111111
`
`1111111111111111111111111111111111111111111111111111111111111111111111111111
`US 20040219904Al
`
`(19) United States
`(12) Patent Application Publication
`De Petris
`
`(10) Pub. No.: US 2004/0219904 Al
`Nov. 4, 2004
`( 43) Pub. Date:
`
`(54) SECURITY METHOD AND SYSTEM WITH
`CROSS-CHECKING BASED ON
`GEOGRAPHIC LOCATION DATA
`
`Publication Classification
`
`Int. CI? .................................................... H04M ll/00
`(51)
`(52) U.S. Cl. .............................................................. 455/410
`
`(75)
`
`Inventor: Luciano De Petris, Milano (IT)
`
`(57)
`
`ABSTRACT
`
`Correspondence Address:
`MODIANO & ASSOCIATI
`Via Meravigli, 16
`20123
`Milano (IT)
`
`(73) Assignee: EBCO FIDUCIARIA S.A.
`
`(21) Appl. No.:
`
`10/817,889
`
`(22) Filed:
`
`Apr. 6, 2004
`
`(30)
`
`Foreign Application Priority Data
`
`Apr. 17, 2003
`
`(EP) ........................................ 03008751.4
`
`A security system with cross-checking for authenticating
`users on data communications networks comprises means
`for receiving from a service provider identification data of a
`user and of a point of access to a service; means for
`identifying the geographic location of the access point and
`a of mobile telephone number associated with the user;
`means for sending the mobile telephone number to a mobile
`telephone carrier; means for receiving from the telephone
`carrier data that identify the geographic location of a mobile
`telephone that corresponds to the sent mobile telephone
`number; computing means for generating a result of a
`comparison between the geographic location of the service
`access point and the geographic location of the mobile
`telephone and means for sending the result or data as a
`function of the result to the service provider or to the mobile
`telephone number.
`
`( START
`
`310
`~ ~
`
`RETAILER
`SEND USER REQUEST
`TO ACCESS SERVICE
`
`315
`~
`
`SERVICE PROVIDER
`
`____.
`
`SEND RETAILER ID
`AND USER ID
`
`~
`
`CERTIFIER
`IDENTIFY RETAILER
`~ LOCATION, IDENTIFY
`USER MOBILE
`TELEPHONE NUMBER,
`IDENTIFY TELEPHONE
`CARRIER
`
`325
`
`330
`
`CERTIFIER
`SEND REQUEST FOR
`LOCATION OF MOBILE
`TELEPHONE
`~
`
`L
`l TELEPHONE CARRIER
`
`DETERMINE AND TRANSMIT
`THE STATUS AND LOCATION
`1- OF MOBILE TELEPHONE
`
`~
`
`CERTIFIER
`APPLY CALCULATION
`RULE FOR REQUESTED
`SERVICE
`
`340
`
`\
`
`CERTIFIER
`
`f------.
`
`RETURN
`RESULT
`
`\
`
`320
`
`335__)
`
`YES
`
`IS
`OUTCOME
`
`350
`
`~
`
`SERVICE PROVIDER
`
`CHECK RECEIVED
`
`~ RESPONSE
`Jo
`
`J355
`
`3~
`
`0
`
`RETAILER
`
`DENY ACCESS
`
`RETAILER
`
`~ ALLOW ACCESS
`
`---+( END
`
`TWILIO INC. Ex. 1004 Page 1
`
`

`
`5
`
`20
`
`/
`
`/
`
`I
`I
`
`'
`
`25
`
`' ' \
`
`I
`
`40
`
`600
`
`7
`
`Fiq.t
`
`Patent Application Publication Nov. 4, 2004 Sheet 1 of 5
`
`US 2004/0219904 A1
`
`10
`
`11
`
`30
`
`8
`
`601
`
`603
`
`(((~
`
`604
`
`602
`
`602
`
`602
`
`TWILIO INC. Ex. 1004 Page 2
`
`

`
`(
`
`220
`
`IID_R,ID_S,ID_E,ID_PEIID_U,I
`
`~
`
`210
`
`~
`..
`..
`
`1 - - -
`
`/
`
`~
`
`1-1-
`
`\ r -
`
`5/
`____.20
`·~
`....
`IID_t_sl REs I
`223
`
`110
`
`,r-~~ 'r----212
`(2~
`IID_TRANS I CELL ~
`
`'
`:::IT
`
`r----200
`
`6_)
`
`1---
`
`....
`
`LJ[
`
`IID_TRANS IPOS_T,,
`
`~
`
`I
`I
`liD G IDESCR Gl PREF ~111
`112
`liD s liD E I DESCR E liD PE I Pos c~ ID U DESCR U
`
`'"
`1r u
`' 11
`
`ID F DESCR F
`
`liD F liD s IDESCR sl RULE liD G IAMOUNTI----114
`liD TRANS liD s liD G I CELL I TIME I AMOUNT I RES I --115
`
`211
`
`\.__ - 206
`
`I
`
`"'-213
`
`L222
`
`CELL
`
`A
`
`Cjo2
`
`_./
`
`""C
`
`(')
`
`(')
`
`~ .... ~ = ....
`~ 't:l -....
`~ ....
`.... 0 =
`~
`0' -....
`~ ....
`.... 0 =
`
`z
`0
`~
`~,J;;..
`
`N c c
`
`,J;;..
`
`'JJ. =(cid:173)~
`~ ....
`N
`0 .....,
`Ul
`
`Cj
`'JJ.
`
`N c c
`~ c
`N
`'"""'
`'0
`'0 c
`>
`'"""'
`
`,J;;..
`
`TWILIO INC. Ex. 1004 Page 3
`
`

`
`Patent Application Publication Nov. 4, 2004 Sheet 3 of 5
`
`US 2004/0219904 Al
`
`310
`
`START
`
`~ ,,
`
`RETAILER
`SEND USER REQUEST
`TO ACCESS SERVICE
`
`325
`
`L
`l
`
`CERTIFIER
`t - - - - - - - - - - - - - -1
`SEND REQUEST FOR
`LOCATION OF MOBILE
`TELEPHONE
`
`.....
`.....
`
`330
`
`v
`TELEPHONE CARRIER
`DETERMINE AND TRANSMIT
`THE STATUS AND LOCATION
`r-- OF MOBILE TELEPHONE
`
`,r
`CERTIFIER
`APPLY CALCULATION
`RULE FOR REQUESTED
`SERVICE
`
`.. ..
`
`315
`~
`
`SERVICE PROVIDER
`
`... ....
`
`SEND RETAILER ID
`AND USER ID
`
`,,
`
`CERTIFIER
`IDENTIFY RETAILER
`LOCATION, IDENTIFY
`USER MOBILE
`TELEPHONE NUMBER,
`IDENTIFY TELEPHONE
`CARRIER
`
`\
`
`320
`
`340
`
`\
`
`CERTIFIER
`
`RETURN
`RESULT
`
`335~)
`350
`YE~~~?~~
`- - -Y_NO-·-------~~ ( 355
`
`IS
`
`1--
`
`RETAILER
`
`U
`
`,,
`
`SERVICE PROVIDER
`
`CHECK RECEIVED
`RESPONSE
`
`!
`
`345
`
`DENY ACCESS
`
`36o
`I
`RETAILER
`r-~~~--~_/~~,r--
`.. ..
`ALLOW ACCESS
`END
`
`Fi'cj. 3
`
`.. ...
`
`TWILIO INC. Ex. 1004 Page 4
`
`

`
`Patent Application Publication Nov. 4, 2004 Sheet 4 of 5
`
`US 2004/0219904 Al
`
`•
`
`-~ ll
`
`---~-~
`-
`
`-
`
`'
`
`'
`
`'
`
`\
`
`I
`
`, ,
`
`,
`
`;
`
`,
`
`/
`
`I
`I
`
`------
`
`~
`
`TWILIO INC. Ex. 1004 Page 5
`
`

`
`Patent Application Publication Nov. 4, 2004 Sheet 5 of 5
`
`US 2004/0219904 Al
`
`~
`C't')
`
`/
`
`/
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`.,'
`
`/
`
`/
`
`I
`I
`I
`I ~
`C't')
`I
`I
`
`-,~--
`.,"ffl
`
`I
`I
`
`/
`
`/
`
`/
`
`/
`
`/
`
`I
`I
`
`/
`./ /
`
`,,
`I " "
`J /
`'' )~--
`-- ~~
`'
`
`'
`
`'
`
`" I '
`
`t'\..
`~ 7 -,
`~ • - ~ I
`\
`I
`
`I
`
`'
`
`I
`
`' ' ' '
`
`'
`
`•
`
`-~ fl
`
`TWILIO INC. Ex. 1004 Page 6
`
`

`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`1
`
`SECURITY METHOD AND SYSTEM WITH
`CROSS-CHECKING BASED ON GEOGRAPHIC
`LOCATION DATA
`
`[0001] The present invention is in the field of user iden(cid:173)
`tification and authentication services with reference to sen(cid:173)
`sitive operations, i.e., operations that require verification of
`the identity of a user as a critical factor in the context of an
`action to be performed, for example a credit card transac(cid:173)
`tion, the reporting of a danger warning signal regarding a
`highway accident, or the deactivation of an alarm system.
`
`BACKGROUND OF THE INVENTION
`
`[0002] The continuing technological development and dif(cid:173)
`fusion of low-cost data communications tools has changed
`radically the way in which people act in many application
`contexts, particularly with reference to operations for trad(cid:173)
`ing tangible and intangible property and financial operations
`but also in all cases that simply require greater assurance of
`the identity of a user involved in a given action.
`
`[0003] A significant example is given by debit and credit
`cards, which are very widespread trading tools whose suc(cid:173)
`cess is due mainly to their convenience with respect to the
`traditional use of cash. It is in fact certainly more practical
`and convenient to carry in one's wallet a simple plastic card
`instead of several layers of bills of various denominations,
`thus simplifying not only large payments, which as such are
`rarely made in cash, but also generic monetary transactions
`related to everyday purchases. The use of credit cards spares
`the user from having to count the sum of money required to
`cover the cost of the purchase and from having to check any
`associated change. Having ascertained the practicality of
`such a mechanism and by taking advantage of the diffusion
`of the new data communications circuits, many banks are
`now offering, alongside what can be considered as conven(cid:173)
`tional credit cards (Visa, MasterCard, American Express),
`personal debit cards, which can use alternative circuits that
`are cheaper for the user to make purchases in an ever greater
`number of participating points of sale. By using debit cards
`of the "bank-issued" type, the user performs, directly in the
`shop where he is making the purchase, the equivalent of a
`cash withdrawal at an ATM (automatic teller machine, such
`as the cash dispensers known in Italian as Bancomat), in
`which the entered amount is not paid in cash to the user but
`is deposited directly into the current account of the retailer.
`The practicality of these debit cards is even greater than that
`of conventional credit cards, since there is no risk of
`signature forgeries in case of theft or loss of the card,
`because the monetary transaction is activated by the user by
`entering a secret PIN (personal identification number).
`
`[0004] However, even this solution is not entirely ideal
`and still has considerable drawbacks. In particular, both in
`the case of credit cards and in the case of debit cards it is
`virtually impossible to verify assuredly that the card bearer
`is actually the owner authorized to use said card and is not
`an impostor. Loss or theft of the credit card or debit card and
`of its PIN, which is often recklessly kept together with the
`card, exposes the user to great risks of substantial financial
`losses, since the card gives anyone, albeit unlawfully, free
`access to the current account of the owner. Although many
`methods and procedures for improving safety in transactions
`that require an exact certification of the identity of the bearer
`of a card have been studied, a satisfactory solution that
`
`allows users to act in the customary manner but with the
`assurance of greater safety has not yet been found.
`
`[0005] The same remarks apply in other fields, for
`example in relation to the reporting of dangerous situations
`on a highway, such as road accidents, the forming of fog
`banks, roadworks, and so forth, which are very frequent
`especially in the winter period. In such cases, very often the
`initial condition is not particularly severe but due to high
`highway speeds and to the number of vehicles that approach
`the critical location it is not uncommon to be faced with
`catastrophic situations, with high risks of loss of human life.
`Current information systems in fact do not allow to warn
`promptly and in a targeted manner people who are traveling
`in the same direction and at a critical distance from the point
`where the dangerous condition occurs.
`
`[0006] Another reference sector affected by similar prob(cid:173)
`lems of security and certification of the location of a user is
`the sector of alarm systems. An alarm system is in fact
`typically deactivated by operating on a suitable remote
`control or by operating on a control panel with a key or by
`entering a secret code. However, it is evident that there is no
`assurance that the operator who has operated the deactiva(cid:173)
`tion control is actually a person who is authorized to do so.
`Since it is obviously neither practical not possible to resort,
`in conventional use, to sophisticated and expensive recog(cid:173)
`nition systems based on specific physical characteristics of
`the authorized person, such as a retinal scan or fingerprint
`verification, every conventional alarm system can be deac(cid:173)
`tivated immediately by the hostile person who has gained
`possession of the secret code or of the device that deactivates
`the alarm.
`
`SUMMARY OF THE INVENTION
`
`[0007] The aim of the present invention is to overcome the
`problems noted above, providing a system and a method that
`allow to obtain greater assurances in identifying and authen(cid:173)
`ticating users involved in actions that require a high degree
`of security.
`
`[0008] Within this aim, an object of the present invention
`is to perform a cross-check of the identity of the user by
`utilizing devices that are already available to the average
`user, particularly the mobile telephone, so as to avoid the
`need to use additional dedicated devices.
`
`[0009] Another object of the present invention is to
`increase the degree of security during sensitive operations in
`a manner that is transparent to the user, i.e., without the user
`being required to perform actions that are different from
`those that he would have performed normally during a
`sensitive action.
`
`[0010] This aim and these and other objects that will
`become better apparent hereinafter are achieved by a secu(cid:173)
`rity system for cross-checking over data communication
`networks, comprising: means for receiving from a service
`provider identification data of a user and of a point of access
`to a service; means for identifying the geographic location of
`the access point and a mobile telephone number associated
`with the user; means for sending the mobile telephone
`number to a mobile telephone carrier; means for receiving
`from the mobile telephone carrier data that identify the
`geographic location of a mobile telephone that corresponds
`to the sent mobile telephone number; computing means for
`
`TWILIO INC. Ex. 1004 Page 7
`
`

`
`US 2004/0219904 Al
`
`Nov. 4, 2004
`
`2
`
`generating a result of a comparison between the geographic
`location of the point of access to a service and the geo(cid:173)
`graphic location of the mobile telephone.
`
`[0011] This aim and these and other objects are also
`achieved by a method for cross-checking over data commu(cid:173)
`nications networks, which comprises the steps that consist in
`receiving data that arrive from a service provider and
`identify the geographic location of a client point of access to
`a service and a mobile telephone number, sending the mobile
`telephone number to a mobile telephone carrier, receiving
`from the mobile telephone carrier data that identify the
`geographic location of a mobile telephone that corresponds
`to the sent mobile telephone number, in order to generate a
`result of a comparison between the geographic location of
`the point of access to a service and the geographic location
`of the cellular telephone.
`
`[0012] Advantageously,
`the device further comprises
`means for sending the result or data generated or determined
`as a function thereof to the service provider, to the mobile
`telephone number, or to a series of mobile telephone num(cid:173)
`bers stored in a temporary or permanent table at the certi(cid:173)
`fying body.
`
`[0013] The data communications networks used to trans(cid:173)
`mit the various data can be any, particularly credit card
`circuit networks, debit card circuit networks, fixed and
`mobile telephone networks, Internet and Intranet networks,
`highway data communications networks, private or propri(cid:173)
`etary networks, optionally provided with the suitable gate(cid:173)
`ways for transit from one network to another as known in the
`background art.
`
`[0014] Conveniently, more than one mobile telephone
`number can be transmitted by the service supplier and used
`for comparison between the geographic location of the point
`of access to the service in use and the geographic location of
`the mobile telephone that corresponds to one of the mobile
`telephone numbers.
`
`[0015] Advantageously, the comparison means can be
`implemented by means of a computer program and can use
`various comparison criteria, applying different tolerance
`margins or computing methods depending on the service
`that the user is accessing and/or on the telephone carrier
`involved in verifying the position of the mobile telephone of
`the user.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`[0016] Further characteristics and advantages of the
`invention will become better apparent from the following
`detailed description, given by way of non-limitative
`example and accompanied by the corresponding figures,
`wherein:
`
`[0017] FIG. 1 is a schematic view of the elements that
`interact with the system according to the invention;
`
`[0018] FIG. 2 is a schematic view of an embodiment of
`the system according to the present invention;
`
`[0019] FIG. 3 is a flowchart according to the inventive
`method on which the present invention is based;
`
`[0020] FIG. 4 is a schematic view of the elements that
`interact with the system according to the present invention
`in the context of an embodiment related to the use of credit
`cards;
`
`[0021] FIG. 5 is a schematic view of the elements that
`interact with the system according to the present invention
`in the context of an embodiment related to use for reporting
`dangers in a highway context;
`
`[0022] FIG. 6 is a schematic view of an auxiliary device
`that can be used in an embodiment of the method for
`checking the position of a user, applied along a highway
`network.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`[0023] FIG. 1 is a schematic view of the basic elements
`involved in a general application of the system and of the
`method according to the invention. In particular, FIG. 1
`illustrates a centralized server 10 operated by a management
`company, hereinafter referenced as the certifier, which is
`connected to a database 11 and is linked to a first data
`communications network 5 and to a second data communi(cid:173)
`cations network 6.
`
`[0024] The first data communications network 5 is used to
`connect the certifier 10 to a service provider 20, which is in
`turn connected to a third data communications network 7.
`
`[0025] The second data communications network 6 is used
`to connect the certifier 10 to the server of a mobile telephone
`carrier 30, which has access to a mobile telephone network
`8.
`
`[0026] The data communications network 7 can also be
`used by a point of access 25 for accessing a service managed
`by the service provider 20, which is referenced hereinafter
`as the retailer point and can be used by a user who is
`registered in the database 11 in order to access a service in
`which he is interested.
`
`[0027] Finally, the figure illustrates a mobile telephone 40,
`this expression being used to designate any device capable
`of connecting to the mobile telephone network 8, whose
`mobile telephone number is in turn registered in the database
`11 and is associated with user identification data.
`
`[0028] All the elements shown schematically in FIG. 1 are
`shown in this form by way of example and illustrate what
`can actually be multiple servers 10, 20 and 30, multiple
`retailer points 25, and multiple mobile telephones 40.
`
`[0029] Likewise, the data communications networks 5, 6
`and 7 can coincide with a same data communications
`network or can comprise multiple data communications
`networks even of different kinds, so long as they can be
`interfaced with the certifier 10 and, if necessary, with each
`other by way of suitable gateways, as is well known in the
`background art. Likewise, the mobile telephone network 8
`references the various mobile telephone networks owned by
`various telephone carriers, regardless of the type and of the
`communications protocols used. Typically, said network is a
`network of the GSM type, but it can also be of the GPRS,
`UMTS or TACS or other type of network used internation(cid:173)
`ally.
`
`[0030]
`In the description that follows, the terms certifier,
`service provider, mobile telephone carrier and retailer point
`are used equally to identify both the generic party and the
`technical means operated by that party, such as the servers
`of the certifier, of the service provider, of the mobile
`telephone carrier or the client devices of the retailer point.
`
`TWILIO INC. Ex. 1004 Page 8
`
`

`
`US 2004/0219904 Al
`
`Nov. 4, 2004
`
`3
`
`[0031] The core of the system according to the present
`invention is shown schematically in FIG. 2, which illus(cid:173)
`trates the base modules of a device that provides the inven(cid:173)
`tive concept on which the invention is based, an example of
`structure of the database 11 and of messages exchanged
`between the certifier 10 and the service provider 20 and the
`mobile telephone carrier 30. In greater detail, FIG. 2 illus(cid:173)
`trates a security device 200, preferably provided as software,
`which comprises means 210 for receiving data that arrives
`from the service provider over the data communications
`network 5 and means 211 for sending data to the service
`provider 20 over the same data communications network,
`means 212 for sending data to the mobile telephone carrier
`via the data communications network 6, and means 213 for
`receiving data from the mobile telephone carrier over the
`same data communications network, means 205 for the
`preliminary operations to be performed on the database 11 in
`order to retrieve the data required for cross-checking, for
`example the required service, the geographic location of the
`access point 25, the mobile telephone number of the user, the
`mobile telephone carrier that owns said mobile telephone
`number, and finally means 206 for comparing data that
`identify two geographic locations and for generating a result
`on the basis of a rule of comparison.
`
`[0032] FIG. 2 also shows, again by way of example, the
`structures of some information packets 220, 221, 222 and
`223 exchanged among the various parties.
`
`[0033] The operation of the system according to the inven(cid:173)
`tion is divided into two logic steps: a step for registration of
`the service providers 20, of the mobile telephone carriers 30
`and of the users of both services offered by a provider 20 and
`by a carrier 30 in the database 11 of the certifier 10, and a
`step for actual use of the cross-checking system according to
`the invention.
`
`[0034] The first step is performed in particular when a new
`service provider 20 intends to register one of his services
`with the certifier 10 or when a new mobile telephone carrier
`30 joins the system and is also registered in the database 11
`of the certifier 10.
`
`In both cases, as in the case of modification of the
`[0035]
`data related to one of the parties involved, the certifier 10
`updates his database 11, entering or updating the identifi(cid:173)
`cation data for each party. In particular, the FORNITORI
`table 110 contains the data related to an identifier ID F
`assigned to the provider and data DESCR_F that describe
`said provider, while the table 111 contains the data related to
`an identifier ID _ G assigned to the mobile telephone carrier
`and data DESCR G that describe said carrier. The table
`preferably also contains a PREF field that identifies the
`telephone prefix numbers associated with
`the carrier,
`whereby it is therefore possible to determine, from a tele(cid:173)
`phone number, the telephone carrier 30 associated with that
`number.
`
`[0036] The subtable 112, for each provider of the service,
`contains the data related to the participating retailer, to the
`specific point and to its geographic location, verified with
`the specific telephone carrier.
`
`[0037] The subtable 113 contains, for each user registered
`by the service provider, his identification data ID _ U and an
`optional description DESCR _ U, the telephone number of his
`mobile telephone CELL and optionally the corresponding
`
`telephone carrier 30. Alternatively, as mentioned, the tele(cid:173)
`phone carrier 30 can be identified on the basis of the prefix
`of the telephone number.
`
`[0038] The table 114 stores the various services that are
`managed, which are identified by means of a code ID _ S and
`are accompanied by descriptive data DESCR_S and by the
`owning provider code ID _F. The table also contains two
`other fields: the carrier identifier ID _ G and the field RULE,
`which optionally determines a specific rule or comparison
`parameters to be used for comparison between geographic
`locations depending on the carrier involved, as will become
`better apparent hereinafter. Further supporting fields, desig(cid:173)
`nated by AMOUNT, allow to set optional parameters for
`automatic cost calculation.
`
`[0039] With reference to the flowchart of FIG. 3, the
`operation of the system in the step for actual access to a
`service provided by a provider affiliated with the certifier 10
`is as follows.
`
`[0040] At the step 310, a user connects from a retailer
`point 25 for accessing the service provider 20, sending in a
`conventional manner, as regards that service, a request to
`access the service that includes user identification data.
`
`In the step 315, the service provider 20 sends to the
`[0041]
`certifier 10 an information packet 220 that comprises both
`user identification data and identification data of the retailer
`point 25.
`
`[0042] Typically, the database 11 contains a first table that
`stores the identifier of each service managed by the service
`provider and a list of the retailer points that can be used to
`access the service. In particular, each one of said retailer
`points must have one or more data items that allow to
`identify its geographic location with sufficient precision.
`These data can be, for example, the latitude and longitude
`coordinates of the retailer point. The database 11 conven(cid:173)
`tionally stores an identifier for each registered user, and said
`identifier can be provided in nominative form, i.e., by giving
`the personal data of each user and associating a name with
`them, or even anonymously, i.e., by entering in the database
`an identification number of a card, a code or another
`identification means. The user identification data are fur(cid:173)
`thermore connected to a third table together with one or
`more mobile telephone numbers, implicitly paired, by means
`of the prefix of the telephone number, with a different mobile
`telephone carrier.
`
`[0043] The data conventionally received from the service
`provider 20 are then used in the system of the certifier 10 to
`identify both a first mobile telephone number associated
`with the user and the geographic location of the retailer point
`used by the user to access the service. The provider then
`sends to the certifier 10 an information data packet 220 that
`contains a request identifier ID _ R, the service identifier
`ID _ S, the retailer identifier ID _ E, the identifier ID _PE of the
`retailer point 25 used to access the service, and a unique user
`identification data item ID U.
`
`In the step 320, the device 200 that operates on the
`[0044]
`server of the certifier 10 receives the packet by virtue of the
`receiver means 210 and passes it to the means 205. The
`means 205 check for the presence, in the table 110, of the
`identification code of the provider of the service ID _ S, check
`in the sub table 112 the geographic location POS _ C of the
`retailer point identified by ID _ PE, determine the telephone
`
`TWILIO INC. Ex. 1004 Page 9
`
`

`
`US 2004/0219904 Al
`
`Nov. 4, 2004
`
`4
`
`carrier involved by means of the prefix of the received
`mobile telephone number by checking for its presence in the
`table 113, and enter in the table 114 a new record, which
`includes a unique code ID _1RANS that identifies the opera(cid:173)
`tion in progress, the code of the service ID _ S, the code of the
`telephone carrier ID _ G, and the mobile telephone number
`CELL. A packet 221 that contains the identification code
`ID _TRANS and the mobile telephone number CELL is then
`sent, at the step 325, via the transmission means 212 to the
`telephone carrier 30, which has the task of returning an
`information packet 222 that contains the identification code
`ID _TRANS and data related to the geographic location
`POS _ T of the mobile telephone that corresponds to the
`mobile telephone number being considered (step 330). The
`position is calculated according to known methods by using
`the wave cones that determine the area coverage of a mobile
`telephone network.
`
`In the step 335, once these data have been received
`[0045]
`via the receiver interface 213, the comparison means 206 use
`the received ID TRANS code to retrieve in the table 113 the
`identification data of the service ID S and of the carrier
`ID _ G and determine, by reading the table 114, whether there
`is a particular rule RULE to be applied in order to calculate
`the result of the comparison between the point POS _ T and
`the point POS _ C, received from the table 112. For example,
`the rule RULE can identify the interval within which the
`points POS _ T and POS _ C must be considered identical. The
`row ID _TRANS in table 115 is then completed by entering
`a time stamp TIME that comprises the year, month, day,
`hour, minute and second of the transaction, the result RES
`and one or more amounts AMOUNT, which indicate or are
`used to calculate costs/revenue in general.
`
`In the step 340, if there is a location match within
`[0046]
`the applied limits, the means 206 return to the service
`provider 20 a packet 223 that comprises data sufficient to
`identify the request ID _ R to which the packet refers, the
`service ID _ S and the positive outcome of the result RES. In
`the other case, a negative outcome code is returned. Before
`ending with a negative outcome, if the user has multiple
`telephone numbers, the system can repeat the cross-check(cid:173)
`ing request by using the successive telephone numbers
`CELL of the user ID U.
`
`In the step 345, the service provider receives the
`[0047]
`outcome of the operation and, in the step 350, manages the
`received result. The service provider can decide autono(cid:173)
`mously, in this case, the procedure to be followed in order
`to authorize access to the service or not (steps 355, 360).
`
`[0048] By way of non-limitative
`illustration, some
`examples of use of the inventive concept on which the
`present invention is based are now described; in said
`examples, a service provided over a data communications
`network 7 uses the cross-check derived from the detection of
`the location of a mobile telephone 40 assigned to the user in
`order to perform an automatic cross-check to support the
`authenticity of the identity of said user.
`
`In a first example, the system according to the
`[0049]
`present invention is used to verify the identity of a user in the
`context of financial transactions on credit card circuits.
`
`munications network 7 exploded into the various networks
`7' and 7" that identify the data communications networks for
`connection among the retailer points 25, the service provid(cid:173)
`ers 20, for example national banks, data communications
`networks 7' for connection to the international circuits 7".
`
`[0051] The user goes to a point 25 of a retailer, this term
`being used to designate a party that is affiliated with the
`financial company and accepts the card as a means of
`payment that is alternative to cash, or also an ATM, for
`example a Bancomat cashpoint, from which cash can be
`drawn.
`
`[0052] The request to authorize the transaction, which
`includes the identification data of the card and of said retailer
`25, is sent by the retailer 25 to the financial company that
`operates the card used by the user; said financial company in
`turn sends a verification request to the certifier 10 over the
`data communications network 5.
`
`[0053] More in detail, the request to authorize the trans(cid:173)
`action is sent from the retailer 25 to the bank or entity 20 that
`has acquired the retailer, i.e. the so called "bank acquirer",
`which in turn forwards the received data to the bank or entity
`7" that manages the card holder, i.e to the so called "bank
`issuer", so that the validity of the card is verified according
`to conventional rules.
`
`[0054] The certifier 10, after receiving the request from
`either the bank acquirer 20, the bank issuer 7" or a combi(cid:173)
`nation thereof, identifies the location of the retailer 25 and,
`on the basis of the telephone number, the mobile telephone
`carrier 30 involved in the manners already described sends
`the received telephone number and waits for the current
`location detected by the telephone carrier as a reply.
`
`If the mobile telephone 40 is switched off, the
`[0055]
`certifier sends the corresponding code to the financial com(cid:173)
`pany, which accordingly manages the situation according to
`its specific methods, for example by reporting to the retailer
`that it is not possible to perform the transaction or by
`requesting the verification of a document on the part of the
`retailer in the case of a purchase operation performed with
`the customer present. In the simplest case, the clearance for
`the transaction is instead denied.
`
`If the reply of the mobile telephone carrier instead
`[0056]
`identifies correctly the position of the mobile telephone of
`the user, the verification system of the certifier 10 checks
`whether said location coincides, within the set tolerance
`limits, with the position of the retailer, and returns the
`outcome to the financial company. In turn, the financial
`company authorizes or declines the transaction.
`
`[0057] A second example of use of the system according
`to the present invention relates to the problem of highway
`safety and is now described with reference to FIG. 5. In this
`case, the primary data communications network is consti(cid:173)
`tuted by the highway data communications network, which
`is used by highway management companies to exchange of
`information related to the services already offered, particu(cid:173)
`larly the service known as Telepass and used on Italian
`highways.
`
`[0050] The architecture of this specific system is shown in
`greater detail in FIG. 4, which shows, next to the elements
`already identified with reference to FIG. 1, the data com-
`
`[0058] The highway management company divides