessions,
or if there are many different wireless LANs operated by different salesmen,
the
situation becomes more complex. With reference to Fig. 4, imagine a market-
hall or shopping center with a number of different shops, stands and
restaurants, where each shop/stand may have several cash register terminals.
Each shop, stand and restaurant may have its own wireless LAN (a piconet),
and the wireless LANs in the market-hall may overlap each other, at least
partially. When a customer has made a purchase in a shop and wants to pay
by using the electronic wallet of the mobile terminal according to the
invention,
the wireless LAN of the shop in question has to be found, and then the correct
cash register terminal in the shop must be addressed in order to completely
identify the session.
Fig. 5 is a schematic 'diagram of screen displays in a mobile terminal,
illustrating a procedure for identifying a session according to a preferred
embodiment of the invention. If the mobile terminal receives signals from the
wireless LANs of several salesmen, shops or restaurants, the options may be
presented. on the display 42 of the mobile terminal. The user of the mobile
terminal preferably uses the key pad to select one of the wireless LANs, for
example the LAN of shop or restaurant 'B', and a parameter value
representative of the selected wireless LAN is transmitted to the LAN in
question. Next, if there are several alternative cash register terminals, i.e.
transaction terminals, these alternative terminals may also be presented as
for
example menu options on the display 44 of the mobile terminal. The user of
the mobile terminal selects one of the terminals and a corresponding
parameter value is transmitted to the selected transaction terminal.
Alternatively, for example in a restaurant, the transaction terminals transmit
information about which parameters that are requested in order to identify a
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
session. This information may be presented on the display 46 of the mobile
terminal, and the user then enters a number of parameter values that are
subsequently transmitted over the wireless LAN. The session may be identified
by using the number of the table in the restaurant, and if necessary even the
5 seat at the table. Normally, the parameter value or values also identify the
transaction terminal. The parameter value for the table may indirectly point
out a particular transaction terminal assigned to this table.
In other words, depending on the local conditions, a number of selections of
10 parameter values have to be made in order to identify the transaction
parties
and the relevant session.
The electronic wallet according to the invention may also include support for
ordering of goods and services. In a restaurant for example, a menu can be
15 transferred from a transaction terminal in the restaurant to the mobile
terminal of a user. Preferably, the menu is then displayed in the mobile
terminal and the food can be ordered by using the order functions of the
electronic wallet. The order may be presented at a terminal for the waiter who
subsequently transfers the order to the kitchen. Alternatively, the order is
20 presented at a terminal in the kitchen. A session number is assigned to the
order, and stored in the transaction terminal as well as the mobile terminal.
At
payment, the session number can be retrieved and used to identify the
transaction.
Preferably, the order is stored in the cash register included in or connected
to a
transaction terminal of the restaurant. The bill can then be produced on
request and transferred to the electronic wallet of the user's mobile terminal
without any interference of the waiter.
If the restaurant has a system for ordering, it can be used by employees of
the
restaurant. If a guest does not have a mobile terminal equipped with an
electronic wallet according to the invention, a waiter can use such a mobile
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
21
terminal to take the order and transfer it by using the electronic wallet
therein.
The bill is then easily produced, based on the electronic order. For
additional
flexibility and convenience, the terminal used by the waiter may also include
functions to print out the bill and an ordinary card reader for plastic cards.
When the relevant transaction parties and the relevant session has been
identified, the relevant transaction terminal normally transmits a bill to the
buyer so that the he or she can check that the bill corresponds to the
products/ services bought. When the transaction has been accepted, the buyer
selects the credit card or cash card that he or she wants to use to complete
the
session. By using menu options or icons, a card is selected from the
electronic
wallet in the mobile terminal lOB. The electronic wallet platform in the
mobile
terminal operates, in some sense, as a card reader and reads the relevant
information, such as card number, card holder, card issuer and expiry date,
from the selected virtual card. This information is transmitted to the
transaction terminal by the LAN interface of the mobile terminal utilizing the
security system that is associated with the currently used card. The
transaction terminal receives the service card information and commits, in
response to an acceptance of the transaction, the payment transaction. By
commit is meant that the transaction is carried on to a conclusion, seen form
the perspective of the user of the mobile terminal. If appropriate, the
transaction terminal transfers information to a server or host computer of a
bank or credit card company, where the transaction is registered and funds
eventually are transferred from the account of the user to the account of the
salesman.
It is important that the card intended to be used, is indeed selected and used
for the payment. Therefore, it is advantageous to give visual displays of the
virtual cards and/or characteristic acoustic signals, as mentioned above in
connection with Fig. 1.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
22
Fig. 6 is a schematic flow diagram of a transaction method according to a
preferred embodiment the invention. The transaction method according to the
invention involves a mobile terminal, which has service-card transaction
functions. In step 52, at least one virtual service card is implemented in the
mobile terminal, and the service-card transaction functions include functions
for handling the virtual service card. In step 54, the mobile terminal is
connected to a wireless LAN which includes at least one transaction terminal,
and in step 56 a service card transaction related to the virtual service card
is
performed between the mobile terminal and the transaction terminal via the
wireless LAN.
Fig. 7 is a schematic diagram illustrating a third example of a transaction
system according to a preferred embodiment of the invention. The wireless LAN
60 of the transaction system comprises two mobile terminals 10A, lOB and a
single transaction terminal 22. Assume by way of example that the mobile
terminal l0A is requesting the initiation of a transaction.
Fig. 8 is a diagram illustrating a first example of a communication session
performed in a system such as that illustrated in Fig. 7. First, the mobile
terminal l0A transmits a request 70 to the transaction terminal 22 over the
wireless LAN 60. If there is only one relevant on-going session, the
transaction
terminal 22 transmits information 72 about a session to be completed by a
service card transaction, in response to the request 70. The session
information 72 may include detailed information about the session; for
example in the form of a bill with a specification of a purchase.
Alternatively,
the session information may simply be a cash register sum. Based on the
session information, the user accepts or rejects the service card transaction,
and the mobile terminal l0A then transmits an acceptance or rejection 74 of
the transaction, normally together with service card information 74 to the
transaction terminal. The service card information normally includes a service
card number and associated information. In response to an acceptance of the
transaction, the transaction terminal 22 commits 76 the transaction. If
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
23
necessary, the transaction terminal 22 also transfers information to a server
in
a bank or other institution.
Fig. 9 is a diagram illustrating a second example of a communication session
performed in a system such as that illustrated in Fig. 7. First, the mobile
terminal l0A transmits a request 80 to the transaction terminal 22 over the
wireless LAN 60. In response to the request 80, the transaction terminal 22
transmits information 82 on which parameters) that is requested to identify a
session among a number of on-going sessions, or selectable parameter values
for each one of the parameter(s). To identify a session, the user of the
mobile
terminal enters at least one parameter value 84 that is transmitted to the
transaction terminal over the wireless LAN. Next, information 86 about the
identified session is transmitted to the mobile terminal over the wireless LAN
60. Based on this information, the user may accept or reject a service card
transaction. If OK, the mobile terminal transmits an acceptance 88 to the
transaction terminal 22. The mobile terminal l0A also transmits service card
information 88, such as a service card number or equivalent, to the
transaction terminal 22. In response to an acceptance and the service card
information, the transaction terminal 22 commits 90 the transaction.
Fig. 10 is a schematic diagram illustrating a fourth example of a transaction
system according to a preferred embodiment of the invention. The wireless LAN
100 of the transaction system comprises three transaction terminals 22, 24,
26, and three mobile terminals 10A, lOB, lOC.
Fig. 11 is a diagram illustrating a third example of a communication session
performed in a system such as that illustrated in Fig. 10. The mobile terminal
l0A transmits a request 120 and at least one parameter value 124 that
identifies a session associated a service card transaction over said wireless
LAN. Preferably, the parameter value or values 124 are sent to the master
station 22 of the LAN 100. The parameter value or values 124 also identifies
one of the transaction terminals of the LAN, and the master station 22 informs
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
24
the identified transaction terminal. The identified transaction terminal
transmits information 126 about the identified session to the mobile terminal
over the wireless LAN. The mobile terminal receives the session information to
enable acceptance/rejection of the service card transaction based on this
information, and an acceptance or a rejection 128 of the transaction is
transmitted to the identified transaction terminal. The mobile terminal also
transmits service card information 128 to the identified transaction terminal
over the wireless LAN, and finally the transaction terminal commits 130 the
transaction in response to an acceptance.
Fig. 12 is a schematic diagram of a transaction system according to an
alternative embodiment of the invention. The transaction system 200 of Fig. 12
is similar to the system of Fig. 3, except for the mobile terminals 11A, 11B.
Each one of the mobile terminals 11A, 11B includes a card reader for a real
service card. Any ordinary card reader, such as a card reader provided with a
card slot for insertion of a real plastic card or a contactless card reader,
may
be used by the invention. Preferably, the mobile terminals 11A, 11B are based
on conventional dual-slot mobile phones, but it is possible to use other
mobile
terminals such as a PDA provided with a card reader. In the same way as for
the mobile terminals 10 described above, each one of the mobile terminals
11A, 11B -further comprises means for connecting the mobile terminal to the
wireless LAN 200 to enable a service card transaction, related to the real
service card, between the mobile terminal and a transaction terminal via the
wireless LAN. In use, the card reader reads information from the service card.
A software module executing in the processing environment of the mobile
terminal handles the information and makes sure that the information is ready
to be transmitted over the wireless LAN by a wireless LAN interface such as a
Bluetooth chip. For smart cards, the card reader may write information to the
card.
Of course, it is possible to combine a card reader for real service cards and
a
"card reader" for virtual service cards in a mobile terminal according to the
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
invention. In that case, the electronic wallet software that handles the
virtual
service cards may also handle the information read from the real plastic
service cards by the ordinary card reader.
5 According to a further alternative embodiment of the invention, based on the
information read by the card reader from the real plastic service card, a
virtual
counterpart, i.e. a corresponding virtual service card, is generated by use of
the electronic wallet software.
10 More on security aspects
The electronic wallet platform according to the invention may support several
different security levels. Different service cards may have different
requirements on the security system. The lowest security level is merely based
on the ownership of the mobile terminal. However, this is normally not the
15 recommended level of security.
Sensitive information such as card number, the identity of the cardholder and
the card issuer and expiry date can be encrypted with the private key of the
card issuer. This makes sure that this information can not be manipulated,
20 but gives no protection for unauthorized duplication of the card.
Storing a transaction number or a session number for each transaction
facilitates a later review of performed transactions if transaction errors are
suspected. By using a procedure in which transaction numbers are selected by
25 the transaction terminal in a random way, and in which the mobile terminal
stores the most recent transaction number to be sent over to the transaction
terminal at a new transaction, certain types of fraudulent behavior may be
detected. For example, it is possible to detect a duplicated card used in
parallel
with the ordinary card.
The use of biometric procedures may provide a higher security level than the
use of PIN-codes. Examples of such biometric procedures include scanning of
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
26
fingerprints, voice recognition mechanisms, and the use of digital signatures.
These biometric methods may replace the PIN-code or used as a complement.
Storing and checking PIN-codes and/or biometric codes in special hardware
may provide a higher level of security than that obtained when storing the PIN-
code in a conventional computer memory. The special hardware can either be
provided at the SIM card of the mobile terminal, if such a card exists, or
provided at an additional smart card. It is also possible to use a built-in
hardware function for this purpose. The hardware should have functions for
limiting the number of unsuccessful attempts to access the card or the
electronic wallet.
A security function commonly required by many service cards is encryption by
a private key to prove authentication. By implementing the
encryption/protecting circuit in protected hardware, and storing the key in
the
same hardware, it is possible to securely hide the key. Normally, a
certificate is
issued by a so-called Certification Authority. The certificate binds a person
to a
predetermined public key. More information on certificates, private keys and
public keys can be found e.g. in the book Understanding Digital Signatures by
G. L. Grant, McGraw-Hill, New York, 1998, pages 123-126.
Standardized protocols for different types of transactions do exist and new
protocols are being developed. An example is the SET-protocol (Secure
Electronic Transaction). SET is primarily intended for credit card
transactions
over the Internet. The main security goals of SET are information
confidentiality, payment information integrity and merchant/ cardholder
authentication. With SET it is possible to protect e.g. the cardholder's
credit
card number, and make sure that only authorized parties can use it. More
information on SET can be found e.g. in the book Understanding Digital
Signatures by G. L. Grant, McGraw-Hill, New York, 1998, pages 110-116.
According to an embodiment of the invention, such a protocol is implemented
in the transaction system according to the invention.
CA 02361748 2001-07-31
WO 00/46959 PCT/SE00/00085
27
It should be understood that public wireless telecommunication networks,
such as the GSM network using the WAP protocol (Wireless Application
Protocol), may be used by the mobile phones according to the invention for
service card transactions over longer distances in a traditional manner.
The embodiments described above are merely given as examples, and it should
be understood that the present invention is not limited thereto. Farther
modifications, changes and improvements which retain the basic underlying
principles disclosed and claimed herein are within the scope and spirit of the
invention.
