AU716546B2 - Method when using synchronously operated chip cards - Google Patents

Method when using synchronously operated chip cards Download PDF

Info

Publication number
AU716546B2
AU716546B2 AU10964/97A AU1096497A AU716546B2 AU 716546 B2 AU716546 B2 AU 716546B2 AU 10964/97 A AU10964/97 A AU 10964/97A AU 1096497 A AU1096497 A AU 1096497A AU 716546 B2 AU716546 B2 AU 716546B2
Authority
AU
Australia
Prior art keywords
chip card
value
state
authentication operation
switching arrangement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU10964/97A
Other versions
AU1096497A (en
Inventor
Etienne Cambois
Olivier Debelleix
Alexandre Roche
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IPM INTERNATIONAL SA
Original Assignee
IP TPG HOLDCO SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IP TPG HOLDCO SARL filed Critical IP TPG HOLDCO SARL
Publication of AU1096497A publication Critical patent/AU1096497A/en
Assigned to IP-TPG HOLDCO S.A.R.L. reassignment IP-TPG HOLDCO S.A.R.L. Alteration of Name(s) of Applicant(s) under S113 Assignors: LANDIS & GYR TECHNOLOGY INNOVATION AG
Application granted granted Critical
Publication of AU716546B2 publication Critical patent/AU716546B2/en
Assigned to IPM INTERNATIONAL S.A. reassignment IPM INTERNATIONAL S.A. Alteration of Name(s) in Register under S187 Assignors: IP-TPG HOLDCO S.A.R.L.
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Description

-1- Method when using synchronously operated chip cards Technical Field of the Invention The invention relates to a method of using synchronously operated chip cards as a cash-less payment means in an automatic vending machine.
The method according to the invention is used in particular in independently operated automatic vending machines whose operators are not identical to the sellers or resellers of the chip cards which are used as cash-less payment means in the automatic vending machines in question. The automatic vending machines are preferably automatic article or service vending machines, while the latter are preferably telephone stations.
Background Art Chip cards of the so-called third generation are known, which can cause the card content to become involved in a respective cryptographic operation to prove the authenticity of the chip card. Examples of such chip cards are the known SLE 443X from Siemens.
:Disclosure of the Invention 20 The object of the present invention is to improve the cryptographic method used ,in the known third-generation chip cards so that: not only the authenticity of the chip card but also the amount of a sum of money debited is cryptographically safeguarded; and excessive billed charge amounts of an independent operator to the card sellers or 25 card resellers which are caused by improper use of the chip cards, undertaken with fraudulent intent, are prevented, so that the respective charge amounts are necessarily paired with equivalent debits in respect of the chip cards.
According to the invention there is provided a method of using a synchronously operated chip card as a cash-less payment means in an automatic vending machine, wherein said chip card is provided with a switching arrangement having at least a first, second, third and fourth state, said method comprising the steps of: reading an image of said chip card by an evaluation unit; deriving a chip card code key in said evaluation unit; subjecting said chip card to a first authentication operation, wherein said first RA 5, authentication operation authenticates said chip card; (I:\DAYLIB\LBL]256.doc:dcm after said first authentication operation, subjecting said chip card to a further authentication operation if said first authentication operation authenticates said chip card and a money value has been deducted from a chip card money value contained in a money value counter of said chip card at least once since said first authentication operation, wherein said further authentication operation determines whether and by what amount said chip card money value was reduced; increasing a money value contained in a charging meter of said evaluation unit by an amount equal to said money value deducted from said chip card money value if said further authentication operation authenticates said amount by which said chip card money value was reduced; during each said authentication operation, producing on said chip card an actual value answer signal by means of a corresponding random signal with a respective authentication operation, wherein said random signal is supplied by said evaluation unit and said actual value answer signal is not only a function of said corresponding random 15 signal but is also a function inter alia, entirely or partially, of said image of said chip card, wherein said image comprises: identification details of said chip card; said chip card money value; said chip card code key; and an algorithm of said chip card; during each said authentication operation, said actual value answer signal is compared to a corresponding reference answer signal which is produced within said evaluation unit using said corresponding random signal in a similar manner as said actual value answer signal; during each one of said authentication operations, a respective state value of said switching arrangement which is precisely present at the beginning of said authentication operation is also taken into account in producing both said reference value answer signal 25 and said actual value answer signal, so that said reference value answer signal and said actual value answer signal are also a function of said state value, wherein said first state is in each case a defined initial state assumed by said switching arrangement after each switching-on of a chip card power supply, wherein said second state is assumed by said switching arrangement after a triggering of said first authentication operation and is produced on said chip card following receipt of a corresponding first random signal associated with said first authentication operation if said switching arrangement is in said first state, wherein said third state is assumed by said switching arrangement after a first reduction has occurred in said chip card money value, wherein said first reduction is effected on said chip card if said switching arrangement is in said second state; and vherein said fourth state is assumed by said switching arrangement after a triggering of A' [I:\DAYLIB\LIBL]256.doc:dcm said further authentication operation and is produced on said chip card at the end of a further corresponding random signal associated with said further authentication operation if said switching arrangement is in said third state.
Brief Description of the Drawings An embodiment of the invention is illustrated in the drawing and described in greater detail hereinafter. In the drawing: Figure 1 shows a basic circuit diagram of an evaluation unit of an automatic vending machine, into the card slot of which a chip card fits.
Figure 2 shows a circuit diagram of a possible arrangement for producing an answer signal triggered by a random signal, and Figure 3 shows a basic circuit diagram of a switching arrangement having four states.
Detailed Description including Best Mode As already mentioned the automatic vending machines are preferably automatic i" article or service vending machines, the latter preferably being telephone stations. The
I
automatic vending machines include an evaluation unit 1 which in turn has a terminal 2, a 4444 security module SM and a power supply 3 for supplying the electronic circuits both of the 4444 20 evaluation unit 1 and also a chip card 4 if the latter is inserted into a card slot of the automatic vending machine (see Figure The security module includes a charging meter 5 for the accumulation of charge amounts which an operator of the automatic vending machine can bill to a seller or reseller of the chip cards. The power supply 3 supplies the security module SM and the chip card 4 with power as indicated at 6 and 7 o 25 respectively by way of the terminal 2 which can switch the power supply of the chip card ooeoo on and off. Items of information 8 or 9 are transmitted in both transmission directions between the terminal 2 and the security module SM and between the terminal 2 and the 44444.
S* chip card 4 respectively. Provided on each of the chip cards 4 is a money value counter 4a and a switching arrangement 4b ("state machine"). In addition, on each of the chip cards 4 there is preferably also a power supply switch-on counter 4c which in principle counts the number of power supply switch-on operations for the chip card 4, to which the chip card 4 had been exposed since it was first brought into operation (count value x 0) up to the respective moment in question (count value x).
A respective cryptographic arrangement is provided on the chip card 4 and in the security module SM to produce an answer signal 10 by means of a random signal 11. The [I:\DAYLIBLIBL]256.doc:dcm random signal 11 is preferably a random bit sequence. The cryptographic arrangement is any of the many known arrangements of this kind, of which a possible arrangement is shown in Figure 2. It includes a gating switching arrangement 12 for producing a call-up signal 13 which is a function of the random signal 11, identification details 14 of the chip card 2 and money value details 15. On the chip card 4 the money value details correspond to the money value contained in the money value counter 4a. The details 14 and 15 are passed to first and second inputs respectively of the switching arrangement 12 while the random signal 11, coming from the security module SM by way of the terminal 2, feeds a third input of the switching arrangement 12. The call-up signal 13 at the output of the switching arrangement 12 is a serial input signal of a shift register 16 which is provided with feedbacks and which with its feedbacks represents an algorithm. A chip card code key is stored in the shift register 16 at the beginning of each authentication operation. An output signal produced at a serial output of the shift register 16 is the answer signal 10 of the shift register 16 to the call-up signal 13. It is a function of the code key, the algorithm and the call-up signal 13 and it is thus also a function of the random signal 11, the identification details 14 and the money value details 15. The chip card code key, the algorithm and the details 14 and 15 together represent an image of the known chip card 4. Further details in this respect are to be found in EP 0 616 429 Al and EP 0 624 839 A1.
The switching arrangement or "state machine" 4b has at least four states (see *Figure 3) which are for example consecutively numbered from zero to three. The consecutive serial numbers are for example 2 bit binary numbers which are stored on the chip card 4 in two storage cells of a RAM (Random Access Memory), that is to say a write/read memory. It is therefore assumed hereinafter that the switching arrangement 4b 25 has at least a first state 00, a second state 10, a third state 11 and a fourth state 01 which
*SSS,~
are all four passed through in the specified sequence during an operating procedure. In the authentication operations AUTo to AUTn+m in accordance with the invention a respective ooSstate value of the switching arrangement 4b, which is just exactly present at the commencement thereof, is also taken into consideration in the procedure for the production of reference value and actual value answer signals so that the two latter are each also a respective function of said state value. The first state 00 is in each case a defined initial or starting state of the switching arrangement 4b, which is assumed by the latter after each switch-on operation P0n of the chip card power supply 3. The second state 10 is that which is assumed by the switching arrangement 4b after triggering of a Sfirst authentication operation AUTo and is produced on the chip card 4 at the end of a first _J [I:\DAYIB\LBL]256.doc:dcm [I:\DAYLB3\LfBL]256.doc:dcm random signal associated with the first authentication operation AUTo when the switching arrangement 4b is in the first state 00. In the second state 10 without changes in state of the switching arrangement 4b additional authentication operations AUT, to AUTn.
1 can optionally also be initiated by the evaluation unit 1, utilising the same chip card money value as in the first authentication operation AUTo. The third state 11 is that which is assumed by the switching arrangement 4b after a first reduction AGW 0 of the chip card money value, wherein the first reduction AGW 0 is implemented on the chip card 4 when the switching arrangement 4b is in the second state 10. In the third state 11 without changes in the state of the switching arrangement 4b additional reductions AGW 1 to AGWk in the chip card money value can optionally also be implemented by the evaluation unit 1. The fourth state 01 is that which is assumed by the switching arrangement 4b after triggering of a further authentication operation AUTn and is produced on the chip card 4 at the end of a further random signal associated with the further authentication operation AUTn, when the switching arrangement 4b is in the third state 11. If a still further reduction AGWk+l in the chip card money value is implemented by the evaluation unit 1 in the fourth state 01, the switching arrangement 4b again previously adopts the third state 11.
When a power supply switch-on counter 4c is provided, the count value x thereof is incremented by a given predetermined value, preferably one, after the chip card feed is switched on at each occasion at the beginning of the first subsequent authentication operation AUTo or shortly before the triggering thereof. It is assumed hereinafter that the incrementation is effected in each case by the value one. Then, in each of the authentication operations AUTo to AUTn+m the respective count value x+l which applies at that time is also taken into consideration in the operation for producing the associated 25 reference value and actual value answer signals so that the latter two are each also a S: function of the applicable count value x+l. The power supply switch-on counter 4c comprises for example a 16 bit EZPROM ("Electrical Erasable Programmable Read Only S Memory"). The non-decrementable power supply switch-on counter 4c then counts to a maximum value of 216 65,536.
The method according to the invention includes the following time procedure: If in a use the synchronously operated chip card 4 has been inserted as a cashless payment means into the card slot of an automatic sales machine the terminal 2 switches on the power supply for the chip card 4, which causes resetting to zero of the NTc7; RAM of the chip card 4 and therewith also resetting of the two storage cells storing the 2 [I:\DAYL1B\L1BL256.doc:dcm bit binary number which represents the state of the switching arrangement 4b. In other words the latter assumes the state 00 on the chip card 4.
The terminal 2 then reads an image of the chip card 4, that is to say its identification details 14, its chip card money value which is stored in the money value 4a at that time (that is to say the money value details 15) and, if present, the count value x of the power supply switch-on counter 4c, and it transmits that image with an initiation signal "INIT_AUT" to the security module SM. The same algorithm is present in the latter as on the chip card 4. The security module SM derives the chip card code key from the received identification details 14.
After reading of the image of the chip card 4 by the evaluation unit and its transmission to the security module SM and after derivation of the chip card code key from the received identification details 14, which is implemented in the evaluation unit 1 the chip card 4 is subjected at the beginning of a use to a first authentication operation AUTo which is triggered by means of the initiation signal "INIT_AUT", for the purposes of establishing card authenticity.
In other words: reception of the initiation signal "INIT AUT" in the security module SM has therein the consequence that the instantaneous state YY of the switching arrangement 4b is assumed by the security module SM to be equal to 00, that the count 20 value x is changed to x+l and a first random signal is produced, which latter is serially passed by way of the terminal 2 to the chip card 4. In addition, a first reference value answer signal is produced in the security module SM by means of the first random signal, the identification details 14, the chip card money value, the algorithm, the chip card code key and the value x+l and YY 00.
25 With the reception for example of a first pulse of the first random signal the S• count value of the power supply switch-on counter 4c on the chip card 4 is incremented by a value of one so that its new value is x+l.
:In the same or a similar manner to the way in which the first reference value answer signal is produced in the security module SM, an actual value answer signal is produced on the chip card 4 by means of the first random signal, and is passed by way of the terminal 2 to the security module SM. Just like the reference value answer signal the actual value answer signal is a function of the first random signal, the identification details 14, the chip card money value, the algorithm, the chip card code key and the values x 1 and YY 00. A for example last pulse of the actual value answer signal causes YY to assume on the chip card 4 the value [I:\DAYLB\LBL]256.doc:dcm The reference value and actual value answer signals are compared together in the security module SM. In the event of card authenticity both answer signals are the same and YY also assumes the value 10 in the security module SM.
In the state 10 the terminal 2 of the evaluation unit 1 can also trigger and implement any desired number of further authentication operations AUT 1 to AUTn-1. The values x+l and YY 10 remain unchanged during those further authentication operations.
In the event of card authenticity which is recognised on the occasion of the last of the authentication operations performed the terminal 2 causes debiting of the money value AGW 0 of the sold article or service in the money value counter 4a of the chip card 4. Its original money value is thus reduced by the money value AGW 0 The switching arrangement 4b on the chip card 4 then assumes the state 11.
In practice it can happen that in the state YY 11 of the switching arrangement 4b, a plurality of money value debits AGWI to AGWk in respect of sold articles or services are effected in quick succession before a next authentication operation is triggered.
In the event of recognised card authenticity and after at least one reduction
AGW
1 to AGWk, caused by purchase of an article or service, in respect of the chip card money value contained in the money value counter 4a of the chip card 4, the chip card 4 20 is subjected to a further authentication operation AUTn for the purposes of establishing whether and by what amount the chip card money value was reduced. For that purpose the terminal 2 reads the new chip card money value contained in the money value counter Ca 4a and transmits it with an initiation signal "increase content of the charging meter 5" to the security module SM in which YY now assumes the state value 11.
S 25 This further authentication operation is effected in the same or a similar manner o° to the first, that is to say a further random signal is produced in the security module SM and transmitted by way of the terminal 2 to the chip card 4. By means of this last random oo signal, a reference value and actual value analog signal respectively is again produced in the security module SM and on the chip card 4, both of which signals this time are a function of the new random signal, the identification details 14, the new chip card money value, the algorithm, the chip card code key and the values x 1 and YY 11.
The new actual value answer signal is passed by way of the terminal 2 to the security module SM where it is compared to the new reference value answer signal produced therein. The for example last pulse of the new actual value answer signal 3 provides on the chip card 4 that the switching arrangement 4b assumes the state YY 01.
)[I:\DAYLIB\LIBL]256.doc:dcm In the event of identity of the two answer signals, in the security module SM of the evaluation unit 1 a money value contained in the charging meter 5 is increased by the same amount as that by which the chip card money value contained in the money value counter 4a of the chip card 4 was reduced.
In the state YY 01 of the switching arrangement 4b further money value debits AGWk+l to AGWk+m are possible and can be implemented by the terminal 2 if additional articles or services are purchased by the user of the chip card 4. In that case the money value debits occur with previous resetting of the switching arrangement 4b from the state YY 01 into the state Y 11. Once the switching arrangement has reached the state 01, therefore without previous money value debit no authentication and thus no increase in the content of the charging meter 5 is then possible. If the power supply is taken from the chip card 4 ("Poweroff") the RAM of the chip card 4 and thus also the two memory cells thereof, in which the value of YY is stored, lose its or their value.
The next time that the power supply for the chip card 4 is switched on again, the above-described cycle begins afresh.
To sum up it should once again be noted that in all authentication operations AUTo to AUTn+m an actual value answer signal is produced in each case by means of a random signal which is associated with the authorisation operation in question and which is supplied by the evaluation unit 1, on the chip card 4, and that actual value answer 0090 20 signal, besides a function of the random signal in question, is also a function inter alia, .entirely or partially, of the chip card identification details 14, the chip card money value which is respectively still contained in the money value counter 4a of the chip card, the chip card code key and the algorithm of the chip card 4, which all four are a part of the image thereof, to which moreover the state YY of the switching arrangement 4b and, if 25 present, the count value x, also belong. The actual value answer signal is thus also a o °function of the last two. During the authentication operations AUTo to AUTn+n, the S° respective actual value answer signal is compared to a reference value answer signal o produced in a similar manner in the evaluation unit 1 by the same random signal.
If the terminal 2 seeks to increase again the content of the charging counter 5 in an improper manner without having debited the chip card money value of the chip card 4, in the security module YY will assume the value 11 while YY on the chip card 4 retains the value 01. The reference value and the actual value of the answer signal would not be the same. Likewise if the terminal 2 switches the power supply of the chip card 4 off and then on again in an improper manner, the subsequent authentication operation will t' increment the count value x of the power supply switch-on counter 4c so that the values [I:\DAYLB\LIBL]256.doc:dcm of x in the reference value and actual value answer signals and therewith also those two answer signals are no longer the same. Correct functioning of the respective cycle is therefore guaranteed only so long as the switching arrangement 4b and, if present, the power supply switch-on counter 4c each involve a correct value on the occasion of the authentication operations being initiated. An increase in the charging meters 5 of a plurality of security modules SM with the same chip card 4 is for example no longer possible so that this prevents abuse which is related thereto.
Industrial Applicability It is apparent from the above that the embodiment of the invention is applicable to the chip card industry.
The foregoing describes only one embodiment of the present invention, and modifications and/or changes can be made thereto without departing from the scope and spirit of the invention as being illustrative and not restrictive.
In the context of this specification, the word "comprising" means "including principally but not necessarily solely" or "having" or "including" and not "consisting only of'. Variations of the word comprising, such as "comprise" and "comprises" have corresponding meanings.
oooe a [I:\DAYL1B\LBL]256.doc:dcm

Claims (8)

1. A method of using a synchronously operated chip card as a cash-less payment means in an automatic vending machine, wherein said chip card is provided with a switching arrangement having at least a first, second, third and fourth state, said method comprising the steps of: reading an image of said chip card by an evaluation unit; deriving a chip card code key in said evaluation unit; subjecting said chip card to a first authentication operation, wherein said first authentication operation authenticates said chip card; after said first authentication operation, subjecting said chip card to a further authentication operation if said first authentication operation authenticates said chip card and a money value has been deducted from a chip card money value contained in a money value counter of said chip card at least once since said first authentication operation, wherein said further authentication operation determines whether and by what amount said chip card money value was reduced; increasing a money value contained in a charging meter of said evaluation unit by an amount equal to said money value deducted from said chip card money value if said 4• further authentication operation authenticates said amount by which said chip card money 0I0 20 value was reduced; during each said authentication operation, producing on said chip card an actual value answer signal by means of a corresponding random signal with a respective authentication operation, wherein said random signal is supplied by said evaluation unit and said actual value answer signal is not only a function of said corresponding random 25 signal but is also a function inter alia, entirely or partially, of said image of said chip card, ,0 wherein said image comprises: identification details of said chip card; said chip card money value; said chip card code key; and an algorithm of said chip card; S-during each said authentication operation, said actual value answer signal is compared to a corresponding reference answer signal which is produced within said evaluation unit using said corresponding random signal in a similar manner as said actual value answer signal; during each one of said authentication operations, a respective state value of said switching arrangement which is precisely present at the beginning of said authentication operation is also taken into account in producing both said reference value answer signal 7$ 5) >and said actual value answer signal, so that said reference value answer signal and said i< ,[I:\DAYLIB\LIBL]256.doc:dcm -11- actual value answer signal are also a function of said state value, wherein said first state is in each case a defined initial state assumed by said switching arrangement after each switching-on of a chip card power supply, wherein said second state is assumed by said switching arrangement after a triggering of said first authentication operation and is produced on said chip card following receipt of a corresponding first random signal associated with said first authentication operation if said switching arrangement is in said first state, wherein said third state is assumed by said switching arrangement after a first reduction has occurred in said chip card money value, wherein said first reduction is effected on said chip card if said switching arrangement is in said second state; and wherein said fourth state is assumed by said switching arrangement after a triggering of said further authentication operation and is produced on said chip card at the end of a further corresponding random signal associated with said further authentication operation if said switching arrangement is in said third state.
2. A method according to claim 1, wherein that in said second state, without changes in state of said switching arrangement, additional authentication operations are initiated by said evaluation unit, utilising said chip card money value as in said first authentication operation. 20
3. A method according to either claim 1 or 2, wherein that in said third state, without changes in state of said switching arrangement, additional reductions in said i chip card money value are also implemented by said evaluation unit.
4. A method according to any one of claims 1 to 3, wherein that if a further 25 reduction of said chip card money value is implemented by said evaluation unit in said fourth state, said switching arrangement again assumes said third state. '0
5. A method according to any one of claims 1 to 4, wherein provided on said chip o'i card is a power supply switch-on counter, said power supply switch-on counter contains a count value, said count value is incremented by a constant value after said chip card power supply is switched on at the beginning of said first authentication operation on said chip card or shortly before triggering thereof on said chip card, and in each said authentication operation an applicable count value is also taken into account in producing said reference value answer signal and said actual value answer signal, so said reference [I:\DAYLIB\LIBL]256.doc:dcm -12- value answer signal and said actual value answer signal are also a function of said applicable count value.
6. A method according to any one of claims 1 to 5, wherein said automatic vending machines are automatic article or service vending machines.
7. A method according to claim 6, wherein said automatic service vending machines are telephone stations.
8. A method of using a synchronously operated chip card as a cash-less payment means in an automatic vending machine, said method being substantially as herein described with reference to the drawings. DATED this tenth Day of November 1999 Landis Gyr Technology Innovation AG Patent Attorneys for the Applicant SPRUSON FERGUSON V. V V V V V.. V.. V AVA. V V V V V V *VVV..~ a. [I:\DAYLIB\LIBL]256.doc:dcm
AU10964/97A 1995-12-07 1996-12-02 Method when using synchronously operated chip cards Ceased AU716546B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH3452/95 1995-12-07
CH345295A CH689813A5 (en) 1995-12-07 1995-12-07 Process at a use of synchronously operated smart card.
PCT/EP1996/005341 WO1997021198A1 (en) 1995-12-07 1996-12-02 Method of using synchronously operated chip cards

Publications (2)

Publication Number Publication Date
AU1096497A AU1096497A (en) 1997-06-27
AU716546B2 true AU716546B2 (en) 2000-02-24

Family

ID=4256259

Family Applications (1)

Application Number Title Priority Date Filing Date
AU10964/97A Ceased AU716546B2 (en) 1995-12-07 1996-12-02 Method when using synchronously operated chip cards

Country Status (5)

Country Link
EP (1) EP0865643B1 (en)
AU (1) AU716546B2 (en)
CH (1) CH689813A5 (en)
DE (1) DE59602905D1 (en)
WO (1) WO1997021198A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
UA62003C2 (en) 1998-09-30 2003-12-15 Infineon Technologies Ag Data processor and the method for the authentication of data in a nonvolatile memory unit
FR2807249B1 (en) * 2000-03-30 2006-01-20 Ascom Monetel Sa METHOD FOR AUTHENTICATING CHIP CARDS

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1989002140A1 (en) * 1987-08-28 1989-03-09 Mars Incorporated Data carrying devices
EP0570924A2 (en) * 1992-05-20 1993-11-24 Siemens Aktiengesellschaft Authentication method of one system-participant by another system-participant in an information transfer system composed of a terminal and of a portable data carrier
EP0607950A2 (en) * 1993-01-19 1994-07-27 Siemens Aktiengesellschaft Method and data carrier for checking the authenticity of chip memories

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2119832T3 (en) * 1992-05-20 1998-10-16 Siemens Ag PROCEDURE AND PROVISION OF DATA SUPPORT FOR THE AUTHENTICATION OF MEMORY CHIPS.
FR2704081B1 (en) * 1993-04-16 1995-05-19 France Telecom Method for updating a memory card and memory card for implementing this method.

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1989002140A1 (en) * 1987-08-28 1989-03-09 Mars Incorporated Data carrying devices
EP0570924A2 (en) * 1992-05-20 1993-11-24 Siemens Aktiengesellschaft Authentication method of one system-participant by another system-participant in an information transfer system composed of a terminal and of a portable data carrier
EP0607950A2 (en) * 1993-01-19 1994-07-27 Siemens Aktiengesellschaft Method and data carrier for checking the authenticity of chip memories

Also Published As

Publication number Publication date
DE59602905D1 (en) 1999-09-30
EP0865643A1 (en) 1998-09-23
EP0865643B1 (en) 1999-08-25
CH689813A5 (en) 1999-11-30
WO1997021198A1 (en) 1997-06-12
AU1096497A (en) 1997-06-27

Similar Documents

Publication Publication Date Title
CN1121020C (en) Method for protectedly debiting electronic payment means
US5914471A (en) Method and apparatus for recording usage data of card operated devices
CN1134749C (en) Method of debiting an electronic payment means
US4450535A (en) System and method for authorizing access to an article distribution or service acquisition machine
US5915226A (en) Prepaid smart card in a GSM based wireless telephone network and method for operating prepaid cards
US4910775A (en) Portable electronic device for use in conjunction with a screen
KR100420600B1 (en) METHOD FOR PROCESSING EMV PAYMENT BY USING IrFM
RU2134904C1 (en) Data transmission system with terminal and portable data medium; method for recharging portable data medium by means of terminal
US6003764A (en) Method of securely storing and retrieving monetary data
WO1996036026A1 (en) Method for effecting an electronic payment transaction
CA2252258A1 (en) Pricing control system for multi-operation vending machines
AU716546B2 (en) Method when using synchronously operated chip cards
US6152367A (en) Wired logic microcircuit and authentication method having protection against fraudulent detection of a user secret code during authentication
AU703043B2 (en) Method when using synchronously operated chip cards
WO1997046983A2 (en) Method and device for loading input data into an algorithm during authentication
AU704773B2 (en) Method of authenticity checking of a prepaid payment means used in a transaction
JPH09319845A (en) Key data setting method of ic card system
DE69526300T2 (en) Circuit and how it works
AU722824B2 (en) Method of securely storing and retrieving monetary data
CA2244126C (en) Procedure and device for loading input data into an algorithm during authentication
MXPA98004542A (en) Method to load an electronic payment to an account
CZ16897A3 (en) Process and apparatus for paying from chip cards with stock exchange functions

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
PC Assignment registered

Owner name: IPM INTERNATIONAL S.A.

Free format text: FORMER OWNER WAS: IP-TPG HOLDCO S.A.R.L.