Note: Descriptions are shown in the official language in which they were submitted.
CA 02413340 2007-06-07
-1-
TITLE: SYSTEM AND METHOD FOR CONDUCTING AN ELECTRONIC
COMMERCIAL TRANSACTION
Field Of The Invention
The invention relates to electronic commerce, and in particular,
to a system and method for conducting and eiectronic commerce transaction.
Background Of The Invention
The Intemet has created tremendous growth in electronic
commerce (i.e. the purchase of goods and services on-line). Electronic
commerce is also referred to as "e-commerce". To complete an e-commerce
transaction, the user is typically required to provide information to the
merchant web site, which typically includes the user's name, address, and
financial information (usually credit card information). This information may
be entered manually by the user. Alternatively, there are a number of well
known ways in which the input of information may be automated, such as
form filling tools, and digital wallets. However, these alternatives still
require
the user to submit certain information to the merchant web site, increasing
the
time required to complete the e-commerce transaction and inconvenience to
user.
In order to avoid fraudulent transactions, the merchant web site
may also wish to authenticate the user. A number of authentication methods,
such as user names and passwords, digital certificates, hardware tokens, or
the like are well known. Depending on the authentication method used, the
user may be required to enter additional information, such as a user name
and password, further inconveniencing the user.
Recently, more users are accessing the Intemet using mobile
devices (such as digital phones, pagers and personal digital assistants
(PDAs)). These mobile devices generally have a smaller screen and
constrained input capabiiities. than the personal computers currently in
widespread use. Consequently, entering or providing information required by
merchant web sites is an even greater inconvenience for users of mobile
devices.
CA 02413340 2007-06-07
-2-
Accordingly there is a need for a method of conducting an e-
commerce transaction which reduces the amount of information required to be
provided by a user of a mobile device and facilitates authentication of the
user
to the merchant.
Summary Of The Invention
According to a first aspect of the invention, a method for
conducting an e-commerce transaction between a user and a merchant is
provided. The user has a customer account with a communication provider
operating a first communication network. The customer account includes
personal information about the user therein. The method comprises: a)
establishing communication between the user and the communication
provider over the first communication network; b) authenticating the user to
the communication provider; c) selecting a product from the merchant for the
e-commerce transaction; d) retrieving the personal information about the user
from the customer account; and e) completing the e-commerce transaction.
According to a second aspect of the invention, a system for
conducting an e-commerce transaction is provided. The system comprises:
a mobile device adapted for operation by a user;
a wireless network adapted for communication with the mobile
device, the wireless network being operated by a communication provider, the
user having a customer account with the communication provider, the
customer account comprising personal information about the user;
a credential verification server adapted for access to the
personal information; and
a merchant server adapted for communication with the
credential verification server via the Intemet;
wherein, upon request from the merchant server, the credential
verification server is adapted to provide the personal information from the
customer account to the merchant server to complete the e-commerce
transaction.
CA 02413340 2007-06-07
-3-
According to a third aspect of the invention, a computer readable
medium including a computer program that conducts an e-commerce
transaction between a user and a merchant is provided. The user has a
customer account with a communication provider operating a first
communication network. The customer account includes personal information
about the user therein. The computer program causes the computer to perform
the steps of: a) establishing communication between the user and the
communication provider over the first communication network: b) authenticating
the user to the communication provider; c) selecting a product from the
merchant for the e-commerce translation; d) retrieving the personal
information
about the user from the customer account; and e) completing the e-commerce
translation.
According to a further aspect, there is provided a method for use
by a merchant in an e-commerce transaction, comprising receiving via a
network connection a request for an e-commerce transaction from a wireless
mobile device operated by a customer over a wireless network, wherein the
wireless network is operated by a communication provider and provides the
network connection to the merchant, the customer having a customer account
with the communication provider, the customer account including personal
information pertaining to the customer, the request including information
pertaining to at least one of the merchant's products and customer
identification
information, the customer identification information being provided
automatically
by the mobile device without the customer having to input the customer
identification information with the request, the customer identification
information not including financial instrument related information; detecting
the
customer identification information and recognizing that required personal
information relating to the customer may be obtained from a credential
verification server; requesting from the credential verification server the
required personal information, wherein the credential verification server
obtains
the required personal information from the customer account with the
communication provider, wherein the customer is not contacted via another
device to provide the required personal information or to approve the
CA 02413340 2007-06-07
-3a-
transaction; receiving the required personal information from the credential
verification server; debiting a financial instrument received from the
credential
verification server as part of the required personal information; and causing
the
merchant's product to be delivered to the customer.
According to another aspect of the invention there is also
provided a method for use by a communication provider in an e-commerce
transaction comprising providing a customer account and access to a wireless
network to a customer, the customer account including personal information
pertaining to the customer; forwarding a request for an e-commerce
transaction transmitted from a wireless mobile device operated by the
customer through the wireless network to a wired network for receipt by a
merchant, the request including information pertaining to at least one of the
merchant's products and customer identification information, the customer
identification information being provided automatically by the mobile device
without the customer having to input the customer identification information
with the request, the customer identification information not including
financial
instrument related information; responding to a request from a credential
verification server for personal information pertaining to the customer by
providing the requested personal information from the customer account,
wherein the customer is not contacted via another device to provide the
required personal information or to approve the transaction, wherein the
merchant receives the required personal information from the credential
verification server and completes the e-commerce transaction.
In yet a further aspect, there is provided a method for use in an
e-commerce transaction comprising after a merchant receives via a network
connection a request for an e-commerce transaction from a wireless mobile
device operated by a customer over a wireless network, wherein the wireless
network is operated by a communication provider and provides the network
connection to the merchant, the customer having a customer account with the
communication provider, the customer account including personal information
pertaining to the customer, the request including information pertaining to at
CA 02413340 2008-03-20
- 3b -
least one of the merchant's products and customer identification information,
the
customer identification information being provided automatically by the mobile
device
without the customer having to input the customer identification information
with the
request, the customer identification information not including financial
instrument related
information, receiving a request from the merchant for required personal
information
pertaining to the customer; obtaining the required personal information from
the customer
account with the communication provider, wherein the customer is not contacted
via
another device to provide the required personal information or to approve the
transaction;
transmitting the required personal information to the merchant, wherein the
merchant
completes the e-commerce transaction.
In another aspect, there is provided a method for use by a merchant in an
e-commerce transaction, comprising: receiving via a network connection a
request for an
e-commerce transaction from a wireless mobile device operated by a customer
over a
wireless network, wherein the wireless network is operated by a communication
provider
and provides the network connection to the merchant, the customer having a
customer
account with the communication provider, the customer account including
personal
information pertaining to the customer, the request including information
pertaining to at
least one of the merchant's products; detecting customer identification
information in the
request for an e-commerce transaction, the customer identification information
being
provided using an application level protocol and automatically by the mobile
device
without the customer inputting the customer identification information; in
response to
detecting the customer identification information, launching an application
that recognizes
that personal information relating to the customer may be obtained from a
credential
verification server; requesting from the credential verification server the
personal
information, wherein the credential verification server obtains the personal
information
from the wireless network; receiving the personal information from the
credential
verification server; and debiting a financial instrument received from the
credential
verification server as part of the personal information.
In another aspect, there is provided a method for use by a communication
provider in an e-commerce transaction comprising: providing a customer account
and
access to a wireless network to a customer, the customer account including
personal
information pertaining to the customer; forwarding a request for an e-commerce
transaction transmitted from a wireless mobile device operated by the customer
through
the wireless network to a wired network for receipt by a merchant, the request
including
CA 02413340 2008-03-20
- 3c-
information pertaining to at least one of the merchant's products and customer
identification information, the customer identification information being
provided using an
application level protocol and automatically by the mobile device without the
customer
inputting the customer identification information; and responding to a
merchant request
from a credential verification server for personal information pertaining to
the customer by
providing the requested personal information from the customer account, via
the wireless
network, wherein the merchant receives the personal information from the
credential
verification server and completes the e-commerce transaction.
In another aspect, there is provided a method for use in an e-commerce
transaction comprising: after a merchant receives via a network connection a
request for
an e-commerce transaction from a wireless mobile device operated by a customer
over a
wireless network, wherein the wireless network is operated by a communication
provider
and provides the network connection to the merchant, the customer having a
customer
account with the communication provider, the customer account including
personal
information pertaining to the customer, the request including information
pertaining to at
least one of the merchant's products and customer identification information,
the
customer identification information being provided using an application level
protocol and
automatically by the mobile device without the customer inputting the customer
identification information, receiving a request from the merchant for personal
information
pertaining to the customer; obtaining the personal information from the
customer account
with the communication provider via the wireless network; and transmitting the
personal
information to the merchant, wherein the merchant completes the e-commerce
transaction.
Brief Description of the Drawings
The present invention will now be described, by way of example only, with
reference to the following figures, in which:
Figure 1 is a block diagram illustrating an e-commerce system in
accordance with an embodiment of the present invention;
Figure 2 is a block diagram providing additional detail on the system
shown in Figure 1;
Figure 3 is a block diagram illustrating a number of steps in a preferred
embodiment of the method according to the present invention.
CA 02413340 2008-03-20
- 3d -
Detailed Description of the Invention
As used in herein, a"producY' includes any goods or services, and a
"transaction" is any transfer of a product, including without limitation
sales, leases,
auctions or the like.
Figure 1 shows a first communication network 10, which is in
communication with a mobile device 12. Although for clarity, only one mobile
device is
shown in Figure 1, it will be understood that any number of mobile devices may
be
simultaneously connected to the first communication network 10. The mobile
device 12
may be any device such as mobile phone, PDA, or
CA 02413340 2007-06-07
-4-
the like which is capable of sending and receiving communications via the
first
communication network 10.
Continuing to refer to Figure 1, the first communication network
is preferably in communication with a second communication network 14.
The second communication network 14 is in communication with a merchant
server 16 operated by a merchant offering goods and/or services. The
merchant server 16 may be an application server, a web server or any other
type of server capable of offering e-commerce services over the second
communication network 14. However, it will be understood by those skilled in
the art that the merchant server 16 may be part of the first communication
network 10, and may be operated by the communication provider. In this
case, the method of conducting an e-commerce transaction according to the
present invention may be carried out on the first communication network 10,
and use of the second communication network 14 is not required.
Figure 2 shows a preferred embodiment of the system shown in
Figure 1. As shown in Figure 2, the first communication network is preferably
a wireless network 20 and the second communication network is preferably
the intemet 22. The wireiess network 20 is operated by a communication
provider, such as a commercial wireless service operator. The mobile device
12 is operated by a user who is a customer of the communication provider.
The user has a customer account with the communication provider. The
account includes personal information about the user, which is stored on a
database or the like. The personal Information may include the user's name,
address, financial instrument information, and any other information about the
user required to authenticate the user or provide goods and services to the
user.
Continuing to refer to Figure 2, the wireiess network 20 may be
a GSM (Global System for Mobile communications) network which supports
the GPRS (General Packet Radio Service) for transmission of data. It will be
understood by those skilled the art that khe wireless network may be any
CA 02413340 2007-06-07
-5-
other type of network, such as CDMA, Mobitex, DataTac, PDC, CMDA2000,
UMTS, or the like.
Referring to Figure 2, the wireless network 20 preferably
comprises a cellular radio network, which comprises any suitable number of
base stations 24, mobile switching centers 26, and network management
equipment and other equipment used to support connectivity to other fixed or
mobile communicating devices or to offer specific services (not shown). The
wireless network 20 may also include a home location register (HLR) 32 and a
billing system 34. The HLR 32 is a database containing personal information
and other information about users who are customers of the communication
provider. The billing system 34 generates the user's bill. The components of
the wireless network 20 describe above are well known in the art and will not
be described further.
Referring to Figure 2, the mobile device 12 is preferably a
wireless device, with its own power source supporting a radio transmitter and
receiver. The mobile device 12 and base stations 24 communicate over
predefined radio frequencies obeying a set of protocols used to establish a
connection and transfer information via that connection. Within the set of
protocols executed between the mobile device 12 and base stations 24, there
exists at least two generic types of information that can be categorized as
control (or signaling) information and traffic information. Control
information is
typically, but not exclusively, transmitted from the base stations 24 to the
mobile device 12. The mobile device 12 upon receiving and correctly
interpreting the control Information may derive the method for obtaining the
traffic information. This method, for example, may be the radio frequency and
coding scheme used to transfer the traffic information. The traffic
information
may be human audible voice, data, images or any combination of multi-media
transmissions that could be usable for conveying information to a human or
machine.
Continuing to refer to Figure 2, GPRS support in the wireless
network 20 is provided by the Serving GPRS Support Node (SGSN) 28 and
CA 02413340 2007-06-07
-6-
the Gateway GPRS Support Node (GGSN) 30, which permit communication
of data traffic via the Internet 22 to an external device, such the merchant
server 16 (shown in Fig. 1). The SGSN 28 tracks the location of the mobile
device 12, performs user authentication for wireless network access using
information in the HLR 32, and ensures security of information transmitted
over radio frequencies by encrypting/decrypting the transmitted information.
The GGSN 30 provides interoperability with external packet switched
networks such as the Internet 22.
Referring now to Figures 2 and 3, a credential verification server
40 is provided to receive requests relating to personal information of the
user,
as described in more detail below. According to the embodiment shown in
Figures 2 and 3, the credential verification server 40 is operated by a third
party and is in communication with the wireless network 20 and the Intemet
22. Preferably, the credential verification server 40 is implemented on a
standalone computer. However, it will be understood by those skilled in the
art that the credential verification server 40 may be implemented as several
software programs running on different computers, or as one or more
software programs running on a single computer.
In an altemative embodiment, the credential verification server
40 may be owned by the communication provider and be part of the wireless
network 20. In such an embodiment, the credential verification server 40 is
preferably a standalone server, but may also be implemented as software
running on one or more of the other components of the wireless network 20.
The method according to a preferred embodiment of the present
invention will now be described with reference to Figures 1-3. When the
user's mobile device 12 is on, and the mobile device 12 and base station 24
are able to transmit radio signals therebetween, the wireless network 20
authenticates the user as a customer of the communication provider. To
authenticate the user to the communication provider on a GSM network, the
mobile device 12 transmits a unique identifier called an Intemational Mobile
Subscriber Identity (IMSI). The IMSI is matched to the user's customer profile
CA 02413340 2007-06-07
-7-
stored in the SGSN 28 and/or the HLR 32. if the IMSI from the mobile device
12 is matched to a corresponding IMSI in a valid user account, the mobile
device 12 is permitted to connect to the wireless network 20.
The user sends a request for the e-commerce transaction to the
merchant server 16 using the mobile device 12. The user may enter the
merchant's web site URL (Universal Resource Locator), select the merchant's
URL from a menu on the mobile device 12, enter the lntemet Protocol (IP)
address of the merchant server 16, or in some other well known manner. The
mobile device 12 sends the request to the wireless network 20 using a
wireless protocol, such as GPRS over GSM. The communication is routed to
the lnternet 22 via the SSGN 28 and GGSN 30, which may translate the
request to HTTP (hypertext transfer protocol).
In addition to information required to select a product from the
merchant server 16, the request sent from the mobile device 12 includes
identification information, such as the user's telephone number and the
identity of the communication provider which operates the wireless network 20
of which the user is a customer. This additionai information is provided using
an application level protocol, such as an XML (Extensible Markup Language)
based protocol. When the merchant server 16, detects the identification
information in the request, the merchant server 16 launches an application
which recognizes that the personal information about the user may be
obtained from the credential verification server 40.
The user may browse the merchant's web site and select the
desired item. When the merchant server 16 requires any personal information
from the user, such as name, address, financial instrumeiit information,
credit
history, the merchant server 16 preferably requests this information from the
credential verification server 40 using the application described above. The
credential verification server 40 obtains the personal information required
from
the user's customer account and retums the information to the merchant
server 16. If the merchant server 16 requires authentication of the user, the
merchant server 16 sends a request to the credential verification server 40.
CA 02413340 2007-06-07
-8-
The credential verification server 40 verifies that the user has been
authenticated by the wireless network 20 by for, example, retrieving
authentication confirmation from the HLR 32. This authentication confirmation
is included in the user personal information.
The credential verification server 40 may cache the personal
information, or altematively, it may retrieve the information from the HLR 32,
billing system 34, or other communication provider equipment.
After receiving all required personal information from the
credential verification server 40, the merchant server 16 then completes the e-
commerce transaction. For payment, the merchant server 16 may debit the
financial instrument received from the credential verification server 40, as
part
of the user's personal information.
Altematively, the merchant server may, after the transaction is
complete, submit a purchase record to the communication provider, who will
then add the amount owed to the merchant to the user's account and bill the
user together with amounts owing for use of the communications' provider
wireless services. This embodiment provides the merchant with cost savings
by avoiding transaction fees charged by financial institutions, such as credit
card fees, and by not having to generate its own invoices for purchases on its
web site. Although the communication provider may charge a fee for its
services, the fee may be less than that of a credit card transaction, as the
communication provider is exploiting information and functionality it has
already implemented in its network infrastructure for its business. The
communication provider may set a ceiling on the amount a user can purchase
during a billing period, similar to a credit limit.
The method according to the present invention reduces or
eliminates the need for users of mobile devices to enter personal information.
In addition, merchants and communication providers can use the personal
information to ensure the users approved for transactions have a good
payment history and their customer accounts are in good standing, thus
minimizing the risk of the merchant not receiving payment.
CA 02413340 2007-06-07
-9-
In an aitemative embodiment of the invention, the merchant
server 16 may require that the user enter the personal information. The
merchant server 16 may then request the same personal information from the
credential verification server 40 to confirm the information it has received
from
the user. Alternatively, the merchant server 16 may request that the user
provide some personal information, such as authentication information (e.g.
user name and password), but may request some other personal information,
such as the user's address from the credential verification server 40 to
eliminate the need for the user to enter or otherwise submit this information.
In another aiternative embodiment of the invention, a
consolidation server (not shown) may be provided. The consoiidation server
communicates with a piuraiity of credentiai verification servers 40, each of
which is operated by one of a plurality of communication providers of
different
wireless networks 20. When obtaining a user's personal information, the
merchant server 16 communicates with the consolidation server, regardless of
the wireiess network 20 of which the user is a customer. The consoiidation
server would then contact the credential verification server 40 for the
appropriate communication provider to obtain the user's personal information.
As above, the merchant may debit a user's financial instrument directly or
may debit the user's customer account with the communication provider. In
this case, the merchant server 16 send the payment to the consolidation
server, which would redirect It to the appropriate communication provider so
that the user's customer account is debited for the payment.
While the present invention as herein shown and described in
detail is fully capable of attaining the above-described objects of the
invention,
it is to be understood that it is the presently preferred embodiment of the
present invention and thus, is representative of the subject matter which is
broadly contemplated by the present invention, that the scope of the present
invention fully encompasses other embodiments which may become obvious
to those skilled in -he art, and that the scope of the present invention is
accordingly to be limited by nothing other than the appended claims, in which
CA 02413340 2006-10-11
-10-
reference to an element in the singular is not intended to mean "one and only
one"
unless explicitly so stated, but rather "one or more". The above-described
embodiments of the present invention are intended to be examples only.
Alterations, modifications and variations may be effected to the particular
embodiments by those of skill in the art without departing from the scope of
the
invention, which is defined solely by the claims appended hereto. moreover, it
is
not necessary for a device or method to address each and every problem sought
to be solved by the present invention, for it is to be encompassed by the
present
claims.
