`
`(43) Date of A Publication 21.11.2001
`
`(51)
`
`INT CL7
`G06F 1/00 I G07F 19/00
`
`(52) UK CL (Edition S )
`G4H HTG H1A H13D H14A H14D
`U1S S2124 S2196 S2215
`
`(56) Documents Cited
`EP 0844551 A2
`
`WO 95/19593 A 1
`
`(58) Field of Search
`UK CL (Edition R l G4A AAP, G4H HTG
`INT CL7 G06F I G07F
`
`(21) Application No 0011673.1
`
`(22) Date of Filing 15.05.2000
`
`(71) Applicant(s)
`tom.com enterprises Limited
`(Incorporated in the British Virgin Islands)
`PO Box 957, Offshore Incorporations Centre,
`Road Town, Tortola, British Virgin Islands
`
`(72)
`
`lnventor(s)
`Carl Chang
`SandroffMa
`Leo Hau
`
`(74) Agent and/or Address for Service
`Lloyd Wise, Tregear & Co
`Commonwealth House, 1-19 New Oxford Street,
`LONDON, WC1A 1LW, United Kingdom
`
`(54) Abstract Title
`Secure communication
`
`(57) A method is presented for validating a purchase instruction which a user transmits to a server by
`internet. The server accesses a database to obtain contact information for the user, e.g. a phone number, and
`transmits a validation code to the user using the contact information. The user returns the validation code to
`the server by internet, and so validates the purchase.
`
`At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
`
`)>
`
`TWILIO INC. Ex. 1003 Page 1
`
`
`
`ITEMS SELECT
`I
`I
`ITlrAf 1
`I ,z J
`ITEJI 2
`PURCHASE
`
`LOGIN
`USER NAME:=! ==:=:
`PASSWORD !...._~
`
`LOGIN ERROR
`
`IRBtkYI
`
`SEND SllS TO
`MOBILE PHONE ND. :
`xxxt- xxxx
`
`PLEASE ENTER SJISI---~--....--t
`CODE
`
`VALIDATION
`ERROR
`IRETRYI
`
`6
`
`VALIDATION
`SUCCESS
`
`7
`
`TWILIO INC. Ex. 1003 Page 2
`
`
`
`-
`
`Po1.f!DB11# TvJu
`1) Vistl./ Jluster
`2) Cash
`8) By J1hD1IB
`
`~qrl rc1.f!DB1ll
`Jmtar.
`t) Uslrid
`2)l'unlmd
`3) l'Pitm8 No :
`
`11
`
`® --
`
`12
`
`13
`
`®
`
`Con1Snn.fd '' 1 pen -
`
`.BiUing Agmt
`
`®
`
`DB Sptm t~biaw:
`"J •UIIf"itr
`~ &) • Pus.wxmr'
`r:) •Ffatma No"
`
`®
`_ _.. __ -.~
`
`SJIS
`SHWr
`
`@
`
`' -
`
`SmdiD ...,.•s
`mobile
`urith Validation
`Cods
`
`I
`
`TWILIO INC. Ex. 1003 Page 3
`
`
`
`2362489
`
`l
`
`Secure communication
`
`Field ofthe invention
`
`5 The present invention relates to methods and apparatus for securely transferring
`
`instru~tions over a telecommunications network. such as the internet. The invention is
`
`especially useful for instructing commercial transactions online.
`
`Background of the invention
`
`10
`
`Internet commerce is presently growing rapidly, and encompasses the
`
`purchase by users of goods, services and even information (e.g. it is now possible to
`
`pay to download music).
`
`To make a purchase, a user communicates purchase instructions via the
`I
`
`15
`
`internet to a website operated by a retailer. The instructions often include details of a
`
`credit card account held by the user. Typically, this data is printed on the credit card
`
`itself. The retailer accepts the purchase (e.g. the retailer may dispatch the purchased
`
`goods), and debits the user's credit card accordingly.
`
`The above sysrem is subject 10 a security problem that the data on the credit
`
`20
`
`card is accessible to any third party who gains access to the card. Such a person can
`
`remember the credit card data printed on the card, and make purchases on his own
`
`account at any later time.
`
`Often a single user will make multiple purchases from the same website over
`
`TWILIO INC. Ex. 1003 Page 4
`
`
`
`2
`
`an extended period oftime. To avoid the necessity for a given user to transmit the
`
`same credit card data repeatedly, it is known for the website to maintain a database of
`
`credit card information for many respective users. Each user is supplied with (or
`
`chooses) identification data which identifies him. The identification data includes a
`
`5
`
`password and normally also a user name. Whenever a user wishes to make a purchase
`
`from the website he supplies the website with his identification data. The website uses
`
`the identification data to access the database of credit card data, and extracts the credit
`
`card information for the user.
`
`This arrangement exacerbates the security problem identified above, since a
`
`10
`
`third party who gains access to the identification data can use the website to make
`
`purchases. Such a third party may, for example. be an operative of the retailer.
`
`Alternatively, the third party may gain access to the identification data because the
`
`user has recorded it somewhere (e.g. on paper) to avoid having to remember it. In
`
`fact, the level of crime associated with online purchasing is rising rapidly.
`
`15
`
`Although, as explained~ the problem of internet security is particularly acute in
`
`the example of online purchasing, it arises in other cases also. Indeed. there are many
`
`instances in which a user wishes to communicate securely with a website.
`
`Summarv of the invention
`
`20
`
`The present invention seeks to provide methods and apparatus for secure
`
`internet cornmunieation, especially for transmitting purchase instructions to an
`
`internet retailer.
`
`In general terms the present invention proposes that user supplies a website
`
`TWILIO INC. Ex. 1003 Page 5
`
`
`
`3
`
`with data indicating hi::; identity. The website accesses a database of contact clata in
`
`relation to a second teleconununications network, to find the contact data for the user.
`
`For example, the second telecommunications network may be a telephone network.
`
`(e.g. a mobile telephone network), and the contact data may be the user's telephone
`
`5
`
`number. The website contacts the user using the second telecommunications network
`
`to check the identity of the user.
`
`For example, the website may send the user a validation code. Tiris may be
`
`sent as part of a message to a mobile phone owned by the user. The user reads the
`
`validation code, and sends it to the website by internet (e.g. by entering it onto a
`
`10 webpage presented on the user's browser). Thus, a third party will only be able to
`
`make use of the user's account with the website if he has access to the
`
`telecommunications device in the second telecommunications network associated
`
`with the contact data.
`
`The database may be mainrained by the website itself, as a database of its
`
`15
`
`contacts. Alternatively, the database may be a database maintained by an operator of a
`
`the second telecommunications network. In fact, a plurality of telephone operators
`
`may maintain respective databases. The user may indicate his telephone number to the
`
`website. so that the website can contact the appropriate telephone operator, and thus
`
`the correct database.
`
`20
`
`Having validated the identity of the user, the site may issue the bill in respect
`
`of the purchase to a credit card account in the normal manner (e.g. by asking the user
`
`to enter credit card details. or by accessing a database of previously entered credit card
`
`data). More preferably, however. the bill for the purchase may be paid from a
`
`I
`
`TWILIO INC. Ex. 1003 Page 6
`
`
`
`4
`
`financhd account associated with the second telecommWlications network. For
`
`example, it may appear on the user's next monthly telephone bill. This obviates the
`
`need for any separate credit card account.
`
`5 Brief description of the Figures
`
`An example of the invention will now be explained in ciet.lUl, for the sake of example
`
`only. with reference to the following figures, in which:
`
`Figure 1 shows the screens presented to the user in a first embodiment of the
`
`invention; and
`
`10
`
`Fig. 2 is a block diagram oftbe steps in a second embodiment ofthe invention.
`
`Detailed description of embodiments
`
`Referring firstly to Fig. I, the area labelled 1 represents schematically the
`
`display on a user's browser at a certain insumt. that is the user's screen. The screen l
`
`15
`
`is a display generated by a server which functions as an online retailer. Screen 1
`
`indicates a list of items (e.g. a user's "shopping basket"). By checking the box (and
`
`perhaps clicking on a "purchase" button), the user indicates that he wants to pay for
`
`''item 2".
`
`The display then changes to screen 2, in which the user is inVited to enter
`
`20
`
`identification data, specifically his user name and password. The server maintains a
`
`database of user names and passwords, so that it can verify the result. If he is
`
`unsuccessful in doing this, he is directed to screen 3. and is invited to retry.
`
`If he is successful, the user is directed to screen 4. At this point the server
`
`TWILIO INC. Ex. 1003 Page 7
`
`
`
`5
`
`indicates that it is sending a message to a mobile phone (or other message reception
`
`device, such as a pager), and gives the number of the mobile phone. This number may
`
`be taken fiom a database which the server has accessed using the identification data,
`
`or alternative! y the user may enter the telephone number himself into the screen 4. In
`
`5
`
`the latter case. the fact that there is a user associated with the input identification data
`
`and the telephone number is verified (e.g. by contacting the operator of the telephone
`
`system).
`
`The display then changes to screen 5. The message sent to the mobile phone
`
`contains a validation code. The user can enter this, reading it from the screen of the
`
`10 mobile phone, and it is verified. If the user has entered the code un.successfully, he is
`
`directed to screen 6, and invited to retry.
`
`If the user enters the code successfully t he is directed to screen 7. The
`
`purchase is completed, and the server issues a bill to the acco'Wlt associated with the
`
`mobile telephone number.
`
`IS
`
`Turning to Fig. 2, a block diagram is shown of the nine payment steps in a
`
`second embodiment of the invention.
`
`At a first instant, the user is presented with a screen 11, inviting him to specify
`
`whether the purchase is to be made by visa, in cash (e.g. transmitted to the website
`
`operator by post), or by a phone validation (e.g. according to the present invention).
`
`20
`
`In step 1, the user specifies that he wants a telephone validation. The screen
`
`changes to screen 12. The user is invited to input a user ID, password and telephone
`
`number (indicating a telephone account which the user wishes to use for the
`
`validation). Entering this data is step 2.
`
`TWILIO INC. Ex. 1003 Page 8
`
`
`
`6
`
`All this data is verified (step 3) by accessing a database (e.g. maintained by the
`
`telephone operator) which contains the details of the user's name, password and
`
`relephone number.
`
`The retailer server then sends (step 4) a signal to an SMS (short message
`
`5
`
`servive) server. The SMS server sends (step 5) a message to the telephone number
`
`specified by the user. containing a verification code (this may for example be
`
`generated by the retailer server using a random number generator, or generated by the
`
`SMS server itself and transmitted to the retailer server).
`
`In step 6 the user is presented with screen 13, and asked to enter the validation
`
`I 0
`
`code. which he can read from the screen of his mobile phone_ He does this in step 7 _
`
`ln step 8 the retailer server va.Jidates the validation code, which it has
`
`remembered. It then sends a bill to a billing agent. which may be in any industry with
`
`a conventional billing system in place. such as a telecommunications, utilities.
`
`b!Ulking or fmance company. For example. it may be the operator of the mobile phone
`
`15
`
`network.
`
`After the transaction is processed successfully, the user is sent a confmnation
`
`message (step 9).
`
`Although the invention has been explained above in relation to particular
`
`embodiment3, mlllly modificatiom are possible within the scope of the invention as
`
`20 will be clear to a skilled person. For example, although the invention has been
`
`explained above in relation to instructing purchases, it is not limited in this respect.
`
`Rather the method may be applied in any situation in which it is wished to verify the
`
`identity of a user.
`
`TWILIO INC. Ex. 1003 Page 9
`
`
`
`7
`
`Furthennore, although the method has been explained above with reference to
`
`a user communicating primarily by internet, the invention is applicable also in the
`
`case that the user communicates with the retailer by any other teleconununication
`
`network.. For example, the user may be using a point of sales terminal, and view any
`
`5
`
`of the screens shown in the embodiments on that terminal.
`
`TWILIO INC. Ex. 1003 Page 10
`
`
`
`Claims
`
`8
`
`1.
`
`An internet-based method for validating a purchase instructio~ the method
`
`comprising:
`
`5
`
`receiving by internet, from a user7 purchase information specifying a purchase
`
`the user wishes to make;
`
`receiving from the user by internet iclentification information indicating the
`
`identity of the user;
`
`using the identification information to extract, from a datab$e, contact
`
`l 0
`
`information for the user over a second telecommunication network;
`
`using the contact information [O transmit a validalion code to the user over the
`
`second telecommWlications network;
`
`. receiving a validation code from the user by internet; and
`
`verifying that the validation code transmitted to the user corresponds to the
`
`15
`
`validation code received from the user.
`
`2_
`
`A method according to claim 1 in which the second te)ecommwrications
`
`network is a telephone network, such as a mobile phone network.
`
`20
`
`3.
`
`A method according to claim 1 or claim 2 in which said validation code is sent
`
`as a text message.
`
`4.
`
`A method according to any preeeding claim further including debiting a
`
`TWILIO INC. Ex. 1003 Page 11
`
`
`
`9
`
`financial account, associated with the user and with the second telecommunication
`
`work, in respect of the purchase.
`
`5.
`
`A server system for operating internet commerce, the server having:
`
`5
`
`interface generation me'lllS for generating a user interface to receive from a
`
`user purchase information specifying a purchase the user wishes to make, and
`
`idemification information incUcatlng the identity of the user;
`
`purchase satisfaction means for completing the purchase specified by the
`
`purchase infotmation;
`
`10
`
`extraction means for extracting from the database, containing eontact
`
`information for a plurality of users over a second teleconununication network, said
`
`contact information for a specific user based on the identification information; and
`
`transmission means for transmitting a validation code to the user over the
`
`second telecommunications network based on the extracted contact information;
`
`15
`
`the interface means being arranged to receive a validation code from the user
`
`by internet; and
`
`the server system fwther comprising means for verifying that the validation
`
`code transmitted to the user corresponds to the validation code received from the user,
`
`and in that case controlling the purchase satisfaction means to satisfy the purchase.
`
`20
`
`6.
`
`A server system according to claim 5 in whieh the transmission means is
`
`arranged to transmit the validation code to the user by instructing a messaging service
`
`to transmit to the user, using the extracted contact data, a text message including the
`
`TWILIO INC. Ex. 1003 Page 12
`
`
`
`validation code.
`
`10
`
`7.
`
`A method of verifying the identity of a user. the method comprising:
`
`receiving from the user, via a first telecommunication network, identification
`
`5
`
`infonnation indicating the identity of the user;
`
`using the identification information to extract, from a databaBe, contact
`
`infonnation for the user over a second teleconununication network:
`
`using the contact infonnation to transmit a validation code to the user over the
`
`second telecommunication network;
`
`10
`
`receiving a validation eode from the user over the first telecommunication
`
`network; and
`
`verifying that the validation code transmitted to the user corresponds to the
`
`validation code received from the user.
`
`TWILIO INC. Ex. 1003 Page 13
`
`
`
`INVESTOR IN PEOPLE
`
`Mike Davis
`21 September 2000
`
`Application No:
`Claims searched:
`
`GB 0011673.1
`1-7
`
`Patents Act 1977
`Search Report under Section 17
`
`Databases searched:
`
`UK Patent Office collections, including GB, EP, WO & US patent specifications, in:
`
`UK Cl (Ed.R): G4H (HTG), G4A (AAP)
`
`Int Cl (Ed.7): G06F, G07F
`
`Other:
`
`Documents considered to be relevant:
`
`Category Identity of document and relevant passage
`
`X
`
`EP 0844551 A2
`
`(VENEKLASE) whole document
`
`X WO 95/19593 Al
`
`(KEW ET AL) whole document
`
`Relevant
`to claims
`
`1,5,7 at
`least
`
`"
`
`X
`y
`
`Document indicating lack of novelty or inventive step
`Document indicating lack of inventive step if combined
`with one or more other documents of same category.
`
`&
`
`Member of the same patent family
`
`A Document indicating technological background and/or state of the art.
`P Document published on or after the declared priority date but before the
`filing date of this invention.
`E Patent document published on or after, but with priority date earlier
`than, the filing date of this application.
`
`An Executive Agency of the Department of Trade and Industry
`
`TWILIO INC. Ex. 1003 Page 14