Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/355—Personalisation of cards for use
  • G06Q20/3552—Downloading or loading of personalisation data
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/082—Features insuring the integrity of the data on or in the card
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0833—Card having specific functional components
  • G07F7/084—Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis

Definitions

• the present invention relates to systems for exchanging messages between application server and smart cards using a communication network. It applies to exchanges carried out through telecommunication networks, switched telephone network, cellular network or Internet network.
• the messages exchanged between an application server and the corresponding application in a smart card pass through an intermediate piece of equipment which will be designated by terminal below.
• a user's smart card cooperates with the terminal to allow exchanges.
• the terminal is a telecommunications terminal.
• the terminal is computer type computer equipment equipped with a smart card read / write interface.
• a server under the control of a card issuing body wishing to perform a secure action in a smart card (or in an application of said card) via a telephone network, uses cryptographic certificates making it possible to ensure the security of exchanges.
• a message is lost during transmission or execution or if fraud is attempted, the re-synchronization of server-card messages can pose security problems.
• the terminal is a dedicated and secure terminal under the control of the issuing body (by example an ATM machine under the control of a bank)
• the loss of a message is compensated by synchronization mechanisms involving both the server software and the dedicated terminal software.
• the dedicated terminal is either physically secure (DAB) or contains a SAM (Secure Authentication Module) module inside, and in all cases is closely controlled by the issuing body. If the terminal used is not a dedicated terminal
• the synchronization mechanisms cannot be based on the security of the terminal, since it is not controllable by the transmitter. Indeed, it is important to be able to resynchronize the source of the messages and the smart card in the event of transmission problems on the network. This problem was posed in terms of security vis-à-vis operators and service providers. To date, there is no system provided for ensuring synchronization between the card and the server, in cases where during a transaction in progress, consequently accepted by the card, the server takes advantage of the connection to send a message comprising one or more actions to be implemented by the card, these actions can for example be reloading of value units or parameters (monetary or other) or loading of a new application. Indeed, it is provided in the more general framework of multi-application cards, that messages are sent while the user has made a transaction request in order to send orders for actions to be taken during the application process for the current transaction.
• Such messages will make it possible, for example, to order recharging of an electronic purse in the case of an electronic purse application, or to modify banking parameters of the banking application, or the loading of a new application in the card. .
• the object of the invention is that the server can detect the execution faults of one or more actions or commands, linked to a loss of messages between the server and the smart card or to action execution faults in the card, said messages having been transmitted to the card possibly during a transaction in progress, this in order to inform the server so that the latter determines which are the last actions or commands not executed by the card.
• the server may for example send back the message containing the said action or actions and allow their execution.
• the invention particularly relates to a method of controlling the execution of an action request transmitted by a server to a card via a terminal, said card comprising an action counter, characterized in that 'it comprises the following steps: a) on the transmission by the server of a message comprising a request comprising one or more actions to be implemented by the card, the server stores the number n of actions of the request; b) on receipt of the message, the card successively executes the action or actions of the request by incrementing its action counter between each action if the action has been performed correctly and by refusing this action and the successive actions if The action did not perform well without incrementing the counter. c) the variation between the value in the card and that stored in the server is compared and it is determined that the last x actions (commands) are not executed if the result of the comparison has a difference of x.
• the increment of the action counter corresponds to the number of actions correctly executed.
• the number x is equal to 0 if all the actions are correctly executed, this number x can therefore vary from 1 to n if the last or all the actions failed.
• the card transmits to the server the current value of its counter before and after execution of the action command.
• the card calculates the value of the variation in its counter continued upon execution of the action command and transmits it to the server.
• any exchange of the value of the card action counter is carried out systematically in a secure manner.
• the last value of the card action counter is transmitted with a cryptogram, the calculation of which implies the said last value.
• the last current value of the card action counter is transmitted to the server in real time, that is to say during the transaction in progress.
• the value could be transmitted by means of the acknowledgment message of the transaction in progress in the card.
• the value of the card action counter is transmitted to the server in deferred time.
• the value of the action counter could be transmitted by means of a message of a new transaction request by the card by the server.
• the value of the card action counter is transmitted by means of an information message sent for the card to the server.
• the invention also relates to a card for implementing the aforementioned method comprising a counter and means for managing this counter, characterized in that said management means are capable of incrementing said action counter between each action if the The action has been executed well and should not be incremented for this action or for the following actions if this action has not been executed.
• FIG. 1 illustrates the exchange of messages between the server and the smart card according to the invention
• FIG. 2 illustrates in detail the exchange of messages between the server and the smart card in the event of a message loss
• n By request for actions is meant a message comprising a set of n commands, n of course being able to be equal to 1.
• the server 2 takes advantage of a transaction in progress in a card 1 to send it a request comprising one or more actions that the card must perform.
• an action request will be issued with the response to the transaction in progress if said transaction requires a response. If not, create a response containing only the action request.
• the terminal which is in communication with the server receives the message corresponding to this response, cleans this message from its envelope to transmit the actions to the card.
• a request for actions can comprise several actions to be undertaken by the card, that is to say as specified at the beginning of the description, a set of n commands.
• a request for actions could be a request to change one or more parameters in an application program or, loading a new application or, loading value units.
• the change of a parameter corresponds to an action for the card which is an erase and write operation at a predetermined address.
• the change of several parameters corresponds to as many erasing and writing operations at separate addresses as parameters and consequently to as many actions to be undertaken as there are parameters to change.
• Card side
• the card 1 increments after each correctly performed action, the action counter CA as soon as it receives from the server one or more actions to be undertaken and that it has been able to carry out the execution of each of these actions.
• the value of the counter is raised to the server for example each time the card sends a message to the server (message 3 or message 4 in FIG. 1).
• the value of the counter can be raised to server 2 essentially during the following actions:
• the stored transaction is sent back to the server so that the server can start the merchant payment process with which the transaction took place, the action counter CA can be reassembled with this transaction.
• the value of the content of the action counter is always raised to the server either in real time when it is done during an acknowledgment or in deferred time during a new transaction request or during a rise in a transaction storage.
• the server For each card containing an application dedicated to it having a request for actions in progress, the server must store: - the identification number of the application,
• the server to which an application belonging to a multi-application smart card belongs can, during any transaction requested by the card, order an action such as reloading units, or loading a program or loading new parameters for a program residing in the card.
• the server can thus send actions to the card by a script mechanism that cannot be interpreted by the terminal 3, which is located between the server and the card to ensure communication.
• Terminal 3 transmits the message (s) received in the script to the card transparently.
• the card prepares the transaction and a cryptogram, that is to say the authentication data, subsequently designated by MAC and transmits to the terminal.
• the banking application attaches the current value CA of its share counter secured by the cryptogram.
• the terminal reports the transaction to the bank server.
• the card sends a transaction request message containing the MAC1 data as well as the value of the action counter CA, and the identification of the requested transaction.
• the server checks the authentication data of the MAC1 card and processes the transaction.
• the server can at this time perform an action in the card application.
• it may be a loading of monetary parameter in the card, but as has been said, other actions such as recharging an electronic purse are also possible.
• the server will prepare one or more parameters loading commands contained in an information field called script 1 below, and the MAC2 security authentication data.
• the action request is sent by a message 2 which may contain the response to the transaction in progress if such a response is planned for the application concerned.
• script 1 When script 1 is sent to the card, the server stores this script 1 in a database, by associating data relating to the card, as well as the current value CA of the card action counter ( return of the card to the server during the transaction request). This information will allow server-card synchronization.
• the card sends a secure acknowledgment to the server including the content CA 'in real time. This can then compare the value returned by the acknowledgment with the value stored in its database.
• the server identifies that this card has not received script 1 (or that script 1 has not been performed correctly in the card) thanks at the value CA 'of the action counter which is returned to the server and compared to the CA value stored in the server.
• CA ' is less than CA and not equal, this means that the last or the last actions were not carried out correctly.
• the server updates its database DB, by erasing the value CA to set the value CA '.
• the server is again synchronized and can restart the last action or actions not executed by the card.

Applications Claiming Priority (3)

Publications (1)

Family

ID=9529050

Family Applications (1)

Country Status (8)

Families Citing this family (5)

Family Cites Families (8)

• 1998
  • 1998-07-27 FR FR9809575A patent/FR2781592B1/fr not_active Expired - Fee Related
• 1999
  • 1999-07-26 WO PCT/FR1999/001826 patent/WO2000007153A1/fr not_active Application Discontinuation
  • 1999-07-26 CN CN 99808926 patent/CN1310832A/zh active Pending
  • 1999-07-26 BR BR9912419-0A patent/BR9912419A/pt not_active Application Discontinuation
  • 1999-07-26 JP JP2000562871A patent/JP2002521772A/ja active Pending
  • 1999-07-26 AU AU49168/99A patent/AU4916899A/en not_active Abandoned
  • 1999-07-26 CA CA002338447A patent/CA2338447A1/fr not_active Abandoned
  • 1999-07-26 EP EP99932970A patent/EP1101205A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events