DE9012561U1 - Device for secure data transmission - Google Patents

Description

The invention relates to a method and device for secure remote data transmission with a focus on cashless money transactions.

Long-distance data transmission networks are well known, such as the normal telephone line, telex, Datex, ISDN and the like. The task of these networks is to communicate using simplex, half-duplex or duplex methods. For example, the fax system has recently become particularly popular, in which texts or graphic representations are transmitted over the telephone line using appropriate transceiver devices.

From this perspective, it is obvious that information that is subject to a certain degree of confidentiality or that can be transmitted in a standardized manner for a wide range of applications can also be transmitted remotely.

One way to store confidential information is to use chip cards, whose memory content can only be accessed using at least one so-called PIN number (personal identification number).

Such microprocessor or semiconductor chip cards have been in circulation for a long time and are used, for example, in the Deutsche Bundespost telecommunications system and in other areas of application. In contrast, access to ATMs is currently still achieved using a magnetic stripe card, where the secret number (PIN number) of the account holder and thus the card owner must be entered into an input device for identification purposes.

However, the security factors that can be used to prevent misuse are limited given the current state of the art.

With the help of a microprocessor or semiconductor chip card or a similar information carrier, it is possible to discreetly send information to the relevant recipients by telephone or via digital long-distance transmission networks and/or to communicate with them in half or duplex communication.

The present invention is therefore based on the task of creating a method and device that enables such discrete information transfer and can be used in particular for cashless money transactions, whereby the security risk against misuse is minimized. Other areas of application include, for example, hotel room reservations, missing person reports and the like.

These objects are achieved by a method according to claim 1, which is followed by further method features according to claims 2 to 25.

The device for carrying out the method is described in accordance with claim 26, with particularly preferred design features of the device being presented in the subclaims 27 to 37.

This provides that an information carrier is provided with information in addition to the read-only memory identification by means of a write/read unit, which legitimizes the user that the information carrier is used for data communication and/or recording or for

payment transactions and is protected against misuse by being assigned a calculable and constantly changing individual code, and that the information carrier communicates with at least one other information carrier or at least one read/write unit via remote data transmission networks or is contacted and read directly by a read/write unit via its interface.

This makes it possible for the information carrier to transmit its information to the receiver, e.g. via a telephone line with integrated information carrier holder, read/write unit and modem, and for the telephone network on the receiver side to also activate a modem with a downstream read/write unit and transfer the information to the receiver via the compatible interfaces of the receiver read/write unit and the receiver information carrier.

The information content covers payment transactions, bookings, reservations, search reports, etc., whereby higher-level central data processing systems are preferably addressed via remote transmission networks using special information carriers.

The comparison of the identity of the read-only memory PIN number, whereby at least the read-only memory is part of the information carrier, with the read-in PIN number releases the latter for use, whereby a random generator number entered by a random code generator or already coded number or the like is compared with at least one other random generator number or the like.
encoded or converted and where the

information carrier forwards a modified, i.e. newly calculated, coding with the information to be transmitted and that after the code has been forwarded, it is re-encoded for subsequent use.

In telephone communication, a read/write unit feeds the information carrier to a modem, with another modem on the receiver side being coupled to at least one other read/write unit, which processes the information or makes it visible or transmits it to another information carrier in whole or in part, encrypted or unencrypted. To protect against misuse, the sender's information carrier is preferably provided with additional coding, e.g. from at least one random number generator number with subsequent calculation coding by means of a read/write unit or the like, but the coding for reading or using the information carrier can also be entered into the read/write unit and transmitted by the information carrier.

When making payments via telephone lines or similar, a programmed credit balance is debited from a working capital account using a code number or code transmission and stored on at least one read/write memory of the information carrier, whereby access to the read/write memory is only possible with the transmission of the current code online to the bank and preferably each read/write memory with credit is assigned to a special bank account so that in the event of misuse only the maximum amount of this account can be accessed.

In payment transactions using information carriers, the debit is preferably made online to the bank and the remaining balance of the respective read/write memory is then updated with a new code by the bank.

During payment transactions, the information carrier establishes the online connection via its program and its interface, whereby a code calculated using a read/write unit is preferably transmitted and ultimately checked for legitimacy by the bank using identical calculation steps.

After a set number of uses of the information carrier as a means of payment offline, the code calculated for it is overwritten by the relevant bank with at least one new random generator code before it is used online again, and if necessary the read/write memory balance and thus the special account are increased.

Preferably, it is provided that the credit stored in at least one read/write memory of an information carrier is transferred in whole or in part with coding via a telephone line or the like to another information carrier or a read/write unit with a storage unit and thus debited.

Furthermore, it is intended that even if the information carrier is used as a means of payment offline, coding must be carried out by converting the old code, preferably using a read/write unit, before use. In this case, cashless payment transactions in online operation

devices that work on the Internet carry out a preliminary authentication with a time-limited random code identification of the information carrier, whereby offline devices are addressed via a network with an intermediate data processing system in such a way that they legitimize the purchase when they receive the random code from the online devices and preferably temporarily store a credit debited from the information carrier until the final transfer from bank to bank. This results in a high level of security and a time saving for the customer during the debit process, particularly in department stores or the like. Combined online/off-line devices are particularly useful at gas stations.

Before an amount credited to the information carrier is used as a means of payment, it is credited online to the recipient bank using the code transmitted by the drawee bank, which is the only way the special account of the drawee bank is actually debited, and in a subsequent step the transfer to a special account, the own random generator coding and the reading into the corresponding read/write memory of the information carrier can be carried out. Additional security against misuse is achieved by the recipient bank requesting the drawee bank to establish the connection via the remote transmission network on its own initiative before the actual transfer and to carry out the booking process after authentication.

Preferably, the transfer from the special account to the regular operating resources account is carried out using information carrier programming.

It is also provided that the bank used, the recipient bank, the debited balance, the card number or the like can be made visible and acknowledged by means of a display or the like on the read/write units and/or printer.

When exchanging other types of information, the information content is made visible in whole or in part, unencrypted or encrypted, and if necessary, half or duplex communication is enabled using the read/write units.

This will usually be necessary for hotel reservations or similar.

Preferably, the information carrier establishes the online connection via its program, parts of its memory content and its interface, whereby preferably a code is transmitted and checked for legitimacy by the recipient.

The verification of legitimacy by means of PIN number confirmation and the coding of the information carrier is carried out via a preferably portable read/write unit whereby in the online process the information carrier is/will be assigned at least one random generator code.

If the card is lost, the special account(s) will be credited back to the operating resources account using a higher-level PIN number in the data traffic.

The device for carrying out the method provides that an information carrier is provided with at least one read/write memory in addition to a microprocessor or semiconductor chip via a BUS system, whereby the chip is suitable for recording information and/or money bookings via the chip's interface, and that the chip can be programmed via read/write units and its memory unit(s) can be changed, whereby long-distance transmission networks such as the telephone network are used, whose peripheral devices are suitable for recording information carriers and are equipped with a modem in the case of the telephone, while digital networks do not require a modem and whereby special coding and a data processing system are used for money transfer in cashless money transactions. When the information carrier is used in money transactions via the telephone network, the telephones are equipped with modems and read/write units whose interface is compatible with the information carrier interface and which can be used for precise information carrier recording and information transfer.

At the same time, it is intended that these read/write units, like the portable devices, are equipped with an alphanumeric keyboard, display or the like and also have a printer and that the microprocessor or semiconductor chip contains a calculating unit.

When using other transmission networks that operate digitally, the peripheral devices are equipped with read/write units and are suitable for receiving information media and are compatible with the information media interface. Otherwise, they are equipped in the same way as devices that operate in analog mode.

Since, in a broader sense, cashless money transactions can also be considered as information transfer, the present invention therefore makes it possible to transfer, for example, money balances from information carrier to information carrier via telephone lines or other long-distance transmission networks.

In the specific case, in a preferred embodiment, a cash balance is made available on the card by means of a telephone connection to the bank in question using a chip card that has been legitimized by confirming the PIN number and the code that is released with it, with the bank returning at least one random generator code that overwrites the old code and the amount made available being credited to a special account of the owner of the information carrier.

This ensures that the transferred amount of money on the one hand remains with the account holder until it is finally used and bears interest, and on the other hand, to protect against misuse, it can only be debited in connection with the random generator code or the code calculated from it.

Such a debit transaction can be carried out online after direct and preferably time-limited PIN number confirmation directly via a read/write unit, whereby the remaining balance then remains in the information carrier memory with overwriting of a new random generator code; on the other hand, it is conceivable that amounts of money with the corresponding code are transferred to another information carrier via telephone line, whereby to protect against misuse

-10-whose use as a means of payment by the recipient, the transferred funds must be credited to his own account, and whereby the actual booking process is carried out beforehand by means of the transferred code from the drawee bank to the recipient bank.

An increased level of security is achieved with the present invention in that the money balances debited from the corresponding storage units of the information carrier are credited by the bank to at least one special account, which is only accessible via the transmitted code, which is converted and thus recoded after the booking process has been completed.

In the offline process, the bank must keep the previously valid code valid for a defined period of time until the debit, so that a code overwritten in the online process does not hinder the payment transaction that was previously made. This procedure is made possible by the bank or similar using its data processing system and with knowledge of the coding regulations to calculate and list the codes calculated by the user and thus legalizing them. For clarity, however, it is advisable to create a new legitimation list using a code transferred in the online process, i.e. the bank requires an online step after x offline transactions.

The write/read units of the peripheral devices used are provided with a power supply, preferably an alphanumeric keyboard and a display or the like, an information carrier holder and at least one microprocessor with a calculator and storage units, the

Interface is compatible with that of the information carrier. A necessary BUS system does not require any further mention.

Write/read units for cashless payment transactions can be conceivable as offline or online devices. Their combination with a data processing system via a network is particularly useful. Time savings for the customer and increased security for a business or the like arise when, for example, a customer wants to make a purchase in a department store to have his chip card authenticated online, whereby a random number generator or the like is preferably read onto the chip card by the online device for a limited period of time. During the online query, the customer can make his choice, whereby his chip card is then debited offline for cashless payment transactions, provided that his random number generator is listed in the memory of the offline device as proof of legitimacy via the data processing system and the network. A display and/or a printout make the booking process transparent for the customer. Of course, other security procedures on this or a similar basis are conceivable.

The information carrier is preferably designed as a microprocessor or semiconductor chip card which, in addition to its own power supply with a BUS system, has a computing unit and storage units, a clock generator and a timer or the like for time-limited authentication, with the possibility of independent coding of read-in random generator codes. However, the coding is usually carried out via separate read/write units in order not to over-dimension the chip and to simplify the chip card.

Portable read/write units are basically equipped with the same elements as the peripheral devices, whereby it should be emphasized that the comparable arithmetic units carry out the same operation and the portable read/write units are preferably equipped with at least one timer and the associated function keys for the time-limited legitimization of the information carrier via the read PIN code.

It is assumed that a microprocessor or semiconductor chip can be designed as a logic memory chip; the description of elements such as drivers or the like, which are just as hardware-specific as accumulators as computing memory, is omitted below.

The invention will now be explained in more detail with reference to the accompanying drawings which show particular embodiments.

Figure 1 shows the chip card 1 on which the method and device are based

Figure 2 shows the corresponding portable read/write unit 2.

Figures 3 and 4 show an embodiment of the invention in a schematic representation with a chip card and portable read/write unit when transferring money to your own chip card.

Figure 5 shows an embodiment of the invention in a schematic representation, describing the money transfer from card to card.

Figure 6 shows the schematic structure of the communication between sender and receiver with the respective banks being interposed.

Figure 7 shows the schematic structure of a system for cashless payment transactions.

Figure 1 shows the information carrier on which the method according to the invention is based in the form of a chip card 1. The chip 17 is connected to the memories 22 to 31 by means of a data bus system 21, whereby all units are provided with a power supply 32. The chip card 1 has an interface 33 for communication with the read/write units. The memory contains the PIN number, which is connected to the read/write memory 23. The memories 24 and 25 are also designed as read/write memories, while the memory 26 is a read-only memory or programmable read-only memory. The memory 27 is designed as a read/write memory or read-only memory or programmable read-only memory and the memories 28 to 30 are read/write memories. Memory 31 contains owner-specific data as a read-only memory.

Figure 2 shows the portable read/write device 2. It has a chip 19, a corresponding interface 40 and a computing unit 41, which are connected by means of a data bus system 42 to a display 43, a timer 44, a keyboard 16 with a special keypad 45 and are coupled to a power supply 46.

It should be emphasized that the portable read/write unit 2 can be used as a computer by means of the keypad 16 and the special keypad 45.

In the special key field 45 there is a reference key 47 for the timer and a so-called "clear key" 48. In addition to the functions "On", "Off" and the respective arithmetic operations, a confirmation or "enter key" 49 is also provided. In addition, a "second func. key" can be arranged, not described in detail here.

The transfer of money to your own chip card 1 will now be explained using the following exemplary embodiments according to Figures and 4.

First, the chip card 1 is programmed using the preferably portable read/write unit 2 by inserting the chip card 1 (arrow direction 51). For this purpose, the read/write device 2 has a card holder 15. After entering the PIN number using the keyboard 16 of the read/write device 2, it is transferred to the read/write memory 23 and checked for legitimacy using memory 22, in which the read-only memory PIN number is located. The random generator number 1 or the code I, for example, is fetched from the memory 24 to the arithmetic unit 41 of the read/write device 2 via the data bus 21 and the interfaces 33 and 40. This is also done with one of the values "Code III" from memory 26 (read-only memory or programmable read-only memory). The coding is now carried out. For example, the random number generator number q or the code I from memory 24 is multiplied by the code 111_.

- 15 The coding is characterized as

Code I _n &khgr; Code 11

X ₁ , is reduced to e.g. 6 digits to the code I 1 η + �Ggr;

This code I . is transferred to the memory 25. This enables the program command created via the keyboard 16 to be read into the memory 28. The credit 1 specified remains unchanged in the memory 29. Additional bank information can be entered into the memory via the keypad 16.

The memory 23 is released and the card is removed. The timer 44 is programmed and activated, for example, with the button 47. This keeps the PIN number for a defined time.

Using the clear button 48, the timer and, after inserting the chip card 1 into the read/write device 2, the memories 25, 28 and 30 are emptied and the content of memory 25 is rewritten into memory 24.

After the bank communication, e.g. the debit via the data processing system 14a ¹ , the memory content of the memory 25 is emptied and memory 24 is provided with a new bank code I, the credit 1 from memory 29 is increased to the credit 2, the memory 30 is emptied by the read/write unit 2a, while the memory 31 as a read-only memory has owner-specific data that also control the process.

Figure 5 shows an embodiment of the transfer from card to card.

The chip card 1 is then inserted into the portable read/write device 2. The legitimacy check is carried out by entering the PIN number into the read/write memory 23 and the code 1, for example, is fetched from memory 24 into the arithmetic unit 41 via the data bus 21 and the interfaces 33/40. The code III is taken from memory 26. The coding is then carried out: Code I _{n +} .,x Code IH ₃ = X ₂ · X ₂ is reduced to 6 digits, for example, and is represented as Code I _{n + 2.} Code I _? is transferred to memory 25. The random generator number 2 or

of Code IV into the arithmetic unit 41.
m

By entering the recipient data via the keyboard 16 and transferring, for example, the booking amount, the account number and the bank code into the calculator 41 after programming and transferring it into the memory 28, the coding is carried out, for example: (Code I . &khgr; booking amount &khgr; account number &khgr; bank code) + ZGN ₂ {"or Code IV "T= X ₃ . After reducing the product to 8 digits, for example, and if necessary reducing the total to 8 digits in the case of an 8-digit ZGN" or Code IV, Code II results.

Code II is stored in memory 28

After the card communication, the memory content from memory 25 is overwritten into memory 24, the credit is debited from memory 29, and memories 28 and 30 are emptied.

If timer 44 is programmed and activated with button 47, whereby the PIN number is held for a defined time, card communication can take place at a later time.

To explain in more detail, after the sender chip card 1 is inserted into the read/write device 2a and the recipient is dialed, his chip card 1 is read via his read/write device 2a. This reduces the credit 2 according to the program command by transferring it and memory 30 and memory 28 are emptied. The memory 27 for the code IV can be designed as a read-only memory or programmable read-only memory, or is activated as a read/write memory in an online step with the bank, whereby the code IV is read again into memory 27 as a random number generator number m + 1.

The recipient now calls his bank and sends the command to transfer the received funds to his working capital account.

The recipient bank now sends a callback request to the creditor bank. After the connection has been established, the creditor bank sends the command: Posting amount to account Bank code, code II.

The debtor bank has already calculated and listed the codes I (1 to p), whereby a new list is started after each online step by transferring a new ZGN (code I). The old lists are deleted after a defined time. The debtor bank encodes all existing codes I in all lists with the above-recorded instructions and thus receives the list of codes II. If the transferred code II from the creditor matches one of the calculated codes II, the transfer takes place.

Figure 6 again shows a schematic embodiment of the data transfer together with the device according to the invention with the involvement of the banks.

Firstly, it should be noted that the method according to the invention and the associated device are subject to two possible variants, whereby on the one hand the chip card 1 is designed in such a way that it carries out the arithmetic operations or on the other hand the required arithmetic operations are carried out by a read/write unit 2.

If the chip card 1 itself carries out the arithmetic operations, it requires, in addition to the microprocessor 17, preferably programmable read-only memories and additional read/write memories, a power supply, a clock generator and if necessary, time-legitimizing units, an interface and a computing unit with a BUS system.

The associated read/write unit 2 then requires, in addition to a power supply, the chip, read/write units, a keypad, a display or the like, a card holder as well as an interface and a BUS system.

In the second variant, in which the read/write unit 2 carries out the arithmetic operation, this additionally has a calculation unit and storage units, whereby at least the arithmetic unit can then be omitted from the chip card.

The read/write units 2/2a themselves are preferably connected to the telephone 1 or the like in stationary online operation, but can also be operated separately in stationary operation and in this form can also be used for offline

Application where an additional storage unit such as a floppy disk or the like takes over the time-delayed data transfer.

Portable read/write units 2 are primarily used for discrete PIN number confirmation and are suitable for legitimizing the information carrier for a defined period of time using a corresponding button, for which an integrated timer or the like is suitable.

The following embodiment describes a variant in which the write/read unit 2 carries out the write/calculate operation.

The sender S is in possession of a chip card 1, which, in addition to a permanent memory identifier (PIN number), has a memory for bank-specific information and a memory for coding. The aforementioned memories have the reference numerals 22-31.

The chip card 1 is shown enlarged here and is inserted into the card holder 15 of the portable read/write unit. The user first enters the PIN number using the preferably alphanumeric keypad 16. The integrated chip (19) confirms the legitimacy.

The chip 19 then activates the arithmetic unit 20 and the coding takes place as previously described.

- 20 - '■

After inserting the programmed chip card 1 into the slot 15a of the read/write unit 2a, the connection to the user's own bank or account 10 is established via the modem 3 and the data network 9 when passing through the data processing system 14.

It should be noted here that although direct offline communication with the recipient and thus the transfer from card to card is possible, a booking process from the special account 11 can only be carried out from bank to bank (see above), which procedure therefore represents part of the security system of the present invention. In online operation, memory 24 of the chip card 1 is overwritten by the random generator 13.

For the recipient "E", the transferred amount goes through account 10, with which payment information, sender identification, etc. are transmitted. Only after the actual booking process from bank to bank can the recipient "E" transfer the transferred amount to his bank account for use as a means of payment in a special account, where his own PIN number is used and a new code I is sent to him by his bank. This means that the transfer routes and the bookings can be traced at any time.

To provide extra protection against misuse, the sender code is further encoded with recipient-specific data. For example, it is conceivable that the code number 61696 is multiplied by the debit amount, the account number and the bank code of the recipient and the sequence of numbers

is then reduced to ζ. B. eight digits. A subsequent addition of another 8-digit code number (Code IV) and a possible reduction to 8 digits results in Code II. It is important to note that during the reduction, for example, all zero digits are converted to any value from 1 to 9. Since the bank being used can calculate the normal coding in advance, it will identify the code and legitimize the process by multiplying all calculated Codes I that are still current by the recipient data (the debit amount, account number &khgr; bank code) and the subsequent digit reduction or addition as described if the recipient information carrier is used lawfully.

It is therefore always ensured that the funds debited from the corresponding memory units of the chip card are credited by the bank to at least one special account that is only accessible via the special coding described (Code I/11).

Figure 7 shows the schematic structure of a system for cashless payment transactions.

The offline devices 2a with their information storage device 15a are connected to the network 54, which is shown here in a tree structure, via the interfaces 52, and to the data processing system via the interface 52. The online devices 2a are also connected to the data processing system in a tree structure via the interface 55, with the interface 56 representing the transition from the network 54 to the online devices 2a. While the offline devices

Since there is no display or print, the online devices show the random number generator 57 and the timer 58 as a special feature.

The present invention provides a method and a device with which it is possible to store confidential information which, on the one hand, is only accessible with identification information and, on the other hand, additionally enables a payment transaction or the like with instruction and identification information which is also traceable but identifies the creditor bank and the creditor account as mandatory data information, so that even in the event of abusive intrusion into the data network, the payment order cannot be diverted to an unauthorized account.
This also completely excludes bank errors.

Claims (1)

Expectations Device for secure data transmission, characterized in that that an information carrier (1) is provided with at least one read/write memory (22-31) in addition to a microprocessor or semiconductor chip (17), which is/are suitable for storing information and/or money bookings and which is/are programmable via the interface of the chip (17) by means of preferably portable read/write units (devices) (2) and whose storage unit(s) e.g. B. can be changed via calculators, whereby long-distance transmission networks (9) such as the telephone network are used, the peripheral devices (2a) of which are suitable for receiving information carriers just like the portable write/read units (2), and that a modem (3) is provided for the telephone (12), while digital networks do not require a modem and whereby in the case of cashless money transactions a random code generator (13) and a data processing system (14a) are suitable for money transfer. Device according to claim 1,
characterized, that when using the information carrier (1) in money transactions via the telephone network (9), telephone sets (12) are provided with modems (3) and read/write units (2a), the interface of which is compatible with the information carrier interface and which are suitable for the precise information carrier recording (15a) and information transmission. 3. Device according to claim 1,
characterized, that when using other transmission networks that operate digitally, the peripheral devices are equipped with read/write units and
suitable for information carrier recording and are compatible with the information carrier interface. 4. Device according to claim 1,
characterized, that the information carrier (1) is designed as a microprocessor or semiconductor chip card with optionally integrated arithmetic unit and at least one read/write memory. 5. Device according to claim 1,
characterized, that the preferably portable write/read units (2) are suitable for receiving information carriers (15), are provided with a preferably alphanumeric keyboard (16) and a display or the like as well as a microprocessor or semiconductor chip (19) with an integrated arithmetic unit (41), a power supply (46) and a BUS system (42) for coding, wherein the interface of the chip (19) is compatible with that of the information carrier (1). 6. Device according to claim 1,
characterized, that the preferably portable read/write units (2) are provided with at least one integrated timer (44) which can be separately selected and programmed using a keyboard (16), whereby - 3 the read/write units (2) with their storage units are suitable for holding at least one programmed PIN number until the associated information carrier (1) is used and wherein the programming can preferably be canceled by means of a clear button (48). Device according to claim 1,
characterized, that the write/read units of the peripheral devices (12) are provided with, in addition to the information carrier holder (15a), preferably an alphanumeric keyboard (16a), display (18a) or the like, as well as a microprocessor or semiconductor chip with preferably integrated arithmetic unit for coding. Device according to claim 1, characterized, that the preferred read/write unit (2) as well as the read/write units (2a) of the peripheral devices (12) is/are equipped with features of a computer. Device according to claim 1,
characterized, that the write/read unit for offline operation (2a ^f ) has an information carrier holder (15a ¹ ), a preferably microprocessor or semiconductor chip with an interface to the information carrier, at least one data memory, a display and/or printer and a further interface (52) to a network (54) of a data processing system (14a ¹ ). 10. Device according to claim 1,
characterized, that the write/read units for online operation (2a") have an information carrier holder (15a"), a preferably microprocessor or semiconductor chip with an interface to the information carrier, a modem in the telephone network, a random code generator (57), a timer (58) and a further interface (56) to the network (54) of the data processing system. 11. Device according to claim 1,
characterized, that the read/write units for online and offline operation are integrated in one device and preferably have an interface to a data processing system. 12. Device according to claim 1,
characterized, that for hotel reservations, to query available hotel rooms or the like, central data processing systems are equipped with modems for telephone traffic or with connections to other long-distance transmission networks, whereby the information carriers (1) are provided with a correspondingly programmed chip and special storage elements.