1. Field of Invention
The present invention relates to transaction and payment systems, methods and program products. More particularly, the invention relates to systems and methods for securing remote authentication/validation of transactions from a transaction provider for use in a local redemption device that does not have continuous connection with the remote transaction provider.
2. Description of Prior Art
Electronic payment systems for transportations are already in use today using the messaging service of a ubiquitous telecom network SMS (Short Messaging Service) to authenticate and pay for services in buses and trains, where the communication channel between the train/bus and a data network is not necessarily continuous. The most common technical obstacle that has to be overcome in transportation is that there is necessarily no continuous link between the server where consumption of the services is happening (in the train/bus) and the server that receives information that the short message transaction has been carried out (somewhere in the always-connected data network). The closest existing mechanism is the SMS—ticketing systems of public transportation, but even in that case the ticket checker presumably synchronizes his or her (checking) device periodically, and in those systems there is no need for personalization nor context management.
What is needed in the art is an e-services payment system which overcomes problems in the transportation payment art, as follows:                The transportation server can reliably accept the result of an SMS payment even if the server does not have a network connection to any global infrastructure.        The system can manage the case where payment is time-dependent. and a user changes transportation (from a bus to a train).        The system can know when, and react to, a given user is repeatedly using the same service.        The system can protect against fraud where users collude against the system (‘I give you this password for half the price . . . ).        
Prior art related to transportation payment systems and authentication/validation includes:
1. U.S. Pat. No. 6,386,451 entitled “Travel system and methods utilizing multi-application passport cards”, issued May 14, 2002 discloses a travel system and methods that encompass a plurality of travel service providers and multi-application passport cards for the automated compilation, issuance, and utilization of the passport cards for said plurality of travel services, including the implementation of related application scenarios. The multi-application cards are realized by portable device technologies, such as, smart cards or pocket-sized computer devices, and have the ability to store and activate a traveler's permit for transportation and other passport services; as well as a monetary value for electronic payment means. Biometrics identification of cardholders, as well as cryptographic certification of card data and travel-related information, can optionally be encoded onto the cards and can be verified, including validated, at various point-of-service locations upon presentation of the card for utilization.
2. U.S. Pat. No. 5,887,266 entitled “Method for using applications in a mobile station, a mobile station and a system for effecting payments”, issued Mar. 23, 1999 discloses a method for using an application in a mobile station. The application has a first mode of operation and a second mode of operation. The first mode of operation is passive. In the second mode of operation the application controls a master control unit (MCU) of the mobile station. Also provided is a system for making payments, comprising at least one mobile station which has an associated application, a component for using the application, and a first transceiver for providing local data transfer. The system also comprises at least one cash register or the like, which has a second transceiver for providing data transfer. The application has a capability for causing data to be transferred from the first transceiver to the second transceiver.
3. U.S. Pat. No. 6,615,262 entitled “Method and apparatus for remotely administered authentication and access control”, issued Sep. 2, 2003 discloses authentication and session management can be used with a system architecture that partitions functionality between a human interface device (HID) and a computational service provider such as a server. An authentication manager executing on a server interacts with the HID to validate the user when the user connects to the system via the HID. The authentication manager interacts with authentication modules. Each authentication module may be configured to authenticate a user based on a different authentication mechanism (e.g., using a smart card, using a login and password, using biometric data, etc.) and may be utilized in connection with one or more sessions. The authentication manager and authentication modules are also responsible for controlling access to services/sessions and may remove/revoke or augment such access. A session manager executing on a server manages services running on computers providing computational services (e.g., programs) on behalf of the user. The session manager notifies each service in a session that the user is attached to the system using a given desktop machine. A service can direct display output to the HID while the user is attached to the system. When a user detaches from the system, each of the service's executing for the user is notified via the authentication manager and the session manager. Upon notification that the user is detached from the system, a service continues to execute while stopping its display to the desktop machine.
None of the prior art discloses a mobile terminal equipped for SMS payment and service authentication in a mobile environment with a remote payment and transaction provider (authentication server) wherein common secrets & a seed serve in an algorithm to generate a list of authentication pairs (username-password) for transactions. The common secrets and seed are shared with remote transaction provider and redemption devices (local servers) via a non-continuous communication link, wherein the seed is periodically updated. A subscriber conducts payment with the authentication server and receives an authentication pair in a token or ticket corresponding to the purchased service, the authentication token being generated by the authentication server based on the common secrets and current value of the seed. Upon service redemption, the subscriber provides the authentication token to the local server which compares the authentication token with sets of valid authentication token generated by the local server based on the common secrets and current value of the seed provided by the remote transaction provider. If the comparison indicates a match, the local server provides the service to the subscriber and makes a log record of the transaction.