CN101313329B - Reduce equipment and the system of the interaction time of contactless transaction - Google Patents
Reduce equipment and the system of the interaction time of contactless transaction Download PDFInfo
- Publication number
- CN101313329B CN101313329B CN200680043308.8A CN200680043308A CN101313329B CN 101313329 B CN101313329 B CN 101313329B CN 200680043308 A CN200680043308 A CN 200680043308A CN 101313329 B CN101313329 B CN 101313329B
- Authority
- CN
- China
- Prior art keywords
- contactless
- transaction
- card
- reader
- payment devices
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of method.Described method includes: at reader, at least one risk-management processes based on transaction was performed before making contactless interface energising, start and the communication of card for contactless transaction, receive and block relevant information, and terminated before approval contactless transaction and the communicating of card.
Description
Intersection reference to related applications
This application claims the U.S. Provisional Patent Application of JIUYUE in 2005 proposition on the 28th
The U.S. Provisional Patent Application that No.60/721,454 and on July 19th, 2006 propose
The priority of No.60/807,775.
Technical field
Disclosure is a kind of relates to the equipment that reduces the interaction time of contactless transaction, system and
Method.
Background technology
In recent years, contactless and wireless communication technology has become more universal.In payment industry,
Contactless payment has and is better than traditional magnetic stripe technology and contact chip payment protocols
Many advantages.For example, as it is known that traditional contact Payment Card operation is relatively slow, magnetic stripe card is not
Enough safety.These technology are also required for the slot in the terminal reader must safeguarded by businessman.
Contactless payment need not insert the slot of Payment Card.Consumer keeps the control to Payment Card
System, is only placed on Payment Card near terminal reader when needing.Payment industry is with regard to contact
The traditional specifications that chip payment is used typically requires that consumer in the different time and/or continues
The a period of time extended is placed on Payment Card near terminal reader, in order to complete transaction.By
Be intended to exchange hour in businessman and consumer short, therefore according to traditional specifications perform contactless
Transaction can not meet market demands.
Businessman and consumer also require that contactless transaction is safer.Although up-to-date distribution is contactless
Magnetic stripe card can be more safer than traditional magnetic stripe card, but this contactless magnetic stripe card is typically just
Design for online transaction.For the non-contact on-line transaction performed according to traditional specifications, transaction
Easily all kinds of by commonly referred to hiding attack (sleeve attack), Trojan horse attack etc.
" go-between " attacks impact online.
In a kind of hiding attack, equipment intercepts from the card reader Wireless transceiver for contactless card
Data.These data of equipment changing, pass to this card the data of change subsequently.Card receives by setting
The data that the standby change data transmitted rather than reception card reader transmit.Block and change with post processing
Data, and passing to card reader to the change relevant message of data.Card reader is subsequently according to depositing
It is the information in the message that card transmits, approval transaction.In another kind of hiding attack, equipment
Intercept the data from the card Wireless transceiver for card reader.These data of equipment changing, subsequently change
Data more pass to card reader.Card reader receives the change data transmitted by equipment rather than connects
Receive the data that card transmits.The data that card reader changes with post processing, and pass according to being present in equipment
Information in the change data sent, approval transaction.In other type of hiding attack, pass through
The data intercepted not being transmitted to card or card reader, equipment may result in the refusal of service.
In a kind of Trojan horse attack, before information is sent to card reader, embed in card
Malware change valid data.Card reader is finally according to the data approval transaction of change.?
In another kind of Trojan horse attack, the Malware embedded in card changed before licensing process
Valid data.Card reader is finally according to the data approval transaction of change.
For the off-line trading specified, " go-between " attack can be used for reducing final by card with read
The amount of money of the transaction of card device identification.Such as, for relating to the appointment off-line buying commodity from businessman
Transaction, card reader can be scheduled to the data of card, the price that the instruction of described data is concluded the business by Wireless transceiver
Equal to $ 15.But, before card receives data, equipment intercepts described data, and change should
Data, so that the price of the data instruction transaction of change is simply equal to $ 1.Once card subsequently receives
The data of change, and the message relevant to change data is passed to card reader, card reader is the most just
Approval is simply equal to the transaction of $ 1.Upon receiving the approval, the dealing money of approval is being believed
In the case of $ 15, businessman's goods in transit.The real trade amount of money and the dealing money of minimizing
Between difference can affect the amount of money that businessman finally receives from card sending mechanism.
Summary of the invention
In one aspect, disclosure one reader.According to each embodiment, described in read
Read device and include contactless interface and transaction modules.Transaction modules couples with contactless interface, and quilt
It is configured and arranged to process contactless friendship with the interaction time being less than 1/2 second between card and reader
Easily.
On the other hand, the present invention open one card.According to each embodiment, described card includes
Be configured and arranged to carry out the transaction modules of radio communication, described card be constructed and arranged to according to
Chip mode and magnetic stripe data mode work.
On the other hand, the open a kind of system of the present invention, according to each embodiment, described system
Including reader and card.Reader includes contactless interface and transaction modules.Card is constructed and pacifies
Line up by contactless interface and reader communication.Transaction modules couples with contactless interface, and
It is constructed and arranged to process contactless with the interaction time being less than 1/2 second between card and reader
Transaction.
On the other hand, the side of a kind of interaction time reducing contactless transaction of disclosure
Method.According to each embodiment, described method includes: at described reader, make contactless connecing
Perform at least one risk-management processes based on transaction before mouth energising, start to connect with for nothing
Touch the communication of the card of transaction, receive and block relevant information, before approval contactless transaction eventually
Stop the communication with card.
On the other hand, disclosure is a kind of prevents man-in-the-middle attack to contactless transaction
Method.According to each embodiment, described method includes receiving dynamic signature, described dynamic signature
Including application transaction counter, the unpredictable numeral of terminal, dealing money, transaction currency code
Numeral unpredictable with card.Described method also includes the unpredictable numeral of receiving card, utilizes card not
Measurable numeral recalculates dynamic signature, and if dynamic signature be identified, then off-line is criticized
Quasi-contactless transaction.
Various aspects of the invention can by calculate equipment and/or preserve on a computer-readable medium
Computer program realize.Computer-readable medium can include disk, equipment and/or transmitting signal.
Accompanying drawing explanation
Below in conjunction with the accompanying drawings, each embodiment of the present invention is illustrated.
Fig. 1 graphic extension reduces each enforcement of the reader of the interaction time of contactless transaction
Example;
Fig. 2 graphic extension reduces each embodiment of the system of the interaction time of contactless transaction;
Fig. 3 graphic extension reduces each embodiment of the method for the interaction time of contactless transaction;
Fig. 4 is each embodiment of the pro forma transaction process step of the method for graphic extension Fig. 3
Simple flow figure;
Fig. 5 is the simplification of each embodiment of the application selection step of the method for graphic extension Fig. 3
Flow chart;
Fig. 6 is the simple flow of each embodiment of the authorisation step of the method for graphic extension Fig. 3
Figure;
Fig. 7 graphic extension is for reducing each of the method for the interaction time of the second contactless transaction
Individual embodiment.
Detailed description of the invention
Will be apparent to the present invention at least some accompanying drawing and explanation be simplified, in order to concentrate on clearly
Understand to Chu in the key element that the present invention is correlated with, the most for the sake of clarity, eliminate this area
Those of ordinary skill will appreciate that other key element of the part that also may make up the present invention.But,
Owing to such key element is well known in the art, and not necessarily help due to them more preferably
Ground understands the present invention, omits the explanation to this key element the most here.
Fig. 1 graphic extension is for reducing each of the reader 10 of the interaction time of contactless transaction
Individual embodiment.Reader 10 can be constructed and arranged to by contactless interface and another
Any type of equipment of equipment communication.According to each embodiment, reader 10 can be collection
Become to the business equipment in point of sale device, or separate with point of sale device, but with sale
The business equipment of point device communication.Term used herein " interaction time " refers to reader 10
And the interaction time between another equipment, do not include reaching the standard grade to authorize, or reader
Confirm that either statically or dynamically signature is to carry out the time needed for offline data authentication.Reader 10
Can with require that exchange hour is than the exchange hour faster city relevant to traditional payment arrangement
The existing payment system infrastructure of field is used together.According to each embodiment, reader 10
Interaction time is can be used for be reduced to approximately be less than 500 milliseconds.
Reader 10 includes contactless interface 12, and the transaction modules coupled with contactless interface
14.Transaction modules 14 is constructed and arranged to be less than 1/2 between reader 10 and another equipment
The exchange hour of second processes contactless transaction.Transaction modules 14 also can be constructed and arranged to hold
Row static data authentication and/or dynamic data authentication, discussed more fully below.Implement according to each
Example, reader 10 also includes the security module 16 coupled with transaction modules 14.Security module
16 are constructed and arranged to stop " go-between " to contactless transaction to attack.
Module 14,16 all can realize with hardware or software.According to each embodiment, by profit
With any suitable computer language (such as, C, C++, Delphi, Java, JavaScript,
Perl, Visual Basic, VBScript etc.), module 14,16 can be implemented so that application software,
Computer program etc., and can forever or be temporarily included in and can instruct to equipment transmission
Any type of machine, assembly, physically or a virtually equipment, storage medium, or propagate
In signal.Software code can be stored in computer with the form of a series of instruction or order can
Read on medium, so that when processor reads described medium, performing function described herein.This
In use term " computer-readable medium " include magnetically and optically memorizer, such as disk, read-only
CD, compact disc rocordable, CD drive and hard disk drive.Computer-readable medium also includes
Can be physics, virtual, permanent, interim, semipermanent and/or store dress the most temporarily
Put.Computer-readable medium may also include one or more transmitting signal, such transmitting signal
Can transmit on one or more carrier waves, or can not transmit on one or more carrier waves.To the greatest extent
Tube module 14 and 16 is expressed as two standalone modules in FIG, but the technology of this area
Personnel will appreciate that the function of module 14 and 16 can be incorporated in single module.
Fig. 2 graphic extension is for reducing each of system 20 of the exchange hour of contactless transaction
Embodiment.System 20 includes reader 10 and card 22.Term used herein " blocks " and refers to
Any type of equipment that can be communicated with reader 10 by contactless interface 12.According to respectively
Individual embodiment, card 22 can be smart card, mobile phone, personal digital assistant etc..
Card 22 is constructed and arranged to be communicated with reader 10 by contactless interface 12.According to respectively
Individual embodiment, card 22 includes that transaction modules 24, transaction modules 24 are constructed and arranged to and read
Read device 10 to cooperate, to complete contactless transaction.Card 22 may also include security module 26, safety
Module 26 is constructed and arranged to cooperate with reader 10, with stop to contactless transaction " in
Between people " attack.Module 24,26 can be similar to the module 14,16 of reader 10.According to each
Embodiment, card 22 can be double-mode card, and described double-mode card can be constructed and arranged to according to core
Tablet mode, or work according to magnetic stripe data mode (utilizing Track 2 equivalent data).Card 22
The mode of operation utilized can be determined according to the ability of reader 10 by card 22.
System 20 may also include the net coupled with reader 20 and card sending mechanism (issuer) 30
Network 28.Network 28 can be the network of any suitable type as known in the art, can be by
Couple with reader 28 according to any appropriate ways known in the art, can according to this area
Any appropriate ways known couples with card sending mechanism 30.Network 28 can include any kind of
Transmission system, includes, but is not limited to LAN (such as, Ethernet), and wide area network is (such as because of spy
Net and/or WWW), telephone network (such as, simulation, numeral, wired, wireless, PSTN, ISDN,
GSM, GPRS and/or xDSL), the packet switching network, radio net, TV network,
Cable system, satellite network, and/or it is configured to transmit other wired or wireless communication any of data
Network.Network 28 can include the multiple parts being configured to guide and/or transmit data, such as
Intermediate node, proxy server, router, switch and adapter.
Fig. 3 graphic extension is for reducing each of method 40 of the interaction time of contactless transaction
Embodiment.Method 40 can be realized by the system 20 of Fig. 2.Method 40 includes general step:
Pro forma transaction processes 42, and discovery processes 4, applies selection 46, and application processes 48, and transaction
Authorize 50.
In order to make the interaction time between card 22 and the reader of given transaction be down to minimum,
Before card 22 is presented in request, reader 10 performs pro forma transaction and processes step 42.Hand over preliminary
In disposable step 42, reader 10 performs some risk-management processes based on transaction.Example
As, according to each embodiment, reader 10 can obtain dealing money, and compare dealing money
With trading limit, exempt to authorize limit (floor limit), cardholder verification method's limit etc..One
Denier pro forma transaction processes step 42 and completes, and reader 10 can point out holder to present card 22.Root
Processing according to pro forma transaction, reader 10 may call for transaction and is terminated, online treatment or off-line
Process.Graphic extension pro forma transaction processes the simple flow diagram of each embodiment of step 42
In Fig. 4.
Pro forma transaction is that discovery processes step 44 after processing step 42.Once card 22 by
Pass, and within the scope of reader 10, reader 10 make contactless interface 12 be energized,
And communicated with card 22 foundation by contactless interface 12 during discovery processes step 44.As
Really reader 10 detects multiple contactless card 22 in the range of it, then reader 10 can be to
Holder points out this situation, and requires only to present a card 22 for this transaction.It addition, according to business
Family orders or after predetermined timeout period, and reader 10 can process step 44 phase in discovery
Between abnormal end transaction, and make contactless interface 12 power-off.
Discovery is that application selects step 46 after processing step 44.Step 46 is selected in application
In, reader 10 transmits the first command messages (such as, SELECT PPSE) to card 22.The
One command messages can be used as card 22 support, and can pass through what contactless interface 12 access
The application identifier of application, the request of the list of application label and application priority indicator.Ring
The first command messages, card 22 is answered to set up such list, and reader 10 is passed in this list.
According to each embodiment, can provide in the file control information (FCI) passing to reader 10 should
List.Reader 10 is established as reader 10 and card 22 followed by the list that card 22 transmits
The list of common application.After building the list of common applications, reader 10 is to card
22 transmit the second command messages (such as, SELECT AID).Second command messages can be used as profit
By the application-specific come from shared list of application, implement the request of transaction.Implement according to each
Example, described application-specific can be the application priority indicator instruction previously transmitted by card 22
The total application with limit priority.Responding the second command messages, card 22 is to reader
10 transmit the ability provided with reader 10, and the transaction specific requirements of reader 10 is relevant
The request of various details.According to each embodiment, the available terminal relevant to reader 10
Data object list (such as PDOL) provides the details asked.If terminal data objects arranges
Table includes special data element (such as, terminal transaction qualifiers (qualifier)), then process
Enter application and process step 48.Otherwise, reader 10 can terminate transaction, or attempts to lead to
Cross another interface and process transaction.Graphic extension application selects the letter of each embodiment of step 46
Change flow chart shown in Figure 5.
In application processes step 48, response card is to the ability with reader 10, and reads
The request of the various details that the transaction specific requirements of device 10 is relevant, reader 10 passes to card 22
Send the 3rd command messages (such as, GPO).3rd command messages is so constructed, so that can
Required by specification three sepaerate orders before utilizing it to replace.Completed contactless by minimizing
Order needed for transaction and the number of response, between card 22 and reader 10 required mutual time
Between be further minimised.3rd command messages can include many data elements of card 22 request
Value.The type of the transaction that each data element values instruction reader 10 is supported, reader 10
Whether support or require that off-line and/or online treatment, reader 10 are supported or require which holds
People's verification mechanism, etc..Data element can include terminal transaction qualifiers, dealing money, end
Hold unpredictable numeral, transaction currency code, and card 22 is at its sound to the second command messages
Other data any asked in Ying.
According to the type of the transaction that reader 10 is supported, card 22 performs and specific transaction subsequently
Many risk-management processes of type association.According to each embodiment, risk-management processes can be wrapped
Include and check that internal card indicator, in order to avoid transaction risk (tearing), compares application currency code
Value and the value of transaction currency code, compare number and the preset limit of Personal Identification Number entry,
Determine whether requirement cardholder verification method, compare dealing money and the low value relevant to card 22
Limit (loW value limit), compares dealing money and the total gold of the accumulation relevant to card 22 transaction
Volume, compares the value of chain transaction enumerator and value of chain transaction limit etc..By in transaction
In this moment perform the risk-management processes quoted, with according to traditional specifications after a while time
Carving and perform risk-management processes on the contrary, the interaction time between card 22 and reader 10 is entered one
Step minimizes.According to risk-management processes, card 22 can ask to terminate transaction, and online treatment is handed over
Easily, or processed offline.
After completing risk-management processes, the suitable of the 3rd command messages is rung by card 22 foundation
Should, and transmit the response to reader 10.Being included in the information in this response can be with card 22
Requirement transaction is approved online, and approved offline is still terminated and changes.Such as, when card 22
Requiring when transaction is approved online, described response can include the number of the transaction of instruction card process
Application transaction counter (ATC), is utilized application transaction counter by card 22 and is included in the 3rd life
Make that the terminal data in message (such as, the unpredictable numeral of terminal and dealing money) produces should
With password, application interaction feature (the AIP) (application of risk management function is supported in instruction
Interchange profile), issuer application data, Track 2 equivalent data, and respectively
Plant other data element.
When card 22 requires that transaction is offline approved, the response to the 3rd command messages can include
The application transaction counter (ATC) of the number of the transaction handled by instruction card.Described response also may be used
Utilize application transaction counter including card 22, be included in the terminal data in the 3rd command messages
(such as, the unpredictable numeral of terminal, dealing money, and transaction currency), and card can not be pre-
Survey the dynamic signature that numeral produces.Described response also includes that card 22 utilizes application transaction counter
With terminal data (such as, the unpredictable numeral of terminal and the transaction being included in the 3rd command messages
The amount of money) applied cryptography that produces.It addition, described response can include indicating the file relevant to application
With the application file localizer (AFL) of the position of record, answering of risk management function is supported in instruction
With interaction feature (AIP), issuer application data, and other data element various.According to respectively
Individual embodiment, before calculating applied cryptography and dynamic signature, card 22 can be incremented by application and hand over
Easily enumerator.If the size of dynamic signature exceedes predetermined threshold, then explanation below can be responded
The 4th command messages, in authorisation step 50 return dynamic signature.According to each embodiment,
Compared with the applied cryptography that applied cryptography includes with former specification is utilized of card 22 generation, more
Few data element.By utilizing less data element usually to produce applied cryptography, total process
Time is reduced, and the interaction time between card 22 and reader 10 is further minimised.
Application is authorisation step 50 after processing step 48.Receive from card 22 at reader 10
After response to the 3rd command messages, when to ratify transaction online, can be from reader 10
In the range of remove card 22.Then, request execution authorize online when, it is not required that card
22 are maintained in the range of reader 10.Owing to moving in this moment in trading processing
Except card 22, being further minimised alternately between card 22 and reader 10.Reader 10
The applied cryptography subsequently card 22 response the 3rd command messages provided is supplied to card sending mechanism online
30.According to the response received from card sending mechanism 30 subsequently, reader approval or refusal transaction.
When concluding the business to be offline approved, receiving the response to the 3rd command messages from card 22
Afterwards, reader 10 transmits the 4th command messages (such as, READ RECORD) to card 22.
The application file that 4th command messages can be used as providing at card 22 response the 3rd command messages is fixed
The request of the record of instruction in position device (AFL).Respond the 4th command messages, block 22 suitably
Reader 10 passed in record.When reader 10 receives the last item record, can be from reader
Card 22 is removed in the range of 10.Then, carrying out offline authorization when, it is not required that card 22
It is maintained in the range of reader 10.Owing to removing in this moment in trading processing
Card 22, being further minimised alternately between card 22 and reader 10.Reader 10 with
Rear inspection blocks whether 22 expire.If reader 10 determines that card 22 is not yet due, then read
Device 10 carries out offline data authentication subsequently.The type of performed offline data authentication, static
Data verification (SDA) or dynamic data authentication (DDA) are to respond the 3rd command messages according to card 22
The application interaction feature (AIP) provided determines.
For static data authentication, reader 10 attempts to confirm that card 22 responds the 3rd order
The static signature that message provides.Static data authentication relates to confirming important application data, to protect
Change to card not being spoofed property of data.If static signature is identified, then transaction is criticized by off-line
Accurate.Otherwise, transaction can be sent online or terminated.For dynamic data authentication, read
Read the dynamic signature that device 10 attempts to confirm that card 22 response the 3rd command messages provides.Dynamic data
Checking relates to confirming important application data, to change with ensureing not being spoofed property of data, and
Card 22 is real.According to each embodiment, dynamic signature is really approved and is included utilizing card 22
Respond application transaction counter (ATC) and the unpredictable numeral of terminal that the 3rd command messages provides
Recalculate dynamic signature.According to other embodiments, dynamic signature really approve include utilize
The unpredictable numeral of card received from card recalculates dynamic signature.If dynamic signature is by really
Recognize, then reader 10 produces clearing message, and described clearing message includes card 22 response the 3rd
The password that command messages provides, and other related data.Otherwise, transaction can be sent online
Or terminate.According to each embodiment, if dynamic signature not confirmed, then reader 10
The available password previously received from card 22 sends transaction online.Thus, reader 10 can profit
An online request is produced by offline cryptogram.Each embodiment of graphic extension authorisation step 50
Simple flow be illustrated in Fig. 6.
As it has been described above, method 40 can be used for making the card 22 of contactless transaction and reader 10
Between interaction time be minimized, with less than about 500 milliseconds.In order to prevent contactless
The offline sleeve attack of transaction, each embodiment of method 40 may utilize the dynamic of a kind of novelty
Data verification.For off-line trading, card 22 may utilize application transaction counter (ATC)
Numeral unpredictable with card, and it is included in the terminal in the 3rd command messages (such as, GPO)
Unpredictable numeral, dealing money and transaction currency code produce dynamic signature.Then respond to
3rd command messages issues the application file localizer (AFL) of reader 10 together with dynamic signature
Point to and comprise RSA certificate and the record of the data relevant to dynamic data authentication.Then, exist
In verification step 50, reader 10 can read card sending mechanism certificate, contactless card certificate, and
The data relevant with dynamic data authentication.According to each embodiment, reader 10 is available to be rung
Answer the 4th command messages, the application transaction counter (ATC) received from card 22, block unpredictable
Numeral, the unpredictable numeral of terminal, dealing money and transaction currency code, recalculate for really
Recognize the dynamic signature being used.Contactless transaction by hiding attack in the case of, recalculate
The dynamic signature previously received will not be mated from card 22.For this situation, reader 10 can
Refusal or termination contactless transaction.
Fig. 7 graphic extension reduces the occurred after the online request authorized to method 40
Each embodiment of the method 60 of the interaction time of two contactless transactions.According to each embodiment,
Method 60 can include a part for method 40.Method 60 can be realized by the system 20 of Fig. 2.
It is mutual that method 60 can be used for making between the card 22 of the second contactless transaction and reader 10
Time is down to minimum, less than about 500 milliseconds.According to each embodiment, method 60 includes
General step: the second transaction request 62, applies selection 4, and application processes 66, and trading approving
68。
Second contactless transaction is not financial transaction.Owing to the second contactless transaction is included in reading
Second time that continued in the range of device 10 presents card 22, and therefore this process is referred to alternatively as card return
Process.Before starting this process, in above-described first transaction, reader 10 He
Card 22 all may indicate to one another that they support card returns process.Such as, reader 10 and card 22
Can select step 46 is pointed out, in the application of the first transaction, the support that card return is processed by they.
After the step 50 of method 40 asks to authorize online, reader 10 or card 22 (pass through
Holder) the second contactless transaction can be asked at the second transaction request step 62.Real according to each
Execute example, when the card sending mechanism of online authorization requests being responded the message included being passed to card 22
Time, reader 10 can ask the second contactless transaction in the second transaction request step 62.This
The message of sample can be used for providing to card 22 updating or counter resets, or block account.
Such as, in online authorization response, in this response, card sending mechanism 30 can include that requirement continues
Second time presented the script message of card 22.So, card sending mechanism 30 is then able to seal account up for safekeeping
Family, supplements offline spending capability, increases offline spending limit etc., even if card 22 please not
Ask and take such action.In order to point out holder lasting second time to present card 22, reader
10 can show that the message pointing out to need other card to process the time, request present disappearing of card again
Breath, etc..
According to other embodiments, when card offline spending capability step-down, card 22 can ask second
Transaction, in order to receive increment (reload).Such as, when card offline spending capability step-down, logical
Crossing holder, card 22 can authorize by request is online, and provides current available spending amount,
Request continues to pay dues.In order to ensure that card 22 is to conclude the business the same card 22 of presenting for first, the
Two transaction request step 62 can verify card 22.
It is that application selects step 64 after second transaction request step 62.The application of method 60
The application selecting step 64 to be similar to method described above 40 selects step 46.In application choosing
Selecting in step 64, reader 10 transmits command messages (such as, SELECT VSDC to card 22
AID).This command messages can serve as utilizing and comes from the shared application that reader 10 had previously been set up
The application-specific of list, implements the request of the second transaction.Respond this command messages, card 22 to
Reader 10 transmits PDOL.PDOL can be similar to answering of above-described method 40
With selecting step 46 sends to the PDOL of reader 10.If PDOL includes specifically
Data element (such as, terminal transaction qualifiers), then process enters application and processes step 66.
Application processes step 66 after application selects step 64.Application processes step 66 can
To be similar to the application process step 48 of method described above 40, but difference is
It is not related to any financial transaction process.In application processes step 66, reader 10 is to card 22
Transmit another command messages (such as, GPO).Upon receipt of the command message, card 22 foundation is suitable
When response, and transmit the response to reader 10.
Application is transaction approval step 68 after processing step 66.According to each embodiment, as
Really card sending mechanism 30 determines the offline spending capability that increment is relevant to card 22, then card sending mechanism
30 can transmit response cryptogram, and ratify transaction or include foot by Message Authentication Code (MAC)
This message.Password or MAC can be used to ensure that only to enter the card 22 relevant to card sending mechanism 30
Row updates, counter resets etc..
As it has been described above, method 60 can be used for changing card risk parameter, card counters, card-like
State etc..Such as, for changing card risk parameter, method 60 can be used for increasing off-line
Spending limit, increases single transaction limit, it is allowed to blocks and enters with two kinds or more different currency
Row transaction, changes currency exchange rate of employing etc..For changing card counters, method 60
Can be used for making off-line can reset with spending amount, etc..For changing card state, method
60 can be used for block or unlock specific application.Those skilled in the art side of will appreciate that
Method 60 can be used for changing other parameter, enumerator etc..
Although illustrate several embodiments of the present invention here, but those skilled in the art
Member will appreciate that can realize the various amendments to described embodiment, changes and adapts to, and not taking off
From by the spirit and scope of the present invention of appended claims.Such as, implement according to each
Example, reader 10 described above, system 20 and/or method 40 can be modified, to stop
To the wireless handset utilizing information to be wirelessly transferred, USB swindles (fob) and miscellaneous equipment
" hiding attack " of similar type.It addition, each embodiment of method 60 can be used for place
Reason and currency conversion, the transaction that loyalty program etc. is correlated with.
Claims (7)
1. a reader, including:
Contactless interface;
Transaction modules, described transaction modules couples with contactless interface, wherein said transaction modules
It is constructed and arranged to be less than between contactless payment devices and reader by following operation
Contactless transaction is carried out within the interaction time of 1/2 second:
Send by answering that described contactless payment devices is supported to contactless payment devices
Selection;
Receive for describing reading via contactless interface from described contactless payment devices
The request of the data element of the ability of device;
Send the data element asked to contactless payment devices via contactless interface
In at least one;
The dynamic signature asking described contactless transaction from described contactless payment devices is tested
Card;
The response to dynamic signature is received from described contactless payment devices;
Receiving the rear to described contactless payment devices transmission of the response to dynamic signature
READ RECORD command messages for selected application;
Terminate the communication with described contactless payment devices;With
Contactless transaction is awarded after the communication of contactless payment devices in termination
Power;And
The security module coupled with transaction modules, wherein said security module is constructed and arranged
Become to prevent the intercepting to contactless transaction data and change, and wherein said dynamic signature is tested
Card includes:
The dynamic signature asked is received from contactless payment devices;
Dynamic signature is confirmed by recalculating dynamic signature;With
Only in the case of dynamic signature is identified, terminating and contactless payment devices
Communication after, authorize contactless transaction.
2. reduce a system for the interaction time of contactless transaction, including:
The card issued by card sending mechanism;
Reader, described reader includes:
Contactless interface;
The transaction modules coupled with contactless interface, described transaction modules is constructed and arranged
Become by following operation between described card and reader less than 1/2 second interaction time it
Inside carry out contactless transaction:
The selection of the application supported by described card is sent to described card;
The ability for describing reader is received via contactless interface from described card
The request of data element;
Send in the data element asked to described card via contactless interface
At least one;
The dynamic signature checking of described contactless transaction is asked from described card;
The response to dynamic signature is received from described card;
Receiving the rear to contactless payment devices transmission of the response to dynamic signature
READ RECORD command messages for selected application;
Terminate the communication with described card;With
Described contactless transaction is authorized after terminating the communication with described card;And
Security module, described security module and transaction modules couple and be configured to
Card cooperation to prevent the intercepting to contactless transaction data and change, wherein, described dynamically
Signature verification includes:
Described dynamic signature is received from described card;
Dynamic signature is confirmed by recalculating dynamic signature;With
Only in the case of dynamic signature is identified, terminating the communication with described card
Afterwards, contactless transaction is authorized;And
Wherein said card is constructed and arranged to by contactless interface and reader communication, and
Including:
Security module, is constructed and arranged to:
Cooperate with reader to prevent the intercepting to contactless transaction data and change;
With
Transaction modules, is constructed and arranged to:
Cooperate with reader with performing contactless transaction;
The ability for describing reader is sent to reader via contactless interface
The request of data element;With
Receive the data element asked from reader via contactless interface
At least one;And
Card sending mechanism and the network of reader communication with card.
3. a reader device, including:
For carrying out at least one risk pipe based on transaction before making contactless interface energising
The device that reason processes;
For starting the device of the communication with the contactless payment devices for contactless transaction;
Supported by described contactless payment devices for sending to described contactless payment devices
The device of selection of application;
For receiving the data of the ability for describing reader device from contactless payment devices
The device of the request of element;
For at least one in the data element that the transmission of contactless payment devices is asked
Device;
For being used for the dynamic signature of contactless transaction from the request of described contactless payment devices
Device;
For receiving the device of the response to dynamic signature from contactless payment devices;
For confirming the device of dynamic signature by recalculating dynamic signature;
For receiving the rear to described contactless payment devices transmission of the response to dynamic signature
Device for the READ RECORD command messages of selected application;
For terminating the device of the communication with contactless payment devices;
For with the ceased communication of contactless payment devices after, carry out contactless transaction
The device of line mandate;
For with the ceased communication of contactless payment devices after, and only at dynamic signature quilt
The device of the offline authorization of contactless transaction is performed in the case of confirmation;
For to complete contactless transaction with the contactless payment devices interaction time less than 1/2 second
Device;
For receiving the device of the request to the second contactless transaction;
For re-establishing the device of the communication with contactless payment devices;And
For to complete second less than the interaction time of 1/2 second contactless with contactless payment devices
The device of transaction.
4. reader device as described in claim 3, is wherein used for carrying out at least one
The device of risk-management processes based on transaction also includes for being entered with predetermined value by dealing money
The device that row compares.
5. reader device as described in claim 3, wherein for receiving with contactless
The device of the information that payment devices is relevant also includes propping up with by contactless payment devices for reception
The device of the information that at least one application held is correlated with.
6. reader device as described in claim 3, wherein for receiving the dress of request
Put the device also included for receiving the request to non financial transaction.
7. reader device as described in claim 3, has wherein been used for second without connecing
The device touching transaction also includes comprising for the memorizer transmission in contactless payment devices changing
Become message, described in change into following in one:
Change for the risk parameter of risk-management processes based on transaction;
The change of enumerator;And
The change of state.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US72145405P | 2005-09-28 | 2005-09-28 | |
US60/721,454 | 2005-09-28 | ||
US80777506P | 2006-07-19 | 2006-07-19 | |
US60/807,775 | 2006-07-19 | ||
PCT/US2006/038047 WO2007038743A2 (en) | 2005-09-28 | 2006-09-28 | Device, system and method for reducing an interaction time for a contactless transaction |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210233301.XA Division CN102968604B (en) | 2005-09-28 | 2006-09-28 | Reduce the equipment of the interaction time of contactless transaction, system and method |
CN201610850482.9A Division CN106447310A (en) | 2005-09-28 | 2006-09-28 | Device, system and method for reducing an interaction time for a contactless transaction |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101313329A CN101313329A (en) | 2008-11-26 |
CN101313329B true CN101313329B (en) | 2016-10-19 |
Family
ID=40101083
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200680043308.8A Active CN101313329B (en) | 2005-09-28 | 2006-09-28 | Reduce equipment and the system of the interaction time of contactless transaction |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101313329B (en) |
ZA (1) | ZA200803372B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2427917C2 (en) | 2005-09-28 | 2011-08-27 | Виза Интернешнл Сервис Ассошиэйшн | Device, system and method to reduce time of interaction in contactless transaction |
SK288747B6 (en) * | 2009-04-24 | 2020-04-02 | Smk Kk | Method and system for cashless payment transactions, particularly with contactless payment device using |
CN102427459B (en) * | 2011-12-23 | 2014-03-05 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
CN102413146B (en) * | 2011-12-23 | 2014-02-19 | 杭州数盾信息技术有限公司 | Client authorized logon method based on dynamic codes |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8611919B2 (en) * | 2002-05-23 | 2013-12-17 | Wounder Gmbh., Llc | System, method, and computer program product for providing location based services and mobile e-commerce |
US20050203856A1 (en) * | 2004-03-15 | 2005-09-15 | David Russell | Method & system for accelerating financial transactions |
-
2006
- 2006-09-28 CN CN200680043308.8A patent/CN101313329B/en active Active
- 2006-09-28 ZA ZA200803372A patent/ZA200803372B/en unknown
Also Published As
Publication number | Publication date |
---|---|
CN101313329A (en) | 2008-11-26 |
ZA200803372B (en) | 2009-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10043177B2 (en) | Device, system and method for reducing an interaction time for a contactless transaction | |
CA2163365C (en) | System and method for revaluation of stored tokens in ic cards | |
US10133773B2 (en) | Methods and systems for indirectly retrieving account data from data storage devices | |
CN103810597B (en) | mobile device, payment transaction system and payment transaction method | |
CN104504565A (en) | Mobile payment system and method based on bank virtual card number | |
CN102081821A (en) | IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal | |
CN106327175A (en) | Mobile payment application architecture | |
CN106997527A (en) | Credit payment method and device based on mobile terminal P2P | |
CN104933565B (en) | A kind of IC card transaction method and system | |
CN103400265A (en) | Quick payment method and system based on position information | |
US20130138519A1 (en) | Point of Sale Activation and Reload System | |
US20210406869A1 (en) | Methods, systems and computer program products for modifying contactless payment card configurations | |
CN101313329B (en) | Reduce equipment and the system of the interaction time of contactless transaction | |
CN101918965A (en) | System for electronic commerce transactions, portable electronic communications device, communications network, computer program product and method thereof | |
CN101197030A (en) | System and method for improving account information safety of virtual access trade | |
CN107862607A (en) | A kind of digital cash method of commerce and system based on financial IC card end | |
CN101388128B (en) | System and method of managing contactless payment transactions using a mobile communication device as a stored value device | |
RU2774798C2 (en) | Method applying time-reduced processing of an apparatus | |
CN205334535U (en) | Collect fiscard payment and settle accounts in device of an organic whole | |
WO2022147405A1 (en) | Offloading a signing operation on a user device | |
MX2008004209A (en) | Device, system and method for reducing an interaction time for a contactless transaction | |
JP2002298053A (en) | Electronic settlement system for price to provision of commodity or service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |