Mobile commerce receipt system

Description

This application is a division of U.S. application Ser. No. 10/275,697, filed on Nov. 8, 2002, which is a US national phase of international application PCT/SE01/00975 filed 4 May 2001, which designated the US, the entire content of which is hereby incorporated by reference in this application.

TECHNICAL FIELD

The invention relates to the field of mobile telecommunications services, particularly a system, and a method for use in said system, for providing to a user of mobile telecommunications a receipt or proof confirming a purchase, payment and/or other e-commerce transaction made by the user.

BACKGROUND

Mobile e-commerce can be defined as commerce for mobile users made available via mobile devices such as mobile phones, PDAs (Personal Data Assistant), palmtop, etc. The mobile user has the possibility to do shopping, ticketing, banking, betting, trading via his mobile phones.

In web commerce goods, except electronic ones or services, are usually delivered later on. With mobile e-commerce, the user should be able to access the same commerce services with postponed delivery as the web but in addition, he must be able to access commerce services with short time delivery. For example, a user when on the move and thirsty, wants to get the soft drink from the automat right after having paid via his mobile phone. Another mobile user when visiting a city and wanting to see a movie expects to be able to collect the ticket at least before the beginning of the show.

In such situations, the entity performing the actual delivery, that could be a human being or a machine, needs to receive the authorisation for delivery quite rapidly. In addition, as in the case of the cinema ticket, the user needs to receive some sort of electronic receipt that he shows to the delivery entity to get the cinema ticket. Such an electronic receipt must fulfil the requirements:

• • It needs to be recognisable by the delivery entity
  • It can be used as a proof to show that the holder of the receipt has made the purchase and that the ordered goods and/or services can be delivered to the holder
  • It cannot be falsified
  • It cannot be duplicated or used twice

Accordingly, there is a need for a receipt system in mobile e-commerce.

International patent publication number WO99/66436 discloses an electronic verified payment system (VPS) comprising a distributed verified trusted third-party system and method enabling electronic/digital transactions through real-time verification and authentication. The VPS includes hubs storing client data and connecting clients, such as users of mobile phones, palm-tops and digital television, to vendors to mediate secure electronic transactions. International patent publication number WO98/43211 discloses a digital payment transactions system wherein a broker generates and stores a secret number to be the start number for a chain of hash values by successive operations of a hash function. The values are associated with coins in a coin stick provided by the user, enabling secure payments in subsequent electronic transactions involving payments. Other systems and/or methods for electronic payments, of which some utilise a third party or a mediator, are disclosed in EP-A 1-0865010, WO99/46720, U.S. Pat. No. 5,999,596, WO99/49404 and EP-A1-0971302. None of these, however, provide the user with a specific and reliable proof of the transaction made.

Other known systems for purchasing cinema tickets by telecommunication means, such as the one offered by Telenor Mobile in Norway, have only a very primitive scheme for receipt. After that the user confirms the acquisition of the tickets by entering through a telephone his PIN (Personal Identification Number) code, the user will receive a code, e.g. a 4 or 6 digit number. To collect his cinema tickets, the user presents the code at the ticket window. The ticket window attendant then compares the code presented by the user with one received from the system. If they match, then the attendant is authorised to hand out the purchased tickets to the user.

An example of an existing mobile e-commerce is depicted in FIG. 1. The user uses a mobile phone equipped with a browser, e.g. a WAP (Wireless Application Protocol) browser or a SIM (Subscriber Identification Module) Application toolkit browser, etc. allowing the user to browse on the World Wide Web via a gateway. The gateway can be a WAP gateway, an SMS (Short Message Service) gateway or any specific server capable of communicating with the browser on the mobile phone. The user visits a merchant's or vendor's web site. He contemplates the offers and selects the items that he wants. He pays for them through a payment scheme. The payment scheme may be for example based on a prepaid account, a credit or debit card or a bank account. He receives from the merchant a code that he can present when collecting the purchased items.

Such a system is simple but relies totally on the reliability of the merchant's system. It is only satisfactory if the delivery entity gets both the correct code and the correct information about the ordered tickets, e.g. theatre, movie, seats, etc. Otherwise, the user will not receive the tickets that he has paid for. In case of failure, the user has only a code that is insufficient to prove that he has bought the tickets. Of course he will not be charged for the tickets in such a situation but this is not what he wants. It is quite frustrating not be able to watch the movie that one likes and has paid for.

As stated above, the current solution with a simple code is not sufficient since the user has to rely totally on the reliability of a vendor or merchant, and her/his system. Although the merchant may be honest and does not have the intention to play tricks on the user, if a fault occurs in his system the user will not get delivered the goods or services that actually has been bought, and usually paid for. Also, a mismatch between the ordered goods or services and what is actually delivered to the user can occur.

SUMMARY

Ideally, a contract stating all the details of the deal, i.e. the goods and/or services ordered, prices and quantity, etc. should be signed digitally by the merchant and then sent to the user mobile phone for local storing in the phone. At the delivery counter, the user can connect his phone via for example a cable, a socket or wireless using Bluetooth or IEEE 802.11 to the delivery system and hand over the signed contract. The delivery entity verifies the signed contract and if valid delivers the goods and/or services to the user.

To realise such an ideal solution, certain adaptations of the existing technology should be made to meet the demands of the ideal solution. Aspects to consider in this regard are:

• • A detailed digital contract is rather large and the mobile phone may not have sufficient storage capacity for storing multiple contracts, which is necessary when the user buys several items.
  • If the mobile phone is broken or stolen the user will loose all his contracts and hence may also loose all his purchase. Of course, the user can always claim to the merchant but it's up to the merchant to decide.
  • The delivery entity must have sufficient capability to verify rapidly the digital contract and this could be unacceptable from the economical point of view.
  • In some situations, the merchant having the deal with the user may not be the same as the delivery entity and a contract showing all the details about the user, address, prices, etc. may be inappropriate since the user's privacy can be a concern.

The present invention provides an arrangement for providing mobile commerce receipts to e-commerce users.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a schematic representation of an e-commerce system and the various procedures involved in its use.

FIG. 2 shows the overall architecture of a mobile e-commerce receipt system.

FIG. 3 is an illustration of information flow and the associated steps in a method.

DETAILED DESCRIPTION

In the following, the invention will be explained by way of embodiment examples and with reference to the accompanying drawings.

Referring to FIG. 2, the overall architecture of a mobile e-commerce receipt system is first explained. This system avoids the problems described above, and to at the same time to enable short time goods and/or services delivery that is usually required in mobile e-commerce. The system comprises the following entities:

• • Mobile phone with a browser
  • Gateway
  • Delivery entity terminal
  • Trusted Third Party receipt server
  • Merchant (Vendor) Server

A Trusted Third Party (TTP) receipt server is introduced between the user and the merchant. It acts like a neutral intermediary that gives equal protection to both parties, i.e. the user and merchant. In addition, it enables the short time delivery feature that is required in mobile e-commerce. Since the mobile phone may not have enough capacity for storing the contract, the TTP stores the contract on behalf of the mobile phone and the mobile user. Based on the contract, the TTP will issue and sign a simpler and smaller receipt that can be stored in the mobile phone. This digital receipt is then returned to the merchant's server that sends it to the mobile phone. The digital receipt is stored in the mobile phone and will be used at the delivery of goods and/or services.

Now, with reference to FIG. 3, the workings of the system is explained.

As shown in FIG. 3, the system works as follows:

• 1. The mobile user browses on his mobile phone and visits a merchant's web site. He selects the items that he wants and makes an order.
• 2. The payment procedure is carried out. Note that different payment schemes may be used according to the merchant's system and the user's subscription, e.g. prepaid account, credit card, debit card, bank account, etc.
• 3. The Merchant's server generates and digitally signs the contract using the merchant private key. The contract may contain the following attributes:
  • customer name
  • customer address
  • customer e-mail
  • MISDN number of the mobile phone
  • credit card number and expiration date (in case of payment by credit card)
  • merchant name and ID number
  • merchant address
  • merchant e-mail
  • date and time of contract
  • contract id
  • delivery place (if necessary specify the delivery entities)
  • earliest delivery date and time (if necessary)
  • latest delivery date and time (if necessary)
  • list of items with quantity for each item, unit price, part no
  • total amount paid

The contract is then sent to the TTP.

• 4. The TTP validates the contract to make sure that it is valid and does originate from the corresponding merchant. The validation is done using public key cryptographic functions. If it is the case, the TTP will store it. Based on the digital contract the TTP will then generate and sign a receipt using its private key. This digital receipt may contain the following:
  • contract id
  • TTP id
  • TTP address
  • The TTP will then send it to the merchant's server.
• 5. The merchant's server sends the digital receipt to the user's mobile phone that stored it.
• 6. At the delivery counter, the user connects his mobile phone to the delivery entity's terminal. This can be done via a wire, a direct contact, infrared or a wireless link such as Bluetooth, IEEE 802.11, etc. The mobile phone hands over the digital receipt to the delivery entity's terminal.
• 7. At this stage there are two alternatives depending on the capability of the delivery entity's terminal:
  • a. It validates the digital receipt. If valid, it will fetch the corresponding contract either from the merchant's server or from a repository in order to find the list of purchased items. Go over to step 9.
  • b. It is not capable to perform the validation of the digital receipt by itself. It will then get in touch with the TTP by using the address specified in the digital receipt and send over the digital receipt for validation.
• 8. The TTP validates the digital receipt. If valid, the TTP will fetch the corresponding contract by using the contract id specified in the receipt. It will extract the list of purchased items and send it together with an OK back to the delivery entity terminal.
• 9. The purchased items are delivered to the user. The delivery entity asks the user to acknowledge that he has received the goods and/or services. This can be done via verbal communication between the person in charge of the delivery or via the delivery entity terminal that sends an acknowledge request to the mobile phone via the link between the two devices.
• 10. The user acknowledges via his mobile phone that the goods and/or services have been delivered to him. The mobile phone sends an acknowledgement to the TTP. The acknowledgement can simply be the digital receipt digitally signed by the mobile phone using the user's private key.
• 11. The TTP validates the acknowledgement to make sure that it does originate from the right user and is not modified. If valid, the TTP will save it with the corresponding contract. The TTP will then send an OK to the Delivery Entity terminal.

The trade is hence concluded.

The Trusted Third Party receipt server assumes the following responsibilities:

• • Ensure that the interests of both parties are equally protected
  • Store the contract for the user such that can be used in case of dispute.
  • Issue a simpler receipt that can be used in the delivery phase
  • Certify that a trade is concluded successfully with a delivery of goods and/or services

The Trusted Third Party receipt server has the following functions and capabilities:

• • receive and validate contracts signed by merchants
  • store and retrieve contracts
  • issue and digitally sign receipt based on the received contracts
  • validate digital receipts
  • validate acknowledgements
  • store and retrieve acknowledgements
  • have access to necessary cryptographic function in order to perform signing, verification and validation of receipts and acknowledgement.

The Delivery Entity's terminal is located at every delivery counter. It assume the following responsibilities:

• • accept the digital contract and send it to the TTP for validation
  • receive delivery information from the TTP
  • ask for delivery acknowledgement

The Delivery Entity's terminal has the following capabilities:

• • communication with the mobile phones
  • communications with the TTP and the merchant's server

Certain features of the communications can identified as:

• • between TTP and Merchant's server
  • between TTP and Delivery Entity's Terminal
  • between Delivery Entity's Terminal and Merchant's server
  • can go through secure channels on the Internet, i.e. encrypted or through dedicated networks.

The communication between the mobile phone and the TTP goes through the mobile network, the gateway and the Internet.

The communication between the mobile phone and the Delivery Entity's terminal can be via a cable, a socket, or wireless via infrared, Bluetooth, IEEE 802.11.

ADVANTAGES

This invention has much merit:

• • It enables short time delivery that is required in mobile e-commerce, while not requiring much capability either on the mobile phone or the delivery entity's terminal
  • It provides adequate protection to the user. In case of failure in the merchant's system, the contract digitally signed by the merchant, which is stored by the TTP can be retrieved and used as proof. In the case where the mobile phone is broken or stolen the user does not loose the goods and/or services that he has paid for. The privacy of the user is achieved in the sense that information such as identity, personalia, credit card number, bank account, etc. is not revealed at the delivery entity.
  • It provides adequate protection to the merchant. It ensures that purchased items cannot be delivered twice since delivery acknowledgements are stored by the TTP.
  • It is realisable without requiring much effort and resource.