(12)UK Patent Application (19)GB (11)2 362 489 (13)A
`
`(43) Date of A Publication 21.11.2001
`
`(51)
`
`INT CL7
`G06F 1/00 I G07F 19/00
`
`(52) UK CL (Edition S )
`G4H HTG H1A H13D H14A H14D
`U1S S2124 S2196 S2215
`
`(56) Documents Cited
`EP 0844551 A2
`
`WO 95/19593 A 1
`
`(58) Field of Search
`UK CL (Edition R l G4A AAP, G4H HTG
`INT CL7 G06F I G07F
`
`(21) Application No 0011673.1
`
`(22) Date of Filing 15.05.2000
`
`(71) Applicant(s)
`tom.com enterprises Limited
`(Incorporated in the British Virgin Islands)
`PO Box 957, Offshore Incorporations Centre,
`Road Town, Tortola, British Virgin Islands
`
`(72)
`
`lnventor(s)
`Carl Chang
`SandroffMa
`Leo Hau
`
`(74) Agent and/or Address for Service
`Lloyd Wise, Tregear & Co
`Commonwealth House, 1-19 New Oxford Street,
`LONDON, WC1A 1LW, United Kingdom
`
`(54) Abstract Title
`Secure communication
`
`(57) A method is presented for validating a purchase instruction which a user transmits to a server by
`internet. The server accesses a database to obtain contact information for the user, e.g. a phone number, and
`transmits a validation code to the user using the contact information. The user returns the validation code to
`the server by internet, and so validates the purchase.
`
`At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
`
`)>
`
`TWILIO INC. Ex. 1003 Page 1
`
`
`
`(43) Date of A Publication 21.11.2001
`
`(51)
`
`INT CL7
`G06F 1/00 I G07F 19/00
`
`(52) UK CL (Edition S )
`G4H HTG H1A H13D H14A H14D
`U1S S2124 S2196 S2215
`
`(56) Documents Cited
`EP 0844551 A2
`
`WO 95/19593 A 1
`
`(58) Field of Search
`UK CL (Edition R l G4A AAP, G4H HTG
`INT CL7 G06F I G07F
`
`(21) Application No 0011673.1
`
`(22) Date of Filing 15.05.2000
`
`(71) Applicant(s)
`tom.com enterprises Limited
`(Incorporated in the British Virgin Islands)
`PO Box 957, Offshore Incorporations Centre,
`Road Town, Tortola, British Virgin Islands
`
`(72)
`
`lnventor(s)
`Carl Chang
`SandroffMa
`Leo Hau
`
`(74) Agent and/or Address for Service
`Lloyd Wise, Tregear & Co
`Commonwealth House, 1-19 New Oxford Street,
`LONDON, WC1A 1LW, United Kingdom
`
`(54) Abstract Title
`Secure communication
`
`(57) A method is presented for validating a purchase instruction which a user transmits to a server by
`internet. The server accesses a database to obtain contact information for the user, e.g. a phone number, and
`transmits a validation code to the user using the contact information. The user returns the validation code to
`the server by internet, and so validates the purchase.
`
`At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
`
`)>
`
`TWILIO INC. Ex. 1003 Page 1
`
`
`
`ITEMS SELECT
`I
`I
`ITlrAf 1
`I ,z J
`ITEJI 2
`PURCHASE
`
`LOGIN
`USER NAME:=! ==:=:
`PASSWORD !...._~
`
`LOGIN ERROR
`
`IRBtkYI
`
`SEND SllS TO
`MOBILE PHONE ND. :
`xxxt- xxxx
`
`PLEASE ENTER SJISI---~--....--t
`CODE
`
`VALIDATION
`ERROR
`IRETRYI
`
`6
`
`VALIDATION
`SUCCESS
`
`7
`
`TWILIO INC. Ex. 1003 Page 2
`
`
`
`-
`
`Po1.f!DB11# TvJu
`1) Vistl./ Jluster
`2) Cash
`8) By J1hD1IB
`
`~qrl rc1.f!DB1ll
`Jmtar.
`t) Uslrid
`2)l'unlmd
`3) l'Pitm8 No :
`
`11
`
`® --
`
`12
`
`13
`
`®
`
`Con1Snn.fd '' 1 pen -
`
`.BiUing Agmt
`
`®
`
`DB Sptm t~biaw:
`"J •UIIf"itr
`~ &) • Pus.wxmr'
`r:) •Ffatma No"
`
`®
`_ _.. __ -.~
`
`SJIS
`SHWr
`
`@
`
`' -
`
`SmdiD ...,.•s
`mobile
`urith Validation
`Cods
`
`I
`
`TWILIO INC. Ex. 1003 Page 3
`
`
`
`2362489
`
`l
`
`Secure communication
`
`Field ofthe invention
`
`5 The present invention relates to methods and apparatus for securely transferring
`
`instru~tions over a telecommunications network. such as the internet. The invention is
`
`especially useful for instructing commercial transactions online.
`
`Background of the invention
`
`10
`
`Internet commerce is presently growing rapidly, and encompasses the
`
`purchase by users of goods, services and even information (e.g. it is now possible to
`
`pay to download music).
`
`To make a purchase, a user communicates purchase instructions via the
`I
`
`15
`
`internet to a website operated by a retailer. The instructions often include details of a
`
`credit card account held by the user. Typically, this data is printed on the credit card
`
`itself. The retailer accepts the purchase (e.g. the retailer may dispatch the purchased
`
`goods), and debits the user's credit card accordingly.
`
`The above sysrem is subject 10 a security problem that the data on the credit
`
`20
`
`card is accessible to any third party who gains access to the card. Such a person can
`
`remember the credit card data printed on the card, and make purchases on his own
`
`account at any later time.
`
`Often a single user will make multiple purchases from the same website over
`
`TWILIO INC. Ex. 1003 Page 4
`
`
`
`2
`
`an extended period oftime. To avoid the necessity for a given user to transmit the
`
`same credit card data repeatedly, it is known for the website to maintain a database of
`
`credit card information for many respective users. Each user is supplied with (or
`
`chooses) identification data which identifies him. The identification data includes a
`
`5
`
`password and normally also a user name. Whenever a user wishes to make a purchase
`
`from the website he supplies the website with his identification data. The website uses
`
`the identification data to access the database of credit card data, and extracts the credit
`
`card information for the user.
`
`This arrangement exacerbates the security problem identified above, since a
`
`10
`
`third party who gains access to the identification data can use the website to make
`
`purchases. Such a third party may, for example. be an operative of the retailer.
`
`Alternatively, the third party may gain access to the identification data because the
`
`user has recorded it somewhere (e.g. on paper) to avoid having to remember it. In
`
`fact, the level of crime associated with online purchasing is rising rapidly.
`
`15
`
`Although, as explained~ the problem of internet security is particularly acute in
`
`the example of online purchasing, it arises in other cases also. Indeed. there are many
`
`instances in which a user wishes to communicate securely with a website.
`
`Summarv of the invention
`
`20
`
`The present invention seeks to provide methods and apparatus for secure
`
`internet cornmunieation, especially for transmitting purchase instructions to an
`
`internet retailer.
`
`In general terms the present invention proposes that user supplies a website
`
`TWILIO INC. Ex. 1003 Page 5
`
`
`
`3
`
`with data indicating hi::; identity. The website accesses a database of contact clata in
`
`relation to a second teleconununications network, to find the contact data for the user.
`
`For example, the second telecommunications network may be a telephone network.
`
`(e.g. a mobile telephone network), and the contact data may be the user's telephone
`
`5
`
`number. The website contacts the user using the second telecommunications network
`
`to check the identity of the user.
`
`For example, the website may send the user a validation code. Tiris may be
`
`sent as part of a message to a mobile phone owned by the user. The user reads the
`
`validation code, and sends it to the website by internet (e.g. by entering it onto a
`
`10 webpage presented on the user's browser). Thus, a third party will only be able to
`
`make use of the user's account with the website if he has access to the
`
`telecommunications device in the second telecommunications network associated
`
`with the contact data.
`
`The database may be mainrained by the website itself, as a database of its
`
`15
`
`contacts. Alternatively, the database may be a database maintained by an operator of a
`
`the second telecommunications network. In fact, a plurality of telephone operators
`
`may maintain respective databases. The user may indicate his telephone number to the
`
`website. so that the website can contact the appropriate telephone operator, and thus
`
`the correct database.
`
`20
`
`Having validated the identity of the user, the site may issue the bill in respect
`
`of the purchase to a credit card account in the normal manner (e.g. by asking the user
`
`to enter credit card details. or by accessing a database of previously entered credit card
`
`data). More preferably, however. the bill for the purchase may be paid from a
`
`I
`
`TWILIO INC. Ex. 1003 Page 6
`
`
`
`4
`
`financhd account associated with the second telecommWlications network. For
`
`example, it may appear on the user's next monthly telephone bill. This obviates the
`
`need for any separate credit card account.
`
`5 Brief description of the Figures
`
`An example of the invention will now be explained in ciet.lUl, for the sake of example
`
`only. with reference to the following figures, in which:
`
`Figure 1 shows the screens presented to the user in a first embodiment of the
`
`invention; and
`
`10
`
`Fig. 2 is a block diagram oftbe steps in a second embodiment ofthe invention.
`
`Detailed description of embodiments
`
`Referring firstly to Fig. I, the area labelled 1 represents schematically the
`
`display on a user's browser at a certain insumt. that is the user's screen. The screen l
`
`15
`
`is a display generated by a server which functions as an online retailer. Screen 1
`
`indicates a list of items (e.g. a user's "shopping basket"). By checking the box (and
`
`perhaps clicking on a "purchase" button), the user indicates that he wants to pay for
`
`''item 2".
`
`The display then changes to screen 2, in which the user is inVited to enter
`
`20
`
`identification data, specifically his user name and password. The server maintains a
`
`database of user names and passwords, so that it can verify the result. If he is
`
`unsuccessful in doing this, he is directed to screen 3. and is invited to retry.
`
`If he is successful, the user is directed to screen 4. At this point the server
`
`TWILIO INC. Ex. 1003 Page 7
`
`
`
`5
`
`indicates that it is sending a message to a mobile phone (or other message reception
`
`device, such as a pager), and gives the number of the mobile phone. This number may
`
`be taken fiom a database which the server has accessed using the identification data,
`
`or alternative! y the user may enter the telephone number himself into the screen 4. In
`
`5
`
`the latter case. the fact that there is a user associated with the input identification data
`
`and the telephone number is verified (e.g. by contacting the operator of the telephone
`
`system).
`
`The display then changes to screen 5. The message sent to the mobile phone
`
`contains a validation code. The user can enter this, reading it from the screen of the
`
`10 mobile phone, and it is verified. If the user has entered the code un.successfully, he is
`
`directed to screen 6, and invited to retry.
`
`If the user enters the code successfully t he is directed to screen 7. The
`
`purchase is completed, and the server issues a bill to the acco'Wlt associated with the
`
`mobile telephone number.
`
`IS
`
`Turning to Fig. 2, a block diagram is shown of the nine payment steps in a
`
`second embodiment of the invention.
`
`At a first instant, the user is presented with a screen 11, inviting him to specify
`
`whether the purchase is to be made by visa, in cash (e.g. transmitted to the website
`
`operator by post), or by a phone validation (e.g. according to the present invention).
`
`20
`
`In step 1, the user specifies that he wants a telephone validation. The screen
`
`changes to screen 12. The user is invited to input a user ID, password and telephone
`
`number (indicating a telephone account which the user wishes to use for the
`
`validation). Entering this data is step 2.
`
`TWILIO INC. Ex. 1003 Page 8
`
`
`
`6
`
`All this data is verified (step 3) by accessing a database (e.g. maintained by the
`
`telephone operator) which contains the details of the user's name, password and
`
`relephone number.
`
`The retailer server then sends (step 4) a signal to an SMS (short message
`
`5
`
`servive) server. The SMS server sends (step 5) a message to the telephone number
`
`specified by the user. containing a verification code (this may for example be
`
`generated by the retailer server using a random number generator, or generated by the
`
`SMS server itself and transmitted to the retailer server).
`
`In step 6 the user is presented with screen 13, and asked to enter the validation
`
`I 0
`
`code. which he can read from the screen of his mobile phone_ He does this in step 7 _
`
`ln step 8 the retailer server va.Jidates the validation code, which it has
`
`remembered. It then sends a bill to a billing agent. which may be in any industry with
`
`a conventional billing system in place. such as a telecommunications, utilities.
`
`b!Ulking or fmance company. For example. it may be the operator of the mobile phone
`
`15
`
`network.
`
`After the transaction is processed successfully, the user is sent a confmnation
`
`message (step 9).
`
`Although the invention has been explained above in relation to particular
`
`embodiment3, mlllly modificatiom are possible within the scope of the invention as
`
`20 will be clear to a skilled person. For example, although the invention has been
`
`explained above in relation to instructing purchases, it is not limited in this respect.
`
`Rather the method may be applied in any situation in which it is wished to verify the
`
`identity of a user.
`
`TWILIO INC. Ex. 1003 Page 9
`
`
`
`7
`
`Furthennore, although the method has been explained above with reference to
`
`a user communicating primarily by internet, the invention is applicable also in the
`
`case that the user communicates with the retailer by any other teleconununication
`
`network.. For example, the user may be using a point of sales terminal, and view any
`
`5
`
`of the screens shown in the embodiments on that terminal.
`
`TWILIO INC. Ex. 1003 Page 10
`
`
`
`Claims
`
`8
`
`1.
`
`An internet-based method for validating a purchase instructio~ the method
`
`comprising:
`
`5
`
`receiving by internet, from a user7 purchase information specifying a purchase
`
`the user wishes to make;
`
`receiving from the user by internet iclentification information indicating the
`
`identity of the user;
`
`using the identification information to extract, from a datab$e, contact
`
`l 0
`
`information for the user over a second telecommunication network;
`
`using the contact information [O transmit a validalion code to the user over the
`
`second telecommWlications network;
`
`. receiving a validation code from the user by internet; and
`
`verifying that the validation code transmitted to the user corresponds to the
`
`15
`
`validation code received from the user.
`
`2_
`
`A method according to claim 1 in which the second te)ecommwrications
`
`network is a telephone network, such as a mobile phone network.
`
`20
`
`3.
`
`A method according to claim 1 or claim 2 in which said validation code is sent
`
`as a text message.
`
`4.
`
`A method according to any preeeding claim further including debiting a
`
`TWILIO INC. Ex. 1003 Page 11
`
`
`
`9
`
`financial account, associated with the user and with the second telecommunication
`
`work, in respect of the purchase.
`
`5.
`
`A server system for operating internet commerce, the server having:
`
`5
`
`interface generation me'lllS for generating a user interface to receive from a
`
`user purchase information specifying a purchase the user wishes to make, and
`
`idemification information incUcatlng the identity of the user;
`
`purchase satisfaction means for completing the purchase specified by the
`
`purchase infotmation;
`
`10
`
`extraction means for extracting from the database, containing eontact
`
`information for a plurality of users over a second teleconununication network, said
`
`contact information for a specific user based on the identification information; and
`
`transmission means for transmitting a validation code to the user over the
`
`second telecommunications network based on the extracted contact information;
`
`15
`
`the interface means being arranged to receive a validation code from the user
`
`by internet; and
`
`the server system fwther comprising means for verifying that the validation
`
`code transmitted to the user corresponds to the validation code received from the user,
`
`and in that case controlling the purchase satisfaction means to satisfy the purchase.
`
`20
`
`6.
`
`A server system according to claim 5 in whieh the transmission means is
`
`arranged to transmit the validation code to the user by instructing a messaging service
`
`to transmit to the user, using the extracted contact data, a text message including the
`
`TWILIO INC. Ex. 1003 Page 12
`
`
`
`validation code.
`
`10
`
`7.
`
`A method of verifying the identity of a user. the method comprising:
`
`receiving from the user, via a first telecommunication network, identification
`
`5
`
`infonnation indicating the identity of the user;
`
`using the identification information to extract, from a databaBe, contact
`
`infonnation for the user over a second teleconununication network:
`
`using the contact infonnation to transmit a validation code to the user over the
`
`second telecommunication network;
`
`10
`
`receiving a validation eode from the user over the first telecommunication
`
`network; and
`
`verifying that the validation code transmitted to the user corresponds to the
`
`validation code received from the user.
`
`TWILIO INC. Ex. 1003 Page 13
`
`
`
`INVESTOR IN PEOPLE
`
`Mike Davis
`21 September 2000
`
`Application No:
`Claims searched:
`
`GB 0011673.1
`1-7
`
`Patents Act 1977
`Search Report under Section 17
`
`Databases searched:
`
`UK Patent Office collections, including GB, EP, WO & US patent specifications, in:
`
`UK Cl (Ed.R): G4H (HTG), G4A (AAP)
`
`Int Cl (Ed.7): G06F, G07F
`
`Other:
`
`Documents considered to be relevant:
`
`Category Identity of document and relevant passage
`
`X
`
`EP 0844551 A2
`
`(VENEKLASE) whole document
`
`X WO 95/19593 Al
`
`(KEW ET AL) whole document
`
`Relevant
`to claims
`
`1,5,7 at
`least
`
`"
`
`X
`y
`
`Document indicating lack of novelty or inventive step
`Document indicating lack of inventive step if combined
`with one or more other documents of same category.
`
`&
`
`Member of the same patent family
`
`A Document indicating technological background and/or state of the art.
`P Document published on or after the declared priority date but before the
`filing date of this invention.
`E Patent document published on or after, but with priority date earlier
`than, the filing date of this application.
`
`An Executive Agency of the Department of Trade and Industry
`
`TWILIO INC. Ex. 1003 Page 14
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
