Method to make payment or charge safe transactions using programmable mobile telephones

摘要

A system, method and mobile application for conducting financial transactions wherein a mobile device operated by a user is operably coupled to a server over a mobile communication network. Both the server and the user's mobile device store a user encryption key (UEK) and a user access key (UAK). A software application stored on the user's mobile device and the server are configured to conduct a transaction wherein a session key (SK) specific to the transaction is exchanged in an encrypted form based upon the UEK. The software application is further configured to i) generate transaction data, ii) access the UAK stored on the mobile device, iii) encrypt the UAK and transaction data into an encrypted form based upon the SK, and iv) send the UAK and transaction data in encrypted form from the mobile device to the server over the mobile communication network in order to conduct the transaction.

主权项

1. A method for conducting a financial transaction on a mobile device of a user in conjunction with a server operably coupled to the mobile device over a mobile communication network with the server accessing a database, the method comprising:
1) performing a registration process by a server, wherein the registration process includes:
storing in the database a phone number of the mobile device and user personal information, wherein the user personal information includes financial account data identifying a financial account of the user,generating an access key and a user encryption key for the user, andstoring the access key and user encryption key for the user in the database as part of the user personal information; 2) sending by the server the access key, the user encryption key and a software application to the mobile device; 3) storing by the mobile device the software application along with the user encryption key and the user access key of the user in memory of the mobile device; 4) communicating by the server an encrypted session key to the mobile device, wherein the encrypted session key is encrypted using the user encryption key; 5) executing by the mobile device the software application stored in the memory of the mobile device, wherein the execution includes:
generating user transaction data for the financial transaction,decrypting the encrypted session key using the user encryption key stored in the memory of the mobile device,encrypting the user transaction data and the user access key stored in the memory of the mobile device in an encrypted form using the decrypted session key, andcommunicating data from the mobile device to the server, wherein such data includes the encrypted transaction data and the encrypted user access key as well as the phone number of the mobile device in non-encrypted form; and 6) receiving and processing by the server the encrypted transaction data and the encrypted user access key communicated from the mobile device, wherein the processing includes:
identifying the user personal information of the user from the database based on the received phone number in non-encrypted form,decrypting the received transaction data and the user access key by using the session key,comparing the decrypted user access key with the stored user access key that is part of the user personal information,determining the decrypted user access key matches with the stored access key,based on the determination that the decrypted user access key matches with the stored access key, identifying the financial account data that is part of the user personal information, andcarrying out a transfer of funds from or into the financial account of the user based on the identified financial account data.