EP0617819B1 - Device for intervention on a terminal delivering goods or services - Google Patents

Device for intervention on a terminal delivering goods or services Download PDF

Info

Publication number
EP0617819B1
EP0617819B1 EP93902345A EP93902345A EP0617819B1 EP 0617819 B1 EP0617819 B1 EP 0617819B1 EP 93902345 A EP93902345 A EP 93902345A EP 93902345 A EP93902345 A EP 93902345A EP 0617819 B1 EP0617819 B1 EP 0617819B1
Authority
EP
European Patent Office
Prior art keywords
terminal
portable security
security device
lock
card reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP93902345A
Other languages
German (de)
French (fr)
Other versions
EP0617819A1 (en
Inventor
Jean-Jacques Foglino
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemplus SA
Original Assignee
Gemplus Card International SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus Card International SA filed Critical Gemplus Card International SA
Publication of EP0617819A1 publication Critical patent/EP0617819A1/en
Application granted granted Critical
Publication of EP0617819B1 publication Critical patent/EP0617819B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/29Individual registration on entry or exit involving the use of a pass the pass containing active electronic elements, e.g. smartcards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/02Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/06Coin boxes

Definitions

  • the subject of the invention is an intervention device on a delivery terminal for a good or service.
  • the terminal is a parking meter or a parking meter. It can however be any distributor automatic goods or services such as a distributor of drinks or even a counter connected to a managing server a database.
  • the terminals concerned by the invention comprises at least one device for payment by smart card, and in some cases a mixed chip card payment and direct payment in cash, coins or banknotes, or by magnetic card.
  • Payment by smart card is either a count of prepaid and registered units in a card memory, in this case the card is a smart card with at least one memory.
  • Be the payment is a payment by direct debit from an account in the bank. In the latter case the card is a banking, magnetic or chip type.
  • a first type of balance in a first counter measures the quantity of services issued
  • a second type of balance in a second counter represents card payments (currency called electronic)
  • the third type of balance in a third counter when present, indicates the amount of cash for the agent to collect, heard deliver to the authorities which manage the terminal.
  • the total of the last two counters must be equal to total of the first counter.
  • Document EP-A-0 387 972 discloses an intervention device on a delivery terminal for a good or service according to the preamble of claim 1. It is also known from this document a means for transferring into the secure portable medium information relating to the state of the terminal before an intervention.
  • the object of the present invention is to provide ways to resolve these fraud issues. According to the invention, this object is achieved in accordance with the characterizing part of claim 1.
  • the stakeholders are asked to introduce a secure intervention support of the type and smart card format in the card reader terminal chip.
  • This terminal therefore includes necessarily a smart card reader.
  • the support secure therefore has one end at the smart card format when it is not itself a Smartcard. This end is the one introduced in the smart card reader.
  • the secure support is then recognized as an intervention smart card by the terminal. This recognition can be provoked by the intervener who can act by elsewhere on terminal control buttons. This recognition can also preferably be automatic, from the introduction of secure support, to the initiative of the terminal or of a contained microprocessor in the secure intervention support.
  • the opening in particular the terminal may not be necessary if the content of cash stored there is insufficient to justify emptying the trunk containing cash. In this case we do not transfer in the smart card as the meter states.
  • a protocol for recognition can even in a known way determine what type of intervention will be undertaken, do not transfer that information that is sensitive with respect to this intervention, and of course only open the door to the terminal corresponding to this intervention.
  • Figure 1 shows a useful device to intervene on a delivery terminal for a good or service. It has a terminal 1 provided a smart card reader 2, and in some cases a slot 3 or similar device for introduce cash into the terminal. Terminal also has a number of buttons orders such as 4 to choose a good or service among several or to cancel the operation. Terminal is therefore in contact with a distributor of these goods or services.
  • the terminal issues a 5 ticket parking corresponding to a duration chosen by a user. This places this ticket prominently behind the windshield of his vehicle, so that supervisors can verify that the vehicle is authorized to park.
  • a smart card reader the terminal, for example reader 2, secure support intervention 6 with one end of card format smart.
  • This secure support 6 includes a microprocessor 7 in connection with a memory programmed 8, with a data memory 11, and with contact pads such as 12 needed to enter in relation to reader 2.
  • the studs are absent: the connection is made by electromagnetic waves.
  • Programmed memory 8 has two programs. According to the organization chart of the FIG. 2, a first program 9 is a program for recognition, for example a response program to classic type recognition. In such recognition the terminal interrogates the support. The support responds by transmitting their identification and / or code secret, stored in part 16 of its memory 11.
  • the microprocessor 7 can encrypt the secret code if necessary media before sending it to drive 2. In this case reader 2 must be provided with means deciphering.
  • Such a program is for example described in a European patent application EP-A-0 284 133.
  • terminal 1 has a keyboard 4, you can for this recognition use this keyboard 4 to ask the operator to authenticate his intervention. He therefore indicates his personal code with this keyboard.
  • This personal code which can be the same as that of the card or another, is compared, by terminal 1 or microprocessor 7 on the card, one carrier code contained in the card or even a code contained in the terminal. This prevents a card intervention chip that would be lost can be used to a thief to loot the monetary content of terminals: the cash received there. this allows also to detect the presence of false terminals, the terminal to check the card, then the card performs a terminal check.
  • a second program 10 contained in memory 8 is also a program of the invention: it has for goal, after the authentication operations, to cause the information contained in terminal 1 counters or status registers to memory 11 of the secure medium.
  • the microprocessor 7 waits for response.
  • the microprocessor 7 of support 6 takes control of the thick headed. This grip is simply carried out by the fact that after recognition reader 2 is puts an order on hold.
  • Program 9 on the card can for example then include for this purpose, ultimately, a time delay instruction calibrated after from which program 10 of the card is triggered. Under the effect of the instructions in this program 10, the microprocessor 7 then reads the content of the counters and or the content of terminal status registers.
  • microprocessor 7 sends an order to reader 2 so that this reader 2 causes the unlocking of a lock logic or a physical lock that prevents opening of a door 13 of the terminal and therefore the course of the desired intervention.
  • Program 10 can also contain counter or register reset instructions player 2 status.
  • program 10 includes instructions for changing a rate of consumption with the terminal. These instructions are executed, if necessary, before opening the door. But it is not essential.
  • Program 10 includes preferably instructions for recording terminal information in a form encrypted in memory 11. Therefore this information are not even directly understandable by a operator who would just read the memory 11.
  • the encryption is of the same type as that which is used to encrypt the secret code in the program 9 before sending it.
  • the rest of program 10 can include instructions to register at again in memory 11, in places other than previously, the values of the state registers resulting from the intervention. Thereafter the card is ejected from drive 2.
  • microprocessor 7 execute all necessary operations. In case of change then it’s easier to change the supports 6 as terminals 1.
  • a reader 14 to the disposition of the authorities which manage terminals 1 and the supports 6, we solicit in the support 6 the execution of a third program 15.
  • the microprocessor 7 of the support 6 checks that the reader 14 which interrogates it is a reader authorized. If this is the case program 15 includes instructions for writing into a memory of the reader 14, if necessary after decryption, information stored in its memory 11. In this way the authorities that manage the terminals have reports accurate on the operations carried out by the participants.

Description

L'invention a pour objet un dispositif d'intervention sur une borne de délivrance d'un bien ou d'un service. Dans un exemple préféré, la borne est un parcmètre ou un horodateur. Elle peut cependant être tout distributeur automatique de biens ou de services tel qu'un distributeur de boissons ou même un guichet relié à un serveur gérant une base de données. Les bornes concernées par l'invention comportent au moins un dispositif de paiement par carte à puce, et, dans certains cas, un dispositif mixte de paiement par carte à puce et de paiement direct en argent liquide, monnaies ou billets, ou par carte magnétique. Le paiement par carte à puce est soit un décompte d'unités prépayées et enregistrées dans une mémoire de la carte, dans ce cas la carte est une carte à puce avec au moins une mémoire. Soit le paiement est un paiement par prélèvement sur un compte en banque. Dans ce dernier cas la carte est une carte de type bancaire, magnétique ou à puce.The subject of the invention is an intervention device on a delivery terminal for a good or service. In a preferred example, the terminal is a parking meter or a parking meter. It can however be any distributor automatic goods or services such as a distributor of drinks or even a counter connected to a managing server a database. The terminals concerned by the invention comprises at least one device for payment by smart card, and in some cases a mixed chip card payment and direct payment in cash, coins or banknotes, or by magnetic card. Payment by smart card is either a count of prepaid and registered units in a card memory, in this case the card is a smart card with at least one memory. Be the payment is a payment by direct debit from an account in the bank. In the latter case the card is a banking, magnetic or chip type.

Les problèmes rencontrés avec ce type d'appareil à paiement mixte concernent la surveillance des agents qui interviennent régulièrement sur les bornes, par exemple pour en retirer l'argent liquide injecté par les utilisateurs. En effet, les paiements sont faits par les usagers plus ou moins en argent liquide. La borne délivre donc normalement trois types de soldes dans trois compteurs. Un premier type de solde dans un premier compteur mesure la quantité de services délivrés, un second type de solde dans un deuxième compteur représente les paiements par carte (monnaie dite électronique), et le troisième type de solde dans un troisième compteur, quand il est présent, indique la somme en liquide que l'agent doit ramasser, et bien entendu remettre aux autorités qui gèrent la borne. Le total des deux derniers compteurs doit être égal au total du premier compteur. On soupçonne que des agents indélicats vont être amenés à trafiquer le deuxième compteur, de façon à augmenter sa valeur, afin de garder pour eux-mêmes l'argent liquide correspondant à la différence créée. On connaít, par les documents EP-A-0 391 302 et US-A-4 471 905, des dispositifs de prélèvement de l'argent liquide emmagasiné dans une borne. Ces dispositifs ne renseignent toutefois pas sur l'état de la borne, notamment lorsqu'il n'y a pas d'argent à prélever. Ils nécessitent de plus un aménagement spécifique de la borne pour leur mise en service.The problems encountered with this type of device mixed payment concerns the monitoring of agents who regularly work on the terminals, for example to withdraw the cash injected by them users. Indeed, payments are made by users more or less in cash. Terminal therefore normally issues three types of balances in three counters. A first type of balance in a first counter measures the quantity of services issued, a second type of balance in a second counter represents card payments (currency called electronic), and the third type of balance in a third counter, when present, indicates the amount of cash for the agent to collect, heard deliver to the authorities which manage the terminal. The total of the last two counters must be equal to total of the first counter. Agents are suspected rascals are going to be trafficked the second counter, so as to increase its value, in order to keep the corresponding cash for themselves the difference created. We know, by documents EP-A-0 391 302 and US-A-4 471 905, withdrawal of cash stored in a thick headed. However, these devices do not provide information on the state of the terminal, especially when there is no money to collect. They also require a specific arrangement of the terminal for their implementation service.

On craint aussi par ailleurs que d'autres intervenants ne tirent parti de la complexité d'un tel système pour voler des autorités qui gèrent un grand parc de bornes. En effet, dans une grande ville, on peut admettre qu'il y ait plusieurs milliers de bornes d'un tel type, même pour ne délivrer qu'un seul bien: par exemple des tickets de stationnement. Ces bornes sont sujettes à tomber en panne ou à recevoir un entretien préventif. Une entreprise étrangère à ces autorités de gestion peut donc être chargée de ces opérations. Cette entreprise peut faire des rapports d'intervention dans lesquels des opérations coûteuses ont été déclarées, par exemple changement d'une imprimante qui imprime les tickets de stationnement, alors qu'il n'en a rien été.It is also feared that others stakeholders do take advantage of the complexity of such system to steal from authorities that manage a large terminal park. In fact, in a big city, you can admit that there are several thousand terminals of such a type, even to deliver only one good: for example parking tickets. These terminals are prone to break down or to receive a preventive maintenance. A company foreign to these managing authorities can therefore be responsible for these operations. This company can report intervention in which costly operations have been declared, e.g. change of printer that prints parking tickets, when it was not.

Il est connu par le document EP-A-0 413 636 un système et un procédé pour contrôler la collecte de bornes à prépaiement. Ce système comporte des moyens électronique de dialogue avec la borne pour en prélever des informations qui y sont contenues. Ces moyens électroniques sont coûteux dans leur conception, notamment parce qu'ils comportent un écran, voire même un clavier. En pratique des systèmes de ce type sont connectés à une entrée spécifique de la borne. Ce document prévoit notamment dans ce but une entrée par infra rouge. La présence, en soi, d'une telle entrée spécifique est une faiblesse du système vis-à-vis des fraudeurs car elle donne une autre manière supplémentaire d'accéder au système, quelle que soit les précautions avec lesquelles on protège cet autre accès.It is known from document EP-A-0 413 636 a system and a method for controlling the collection of terminals at prepayment. This system includes means electronic dialogue with the terminal to collect information contained therein. These means electronics are expensive in their design, especially because they have a screen, or even a keyboard. In practice systems of this type are connected to a specific terminal input. This document provides in particular for this purpose an entry by infrared. The presence, in itself, of such an entrance specific is a weakness of the system vis-à-vis fraudsters because it gives another additional way to access the system, whatever either the precautions with which we protect this other access.

Le document EP-A-0 387 972 divulgue un dispositif d'intervention sur une borne de délivrance d'un bien ou d'un service selon le préambule de la revendication 1. Il est aussi connu de ce document un moyen pour transférer dans le support portable sécurisé des informations relatives à l'état de la borne avant une intervention. Document EP-A-0 387 972 discloses an intervention device on a delivery terminal for a good or service according to the preamble of claim 1. It is also known from this document a means for transferring into the secure portable medium information relating to the state of the terminal before an intervention.

L'objet de la présente invention est de proposer des moyens pour résoudre ces problèmes de fraude. Selon l'invention, ce but est atteint conformément à la partie caractérisante de la revendication 1.The object of the present invention is to provide ways to resolve these fraud issues. According to the invention, this object is achieved in accordance with the characterizing part of claim 1.

Dans l'invention on demande aux intervenants d'introduire un support sécurisé d'intervention du type et de format carte à puce dans le lecteur de cartes à puce de la borne. Cette borne comporte donc nécessairement un lecteur de carte à puce. Le support sécurisé comporte en conséquence une extrémité au format carte à puce quand il n'est pas lui même une carte à puce. Cette extrémité est celle introduite dans le lecteur de carte à puce. Le support sécurisé est ensuite reconnu comme une carte à puce d'intervention par la borne. Cette reconnaissance peut être provoquée par l'intervenant qui peut agir par ailleurs sur des boutons de commande de la borne. Cette reconnaissance peut aussi de préférence être automatique, dès l'introduction du support sécurisé, à l'initiative de la borne ou d'un microprocesseur contenu dans le support sécurisé d'intervention. Ces vérifications d'un type connu amènent naturellement quand c'est nécessaire un déverrouillage d'un verrou logique ou d'un verrou physique, du type porte d'accès dans la borne, pour que l'intervenant puisse y faire ce qu'il a à y faire. Dans l'invention, après la reconnaissance, et avant le déverrouillage, quand cela est nécessaire, on injecte dans le support sécurisé de l'intervenant des intonations relatives à l'état de la borne, notamment les valeurs de soldes quand il s'agit de relevés habituels, ou notamment les valeurs de registres d'états représentant les états de fonctionnement des différents organes de cette borne quand il s'agit d'intervention d'entretien. L'ouverture de la borne peut notamment ne pas être nécessaire si le contenu en argent liquide qui y est stocké est insuffisant pour justifier une vidange du coffre contenant l'argent liquide. Dans ce cas on ne transfère dans la carte à puce que les états des compteurs.In the invention, the stakeholders are asked to introduce a secure intervention support of the type and smart card format in the card reader terminal chip. This terminal therefore includes necessarily a smart card reader. The support secure therefore has one end at the smart card format when it is not itself a Smartcard. This end is the one introduced in the smart card reader. The secure support is then recognized as an intervention smart card by the terminal. This recognition can be provoked by the intervener who can act by elsewhere on terminal control buttons. This recognition can also preferably be automatic, from the introduction of secure support, to the initiative of the terminal or of a contained microprocessor in the secure intervention support. These checks of a known type naturally lead when necessary unlocking a lock logic or physical lock, such as an access door in the terminal, so that the operator can do what that he has to do there. In the invention, after the recognition, and before unlocking, when that is necessary, we inject into the secure support of the speaker of intonations relating to the state of terminal, in particular the balance values when it comes of usual readings, or in particular the values of state registers representing the states of operation of the various organs of this terminal when it comes to maintenance intervention. The opening in particular the terminal may not be necessary if the content of cash stored there is insufficient to justify emptying the trunk containing cash. In this case we do not transfer in the smart card as the meter states.

Au moment de la reconnaissance, un protocole de reconnaissance peut même d'une manière connue déterminer quel type d'intervention va être engagé, ne transférer que les informations qui sont sensibles eu égard à cette intervention, et bien entendu n'ouvrir que la porte de la borne qui correspond à cette intervention.At the time of recognition, a protocol for recognition can even in a known way determine what type of intervention will be undertaken, do not transfer that information that is sensitive with respect to this intervention, and of course only open the door to the terminal corresponding to this intervention.

Ce système présente alors l'avantage que l'intervenant n'a rien à faire: tout est fait par le microprocesseur de la carte en exécution du programme préenregistré contenu dans la carte. Non seulement ce système est ainsi simple, mais en plus, apparaissant comme une boíte noire à l'intervenant, celui-ci n'a aucune prise sur ce programme et ne peut le falsifier. Ceci ne serait pas le cas si ce programme était chargé dans la mémoire d'un micro-ordinateur comme cela est évoqué dans le document EP-A-0 413 636. En effet dans ce cas l'intervenant peut être tenté de modifier ce programme. La carte à puce apporte donc l'avantage d'être lisible par le moyen de paiement de l'appareil et d'être en elle-même d'une très grande sécurité.This system then has the advantage that the practitioner has nothing to do: everything is done by the card microprocessor in program execution prerecorded contained in the card. Not only what system is thus simple, but in addition, appearing like a black box to the speaker, this one has no influence on this program and cannot falsify it. This would not be the case if this program was loaded in the memory of a microcomputer as is mentioned in document EP-A-0 413 636. Indeed in in this case the service provider may be tempted to modify this program. The smart card therefore brings the advantage to be readable by the device's payment method and to be very secure in itself.

D'autres caractéristiques et avantages de l'invention apparaítront encore à la lecture de la description qui suit et à l'examen des figures qui l'accompagnent. Celles-ci ne sont données qu'à titre indicatif et nullement limitatif de l'invention. Les figures montrent:

  • figure 1: une représentation d'un dispositif utile pour intervenir sur une borne de délivrance d'un bien ou d'un service;
  • figure 2: un organigramme des opérations pour intervenir sur une borne de délivrance d'un bien ou d'un service.
Other characteristics and advantages of the invention will become apparent on reading the description which follows and on examining the figures which accompany it. These are given for information only and in no way limit the invention. The figures show:
  • Figure 1: a representation of a useful device to intervene on a terminal for the delivery of a good or service;
  • Figure 2: a flowchart of operations to intervene on a terminal for the delivery of a good or service.

La figure 1 montre un dispositif utile pour intervenir sur une borne de délivrance d'un bien ou d'un service. Il comporte une borne 1 munie d'un lecteur 2 de carte à puce, et, dans certains cas, d'une fente 3 ou d'un dispositif similaire pour introduire de l'argent liquide dans la borne. La borne comporte également un certain nombre de boutons de commandes tels que 4 pour choisir un bien ou un service parmi plusieurs ou pour annuler l'opération. La borne est donc en relation avec un distributeur de ces biens ou services. Ici, dans une application de paiement de place de stationnement, la borne délivre un ticket 5 de stationnement correspondant à une durée choisie par un utilisateur. Celui-ci place ce ticket en évidence derrière le pare brise de son véhicule, pour que des surveillants puissent vérifier que le véhicule est autorisé à stationner.Figure 1 shows a useful device to intervene on a delivery terminal for a good or service. It has a terminal 1 provided a smart card reader 2, and in some cases a slot 3 or similar device for introduce cash into the terminal. Terminal also has a number of buttons orders such as 4 to choose a good or service among several or to cancel the operation. Terminal is therefore in contact with a distributor of these goods or services. Here in a payment application from parking space, the terminal issues a 5 ticket parking corresponding to a duration chosen by a user. This places this ticket prominently behind the windshield of his vehicle, so that supervisors can verify that the vehicle is authorized to park.

Lors d'interventions sur la borne, des intervenants introduisent dans un lecteur de carte à puce de la borne, par exemple le lecteur 2, un support sécurisé d'intervention 6 possédant une extrémité du format carte à puce. Ce support sécurisé 6 comporte un microprocesseur 7 en relation avec une mémoire programmée 8, avec une mémoire de données 11, et avec des plots de contact tels que 12 nécessaires pour entrer en relation avec le lecteur 2. Dans certains cas les plots sont absents: la mise en relation est réalisée par des ondes électromagnétiques. La mémoire programmée 8 comporte deux programmes. Selon l'organigramme de la figure 2, un premier programme 9 est un programme de reconnaissance, par exemple un programme de réponse à une reconnaissance de type classique. Dans une telle reconnaissance la borne interroge le support. Le support répond en transmettant son identification et ou son code secret, stocké dans une partie 16 de sa mémoire 11. Le microprocesseur 7 peut au besoin chiffrer le code secret du support avant de l'envoyer au lecteur 2. Dans ce cas le lecteur 2 doit être pourvu de moyens de déchiffrement. Un tel programme est par exemple décrit dans une demande de brevet européen EP-A-0 284 133.During interventions on the terminal, speakers introduce into a smart card reader the terminal, for example reader 2, secure support intervention 6 with one end of card format smart. This secure support 6 includes a microprocessor 7 in connection with a memory programmed 8, with a data memory 11, and with contact pads such as 12 needed to enter in relation to reader 2. In some cases the studs are absent: the connection is made by electromagnetic waves. Programmed memory 8 has two programs. According to the organization chart of the FIG. 2, a first program 9 is a program for recognition, for example a response program to classic type recognition. In such recognition the terminal interrogates the support. The support responds by transmitting their identification and / or code secret, stored in part 16 of its memory 11. The microprocessor 7 can encrypt the secret code if necessary media before sending it to drive 2. In this case reader 2 must be provided with means deciphering. Such a program is for example described in a European patent application EP-A-0 284 133.

Comme la borne 1 est munie d'un clavier 4, on peut pour cette reconnaissance se servir de ce clavier 4 pour demander à l'opérateur intervenant d'authentifier son intervention. Celui-ci indique donc son code personnel avec ce clavier. Ce code personnel, qui peut être le même que celui de la carte ou un autre, est comparé, par la borne 1 ou le microprocesseur 7 de la carte, à un code porteur contenu dans la carte ou même à un code contenu dans la borne. Ceci permet d'éviter qu'une carte à puce d'intervention qui serait perdue puisse servir à un voleur pour qu'il pille le contenu monétaire des bornes: l'argent liquide qui y est reçu. Ceci permet aussi de détecter la présence des fausses bornes, la borne devant effectuer un contrôle de la carte, alors que la carte effectue un contrôle de la borne.As terminal 1 has a keyboard 4, you can for this recognition use this keyboard 4 to ask the operator to authenticate his intervention. He therefore indicates his personal code with this keyboard. This personal code, which can be the same as that of the card or another, is compared, by terminal 1 or microprocessor 7 on the card, one carrier code contained in the card or even a code contained in the terminal. This prevents a card intervention chip that would be lost can be used to a thief to loot the monetary content of terminals: the cash received there. this allows also to detect the presence of false terminals, the terminal to check the card, then the card performs a terminal check.

Un deuxième programme 10 contenu dans la mémoire 8 est également un programme de l'invention: il a pour but, après les opérations d'authentification, de provoquer le transfert des informations contenues dans les compteurs ou les registres d'états de la borne 1 vers la mémoire 11 du support sécurisé. De préférence, dès son introduction dans le lecteur 2 le microprocesseur 7 se met en attente de réponse. Dès que le protocole de reconnaissance est terminé, le microprocesseur 7 du support 6 prend la main sur la borne. Cette prise de main est tout simplement réalisée par le fait qu'après la reconnaissance le lecteur 2 se met en attente d'ordre. Le programme 9 de la carte peut par exemple comporter alors à cet effet, in fine, une instruction de temporisation de durée calibrée au bout de laquelle le programme 10 de la carte est déclenché. Sous l'effet des instructions de ce programme 10, le microprocesseur 7 lit alors le contenu des compteurs et ou le contenu de registres d'états de la borne. Puis il enregistre ces informations lues dans la mémoire 11 du support. Quand ces enregistrements sont faits le microprocesseur 7 envoie un ordre au lecteur 2 pour que ce lecteur 2 provoque le déverrouillage d'un verrou logique ou d'un verrou physique qui empêche l'ouverture d'une porte 13 de la borne et donc le déroulement de l'intervention souhaitée.A second program 10 contained in memory 8 is also a program of the invention: it has for goal, after the authentication operations, to cause the information contained in terminal 1 counters or status registers to memory 11 of the secure medium. Preferably, as of its introduction in reader 2 the microprocessor 7 waits for response. As soon as the recognition protocol is completed, the microprocessor 7 of support 6 takes control of the thick headed. This grip is simply carried out by the fact that after recognition reader 2 is puts an order on hold. Program 9 on the card can for example then include for this purpose, ultimately, a time delay instruction calibrated after from which program 10 of the card is triggered. Under the effect of the instructions in this program 10, the microprocessor 7 then reads the content of the counters and or the content of terminal status registers. Then he stores this information read in memory 11 of the support. When these recordings are made on microprocessor 7 sends an order to reader 2 so that this reader 2 causes the unlocking of a lock logic or a physical lock that prevents opening of a door 13 of the terminal and therefore the course of the desired intervention.

Le programme 10 peut également contenir des instructions de remise à zéro des compteurs ou registres d'état du lecteur 2. En variante le programme 10 comporte des instructions pour modifier un tarif de consommation avec la borne. Ces instructions sont exécutées, le cas échéant, avant d'ouvrir la porte. Mais ce n'est pas indispensable. Le programme 10 comporte de préférence des instructions pour enregistrer les informations relatives à la borne sous une forme chiffrée dans la mémoire 11. De ce fait ces informations ne sont même pas directement compréhensibles par un opérateur qui se contenterait de lire telle quelle la mémoire 11. Le chiffrement est du même type que celui qui est utilisé pour chiffrer le code secret dans le programme 9 avant de l'envoyer.Program 10 can also contain counter or register reset instructions player 2 status. Alternatively program 10 includes instructions for changing a rate of consumption with the terminal. These instructions are executed, if necessary, before opening the door. But it is not essential. Program 10 includes preferably instructions for recording terminal information in a form encrypted in memory 11. Therefore this information are not even directly understandable by a operator who would just read the memory 11. The encryption is of the same type as that which is used to encrypt the secret code in the program 9 before sending it.

Quand l'intervention est terminée, lorsque la porte de la borne est refermée, la suite du programme 10 peut comporter des instructions visant à enregistrer à nouveau dans la mémoire 11, à des autres endroits que précédemment, les valeurs des registres d'états résultant de l'intervention. Par la suite la carte est éjectée du lecteur 2.When the intervention is finished, when the door of the terminal is closed, the rest of program 10 can include instructions to register at again in memory 11, in places other than previously, the values of the state registers resulting from the intervention. Thereafter the card is ejected from drive 2.

Pour simplifier les interventions on peut de préférence faire exécuter par le microprocesseur 7 toutes les opérations nécessaires. En cas de changement du programme il est alors plus facile de changer les supports 6 que les bornes 1.To simplify the interventions we can preferably have the microprocessor 7 execute all necessary operations. In case of change then it’s easier to change the supports 6 as terminals 1.

Pour lire la mémoire 11, au moyen d'un lecteur 14 à la disposition des autorités qui gèrent les bornes 1 et les supports 6, on sollicite dans le support 6 l'exécution d'un troisième programme 15. Dans ce programme 15 le microprocesseur 7 du support 6 vérifie que le lecteur 14 qui l'interroge est un lecteur autorisé. Si c'est le cas le programme 15 comporte des instructions d'écriture dans une mémoire du lecteur 14, au besoin après déchiffrement, des informations enregistrées dans sa mémoire 11. De cette manière les autorités qui gèrent les bornes disposent des rapports exacts sur les opérations menées par les intervenants.To read the memory 11, by means of a reader 14 to the disposition of the authorities which manage terminals 1 and the supports 6, we solicit in the support 6 the execution of a third program 15. In this program 15 the microprocessor 7 of the support 6 checks that the reader 14 which interrogates it is a reader authorized. If this is the case program 15 includes instructions for writing into a memory of the reader 14, if necessary after decryption, information stored in its memory 11. In this way the authorities that manage the terminals have reports accurate on the operations carried out by the participants.

Claims (9)

  1. Device for use by an attendant of a terminal (1) which delivers goods or services comprising
    In the terminal a chip card reader with which goods or services are paid at the terminal,
    A portable security device for attending to the terminal comprising a memory (11), a micro-processor (7), a micro-program (8) and means (12) to exchange data with the terminal,
    The said portable security device having one end in the form of a chip card (6) which can be inserted into the said card reader of the terminal, this card reader of the terminal then comprising means to exchange data between the portable security device and the terminal, device characterized in that it has in addition:
    A lock preventing unauthorized interference
    Means to compare a secret code relating to the terminal with a secret code (16) relating to the portable security device in order to authorize attendance of the terminal;
    Means to unlock the lock after data has been transferred to the portable security device,
    Means to transfer - after valid comparison but before the lock is unlocked - to a data storage memory (11) of the portable security device data relating to the status of this terminal before attendance.
  2. Device according to Claim 1, characterized in that the portable security device is a chip card.
  3. Device according to Claim 1 or Claim 2 characterized in that it comprises, to read the data storage memory after attendance of the terminal,
    A further chip card reader (14) to insert the portable security device there,
    A keypad of this further chip card reader to key in an access code to be read by this portable security device,
    Means to compare this access code with a read access code contained in the portable security device, and
    Means to authorize reading and possibly writing or deletion of the data storage memory (11) depending on the result of this comparison.
  4. Device according to any one of Claims 1 to 3, characterized in that the micro-programmed (8) micro-processor (7) of the portable security device comprises means to compare the codes.
  5. Device according to any one of Claims 1 to 4, characterized in that it comprises means, when writing to the data storage memory, to code or decode the stored data.
  6. Device according to any one of Claims 1 to 5, characterized in that it comprises a keypad (4) in the terminal to allow the attendant to key in a code to allow this attendant to be recognized by the terminal and/or the portable security device, when the attendance is authorized.
  7. Device according to any one of Claims 1 to 6, characterized in that it comprises means to re-configure the terminal while it is being attended to.
  8. Device according to Claims 1 to 7, characterized in that the lock is a physical lock which prevents a door (13) of the terminal being opened.
  9. Device according to Claims to 1 to 7, characterized in that the lock is based on logic.
EP93902345A 1991-12-17 1992-12-17 Device for intervention on a terminal delivering goods or services Expired - Lifetime EP0617819B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9115659A FR2685113B1 (en) 1991-12-17 1991-12-17 PROCESS OF INTERVENTION ON A TERMINAL OF GOODS OR SERVICES.
FR9115659 1991-12-17
PCT/FR1992/001200 WO1993012510A1 (en) 1991-12-17 1992-12-17 Method for intervention on a terminal delivering goods or services

Publications (2)

Publication Number Publication Date
EP0617819A1 EP0617819A1 (en) 1994-10-05
EP0617819B1 true EP0617819B1 (en) 2000-09-20

Family

ID=9420135

Family Applications (1)

Application Number Title Priority Date Filing Date
EP93902345A Expired - Lifetime EP0617819B1 (en) 1991-12-17 1992-12-17 Device for intervention on a terminal delivering goods or services

Country Status (7)

Country Link
US (1) US5520275A (en)
EP (1) EP0617819B1 (en)
JP (1) JPH07507647A (en)
DE (1) DE69231470T2 (en)
ES (1) ES2152247T3 (en)
FR (1) FR2685113B1 (en)
WO (1) WO1993012510A1 (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2706058B1 (en) * 1993-06-02 1995-08-11 Schlumberger Ind Sa Device for controlling and controlling differential access to at least two compartments inside an enclosure.
FR2723224B1 (en) * 1994-07-28 1996-09-06 Sgs Thomson Microelectronics MEMORY OR CHIP CARD READER SYSTEM
US5500517A (en) 1994-09-02 1996-03-19 Gemplus Card International Apparatus and method for data transfer between stand alone integrated circuit smart card terminal and remote computer of system operator
US5638646A (en) * 1994-12-27 1997-06-17 Shane; Penny Petersen Traveler's quarters
CA2160496A1 (en) * 1995-10-13 1997-04-14 Allan M. Brown Electronic funds acceptor for vending machines
US6557752B1 (en) * 1996-06-12 2003-05-06 Q-International, Inc. Smart card for recording identification, and operational, service and maintenance transactions
FR2751111B1 (en) 1996-07-10 1998-10-09 Axytrans SYSTEM FOR SECURE TRANSPORT OF OBJECTS IN TAMPER-PROOF CONTAINERS OF WHICH AT LEAST ONE DESTINATION STATION IS MOBILE AND TRANSPORTABLE
DE19716198C2 (en) * 1997-04-18 1999-11-04 Rheinmetall W & M Gmbh Weapon system
JP3909115B2 (en) * 1997-06-09 2007-04-25 株式会社日立製作所 Apparatus information acquisition apparatus and apparatus apparatus information collection method
US6092057A (en) * 1997-12-12 2000-07-18 Commstar, Inc. Unattended POS system for automatic control of bank system rejections
US6182857B1 (en) 1998-12-31 2001-02-06 Doug A. Hamm Office supply vending system and apparatus
GB2346412A (en) * 1998-09-30 2000-08-09 Marconi Comm Ltd Vending machine with card interface
US6317650B1 (en) * 1999-04-29 2001-11-13 Softcard Systems, Inc. System and method employing portable cards to monitor a commercial system
WO2001080157A1 (en) * 2000-04-19 2001-10-25 Medeco Security Locks, Inc. Electromechanical parking meter door communications interface
US20020016738A1 (en) * 2000-06-26 2002-02-07 Coile Brantley W. Computer system
FR2817584B1 (en) * 2000-12-01 2003-09-05 Schlumberger Systems & Service DEVICE FOR SECURING ACCESS TO CONTENT LOCATED WITHIN A SPEAKER
JP3620584B2 (en) * 2001-01-22 2005-02-16 アマノ株式会社 Parking ticket authentication system using IC tags
US6594548B2 (en) 2001-04-12 2003-07-15 Hani Bagnordi Portable digital assistant
US20020162884A1 (en) * 2001-05-07 2002-11-07 Speas Gary W. Low-power smart-card module
DE202005018751U1 (en) * 2005-11-28 2006-05-11 Zschornack, Norbert, Dipl.-Ing. Airport passenger terminal from mobile room units
WO2012145649A1 (en) 2011-04-22 2012-10-26 Pepsico, Inc. Beverage dispensing system with social media capabilities
WO2013067020A1 (en) 2011-11-01 2013-05-10 Stephen Lim Dispensing system and user interface
DE202012103022U1 (en) 2012-08-10 2012-08-30 Ruhr-Park Parkhausbetriebsgesellschaft Mbh Access control / validation device
USD754584S1 (en) 2013-03-13 2016-04-26 Warn Industries, Inc. Hublock
USD771471S1 (en) * 2014-12-17 2016-11-15 Sphinx Electronics Gmbh & Co Kg Door terminal
USD766070S1 (en) * 2014-12-17 2016-09-13 Sphinx Electronics Gmbh & Co Kg Door terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990006565A1 (en) * 1988-12-07 1990-06-14 Giuseppe Stefano Piana A system for dispensing measured amounts or packages of products by means of automatic vending machines
EP0387972A1 (en) * 1989-03-17 1990-09-19 Klüssendorf Aktiengesellschaft Vending machine controlling method

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4369442A (en) * 1977-09-06 1983-01-18 Robert L. Werth Code controlled microcontroller readout from coin operated machine
US4471905A (en) * 1982-10-15 1984-09-18 General Signal Corporation Fare collection apparatus having improved security
US4598378A (en) * 1983-02-07 1986-07-01 H.R. Electronics Company Management information system and associated vending control device
US4598810A (en) * 1984-04-17 1986-07-08 Abm Industries, Inc. Apparatus and method for vending and accepting return of re-usable articles
JPH0682427B2 (en) * 1985-03-22 1994-10-19 サンデン株式会社 vending machine
US4654513A (en) * 1985-07-31 1987-03-31 Hennessy Products, Inc. Newspaper vending machine
GB8614620D0 (en) * 1986-06-16 1986-07-23 Schlumberger Electronics Uk Commodity metering systems
FR2612315A1 (en) * 1987-03-13 1988-09-16 Trt Telecom Radio Electr METHOD FOR SIMULTANEOUSLY READING AND CERTIFYING INFORMATION PRESENT IN A MEMORY OF AN ELECTRONIC MEDIUM
US5147021A (en) * 1987-09-29 1992-09-15 Nippon Conlux Co., Ltd. Vending machine
US4845484A (en) * 1987-10-09 1989-07-04 Bellatrix Systems, Inc. Retrofit, newspaper tracking audit system for newspaper rack machines
US4907250A (en) * 1988-01-15 1990-03-06 Ricks Jeffery D Method and apparatus for counting events in a vending machine and the like
FR2645669B1 (en) * 1989-04-05 1991-05-24 Cga Hbs SYSTEM FOR DRAINING INTO A COLLECTION CONTAINER OF A COIN RECEIVING APPARATUS
GB8908528D0 (en) * 1989-04-14 1989-06-01 Ncr Co Data transfer system for currency cassettes
FR2651058B1 (en) * 1989-08-17 1992-08-07 Schlumberger Ind Sa SYSTEM AND METHOD FOR CONTROLLING THE COLLECTION OF PREPAYMENT TERMINALS
FR2667714A1 (en) * 1990-10-09 1992-04-10 Gemplus Card Int METHOD FOR DISTRIBUTING THE MEMORY OF AN INTEGRATED CIRCUIT BETWEEN SEVERAL APPLICATIONS.
DE4108180A1 (en) * 1991-03-09 1992-09-10 Francotyp Postalia Gmbh METHOD AND DEVICE FOR PROCESSING POST GOODS
DK0570692T3 (en) * 1992-05-22 1997-12-29 Journomat Ag Coin Payment Machine

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990006565A1 (en) * 1988-12-07 1990-06-14 Giuseppe Stefano Piana A system for dispensing measured amounts or packages of products by means of automatic vending machines
EP0387972A1 (en) * 1989-03-17 1990-09-19 Klüssendorf Aktiengesellschaft Vending machine controlling method

Also Published As

Publication number Publication date
DE69231470T2 (en) 2001-05-23
JPH07507647A (en) 1995-08-24
US5520275A (en) 1996-05-28
DE69231470D1 (en) 2000-10-26
FR2685113A1 (en) 1993-06-18
ES2152247T3 (en) 2001-02-01
EP0617819A1 (en) 1994-10-05
FR2685113B1 (en) 1998-07-24
WO1993012510A1 (en) 1993-06-24

Similar Documents

Publication Publication Date Title
EP0617819B1 (en) Device for intervention on a terminal delivering goods or services
US7036012B2 (en) Method and system for secure cashless gaming
US7841515B2 (en) Identity authentication for financial transactions
WO1998047113A1 (en) Security procedure for controlling the transfer of value units in a chip card gaming system
CA2160496A1 (en) Electronic funds acceptor for vending machines
US9367992B2 (en) Method and apparatus for providing secure and anonymous cash-out and cash-in values in a gaming system
US20220318810A1 (en) Securing gaming establishment retail purchases
EP1000415A1 (en) Slot machine with in-built security system
US8074872B2 (en) Payment terminal, and associated method and program
JPH1125330A (en) Automatic teller machine
KR100480014B1 (en) System for selling the electronic lottery
JP2002163712A (en) Card-type vending machine system
JP3043061U (en) Transaction medium and transaction apparatus using the transaction medium
JP2006068370A (en) Game medium lending device, and sales management system therefor
EP1426905A1 (en) Device for the controlled supply of products as well as a programming device and means of payment for use thereof
CN116091060A (en) Transaction method, transaction terminal and system of digital wallet
JPH0749973A (en) Betting device
US20160240047A1 (en) Method and apparatus for providing secure and anonymous cash-out and cash-in values in a gaming system
JP2004145762A (en) Automatic transaction device and its campaign execution program
FR2650094A1 (en) Device making safe and rationalising payments by cheques and banker's cards
JPH0729043A (en) Automatic exchange device
WO1999014714A1 (en) Secure data processing system for executing an electronic transaction
JPH10190648A (en) Scramble transmission system using ic card
JPH0651073B2 (en) Card type ball lending device
JP2009039413A (en) Hybrid functional card and hybrid data transmitting/receiving system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19940613

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE ES GB IT NL

17Q First examination report despatched

Effective date: 19941107

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

RTI1 Title (correction)

Free format text: DEVICE FOR INTERVENTION ON A TERMINAL DELIVERING GOODS OR SERVICES

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE ES GB IT NL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20000920

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20000920

REF Corresponds to:

Ref document number: 69231470

Country of ref document: DE

Date of ref document: 20001026

ITF It: translation for a ep patent filed

Owner name: PORTA CHECCACCI & ASSOCIATI S.P.A.

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2152247

Country of ref document: ES

Kind code of ref document: T3

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
RAP2 Party data changed (patent owner data changed or rights of a patent transferred)

Owner name: GEMPLUS

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
REG Reference to a national code

Ref country code: GB

Ref legal event code: IF02

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20071207

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20071212

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20071129

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20071129

Year of fee payment: 16

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20081217

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090701

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20081217

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20081218

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20081218

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20081217