AU2013204734B2 - Payment system, payment terminal for this system, and associated method of payment - Google Patents

Payment system, payment terminal for this system, and associated method of payment Download PDF

Info

Publication number
AU2013204734B2
AU2013204734B2 AU2013204734A AU2013204734A AU2013204734B2 AU 2013204734 B2 AU2013204734 B2 AU 2013204734B2 AU 2013204734 A AU2013204734 A AU 2013204734A AU 2013204734 A AU2013204734 A AU 2013204734A AU 2013204734 B2 AU2013204734 B2 AU 2013204734B2
Authority
AU
Australia
Prior art keywords
payment
value
memory
image
value before
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2013204734A
Other versions
AU2013204734A1 (en
Inventor
Thierry D'athis
Jean Leonetti
Denis Ratier
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales SA
Original Assignee
Thales SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales SA filed Critical Thales SA
Publication of AU2013204734A1 publication Critical patent/AU2013204734A1/en
Application granted granted Critical
Publication of AU2013204734B2 publication Critical patent/AU2013204734B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/28Pre-payment schemes, e.g. "pay before"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/348Single-use cards, i.e. without possibility of recharging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

Payment System, Payment Terminal for this System, and Associated Method of Payment This payment system (10) includes a payment terminal (12) and an electronic payment medium (14) capable of communicating with the payment terminal (12), the payment medium (14) bearing an amount that carries a first residual value, and comprises - a first rewritable memory (34) and - a second fuse memory (36), comprising a plurality of bits (1 , 2, 3, 4, 5, 6, 7, 8) each adapted to be able to change its state one single time. The payment terminal (12) is programmed so as to derive the first residual value from the joint reading of the first and second memories (34, 36). Figure 1

Description

1 Payment System, Payment Terminal for this System, and Associated Method of Payment The present invention relates to a payment system and an electronic payment medium capable of communicating with the payment terminal, the payment medium bearing an amount that carries a first residual value, and comprising - a first rewritable memory, and - a second fuse memory, comprising a plurality of bits each adapted to be able to change its state one single time. At the present time, payment systems using electronic payment media continue to multiply. These payment systems are particularly advantageous because they allow automation of the payment transaction and, therefore enable the acceleration thereof. The electronic payment media used include objects and items that are as diverse as electronic purses, media bearing fiduciary money, payment cards, which provide for a bank account to be debited following the transmission of a payment order and prepaid cards, distributed by certain organisations carrying a monetary or non monetary electronic amount (such as transportation units) representing a sum of money paid by the user of the card to the card distributing organisation. Examples of prepaid cards include canteen cards, store cards, rental - leasing cards, payphone cards, and public transit cards. These prepaid cards must satisfactorily address two conflicting objectives : on the one hand they must have a minimal cost of production, and on the other hand they must also provide sufficient security in order to prevent fraudulent manipulations of the residual value of the monetary amount stored on the card. There are prepaid cards in existence having a crypto processor, that is to say a processor optimised for cryptographic tasks that is capable of blocking access to the memory of the card at unauthorised terminals. However, these cards have a high manufacturing cost. There are also low cost media, such as contactless tickets, merely comprising the means for communicating with a terminal, a rewritable memory, and a fuse memory (referred to as OTP memory, short for "one time programmable"). These low cost media in particular, do not include a processor. However, the use of such media as prepaid cards is problematic. Indeed, if the amount is written into the rewritable memory of the medium, it is easy for an ill intentioned person to defraud the system by rewriting the residual value of that amount ; thus the security requirement of the prepaid card is then not satisfied. Another solution is to make the residual value of the amount loaded onto the card correspond to the states of the bits of the fuse memory. However, the low number of bits in the fuse memory (usually there are some tens of them) prevents this memory from being used to develop a monetary equivalent. It is desirable that embodiments of the invention therefore provide a system and a method of payment using payment media that have low production costs and are designed to 5 limit the possibility of fraud. It is also desirable that embodiments of the invention ensure the atomicity and consistency of payment transactions. According to a first aspect of the invention, there is provided a method of payment by means of a payment medium that is capable of communicating remotely with the payment terminal, the payment medium being capable of bearing an amount and including a first 10 rewritable memory and a second fuse memory comprising a plurality of bits each adapted to be able to change its state one single time, wherein it comprises the following successive steps: - placing in communication of the payment medium with the payment terminal, with the amount having a value before payment, - reading of the first and second memories, and deducing of the value before payment from the data read from the first and second memories, 15 and the following steps; - assigning of a value after payment to the amount, which is lower than the value before payment, in replacement if the value before payment, and - changing of the state of at least one bit of the second memory, the or each bit switching from a first state into a second state, when the difference between the values before and after payment is greater than a threshold value, 20 According to a second aspect of the invention, there is provided a payment system comprising of a payment terminal and an electronic payment medium capable of communicating remotely with the payment terminal, the payment medium bearing an amount that carries a value before payment and comprising: a first rewritable memory, and - a second fuse memory, comprising a plurality of bits each adapted to be able to change its 25 scale one single time, wherein the payment terminal is programmed so as to derive the value before payment from the joint reading of the first and second memories; for assigning of a value after payment to the amount, which is lower than the value before payment, in replacement of the value before payment; and for ordering the change of state of at least one bit of the second memory when the difference between the values before and after payment 30 is greater than a threshold value. To this end, embodiments of the invention relate to a payment system of the aforementioned type, in which the payment terminal is programmed so as to derive the first residual value from the joint reading of the first and second memories. According to the preferred embodiments of the invention, the payment system has 35 one or more of the following characteristic features, which may be considered individually or in accordance with all technically possible combinations: - the payment medium is a contactless medium, which is capable of communicating remotely with the payment terminal; - the payment system is programmed so as to implement a method as defined here 40 below An embodiment of the invention also relates to a payment terminal for a system as defined here above.
An example of the invention in addition relates to a method of payment by means of a payment medium thatis capable of communicating remotely with the payment terminal, the payment medium being capable of bearing an amount and including a first rewritable memory and a second fuse memory, comprising a plurality of bits each adapted to be able to change 5 its state one single time, characterised in that it comprises the following successive steps, placing in communication of the payment medium with the payment terminal, with the amount having a first residual value - reading of the first and second memories, and - deducing of the first residual value from the data read from the first and second 10 memories. According to the preferred embodiments of the invention, the method of payment has one or more of the following characteristic features, which may be considered individually or in accordance with all technically possible combinations the said payment method consists of the following steps: 15 -the number of bits changing state is a function of the difference between the first and second residual values; - an image of the first residual value is stored in the first memory, and the method includes a step of writing into the first memory an image of the second residual value, in replacement of the image of the first residual value 20 - an image of the first residual value is stored in the first memory, and the method further comprises the following steps: -determination of a range of permissible residual values for the amount, which is a function of the states of the bits of the second memory, - checking and verifying the appropriateness of the image of the first residual 25 value with respect to the range of permissible residual values, and - if the image of the first residual value is greater than the range of permissible residual Values, refusal of payment, or changing the image of the first residual value in order for it to be included within the range of permissible residual values; - if the first residual value is lower than the range of permissible residual values, said 30 payment method includes a step of changing the image of the first residual value in order for it to be included within the range of permissible residual values; - the method also includes a step of writing of a backup of the amount in the first memory, the method is such that: 3 5 - the step of changing of the state of the or each bit takes place after the step of writing the image of the second residuvalue - a backup of the amount, having a first backup value, is stored in the first memory during the placing in communication of the payment medium with the payment terminal, and in that 40 - the method includes an additional step of writing a second backup value, equal to the second residual value, in replacement of the first backup value, this step oliowing the step of changing the state of at least one bit of the second memory; - the said payment method consists further comprises the following steps: - determination of a range of permissible residual values for the amount, which 45 is dependent upon the states of the bits of the second memory, -4 ~ checking and verifying the appropriateness of the image of the first residual value and the first back up value with respect to the range of permissible residual values, and - if the image of the first residual value is outside the range of permissible residual values and the first backup value is within the range of permissible residual values, changing the image of the first residual value in order for it to be equal to the first backup value, or - if the image of the first residual value is within the range of permissible residual values and the first backup value is outside the range of permissible residual 10 values, changing the first backup value in order for it to be equal to the image of the first residual value. - the step of determining the range of permissible residual values includes the following steps: - association of a predetermined range of permissible residual values with 15 each bit of the second mernory, - identification of the last bit of the second memory which has changed state, and determination of the range of permissible residual values as being equal to the predetermined range associated with the identified bit, 20 - the step of determining the range of permissible residual values includes the following steps: - association of a predetermined range of values with each integer (whole number) lying between zero and the number of bits, - counting of the number of bits of the second memory that have not changed 25 state, and determination of the range of permissible residual values as being equal to the predetermined range associated with the number of bits counted. The present invention will now be described, by way of non-limiting example only, with reference to the accompanying drawings, in which 30 - Figure l is a schematic view of a payment system, when a payment medium for this system has never been used, Figure 2 is a view that is similar to Figure 1, when the amount that was loaded onto the medium has been completely spent, 5 - Figure 3 is a diagram illustrating a link between the states of bits in a fuse memory of the medium and a range of permissible residual values for the amount, according to a first embodiment of the invention, - Figure 4 is a diagram illustrating a link between the states of bits in a fuse memory of the medium and a range of permissible residual values for the amount, according to a second embodiment of the invention, - Figure 5 is a view that is similar to Figure 1, following after the step of changing an image of the residual value of the amount loaded onto the medium, - Figure 6 is a view that is similar to Figure 1, following upon a step of changing the state of several bits of the fuse memory, - Figure 7 is a view that is similar to Figure 1, following upon a step of writing a new backup value of the amount in a rewritable memory of the medium, - Figure 8 is a block diagram illustrating a method according to the invention. The payment system 10 according to the invention, shown in Figure 1, comprises of a payment terminal 12, and a contactless payment medium 14, capable of communicating remotely with the payment terminal 12 in order to carry out a payment transaction. In a known manner, the payment terminal 12 includes an antenna 20, a radio module 22 in accordance with the ISO 14443 standard, suitable for managing the exchange of data remotely between the terminal 12 and the medium 14, and a module 24 for management of the payment transaction between the terminal 12 and the medium 14. The payment medium 14 includes an antenna 30, a radio module 32 in accordance with the ISO 14443 standard, suitable for managing the exchange of data remotely between the terminal 12 and the medium 14, a first rewritable memory 34, a second fuse memory 36, and a serial link 38 placing in communication the radio module 32 with the memories 34, 36. In particular, the payment medium 14 does not include a crypto processor. The payment medium 14 carries an amount having a first residual value. The amount is divided into units, which are themselves divided into subdivisions; for example, in the case of a monetary amount denominated in euros, the units are euros and the subdivisions are euro cents. The first residual value is denoted in number of units and subdivisions. The amount is preferably a monetary amount. It corresponds to a sum of money paid by the user of the medium 14 to a distributor of the medium 14 in order to acquire the medium 14. The residual value is equal to the initial value of the amount, from which have been withdrawn any eventual expenses already incurred by the user of the medium 14 that have been paid for by means of the medium 14.
6 The payment medium 14 is not rechargeable; that is to say that, once the full amount has been spent, it is no longer possible to use the payment medium 14. The fuse memory 36 comprises a plurality of bits 1, 2, 3, 4, 5, 6, 7, 8 , each bit 1, 2, 3, 4, 5, 6, 7, 8 being adapted so as to selectively be in a first or a second state, and to be able to change state one single time. In particular, each bit 1, 2, 3, 4, 5, 6, 7, 8 is allowed to switch from the first state to the second state, but it is impossible for it to return from the second state to the first state. In the example shown in Figure 1, all the bits 1, 2, 3, 4, 5, 6, 7, 8 are in the first state. This corresponds to the original configuration of the medium 14 at the time that it was acquired by its user. In the example shown in Figure 2, all the bits 1, 2, 3, 4, 5, 6, 7, 8 are in the second state. This corresponds to the configuration of the medium 14 when the entire amount has been spent. The management module 24 is programmed so as to derive the first residual value of the amount from the joint reading of the first and second memories 34, 36. In particular, the term "joint reading" is understood to mean that it is necessary for the management module 24 to read both these two memories 34, 36 in order to derive therefrom the first residual value, the reading of only one of these memories 34, 36 not being sufficient for deducing of the first residual value. This point shall be detailed in the following section/s. The management module 24 is also programmed so as to carry out the following - calculating a second residual value of the amount, equal to the difference between the first residual value and the price for a purchase paid for during the payment transaction , - assigning the second residual value to the amount, in replacement of the first residual value, and - ordering the change of state of at least one bit 6, 7, 8 of the second memory 36, from the first state to the second state, when the difference between the first and second residual values is greater than a threshold value. In a first embodiment of the invention, illustrated in Figures 1 to 8, an image V 1 of the first residual value is stored in the first memory 34. Provided that the most recent payment transaction in which the medium 14 has been involved has been correctly carried out, the image V 1 is equal to the first residual value. A backup M' of the amount is also stored in the first memory 34. This backup M' has a first backup value V 1 '. Provided that the most recent payment transaction in which the medium 14 has been involved has been correctly carried out, the first backup value V 1 ' is equal to the first residual value.
7 With reference to Figures 3 and 4, the management module 24 is programmed so as to determine a range T of permissible residual values for the amount depending upon the states of the bits 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36. Thus, an ill intentioned or unauthorised user who would attempt to fraudulently change the image of the first residual value V 1 in order to increase the value could not go beyond the range of permissible residual values T without it being detected by the payment terminal 12. The risks of fraud are therefore reduced. To this end, in a first variant of the invention, as illustrated in Figure 3, the management module 24 associates a predetermined range To, ..., Ti, ..., T 8 of values with each integer i lying between zero and the number of bits 1, 2, 3, 4, 5, 6, 7, 8. Each predetermined range, respectively To ..., Ti ... T 8 is bounded by a lower limit, respectively Bo, ... , Bi, ... B 8 , and by an upper limit, respectively. B 1 , ... , Bl.
1 , ... B9 . The lowest lower limit Bo is the value 0, and the highest upper limit B 9 is the initial value of the amount. Preferably, the limit B 1 is the lowest value immediately greater than 0. Thus, the predetermined range To is limited to the value 0. The management module 24 is capable of, for each payment transaction, counting the bits 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36, which are in the first state, and of determining the range T of permissible residual values as being equal to the predetermined range To, ... , Ti, ...T 8 associated with the number of bits counted. In the example shown in Figure 3, the number of bits 1, 2, 3, 4, 5 which are in the first state being equal to five, the management module 24 determines that the range T of permissible residual values is the predetermined range T 5 . In a second preferred variant of the invention, as illustrated in Figure 4, each predetermined range To, ... , Ti, ... , T 8 is associated not with an integer i, but with a particular bit i-1. To this end, the management module 24 is capable of identifying each bit 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36 in a specific manner. One way of carrying out such a specific identification is known to the person skilled in the art and will not be described here. The management module 24 is also programmed so as to identify the last bit 1, 2, 3, 4, 5, 6, 7, 8 that has changed state. This is for example accomplished by assigning a particular order to the bits 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36, with the bits 1, 2, 3, 4, 5, 6, 7, 8 changing state according to this particular order. The last bit 1, 2, 3, 4, 5, 6, 7, 8 to have changed state is therefore easily identifiable as being the bit in the second state that has been assigned the furthest placement in terms of the order of changing its state. In the example shown, the bits 1, 2, 3, 4, 5, 6, 7, 8 change state according to the reverse order of their numbering, and the last bit to have changed its state is the bit 6 .
8 The management module 24 is finally programmed in order to determine the range T of permissible residual values as being equal to the predetermined range To, ..., Ti, ..., T8 associated with the last bit to have changed state. In the example shown, the range T is thus equal to the predetermined range associated with bit 6, namely T 7 It should be noted that it is possible, in particular during the first time that the medium 14 is used, that none of the bits has as yet changed state. The predetermined range T 8 is associated with this scenario. The management module 24 is in addition programmed so as to perform the following successive operations at the time that a payment transaction is carried out by means of the medium 14 during which the user of the medium 14 pays for a purchase at a given price - determining the range T of permissible residual values for the amount, - checking and verifying the appropriateness of the image of the first residual value
V
1 and the first back up value V 1 ' with respect to the range T of permissible residual values, that is to say, checking and verifying that the image of the first residual value V 1 and first backup value V 1 ' are included within the range T, and o refusing the payment and terminating the payment transaction if the image of the first residual value V 1 is greater than the range T, or o changing the image of the first residual value V 1 in order for it to be equal to the first backup value V 1 ', if the image of the first residual value V 1 is outside the range T and the backup value V 1 ' is within the range T, or o changing the first backup value V 1 ' in order for it to be equal to the image of the residual value V 1 , if the image of the residual value V 1 is within the range T and the backup residual value V 1 ' is outside the range T, or o changing the image of the first residual value V 1 in order for it to be equal to the lower limit of the range T, and changing the first backup value V 1 ' in order for it to be equal to the new first residual value, if the image of the first residual value V 1 and the first backup value V 1 ' are both outside the range T, or o leaving the image of the first residual value V 1 and the first backup value
V
1 ' unchanged, if they are both within the range T, - authorising the payment, - replacing the image of the first residual value V 1 by an image of the second residual value V 2 (Figure 5), - if the second residual value V 2 is not within the range T of permissible residual values, in other words if the price is higher than a threshold value for the change 9 in range, equal to the difference between the first value V 1 and the lower limit B 5 of the range T, ordering the change of state of at least one bit 6, 7, 8 of the second memory 36 from the first state to the second state (see Figure 6), the number of bits 6, 7, 8 changing state being a function of the difference between the first and second residual values V 1 , V 2 - validating the payment, - replacing the first backup value V 1 ' by a second backup value V 2 ' (Figure 7) that is equal to the second residual value V 2 , and - termination of the payment transaction. A method of payment by means of using the payment system 10 will now be described, with reference to Figure 8. This method is followed when the user of the medium 14 wishes to make a purchase at a given price. During a first step 100, the terminal 12 and the medium 14 are placed in communication with each other. This operation is typically carried out by placing the medium 14 at a sufficient distance from the terminal 12 in order to allow the electromagnetic coupling of the antennas 20, 30 of the terminal 12 and the medium 14. Then, in a first step 102, the management module 24 reads the first and second memories 34, 36. In particular, the terminal 12 retrieves the information stored in the first memory 34, and : - in the first variant of the invention, counts the bits 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36 that are in the first state, or - in the second variant of the invention, identifies the last bit of the second memory 36 to have changed state This first step 102 is followed by a second step 104 of deducing the first residual value. The second step 104 includes a first sub step 105 of determining the range T of permissible residual values, during which : - in the first variant of the invention, the management module 24 determines the range T as being equal to the predetermined range T 8 associated with the number of bits 1, 2, 3, 4, 5, 6, 7, 8 counted as being in the first state, or - in the second variant of the invention, the management module 24 determines the range T as being equal to the predetermined range T 8 associated with the last bit of the memory 36 to have changed state. Step 105 is followed by a step 110 of checking and verifying the appropriateness of the image of the first residual value V 1 with respect to the range T of permissible residual 10 values. During this step 110, the management module 24 verifies that the image of the first residual value V 1 is included within the range T. If the image of the first residual value V 1 is indeed within the range T, the method proceeds to a step 120; in the event of the contrary scenario, the method proceeds to another step 130. The steps 120 and 130 are the steps for checking and verifying the appropriateness of the first backup value V 1 ' with respect to the range T of permissible residual values. During these steps 120, 130, the management module 24 verifies that the first backup value V 1 is included within the range T. If, during step 120, the first backup value V 1 ' is indeed within the range T, the method proceeds to step 140 ; in the event of the contrary scenario, the method proceeds to another step 150. If, during step 130, the first backup value V 1 ' is indeed within the range T, the method proceeds to step 160 ; in the event of the contrary scenario, the method proceeds to another step 170. The step 140 is a step for authorisation of the payment. During this step, the management module 24 deduces that the first residual value is equal to the image of the first residual value V 1 stored in the first memory 34. The management module 24 thus deems that the conditions necessary for the effective completion of payment have been met, and notifies this to the other modules (not shown) of the payment terminal 12 that are also involved in the transaction, for example, to a display module. Step 150 is the step of bringing about conformity of the first backup value V 1 ' with the image of the first residual value V 1 . During this step, the first backup value V 1 ' is changed to be equal to the image of the first residual value V 1 . In other words, the first backup value V 1 ' is rewritten, the new first backup value V 1 ' being equal to the image of the first residual value
V
1 . The step 150 is followed by step 140. Step 160 is the step of bringing about conformity of the image of the first residual value V 1 with the first backup value V 1 '. During this step, the image of the first residual value
V
1 is changed so as to be equal to the first backup value V 1 '. In other words, the image of the first residual value V 1 is rewritten, with the new image of the first residual value V 1 being equal to the backup value V 1 '. The step 160 is followed by step 140. Step 170 is a new step of checking and verifying the appropriateness of the image of the first residual value V1 with respect to the range T of permissible residual values. During this step, the management module 24 checks whether the image of the first residual value V 1 is lower than the range T. If the image of the first residual value V 1 is in fact lower than the 11 range T, the method proceeds to step 180 ; in the event of the contrary scenario, the method proceeds to a step 190. Step 180 is the step of bringing about conformity of the image of the first residual value V 1 and the image of the first backup value V 1 '. During this step 180, the images of the first residual value V 1 and the first backup value V 1 ' are changed so as to be equal to the lower limit of the range T. In other words, the images of the first residual value V 1 and the first backup value V 1 ' are rewritten, with the new images of the first residual value V 1 and the first backup value V 1 ', being equal to the lower limit of the range T. By way of a variant, the new images of the first residual value V 1 and the first backup value V 1 ' are equal to another value in the range T. Step 180 is followed by step 140. Step 190 is a step of refusal of the payment. During this step, the management module 24 notes the failure in deducing the first residual value of the amount and deduces therefrom that the medium 14 has been tampered with. It refuses the latter as a means of payment, and notifies this to the other modules of the payment terminal 12 that are also involved in the transaction. The step 190 is followed by a step 200 for stopping the transaction. The steps 110, 120, 130, 140, 150 160, 170, 180, 190 are sub steps of the second step 104. The second step 104 is followed by a third step 202 of changing the residual value of the amount. During this step 202, the management module 24 acts upon the memories 34, 36 of the medium 14 in order to assign to the amount a second residual value, which is lower than the first residual value, in replacement of the first residual value. In particular, the second residual value is equal to the difference between the first residual value and the purchase price. The third step 202 more particularly follows after step 140. The third step 202 includes a first sub step 210 of changing the image of the residual value of the amount. In this sub step 210, the management module 24 replaces the image of the first residual value V 1 by an image of the second residual value V 2 , which is equal to the second residual value. Sub step 210 is followed by a step 212 of checking whether the second residual value belongs to the range T of permissible residual values. If the second residual value does not belong to the range T, the step 212 is followed by a step 220 of changing the state of at least one bit 6, 7, 8 of the second memory 36, from the first state to the second state. If the second residual value belongs to the range T, the step 212 is directly followed by a step 230 of validation of the payment.
12 The number of bits 6, 7, 8 changing state during the step 220 is a function of the difference between the first and second residual values. The number of bits 6, 7, 8 changing state is such that the second residual value is included within the predetermined range To, ... , Ti, ... , T 8 associated with the number of bits 1, 2, 3, 4, 5 remaining in the first state following the change of state of the bits 6, 7, 8 (or associated with the last bit 6 to have changed state following the change of state of the said bits 6, 7, 8). Step 220 is followed by step 230. During step 230, the management module 24 notifies the other modules of the terminal 12 that are also involved in the transaction that the payment was successfully carried out. Once this step is completed, the user of the medium 14 is free to enjoy their purchase. A final step 240 of changing the value of the backup M' follows after step 230. During this step, the management module 24 replaces the first backup value V 1 ', with a second backup value V2', which is equal to the second residual value. The step 240 is followed by step 200 for stopping the transaction. The steps 212, 220, 230, 240 are sub steps of the third step 202. During step 200, the exchange of data between the terminal 12 and the medium 14 stops. The management module 24 notifies this to the display module, which indicates that the medium 14 may be removed from the terminal 12. Thanks to the invention, the risks of fraud are reduced. Indeed, an ill intentioned or unauthorised user could only trick the system 10 by modifying the image of the residual value within the range T of permissible residual values. It is sufficient to choose intermediate limits
B
1 , ..., B 8 between the predetermined ranges T 1 , ..., T 8 having appropriate values in order for the fraud to not be profitable enough for the user to be induced into the commitment thereof. In addition, the medium 14 is inexpensive to produce. Finally, the atomicity and consistency of the payment transaction are ensured. Indeed, in the event of the unexpected, sudden interruption of the transaction, the presence of the backup value V 1 ', V 2 ' and the order of the steps of the payment method make it possible to restore the consistency of the data recorded on the medium 14. It should be noted that in the example given here above, the payment medium 14 is no longer usable if the image of the first residual value V 1 is greater than the range T of permissible residual values. By way of a variant, rather than being programmed to refuse the payment if the image of the first residual value V 1 is greater than the range T of permissible residual values, the management module 24 is programmed so as to change the image of 13 the first residual value V 1 in a manner such that it is equal to the lower limit of the range T of permissible residual values. In a second embodiment of the invention, not illustrated, the first residual value is divided into a first main residual value and a first secondary residual value. Advantageously, the main residual value is denoted in terms of an integer (whole number) of units of the amount and the secondary residual value is denoted in terms of an integer of subdivisions of the amount. In the case of a monetary amount denominated in euros, the main residual value is thus equal to an integer of euros, and the secondary residual value is equal to an integer of euro cents. For example, the main residual value is equal to the rounding by truncation of the first residual value to the lower unit, and the secondary residual value is equal to the difference between the first residual value and the main residual value and the first residual value is thus reconstructed by adding the primary and secondary residual values. By way of a variant, the main residual value is equal to the rounding of the first residual value to the higher unit, and the secondary residual value is equal to the difference between the main residual value and the first residual value ; the first residual value is thus equal to the difference between the main and secondary residual values. An image of the main residual value is stored in the second memory 36, and an image of the secondary residual value is stored in the first memory 34. The main residual value is typically equal to the number of bits 1, 2, 3, 4, 5, 6, 7, 8 that are in the first state. The image of the secondary residual value is typically an integer occurring between 0 and n, where n is the number of subdivisions of each unit of the amount. For example, in the case of a monetary amount, n is equal to 99. The management module 24 is programmed in order to deduce the first residual value of the amount from the images of the main and secondary residual values. Typically, the management module 24 is programmed in order to perform the following : - counting the number of bits 1, 2, 3, 4, 5, 6, 7, 8 of the second memory 36 which are in the first state, and deducing therefrom that the main residual value is equal to the number of bits counted, - deriving the secondary residual value as being equal to the image of the secondary residual value, multiplied by 1/(n +1), and - deriving the first residual value as being equal to the sum (as a variant, the difference) of the main and secondary residual values.
- 14 The management module 24 is also programmed to be able to cancel the transaction if the image of the secondary residual value is strictly greater than n By way of a variant, the management module 24 is programmed to be able to derive a value of zero for the secondary residual value if the image of the secondary residual value is strictly greater than n. 5 As mentioned here above, the management module 24 is furthermore programmed so as to assign a second residual value to the amount in place of the first residual value, when a payment is made by means of the medium 14. To this end: the management module 24 is programmed so as to perform the following: - sub dividing the second residual value into a second main residual value and a 10 second secondary residual value, - if the second main residual value is different from the first main residual value, ordering the change of state of at least one bit 1, 2 3, 4, 5, 6,7, 8 of the second memory 36, in a manner such that the number of bits remaining in the first state following this change of state is equal to the second main residual value, and 15 - writing in the first memory 34 an image of the second secondary residual value, in replacement of the image of the first secondary residual value, In this embodiment, the security of the medium 14 is preserved. Indeed, on account of the irreversibility of the changes brought about in the bits 11 2 3, 4 5, 6, 7, 8, an ill intentioned or unauthorised user could not modify the main residual value of the amount, 20 other than to reduce the latter, which would be counter productive. The management module 24 in addition does not have to perform cross checks between the first and second memories 34, 36 in order to check and verify the validity of the data from the first memory 34, unlike in the first embodiment. The transaction is there much faster. 25 It should be noted that in the embodiments provided here above, the second memory 36 includes only eight bits 1, 2, 3, 4, 5, 6: 7, 8. This data is by no means limiting in nature, and there may be any number of bits whatever in the second memory 36, Most often, the second memory 36 would include thirty two bits, While various embodiments of the present invention have been described above, it 30 should be understood that they have been presented by way of example only, and not by way of limitation. It will be apparent to a person skilled in the relevant art that various changes in form and detail can be made therein without departing from the spirit and scope of the invention. Thus, the present invention should not be limited by any of the above described exemplary embodiments. 35 Throughout this specification and the claims which follow, unless the context requires otherwise, the word "comprise", and variations such as "comprises" and "comprising", will be understood to imply the inclusion of a stated integer or step or group of integers or steps but not the exclusion of any other integer or step or group of integers or steps The reference in this specification to any prior publication (or information derived from 40 it), orto any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that that prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.

Claims (9)

  1. 3. - The method of payment according to claim I or 2, wherein an image of the value before payment is stored in the first memory, and wherein the method includes a step of writing of an image of the value after payment into the first memory, in replacement of the image of the 2.5 value before payment.
  2. 4.- The method of payment according to any one of the preceding claims, wherein an image of the value before payment is stored in the first memory, and wherein the deducing step comprises the following sub-steps: - determination of a range of permissible values for the amount, which is a function of 30 the states of the bits of the second memory, - checking and verifying the appropriateness of the image of the value before payment with respect to the range of permissible values, and - if the image of the value before payment is greater than the range of permissible values, refusal of payment, or changing the image of the value before payment in order for it 35 to be included within the range of permissible values. 5 - The method of payment according to claim 4. wherein, if the value before payment is lower than the range of permissible values, the deducing step includes a sub-step of changing the image of the value before payment in order for it to be included within the range of permissible values. 40 6. - The method of payment according to claim 4 or 5, wherein the step of determining the range of permissible values includes the following steps: "676 - association of a predetermined range of permissible values with each bit of the second memory, - identification of the last bit of the second memory which has changed state, and - determination of the range of permissible values as being equal to the predetermined 5 range associated with the identified bit, 7I- The method of payment according to claim 4 or 5, wherein the step of determining the range of permissible values includes the following steps: - association of a predetermined range of values with each integer lying between zero and the number of bits, 10 counting of the number of bits of the second memory that have not changed state, and - determination of the range of permissible values as being equal to the predetermined range associated with the number of bits counted, 8, - The method of payment according to claim I or 2, wherein the value before payment is IS divided into a main value before payment, an image of which being stored in the second memory, and a secondary value before payment, an image of which being stored in the first memory,
  3. 9. - The method of payment according to claim 8, wherein the main value before payment is equal to the number of bits of the second memory that are in the first state before changing of 20 the state of at least one bit occurs.
  4. 10. - The method of payment according to claim 9, wherein the value after payment is divided into a main value after payment and a secondary value after payment, and wherein assigning of a value after payment to the amount comprises the following steps: - sub dividing the value after payment into the main value after payment and the 25 secondary value after payment, - if the main value after payment is different from the main value before payment, changing of state of at least one bit of the second memory, and - writing in the first memory an image of the secondary value after payment, in replacement of the image of the secondary value before payment. 30 11. - The method of payment according to claim 10, wherein changing of the state of at least one bit of the second memory is performed in a manner such that the number of bits remaining in the first state following this change of state is equal to the main value after payment.
  5. 12. - The method of payment according to any one of claims 8 to 11, wherein the main value 35 before payment is denoted in terms of an integer of units of the amount and the secondary value before payment is denoted in terms of an integer of subdivisions of the amount,
  6. 13. - The method of payment according to claim 12, wherein the image of the secondary value before payment is an integer occurring between 0 and n. where n is the number of subdivisions of each unit of the amount,
  7. 14. - The method of payment according to claim 13, wherein deducing of the value before payment comprises the following steps: - counting the number of bits of the second memory which are in the first state, and deducing therefrom that the main value before payment is equal to the number of bits 5 counted, - deriving the secondary value before payment as being equal to the image of the secondary value before payment, multiplied by 1/(n+1), and - deriving the first value before payment as being equal to the sum or to the difference of the main and secondary values before payment. 10 15. The method of payment according to claim 12, wherein the image of the secondary value before payment is strictly greater than n, where n is the number of subdivisions of each unit of the amount, and wherein the transaction is cancelled after said image has been read.
  8. 16. - The method of payment according to claim 12, wherein the image of the secondary value before payment is strictly greater that n, where n is the number of subdivisions of each 15 unit of the amount, and wherein deducing of the value before payment comprises the following steps; - counting the number of bits of the second memory which are in the first state, and deducing therefrom that the main value before payment is equal to the number of bits counted, 20 - deriving the secondary value before payment as being equal to zero, and -deriving the first value before payment as being equal to the sum or the difference of the main and secondary values before payment. 17 - A payment system comprising of a payment terminal and an electronic payment medium capable of communicating remotely with the payment terminal, the payment medium 25 bearing an amount that carries a value before payment and comprising - a first rewritable memory, and a second fuse memory, comprising a plurality of bits each adapted to be able to change its scale one single time, wherein the payment terminal is programmed so as to derive the value before 30 payment from the joint reading of the first and second memories; for assigning of a value after payment to the amount, which is lower than the value before payment, in replacement of the value before payment; and for ordering the change of state of at least one bit of the second memory when the difference between the values before and after payment is greater than a threshold value. 35 18 - The payment system according to claim 17, wherein the payment medium is a contactless medium, which is capable of communicating remotely with the payment terminal, 19, - The payment system according to claim 17 or 18, wherein the payment terminal is programmed so as to implement a method according to any one of claims I to 16,
  9. 20. - A payment terminal for the payment system according to any one of claims 17 to 19.
AU2013204734A 2012-02-09 2013-02-08 Payment system, payment terminal for this system, and associated method of payment Active AU2013204734B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR1200388A FR2986889B1 (en) 2012-02-09 2012-02-09 PAYMENT SYSTEM, PAYMENT TERMINAL OF THE SYSTEM, AND PAYMENT METHOD THEREOF
FR1200388 2012-02-09
PCT/EP2013/052594 WO2013117726A2 (en) 2012-02-09 2013-02-08 Payment system, payment terminal of said system, and associated payment method

Publications (2)

Publication Number Publication Date
AU2013204734A1 AU2013204734A1 (en) 2013-08-29
AU2013204734B2 true AU2013204734B2 (en) 2015-05-14

Family

ID=47678869

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2013204734A Active AU2013204734B2 (en) 2012-02-09 2013-02-08 Payment system, payment terminal for this system, and associated method of payment

Country Status (9)

Country Link
EP (2) EP3093813A1 (en)
CN (2) CN105117909B (en)
AU (1) AU2013204734B2 (en)
DK (1) DK2812864T3 (en)
ES (1) ES2609011T3 (en)
FR (1) FR2986889B1 (en)
IN (1) IN2014DN06563A (en)
WO (1) WO2013117726A2 (en)
ZA (1) ZA201501656B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2636153A2 (en) * 1988-06-08 1990-03-09 Parienti Raoul Dual-module memory chip card and its remote utilisation device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2591008B1 (en) * 1985-11-30 1991-05-17 Toshiba Kk PORTABLE ELECTRONIC DEVICE
KR100274099B1 (en) * 1991-08-02 2001-01-15 비센트 비.인그라시아 Progressively programmable nonvolatile memory and integrated circuit and nonvolatile memory programming method including the same
FR2783623B1 (en) * 1998-09-18 2003-05-09 France Telecom METHOD FOR MANAGING AN ELECTRONIC TRANSACTION BY CHIP CARD, TERMINAL AND CHIP CARD IMPLEMENTING THIS METHOD
US6868519B2 (en) * 2001-04-23 2005-03-15 Lucent Technologies Inc. Reducing scintillation effects for optical free-space transmission
KR100669526B1 (en) * 2004-12-30 2007-01-15 주식회사 시공사 A Reserving Unity-Gamecard System and a Method Using Thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2636153A2 (en) * 1988-06-08 1990-03-09 Parienti Raoul Dual-module memory chip card and its remote utilisation device

Also Published As

Publication number Publication date
FR2986889A1 (en) 2013-08-16
CN105117909B (en) 2019-08-02
EP3093813A1 (en) 2016-11-16
WO2013117726A3 (en) 2013-11-14
AU2013204734A1 (en) 2013-08-29
DK2812864T3 (en) 2017-01-09
FR2986889B1 (en) 2014-10-17
EP2812864A2 (en) 2014-12-17
WO2013117726A2 (en) 2013-08-15
EP2812864B1 (en) 2016-10-12
ES2609011T3 (en) 2017-04-18
CN104169953B (en) 2016-06-15
CN105117909A (en) 2015-12-02
ZA201501656B (en) 2016-06-29
IN2014DN06563A (en) 2015-05-22
CN104169953A (en) 2014-11-26

Similar Documents

Publication Publication Date Title
KR0146624B1 (en) Credit dealing card and credit dealing apparatus and method thereof
EP0920681B1 (en) Tickets stored in smart cards
EP0874339B1 (en) A monitoring system and method
JP5130506B2 (en) Electronic money settlement system and electronic money settlement method
JPH069051B2 (en) Money card payment or information transfer system with electronic memory
NO317866B1 (en) Value transfer system
WO1996036024A1 (en) Electronic payment system having several calculation units, electronic payment means, as well as a method for electronic payment
US5532463A (en) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
CN104517072B (en) Product and method for affairs Irrigularity detection
AU2013204734B2 (en) Payment system, payment terminal for this system, and associated method of payment
US7346578B1 (en) Electronic cashing card settlement system
EP3985588A1 (en) A payment support
WO1994019777A1 (en) Electronic funds control system
EP0798672A2 (en) Electronic settlement method employing electronic money value with identifier and system for use in such a method
GB2443489A (en) Smart card with integrated ticket structure
JP2006185350A (en) Automatic teller machine, transaction processing system, portable terminal, transaction processing method and program
CN112907240A (en) Cash counter dispensing method, device, equipment and medium based on counterfeit identification equipment
RU57926U1 (en) AUTOMATED SYSTEM OF PAYMENT FOR HOUSING AND COMMUNAL SERVICES BY PREFERANT CATEGORIES OF CITIZENS
CN114119204A (en) Multi-currency account management control method and device
KR20050064618A (en) The method of banking auto-teller machine by using mobile phone
EP1255210A1 (en) Customer collation system, card, mobile communication terminal, and shop system
WO2008096041A1 (en) Method, ticket handling apparatus, computer program product and product platform for a security mechanism of an electronic ticket
KR20180111199A (en) IC card reader which able to plurality payment
JPS6224389A (en) Vending machine
CN104036596A (en) Open cash register for handling small transactions

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)