`(12) Patent Application Publication (10) Pub. No.: US 2004/0219904 A1
`(43) Pub. Date:
`Nov. 4, 2004
`De Petris
`
`US 20040219904A1
`
`(54) SECURITY METHOD AND SYSTEM WITH
`CROSS-CHECKING BASED ON
`GEOGRAPHIC LOCATION DATA
`
`(75) Inventor: Luciano De Petris, Milano (IT)
`
`Cones Ondence Address
`MODIIANO & ASSOCI'ATI
`Via Meravi H 16
`20123
`g ’
`Milano (IT)
`
`(73) Assignee_ EBCO FIDUCIARIA SA
`'
`'
`(21) APPL NO:
`
`10/817 889
`’
`Apt; 6, 2004
`
`(22) Filed;
`
`(30)
`
`Foreign Application Priority Data
`
`Apr. 17, 2003 (EP) ...................................... .. 030087514
`
`Publication Classi?cation
`
`(51) Int. Cl.7 .................................................. .. H04M 11/00
`(52) US. Cl. ............................................................ .. 455/410
`
`ABSTRACT
`(57)
`A security system With cross-checking for authenticating
`users on data communications networks comprises means
`for receiving from a service provider identi?cation data of a
`user and of a point of access to a service; means for
`identifying the geographic location of the access point and
`a of mobile telephone number associated With the user;
`means for sending the mobile telephone number to a mobile
`telephone carrier; means for receiving from the telephone
`carrier data that identify the geographic location of a mobile
`telephone that corresponds to the sent mobile telephone
`number; computing means for generating a result of a
`comparison betWeen the geographic location of the service
`access point and the geographic location of the mobile
`telephone and means for sending the result or data as a
`function of the result to the service provider or to the mobile
`telephone number.
`
`310
`
`I START )
`
`315
`
`RETAILER
`SEND USER REQUEST
`TO ACCESS SERVICE —>
`
`SERVICE PROVIDER
`SEND RETAILER ID
`AND USER ID
`
`325
`L CERTIFIER
`SEND REQUEST FOR
`LOCATION OF MOBILE
`TELEPHONE
`
`330
`
`TELEPHONE CARRIER
`DETERMINE AND TRANSMIT
`THE STATUS AND LOCATION
`\ OF MOBILE TELEPHONE
`
`CERTIFIER
`APPLY CALCULATION
`RULE FOR REQUESTED
`SERVICE
`335 a)
`
`350
`
`YES
`
`IS
`OUTCOME
`POSITIVE?
`
`CERTIFIER
`IDENTIFY RETAILER
`LOCATION, IDENTIFY
`USER MOBILE
`TELEPHONE NUMBER,
`IDENTIFY TELEPHONE
`CARR'ER
`
`\
`320
`
`340
`
`CERTIFIER
`
`RETURN
`RESULT
`
`SERVICE PROVIDER
`
`CHECK RECEIVED
`RESPONSE
`
`RETAILER
`
`DENY ACCESS
`
`RETAILER
`
`f 355
`
`345
`
`360
`
`ALLOW ACCESS
`
`END
`
`TWILIO, INC. EX. 1017
`Page 1
`
`
`
`Patent Application Publication Nov. 4, 2004 Sheet 1 0f 5
`
`US 2004/0219904 A1
`
`10
`
`,7
`
`30
`
`600
`\
`
`\< ) /
`aos?yg
`mpg)
`
`607 )
`
`I
`
`604
`//—J
`
`’\\ 602
`’\d602
`
`TWILIO, INC. EX. 1017
`Page 2
`
`
`
`Patent Application Publication Nov. 4, 2004 Sheet 2 of 5
`
`US 2004/0219904 A1
`
`_.1
`_l
`Lu
`0
`
`TWILIO, INC. EX. 1017
`Page 3
`
`TWILIO, INC. EX. 1017
`Page 3
`
`
`
`Patent Application Publication Nov. 4, 2004 Sheet 3 0f 5
`
`US 2004/0219904 A1
`
`370
`
`375
`
`RETAILER
`SEND USER REQUEST
`TO ACCESS SERVICE -—>
`
`SERvICE PROVIDER
`
`SEND RETAILER ID
`AND USER ID
`
`330
`
`i
`325
`CERTIFIER
`L CERTIFIER
`IDENTIFY RETAILER
`SEND REQUEST FOR
`LOCATION OF MOBILE <— LOCATION, IDENTIFY
`TELEPHONE
`USER MOBILE
`TELEPHONE NUMBER,
`IDENTIFY TELEPHONE
`l
`TELEPHONE CARRIER
`CARR'ER
`DETERMINE AND TRANSMIT
`THE STATUS AND LOCATION
`\ OF MOBILE TELEPHONE
`
`340
`
`\
`320
`
`CERTIFIER
`APPLY CALCULATION
`RULE FOR REQUESTED —>
`SERVICE
`
`CERTIFIER
`
`RETURN
`RESULT
`
`335 k)
`
`350
`
`l
`
`SERVICE PROvIDER
`
`YES
`
`OUTCOME
`POSITIVE?
`
`CHECK RECEIvED
`RESPONSE
`
`'
`
`RETAILER
`DENY ACCESS
`
`355
`/
`
`X
`345
`
`360
`
`/Z_/
`
`3
`
`RETAILER
`
`—~ ALLOW ACCESS
`
`TWILIO, INC. EX. 1017
`Page 4
`
`
`
`Patent Application Publication Nov. 4, 2004 Sheet 4 0f 5
`
`US 2004/0219904 A1
`
`TWILIO, INC. EX. 1017
`Page 5
`
`
`
`Patent Application Publication Nov. 4, 2004 Sheet 5 0f 5
`
`US 2004/0219904 A1
`
`17
`
`TWILIO, INC. EX. 1017
`Page 6
`
`
`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`SECURITY METHOD AND SYSTEM WITH
`CROSS-CHECKING BASED ON GEOGRAPHIC
`LOCATION DATA
`
`[0001] The present invention is in the ?eld of user iden
`ti?cation and authentication services With reference to sen
`sitive operations, i.e., operations that require veri?cation of
`the identity of a user as a critical factor in the context of an
`action to be performed, for example a credit card transac
`tion, the reporting of a danger Warning signal regarding a
`highWay accident, or the deactivation of an alarm system.
`
`BACKGROUND OF THE INVENTION
`
`[0002] The continuing technological development and dif
`fusion of loW-cost data communications tools has changed
`radically the Way in Which people act in many application
`contexts, particularly With reference to operations for trad
`ing tangible and intangible property and ?nancial operations
`but also in all cases that simply require greater assurance of
`the identity of a user involved in a given action.
`
`[0003] A signi?cant example is given by debit and credit
`cards, Which are very Widespread trading tools Whose suc
`cess is due mainly to their convenience With respect to the
`traditional use of cash. It is in fact certainly more practical
`and convenient to carry in one’s Wallet a simple plastic card
`instead of several layers of bills of various denominations,
`thus simplifying not only large payments, Which as such are
`rarely made in cash, but also generic monetary transactions
`related to everyday purchases. The use of credit cards spares
`the user from having to count the sum of money required to
`cover the cost of the purchase and from having to check any
`associated change. Having ascertained the practicality of
`such a mechanism and by taking advantage of the diffusion
`of the neW data communications circuits, many banks are
`noW offering, alongside What can be considered as conven
`tional credit cards (Visa, MasterCard, American Express),
`personal debit cards, Which can use alternative circuits that
`are cheaper for the user to make purchases in an ever greater
`number of participating points of sale. By using debit cards
`of the “bank-issued” type, the user performs, directly in the
`shop Where he is making the purchase, the equivalent of a
`cash WithdraWal at an ATM (automatic teller machine, such
`as the cash dispensers knoWn in Italian as Bancomat), in
`Which the entered amount is not paid in cash to the user but
`is deposited directly into the current account of the retailer.
`The practicality of these debit cards is even greater than that
`of conventional credit cards, since there is no risk of
`signature forgeries in case of theft or loss of the card,
`because the monetary transaction is activated by the user by
`entering a secret PIN (personal identi?cation number).
`
`[0004] HoWever, even this solution is not entirely ideal
`and still has considerable draWbacks. In particular, both in
`the case of credit cards and in the case of debit cards it is
`virtually impossible to verify assuredly that the card bearer
`is actually the oWner authoriZed to use said card and is not
`an impostor. Loss or theft of the credit card or debit card and
`of its PIN, Which is often recklessly kept together With the
`card, exposes the user to great risks of substantial ?nancial
`losses, since the card gives anyone, albeit unlaWfully, free
`access to the current account of the oWner. Although many
`methods and procedures for improving safety in transactions
`that require an exact certi?cation of the identity of the bearer
`of a card have been studied, a satisfactory solution that
`
`alloWs users to act in the customary manner but With the
`assurance of greater safety has not yet been found.
`
`[0005] The same remarks apply in other ?elds, for
`example in relation to the reporting of dangerous situations
`on a highWay, such as road accidents, the forming of fog
`banks, roadWorks, and so forth, Which are very frequent
`especially in the Winter period. In such cases, very often the
`initial condition is not particularly severe but due to high
`highWay speeds and to the number of vehicles that approach
`the critical location it is not uncommon to be faced With
`catastrophic situations, With high risks of loss of human life.
`Current information systems in fact do not alloW to Warn
`promptly and in a targeted manner people Who are traveling
`in the same direction and at a critical distance from the point
`Where the dangerous condition occurs.
`
`[0006] Another reference sector affected by similar prob
`lems of security and certi?cation of the location of a user is
`the sector of alarm systems. An alarm system is in fact
`typically deactivated by operating on a suitable remote
`control or by operating on a control panel With a key or by
`entering a secret code. HoWever, it is evident that there is no
`assurance that the operator Who has operated the deactiva
`tion control is actually a person Who is authoriZed to do so.
`Since it is obviously neither practical not possible to resort,
`in conventional use, to sophisticated and expensive recog
`nition systems based on speci?c physical characteristics of
`the authoriZed person, such as a retinal scan or ?ngerprint
`veri?cation, every conventional alarm system can be deac
`tivated immediately by the hostile person Who has gained
`possession of the secret code or of the device that deactivates
`the alarm.
`
`SUMMARY OF THE INVENTION
`
`[0007] The aim of the present invention is to overcome the
`problems noted above, providing a system and a method that
`alloW to obtain greater assurances in identifying and authen
`ticating users involved in actions that require a high degree
`of security.
`
`[0008] Within this aim, an object of the present invention
`is to perform a cross-check of the identity of the user by
`utiliZing devices that are already available to the average
`user, particularly the mobile telephone, so as to avoid the
`need to use additional dedicated devices.
`
`[0009] Another object of the present invention is to
`increase the degree of security during sensitive operations in
`a manner that is transparent to the user, i.e., Without the user
`being required to perform actions that are different from
`those that he Would have performed normally during a
`sensitive action.
`
`[0010] This aim and these and other objects that Will
`become better apparent hereinafter are achieved by a secu
`rity system for cross-checking over data communication
`netWorks, comprising: means for receiving from a service
`provider identi?cation data of a user and of a point of access
`to a service; means for identifying the geographic location of
`the access point and a mobile telephone number associated
`With the user; means for sending the mobile telephone
`number to a mobile telephone carrier; means for receiving
`from the mobile telephone carrier data that identify the
`geographic location of a mobile telephone that corresponds
`to the sent mobile telephone number; computing means for
`
`TWILIO, INC. EX. 1017
`Page 7
`
`
`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`generating a result of a comparison between the geographic
`location of the point of access to a service and the geo
`graphic location of the mobile telephone.
`
`[0011] This aim and these and other objects are also
`achieved by a method for cross-checking over data commu
`nications networks, which comprises the steps that consist in
`receiving data that arrive from a service provider and
`identify the geographic location of a client point of access to
`a service and a mobile telephone number, sending the mobile
`telephone number to a mobile telephone carrier, receiving
`from the mobile telephone carrier data that identify the
`geographic location of a mobile telephone that corresponds
`to the sent mobile telephone number, in order to generate a
`result of a comparison between the geographic location of
`the point of access to a service and the geographic location
`of the cellular telephone.
`[0012] Advantageously, the device further comprises
`means for sending the result or data generated or determined
`as a function thereof to the service provider, to the mobile
`telephone number, or to a series of mobile telephone num
`bers stored in a temporary or permanent table at the certi
`fying body.
`[0013] The data communications networks used to trans
`mit the various data can be any, particularly credit card
`circuit networks, debit card circuit networks, ?xed and
`mobile telephone networks, Internet and Intranet networks,
`highway data communications networks, private or propri
`etary networks, optionally provided with the suitable gate
`ways for transit from one network to another as known in the
`background art.
`
`[0014] Conveniently, more than one mobile telephone
`number can be transmitted by the service supplier and used
`for comparison between the geographic location of the point
`of access to the service in use and the geographic location of
`the mobile telephone that corresponds to one of the mobile
`telephone numbers.
`[0015] Advantageously, the comparison means can be
`implemented by means of a computer program and can use
`various comparison criteria, applying different tolerance
`margins or computing methods depending on the service
`that the user is accessing and/or on the telephone carrier
`involved in verifying the position of the mobile telephone of
`the user.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`[0016] Further characteristics and advantages of the
`invention will become better apparent from the following
`detailed description, given by way of non-limitative
`example and accompanied by the corresponding ?gures,
`wherein:
`
`[0017] FIG. 1 is a schematic view of the elements that
`interact with the system according to the invention;
`
`[0018] FIG. 2 is a schematic view of an embodiment of
`the system according to the present invention;
`[0019] FIG. 3 is a ?owchart according to the inventive
`method on which the present invention is based;
`
`[0020] FIG. 4 is a schematic view of the elements that
`interact with the system according to the present invention
`in the context of an embodiment related to the use of credit
`cards;
`
`[0021] FIG. 5 is a schematic view of the elements that
`interact with the system according to the present invention
`in the context of an embodiment related to use for reporting
`dangers in a highway context;
`
`[0022] FIG. 6 is a schematic view of an auxiliary device
`that can be used in an embodiment of the method for
`checking the position of a user, applied along a highway
`network.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`[0023] FIG. 1 is a schematic view of the basic elements
`involved in a general application of the system and of the
`method according to the invention. In particular, FIG. 1
`illustrates a centraliZed server 10 operated by a management
`company, hereinafter referenced as the certi?er, which is
`connected to a database 11 and is linked to a ?rst data
`communications network 5 and to a second data communi
`cations network 6.
`
`[0024] The ?rst data communications network 5 is used to
`connect the certi?er 10 to a service provider 20, which is in
`turn connected to a third data communications network 7.
`
`[0025] The second data communications network 6 is used
`to connect the certi?er 10 to the server of a mobile telephone
`carrier 30, which has access to a mobile telephone network
`8.
`
`[0026] The data communications network 7 can also be
`used by a point of access 25 for accessing a service managed
`by the service provider 20, which is referenced hereinafter
`as the retailer point and can be used by a user who is
`registered in the database 11 in order to access a service in
`which he is interested.
`[0027] Finally, the ?gure illustrates a mobile telephone 40,
`this expression being used to designate any device capable
`of connecting to the mobile telephone network 8, whose
`mobile telephone number is in turn registered in the database
`11 and is associated with user identi?cation data.
`
`[0028] All the elements shown schematically in FIG. 1 are
`shown in this form by way of example and illustrate what
`can actually be multiple servers 10, 20 and 30, multiple
`retailer points 25, and multiple mobile telephones 40.
`[0029] Likewise, the data communications networks 5, 6
`and 7 can coincide with a same data communications
`network or can comprise multiple data communications
`networks even of different kinds, so long as they can be
`interfaced with the certi?er 10 and, if necessary, with each
`other by way of suitable gateways, as is well known in the
`background art. Likewise, the mobile telephone network 8
`references the various mobile telephone networks owned by
`various telephone carriers, regardless of the type and of the
`communications protocols used. Typically, said network is a
`network of the GSM type, but it can also be of the GPRS,
`UMTS or TACS or other type of network used internation
`ally.
`[0030] In the description that follows, the terms certi?er,
`service provider, mobile telephone carrier and retailer point
`are used equally to identify both the generic party and the
`technical means operated by that party, such as the servers
`of the certi?er, of the service provider, of the mobile
`telephone carrier or the client devices of the retailer point.
`
`TWILIO, INC. EX. 1017
`Page 8
`
`
`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`[0031] The core of the system according to the present
`invention is shown schematically in FIG. 2, which illus
`trates the base modules of a device that provides the inven
`tive concept on which the invention is based, an eXample of
`structure of the database 11 and of messages exchanged
`between the certi?er 10 and the service provider 20 and the
`mobile telephone carrier 30. In greater detail, FIG. 2 illus
`trates a security device 200, preferably provided as software,
`which comprises means 210 for receiving data that arrives
`from the service provider over the data communications
`network 5 and means 211 for sending data to the service
`provider 20 over the same data communications network,
`means 212 for sending data to the mobile telephone carrier
`via the data communications network 6, and means 213 for
`receiving data from the mobile telephone carrier over the
`same data communications network, means 205 for the
`preliminary operations to be performed on the database 11 in
`order to retrieve the data required for cross-checking, for
`eXample the required service, the geographic location of the
`access point 25, the mobile telephone number of the user, the
`mobile telephone carrier that owns said mobile telephone
`number, and ?nally means 206 for comparing data that
`identify two geographic locations and for generating a result
`on the basis of a rule of comparison.
`
`[0032] FIG. 2 also shows, again by way of eXample, the
`structures of some information packets 220, 221, 222 and
`223 eXchanged among the various parties.
`
`[0033] The operation of the system according to the inven
`tion is divided into two logic steps: a step for registration of
`the service providers 20, of the mobile telephone carriers 30
`and of the users of both services offered by a provider 20 and
`by a carrier 30 in the database 11 of the certi?er 10, and a
`step for actual use of the cross-checking system according to
`the invention.
`
`[0034] The ?rst step is performed in particular when a new
`service provider 20 intends to register one of his services
`with the certi?er 10 or when a new mobile telephone carrier
`30 joins the system and is also registered in the database 11
`of the certi?er 10.
`
`[0035] In both cases, as in the case of modi?cation of the
`data related to one of the parties involved, the certi?er 10
`updates his database 11, entering or updating the identi?
`cation data for each party. In particular, the FORNITORI
`table 110 contains the data related to an identi?er ID_F
`assigned to the provider and data DESCR_F that describe
`said provider, while the table 111 contains the data related to
`an identi?er ID_G assigned to the mobile telephone carrier
`and data DESCR_G that describe said carrier. The table
`preferably also contains a PREF ?eld that identi?es the
`telephone pre?X numbers associated with the carrier,
`whereby it is therefore possible to determine, from a tele
`phone number, the telephone carrier 30 associated with that
`number.
`
`[0036] The subtable 112, for each provider of the service,
`contains the data related to the participating retailer, to the
`speci?c point and to its geographic location, veri?ed with
`the speci?c telephone carrier.
`
`[0037] The subtable 113 contains, for each user registered
`by the service provider, his identi?cation data ID_U and an
`optional description DESCR_U, the telephone number of his
`mobile telephone CELL and optionally the corresponding
`
`telephone carrier 30. Alternatively, as mentioned, the tele
`phone carrier 30 can be identi?ed on the basis of the pre?X
`of the telephone number.
`
`[0038] The table 114 stores the various services that are
`managed, which are identi?ed by means of a code ID_S and
`are accompanied by descriptive data DESCR_S and by the
`owning provider code ID_F. The table also contains two
`other ?elds: the carrier identi?er ID_G and the ?eld RULE,
`which optionally determines a speci?c rule or comparison
`parameters to be used for comparison between geographic
`locations depending on the carrier involved, as will become
`better apparent hereinafter. Further supporting ?elds, desig
`nated by AMOUNT, allow to set optional parameters for
`automatic cost calculation.
`
`[0039] With reference to the ?owchart of FIG. 3, the
`operation of the system in the step for actual access to a
`service provided by a provider af?liated with the certi?er 10
`is as follows.
`
`[0040] At the step 310, a user connects from a retailer
`point 25 for accessing the service provider 20, sending in a
`conventional manner, as regards that service, a request to
`access the service that includes user identi?cation data.
`
`[0041] In the step 315, the service provider 20 sends to the
`certi?er 10 an information packet 220 that comprises both
`user identi?cation data and identi?cation data of the retailer
`point 25.
`[0042] Typically, the database 11 contains a ?rst table that
`stores the identi?er of each service managed by the service
`provider and a list of the retailer points that can be used to
`access the service. In particular, each one of said retailer
`points must have one or more data items that allow to
`identify its geographic location with suf?cient precision.
`These data can be, for example, the latitude and longitude
`coordinates of the retailer point. The database 11 conven
`tionally stores an identi?er for each registered user, and said
`identi?er can be provided in nominative form, i.e., by giving
`the personal data of each user and associating a name with
`them, or even anonymously, i.e., by entering in the database
`an identi?cation number of a card, a code or another
`identi?cation means. The user identi?cation data are fur
`thermore connected to a third table together with one or
`more mobile telephone numbers, implicitly paired, by means
`of the pre?X of the telephone number, with a different mobile
`telephone carrier.
`
`[0043] The data conventionally received from the service
`provider 20 are then used in the system of the certi?er 10 to
`identify both a ?rst mobile telephone number associated
`with the user and the geographic location of the retailer point
`used by the user to access the service. The provider then
`sends to the certi?er 10 an information data packet 220 that
`contains a request identi?er ID_R, the service identi?er
`ID_S, the retailer identi?er ID_E, the identi?er ID_PE of the
`retailer point 25 used to access the service, and a unique user
`identi?cation data item ID_U.
`
`[0044] In the step 320, the device 200 that operates on the
`server of the certi?er 10 receives the packet by virtue of the
`receiver means 210 and passes it to the means 205. The
`means 205 check for the presence, in the table 110, of the
`identi?cation code of the provider of the service ID_S, check
`in the subtable 112 the geographic location POS_C of the
`retailer point identi?ed by ID_PE, determine the telephone
`
`TWILIO, INC. EX. 1017
`Page 9
`
`
`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`carrier involved by means of the pre?x of the received
`mobile telephone number by checking for its presence in the
`table 113, and enter in the table 114 a neW record, Which
`includes a unique code ID_TRAN S that identi?es the opera
`tion in progress, the code of the service ID_S, the code of the
`telephone carrier ID_G, and the mobile telephone number
`CELL. A packet 221 that contains the identi?cation code
`ID_TRANS and the mobile telephone number CELL is then
`sent, at the step 325, via the transmission means 212 to the
`telephone carrier 30, Which has the task of returning an
`information packet 222 that contains the identi?cation code
`ID_TRANS and data related to the geographic location
`POS_T of the mobile telephone that corresponds to the
`mobile telephone number being considered (step 330). The
`position is calculated according to knoWn methods by using
`the Wave cones that determine the area coverage of a mobile
`telephone netWork.
`
`[0045] In the step 335, once these data have been received
`via the receiver interface 213, the comparison means 206 use
`the received ID_TRAN S code to retrieve in the table 113 the
`identi?cation data of the service ID_S and of the carrier
`ID_G and determine, by reading the table 114, Whether there
`is a particular rule RULE to be applied in order to calculate
`the result of the comparison betWeen the point POS_T and
`the point POS_C, received from the table 112. For example,
`the rule RULE can identify the interval Within Which the
`points POS_T and POS_C must be considered identical. The
`roW ID_TRANS in table 115 is then completed by entering
`a time stamp TIME that comprises the year, month, day,
`hour, minute and second of the transaction, the result RES
`and one or more amounts AMOUNT, Which indicate or are
`used to calculate costs/revenue in general.
`
`[0046] In the step 340, if there is a location match Within
`the applied limits, the means 206 return to the service
`provider 20 a packet 223 that comprises data suf?cient to
`identify the request ID_R to Which the packet refers, the
`service ID_S and the positive outcome of the result RES. In
`the other case, a negative outcome code is returned. Before
`ending With a negative outcome, if the user has multiple
`telephone numbers, the system can repeat the cross-check
`ing request by using the successive telephone numbers
`CELL of the user ID_U.
`
`[0047] In the step 345, the service provider receives the
`outcome of the operation and, in the step 350, manages the
`received result. The service provider can decide autono
`mously, in this case, the procedure to be folloWed in order
`to authoriZe access to the service or not (steps 355, 360).
`
`[0048] By Way of non-limitative illustration, some
`examples of use of the inventive concept on Which the
`present invention is based are noW described; in said
`examples, a service provided over a data communications
`netWork 7 uses the cross-check derived from the detection of
`the location of a mobile telephone 40 assigned to the user in
`order to perform an automatic cross-check to support the
`authenticity of the identity of said user.
`
`[0049] In a ?rst example, the system according to the
`present invention is used to verify the identity of a user in the
`context of ?nancial transactions on credit card circuits.
`
`munications netWork 7 exploded into the various netWorks
`7‘ and 7“ that identify the data communications netWorks for
`connection among the retailer points 25, the service provid
`ers 20, for example national banks, data communications
`netWorks 7‘ for connection to the international circuits 7“.
`
`[0051] The user goes to a point 25 of a retailer, this term
`being used to designate a party that is affiliated With the
`?nancial company and accepts the card as a means of
`payment that is alternative to cash, or also an ATM, for
`example a Bancomat cashpoint, from Which cash can be
`draWn.
`
`[0052] The request to authoriZe the transaction, Which
`includes the identi?cation data of the card and of said retailer
`25, is sent by the retailer 25 to the ?nancial company that
`operates the card used by the user; said ?nancial company in
`turn sends a veri?cation request to the certi?er 10 over the
`data communications netWork 5.
`
`[0053] More in detail, the request to authoriZe the trans
`action is sent from the retailer 25 to the bank or entity 20 that
`has acquired the retailer, ie the so called “bank acquirer”,
`Which in turn forWards the received data to the bank or entity
`7“ that manages the card holder, ie to the so called “bank
`issuer”, so that the validity of the card is veri?ed according
`to conventional rules.
`
`[0054] The certi?er 10, after receiving the request from
`either the bank acquirer 20, the bank issuer 7“ or a combi
`nation thereof, identi?es the location of the retailer 25 and,
`on the basis of the telephone number, the mobile telephone
`carrier 30 involved in the manners already described sends
`the received telephone number and Waits for the current
`location detected by the telephone carrier as a reply.
`
`[0055] If the mobile telephone 40 is sWitched off, the
`certi?er sends the corresponding code to the ?nancial com
`pany, Which accordingly manages the situation according to
`its speci?c methods, for example by reporting to the retailer
`that it is not possible to perform the transaction or by
`requesting the veri?cation of a document on the part of the
`retailer in the case of a purchase operation performed With
`the customer present. In the simplest case, the clearance for
`the transaction is instead denied.
`
`[0056] If the reply of the mobile telephone carrier instead
`identi?es correctly the position of the mobile telephone of
`the user, the veri?cation system of the certi?er 10 checks
`Whether said location coincides, Within the set tolerance
`limits, With the position of the retailer, and returns the
`outcome to the ?nancial company. In turn, the ?nancial
`company authoriZes or declines the transaction.
`
`[0057] A second example of use of the system according
`to the present invention relates to the problem of highWay
`safety and is noW described With reference to FIG. 5. In this
`case, the primary data communications netWork is consti
`tuted by the highWay data communications netWork, Which
`is used by highWay management companies to exchange of
`information related to the services already offered, particu
`larly the service knoWn as Telepass and used on Italian
`highWays.
`
`[0050] The architecture of this speci?c system is shoWn in
`greater detail in FIG. 4, Which shoWs, next to the elements
`already identi?ed With reference to FIG. 1, the data com
`
`[0058] The highWay management company divides the
`various highWays for each direction of travel into multiple
`segments of suitable dimensions.
`
`TWILIO, INC. EX. 1017
`Page 10
`
`
`
`US 2004/0219904 A1
`
`Nov. 4, 2004
`
`[0059] Each telephone carrier interested in the service
`provides the geographic location for each individual seg
`ment de?ned by the highWay management company, cov
`ering it With a cone 32 by means of relay stations 31 located
`at suitable distances for coverage according to the intended
`granularity.
`[0060] The certi?er 10 stores the highWay segments With
`the corresponding geographic locations for each individual
`telephone carrier.
`[0061] The service provider 20, in this case the highWay
`management company, detects the entry in a given highWay
`segment of a user of a vehicle provided With a Telepass and
`reports to the certi?er 10 the identi?cation number of that
`user. The certi?er extracts the corresponding mobile tele
`phone number of the user and stores it in a table of users that
`have entered the same highWay and in the same direction,
`from Which the registered mobile telephone number is
`removed after an additional report on the part of the highWay
`management company that the vehicle has crossed a high
`Way eXit gate.
`[0062] When the highWay management company identi
`?es a dangerous condition on a highWay section 25, Which
`can be fully likened to a retailer point, the company sends a
`signal to the certi?er 10, Which asks the respective telephone
`carrier 30 for the location of the mobile telephone 40 that
`corresponds to each number entered in the dedicated table
`that corresponds to the service code received on the part of
`the highWay management company. If the computing system
`of the certi?er veri?es that the location of the mobile
`telephone is critical With respect to the location of the risk
`situation, the system of the certi?er 10 sends directly to each
`registe