A METHOD FOR PREPAID MOBILE PHONE TOP-UP AND

A SYSTEM PERFORMING THEREOF

TECHNICAL FIELD

The invention, improved for mobile operators in the telecommunication industry is a method and system to top-up prepaid mobile phones. The invention, particularly improved for mobile operators in the telecommunication industry, is about a method and a system for filling up balance to the prepaid phones through a SIM card application.

STATE OF THE ART

Today, one of the most important targets for mobile operators is to increase the low commitment relationship of prepaid subscribers. There are not any legally binding contracts between prepaid subscribers and mobile operators. Prepaid subscribers; depending on their preferences, can either continue using their phones by filling up some balance to their existing lines or change their mobile operators easily by using a new line without filling up any balance. Due to high risk of losing prepaid subscribers, mobile operators try to offer more alternatives and easier "top-up" options for their subscribers.

The most preferred "Top-Up" method is using the "Scratch Top-Up Cards with Passwords". Top-up through dealers or banks, "online" top-up through websites, one-time top-up by debit/credit card or periodical top-up orders under certain conditions are the other options offered to the subscribers.

The available methods mentioned above and the different methods used by most of the mobile operators for top-ups have some disadvantages:

- Action that requires "subscriber effort" (like filling up balance to the prepaid cards by walking into a store or paying online)

- Failure in introducing the "online payment" options to the subscriber and failure in raising awareness

- Failure in providing the suitable options for subscribers' instant needs

- Subscribers' lack of confidence about the methods

- Commission burden on the mobile operator except for the "online payment" method The USA application US 2003/0166396 can be referred as a model for the existing methods mentioned above. This application is about a method developed for filling up balance to the prepaid phone. By this method, a connection is established between the prepaid owner/subscriber's payment card information and the SIM card. This connection can be used later on for the prepaid top-up transaction as well. Nonetheless, with a completely different approach from the new invention, in the method according to the USA application, payment card information is stored on the SIM card. This "storing the high security required information to a SIM card" process is performed by the authorized personnel of a trusted institution by using a specially developed tool ("terminal").

In the application according to the present invention; however, the payment card information is never recorded on the SIM card. The payment card information is delivered to the "Secure Top-Up Administrator Server Application" by the "Secure Top-Up Client Application" running on the SIM card. The server application runs on the servers that are provided in high-security environments. Therefore, the information requiring high security such as the payment card information is stored in these secure servers. In this new method, since the payment card information is not stored on the SIM card, no additional tool is used or no person is contacted directly for a transaction such as "storing the high security required information to a SIM card".

Due to the drawbacks and insufficiencies of the existing applications, some improvements or developments to the conventional methods are necessary.

PURPOSE OF THE NEW INVENTION

Inspired by the prior art of the top-up process, the purpose of the new invention is to eliminate the disadvantages of the conventional method and to make improvements to the existing top- up process. The goals of the invention are:

To provide a SIM Card based application and system.

To provide a structure that is completely under the control of the mobile operator.

To provide a structure that can operate in all mobile devices since it is a SIM card-based application. To use multiple keys for delivering high security information and performing a highly secure top-up process. To check the remaining balance regularly in order to determine when the subscriber needs top-up and offer a campaign suitable to the subscriber needs.

To disclose a system, which is easier when compared to the conventional systems, that can introduce itself and direct the subscriber for registration as of the first use of the SIM card.

To develop a system that allows the subscriber to make top-ups with no additional effort.

To enable the subscriber to complete the top-up process very quickly by just entering a pin code.

With the purpose of achieving the abovementioned objects, the present invention is the method for filling up balance to the prepaid lines by providing integration with the servers of mobile operators in the telecommunication field. Regardless of the model and the operating systems of mobile devices, the new invention comprises the following process steps to perform;

At the initial use of the SIM card, upon switching on the device with the SIM Card inside, the client application (CA) running on the SIM card leads the user to the registration process for the top-up service;

After the user confirms the registration process, the client application (CA) running the SIM card delivers the user's registration demand to the secure top-up servers;

The user enters the personal information (standard registration information) and, for one time only, enters the information of payment card/account through which the top- up operations will be charged;

The personal and payment card/account information encrypted by the client application (CA) running on the SIM card is transferred to the secure top-up servers through the server application (SA);

The server application (SA) checks the personal information and stores the information in the secure top-up server database;

Authenticates the payment card/account information and stores the information secure top-up server database;

Completes the registration process and notifies the user upon completion;

The server application (SA) checks the registered user's balance through the integration between the secure top-up servers and the mobile operator servers; The server application (SA) determines the suitable top-up campaign for the user in accordance with the control results of the current balance amount and the operation flow rules;

The client application (CA) notifies the user of the suitable top-up campaign and leads the user to the top-up process;

The user authenticates the system at the initial step of the mutual authentication process;

The user enters the information that will be needed in the second process step of mutual authentication process through the client application (CA) and makes a top-up request;

The client application (CA) encrypts the top-up request and transfers this request to the server application (SA);

The system authenticates the user at the second step of the mutual authentication; The server application (SA), through a charging system interface, charges the user's payment card/account for the requested top-up amount;

Fills balance to the user's prepaid mobile phone upon payment;

Notifies the user about the completion of the top-up process.

The structural and characteristic features and the advantages of the invention are clearly explained with the figures and the detailed description given below. Therefore, the evaluation should be made by considering these figures and the detailed description.

FIGURES FOR UNDERSTANDING THE NEW INVENTION

Figure 1 is the view of the top-up registration process steps performed by the system and its integration with the components of the system.

Figure 2 is the view of the promotional top-up campaign offering process steps performed by the system and its integration with the components of the system.

Figure 3 is the view of the top-up process steps performed by the system and its integration with the components of the system.

DESCRIPTION OF THE PART REFERENCES

CA: Client Application

SA: Server Application

10. User

1 1. Mobile Device 12. SIM Card

20. Secure Top-Up Servers

21. Database

30. Mobile Operator Balance Query & Top-Up System Interface

40. Charging System Interface

110. Client application (CA) running on the SIM card leads the user to the registration process for top-up.

120. The user (10) enters the personal information (standard registration information) and for one time only provides payment card/account information that the top-up processes will be charged.

130. The personal and payment card/account information encrypted by the client application (CA) running on the SIM card (12) is transferred to the secure top-up servers (20) by the server application (SA)

140. Checking the personal information by the server application (SA) and stores the information in the database (21)

150. Authenticating the payment card/account information

160. Completing the registration process and notifying the user upon completion through a communication channel

210. Checking the balance of the registered users (10)

220. Determining a campaign suitable for the user (10)

230. Notifying the user of the suitable top-up campaign through the client application (CA); 240. Directing the user (10) to the top-up process

310. The user (10), through the client application (CA), enters the information that will be needed in the second process step of mutual authentication process, and makes a top-up request

320. Encrypting the top-up request and directing this request to the server application (SA) by the client application (CA)

330. Fulfilling the second process step of the mutual authentication, in which the system authenticates the user

340. The server application (SA) charges the user's (10) payment card/account through a charging system interface (40) in return for the requested top-up amount

350. Filling up balance to the user's (10) prepaid mobile phone upon payment

360. Notifying the user (10) about the completion of the top-up process. It is not necessary to provide scaled figures to understand the new invention, thus nonessential details are neglected. Besides, identical components or components with identical functions are shown with the same numbers.

DETAILED DESCRIPTION OF THE NEW INVENTION

In this detailed description, the preferred embodiments of the method for prepaid mobile phone top-up and the system performing said methodare only described for the subject to be understood better.

The system consists of two main components:

> Secure Top-Up Client Application (CA) (Client-Side): This application has access to the keys specially stored on the SIM card (12). It basically performs the following processes;

Directing the user (10) to the registration,

Delivering the registration demand of the user (10),

Offering suitable top-up campaigns to the user (10),

Delivering the user's (10) top-up demand to the secure top-up servers (20). The client application (CA) is a "client side" (user (10)/ subscriber side) application that can operate at predetermined intervals (e.g.: when the mobile device is initially switched on (11) or when the user (10) balance is below a certain level) and runs on the SIM card (12).

> Secure Top-Up Administrator Server Application (SA) (Server-Side): This application is an application that has the required security certificates (e.g.: "PCI DSS") and operates on the servers (20) preferably sited on the premises also certified by the payment card authorities (e.g.: MasterCard/VISA) In addition to the client application (CA), it operates in integration with a charging system interface (40) (virtual POS system interface or the charging system interface provided by the mobile operator) for crediting the balance due amount to the payment card. This application has integration also with the mobile operator balance inquiry & the top-up balance interface (30). The server application (SA) performs the following processes;

Storing the personal registration and the payment card/account information of the user ( 0) in the databases (21) of the secure top-up servers (20), Checking the user (10) balance and sending top-up campaigns to the user (10) based on the balance check results,

Authenticating the users' (10) logging in the system for top-up. Charging the user's payment card/account through the charging system interface (40) and filling up balance

The process steps of the new method are as follows:

- Automatic directing to the registration process when the mobile device is switched on (110): After the SIM card (12) is inserted into a mobile device (11); the subscriber is directed to the registration process when the device is initially switched on. This process is similar to the registration process performed by many mobile device operating systems and/or mobile device suppliers at the initial use of the mobile device.

However, according to the new invention, at the initial use of the SIM card (12), the mobile operator supplying the SIM card (12) is the one that directs the users to the registration process. The client application (CA) running on the SIM card (12) leads the user (10) to the registration process with the interactive SIM message displayed on the mobile device (11) screen at the initial use (110). The user (10) has the option to either continue or not continue with the registration process or ask for a later reminder for the registration process (Figurel).

- Delivering the Registration Demand (120,130): The user (10) can either register via the automatic directing to the registration process (110) or start the flow through a different channel (e.g.: via the SIM card menu) afterwards.

During the registration, the client application (CA) running on the SIM card enables the user (10) to set the pin code, the security question, the response to the security question and the authentication word. The user (10) is then asked, for one time only, to provide the payment card/account information (it may be debit card or credit card of any bank) that the top-up processes will be charged (120).

The client application (CA) encrypts the standard registration information (for example with one key) and the more-security-required payment card information (for example with two different keys), at an adequate level; and, together with no encryption applied SIM Card identity information (ICCID), transfers all the information to the secure top-up servers (20) through server application (SA) (130) (Figure 1). - The Registration Process (140,150,160): The server application (SA) receives the information delivered by the client application (CA) running on the SIM Card and performs the registration process following the required controls. At the initial process, the server application (SA) accesses the keys used for the encryption of the registration information. The, no-encryption-applied, clean format "ICCID" information is used for this purpose. The server application (SA) determines the key(s) that encrypts the rest of the message thanks to the ICCID information.

The second process is storing the one-time encrypted standard registration information. The mobile number (MSISDN) that delivers the message is accepted as the user name. The top-up pin code, the security question, the response of the security question and the authentication word, which are encrypted with one key, are stored in the secure top-up server (20) database (21) after the eligibility check (140).

The final process is the authentication and the storage of the multiple encrypted payment card/account information (150). The authentication is performed via the charging system interface (40) by making a provisioning transaction for the already provided payment card information (150)

After the above processes are achieved, the registration process is completed and the subscriber is notified via a preferred method (e.g.: SMS) (160) (Figure 1).

Promotional Top-Up Campaigns (210,220,230,240): The server application (SA) running on the secure top-up servers (20) performs periodical user (10) balance check by integrating with the mobile operator (210). If the user (10) balance is below the predetermined level, a suitable top-up campaign is formed (220) and sent to the user (10) (230). After the client application (CA) receives the suitable top-up campaign information, it displays interactive SIM messages on the mobile device (1 1) screen and leads the user (10) to the top-up process " whenever the top-up need arises" (240) (Figure 2).

The Top-up Process (310, 320, 330, 340, 350 and 360): The user (10) can either initiate the top-up process voluntarily just after the promotional top-up campaign reception or at any time through different channels like SMS, the SIM card menu or the Portal. In order to perform this, the user's top-up demand is required.

The specific "authentication word" determined by the user (10) during registration is displayed on the top-up pin code entry screen. Therefore, the user (10) understands that the login screen is "secure", thus the first step of the "mutual authentication"; "the authentication of the system by the user (10) is completed. For the top-up process, it is sufficient for the user (10) through the interactive SIM message screen provided by the client application (CA) running on the SIM card (12), to enter the top-up pin code determined during the registration (310) (Figure 3).

After the pin code is entered, the client application (CA) securely encrypts the demand with the key on the SIM card (12) and transfers the demand to the secure top-up servers (20) through the server application (SA) (320) (Figure 3).

The server application (SA) receives the demand and initially performs the steps "to authenticate the user" (330). The server application (SA) is responsible for the second step of the "mutual authentication" called the "authentication of the user by the system". . This authentication; performed as a two-factor authentication is based on the principle of "something I have" and "something I know". Firstly, it is authenticated that the demand is actually from the person who owns the authorized MSISDN and the SIM card at that precise moment. The number authentication is performed with the MSISDN number of the person delivering the demand. This authentication that can also be performed with the standard messaging and applications is not considered to be sufficient enough. According to the method used by the new invention, it is also authenticated that the MSISDN, sending the demand, encrypts the message with the special key matching the SIM Card (12). Therefore, it is not only authenticated that the delivery of the demand is from that MSISDN but from the correct SIM card as well. As a result, the first step of the two-factor authentication called "something I have" is accomplished. For the second stage, it is checked whether the person having the authorized SIM card knows the authorized "pin code". After the code authentication, the second factor called "something I know" is also completed.

The server application (SA) performs the charging (340) and the top-up process (350) after completing the authentication steps. The system, performing the charging through the integrated charging system interface (40) (via virtual POS) also completes the top- up process through the integration with the mobile operator (350). The results of the processes are sent to the user (10) preferably via short message (360) and the flow is completed (Figure 3).