The Wireless Telephony Industry is developing the capability to compute secure identification and authentication codes using the cellular phones' Central Processing Units' (CPU) capability or the CPU in a chip card or smart card inserted into the cellular phone. These secure identification and authentication codes can be computed according to different standards and methods, including methods for computing identification or authentication strings that are wholly or partially variable in order to avoid the fraudulent re-use of the string. This industry trend includes the use of the cellular phone to digitally sign documents, according to well-known standards or newly developed standards and protocols.
Many industry leaders plan to use the cellular phone as an instrument for performing e-commerce transactions, whereas the authorized owner of the cellular phone can be identified or authenticated by means of the strings computed as mentioned above, and, whereas certain transaction data is securely transmitted, using encryption methods and/or hash functions.
Currently, a typical system for identifying the cellular phone owner and certifying transaction data, generates a string of digits or bits which includes, among other data and parameters, the data associated with the identity of the cellular phone or of a chip card inserted in the cellular phone, where the data is totally or partially encrypted. The identification data is sometimes associated with the cellular phone owner, or with another entity, such as an anonymous debit account. The string is typically transmitted as an electromagnetic wave, according to one of several cellular phone methodologies for transmission.
One of the problems with these current systems for secure transactions through the internet is that the transaction must be performed at some instance through the cellular phone, in conjunction with a cellular phone call, thus adding complexity and time to the transaction.
As an example, a first e-commerce transaction is initiated and completed through the cellular phone, whereas at a particular moment the cellular phone generates the identification string and transmits an electromagnetic representation of the identification string. This is the typical case where the holder of the cellular phone places a call using the cellular phone.
Now, another example that shows the shortcomings of the prior art is when an e-commerce transaction is initiated through a device other than a cellular phone, such as a PC. At some point in time during the carrying out of the e-commerce transaction, the owner of the cellular phone, due to the need to certify his acceptation of the transaction, will need to use a cellular device to generate the identification or certification string. But, since the owner of the cellular phone is communicating with the e-merchant by means of his PC, an extra step will have to take place where either the owner is called by the merchant, or in other cases, the owner places a call to the merchant or other entity with the cellular phone. In either case, however, the owner always transmits the certification string using his cellular phone, in the form of an electromagnetic wave.
Therefore, there is a need for a new methodology, which will enable the identification and certification for remote transactions in general, including telephone orders, and the e-commerce transaction in particular, which are made though a PC, or any other device such as regular wired phones, organizers, palm computers and the like, without the necessity of placing a call with the cellular phone in which the capability to compute identification/certification strings has been installed.