EP1114403A1 - Method for managing an electronic transaction by smart card, terminal and smart card implementing same - Google Patents

Method for managing an electronic transaction by smart card, terminal and smart card implementing same

Info

Publication number
EP1114403A1
EP1114403A1 EP99942993A EP99942993A EP1114403A1 EP 1114403 A1 EP1114403 A1 EP 1114403A1 EP 99942993 A EP99942993 A EP 99942993A EP 99942993 A EP99942993 A EP 99942993A EP 1114403 A1 EP1114403 A1 EP 1114403A1
Authority
EP
European Patent Office
Prior art keywords
card
value
amount
transaction
counter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP99942993A
Other languages
German (de)
French (fr)
Inventor
Patrick Remery
Aymeric De Solages
Bernard Darbour
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP1114403A1 publication Critical patent/EP1114403A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor

Definitions

  • the present invention relates to electronic transactions carried out by means of a smart card.
  • the terminal of the reading terminal systematically requests the card holder to indicate their authentication code. And if the amount of the transaction exceeds a certain threshold, the reading terminal can decide to interrogate an outside authorization center.
  • An electronic wallet is a device which comprises a memory in which is stored a value corresponding to a monetary sum which is decremented as and when transactions made by means of said wallet.
  • electronic wallets have drawbacks. In particular, they do not provide the same transaction security as bank cards. In particular, it can happen with a electronic wallet that it records a debit while the transaction at the reading terminal is not taken into account.
  • An object of the invention is to propose a method for managing an electronic transaction which makes it possible to carry out transactions as quickly as with an electronic purse, but with a security similar to that which the protocols of transactions by bank card currently known.
  • the solution according to the invention consists of a method for managing an electronic transaction by means of a micro-processor chip type bank card and a reading terminal capable of communicating with said card, in which the reading terminal transmits to said card a signal which indicates to it the amount of the transaction and in which said card compares this amount with a threshold value of transaction amount and controls a procedure for authentication of the holder when this amount is greater than said threshold, characterized in that, when this amount is lower than said threshold, said smart card compares to a threshold value the value of a counter, known as the cumulative of small amounts, which it increments by the value of the amount of the transaction and in that a card holder authentication procedure is controlled by said card according to the result of this comparison.
  • a card holder benefits with his bank card from a service which for him is similar to that of an electronic wallet, but which is of greater security, since he uses the existing infrastructure to bank cards.
  • the traditional recharging function is eliminated, which makes it easier to use the card.
  • the increment implemented by the smart card is a positive increment
  • the invention also relates to a micro-processor chip card intended to be used for carrying out electronic transactions, characterized in that it includes means for implementing the above-mentioned method.
  • this smart card includes memory means for storing one or more threshold values and / or counter values, as well as comparison means.
  • the invention further relates to a micro-processor chip card reader terminal, intended to be used for carrying out electronic transactions, characterized in that it comprises means for implementing the aforementioned method.
  • FIGS. 1 and 2 The various stages of the management methods illustrated in FIGS. 1 and 2 are implemented during an electronic transaction carried out by means of a smart card of the banking type.
  • This smart card comprises a microprocessor which is programmed so as to implement a protocol which corresponds to these different stages, as well as ROM, EPROM, EEPROM or RAM memories in which the various values calculated or taken into account during storage are stored. these different stages (amount of the transaction, counter values (s), ceiling (s), etc.).
  • the reading terminal is programmed to implement the same method, the smart card and said terminal comprising means allowing them to dialogue, these means being able to be of any type (bus using connection tracks carried by the smart card, exchanges by RF transmission / reception, etc.).
  • the transaction begins with an initialization of the smart card controlled by the reading terminal (step 1).
  • the latter in response, transmits its identification to the reading terminal (step 2).
  • the reading terminal requests the operator to enter the amount M of the transaction (step 3). It transmits this amount M to the card. This implements a test 4 on the value of this amount M.
  • this amount M is less than a ceiling value VP1
  • the card increments a counter COMPT by the value of this amount M (step 5).
  • the card compares the value of this counter COMPT with a threshold VP2, which may be different from the threshold VP1.
  • the microprocessor of the card calculates the signature ST of the transaction (step 7) and transmits it to the reading terminal which verifies it and archives the amount of the transaction, as well as the detail of this one (steps 8 and 9).
  • the card requests the reading terminal to present the code of the carrier (step 10).
  • the carrier enters his code (step 11).
  • the code is transmitted by the reading terminal to the card which verifies it (step 12).
  • the microprocessor of the card resumes processing and calculates the transaction signature ST (step 7). Between the verification step 12 and the calculation step 7, the counter COMPT is reset to zero. Thus, the counter COMPT is reset to zero after each positive verification of the confidential code (step 20).
  • the carrier code is also requested by the card when the amount M is greater than the threshold value VP1 ("yes" answer to test 4). In this case, the bearer's code is verified and the amount M is not accumulated on the ACCOUNT counter.
  • provision may be made for the card to request the connection of the reading terminal to the banking system in order to obtain a transaction authorization.
  • the reading terminal can, according to the information provided by the banking system, transmit to the card an order to update the VP1 and VP2 ceilings.
  • the payment card accumulates on the internal counter COMPT the amount of transactions below a certain threshold and does not request a carrier authentication only when the amount M is greater than this threshold or when the cumulative sum of previous transactions becomes greater than a given threshold.
  • the counter COMPT is not reset to zero if, during step 4, it is verified that the amount M is greater than the threshold value VP1. It is only reset if the amount M is less than the threshold value
  • step 6 VP1 and if it is checked in step 6 that the counter COMPT is higher than VP2 and if the verified code is correct.
  • the counter COMPT is only reset to zero when on the one hand the sum of the small amounts reaches the threshold VP2 and on the other hand the holder is authenticated by his code.
  • the card can be used to make an incremental payment, for example in the case of a communication from a public telephone booth.
  • FIG. 2 Another implementation variant is illustrated in FIG. 2.
  • This second variant consists in managing a second counter
  • the card adds the amount M of the transaction to the value read in CPT1.
  • the card adds the value of CPT1 + M to the value read in CPT2.
  • the new value obtained is compared to a VP2 threshold (test 14).
  • the card requires (step 15) the control of a certificate calculated by an authorization center interrogated by the terminal of the reading terminal L (step 16).
  • the card If the certificate is correct, the card resets the counters CPT1 and CPT2 to zero (step 17) then calculates and delivers the signature of the transaction (steps 7 and following).
  • the card does not deliver the signature of the transaction and leaves the values of the counters CPT1 and CPT2 as they are.
  • the card If the sum CPT1 + M + CPT2 has not reached the ceiling value VP2, the card resets the counter CPT1 to zero and updates the counter CPT2 by replacing its previous value with CPT2 + CPT1 + M (step 18). Then it calculates and delivers the signature of the transaction (steps 7, 8 and 9).
  • the card C does not deliver the signature of the transaction and leaves the counters CPT1 and CPT2 as they are. If the sum CPT1 + M does not reach the ceiling value VP1, the card updates the counter CPT1 by replacing its previous value with the sum CPT1 + M (step 19), then it delivers the signature of the transaction (steps 7 , 8 and 9).
  • the card which has just been described can be used in post-flow.
  • the amounts debited are accumulated, for example over 30 days at most, by bearer account number, and the bearer account is debited after exceeding the VP2 ceiling or at the end of 30 days of the value of the amounts accumulated since the last debit from the account.
  • the amounts can be accumulated:
  • exceeding the VP2 ceiling triggers in the card via the terminal an authorization request for an amount equal to the new VP2 ceiling which can be redefined by the bank.
  • the card can also be used in advance.
  • the value VP1, and for the variant of FIG. 2, the value VP2 is (or are) prepaid by the carrier and updated in the card, using the certificate receipt which depends on the amount prepaid by the user. If the user is on a terminal without an identification keypad or not connected to a telecommunications network, and the prepaid value VP1, VP2 is reached, he must present himself on a bank device (ATM - ATM) ticket or public telephone) so that the certificate control operations issued by the authorization center can be carried out. The transaction in this case is fictitious, no amount being debited from the customer's account, except in the pre-charge application.
  • the card may not have the authentication code of the holder.
  • the comparison of the transaction amount with the threshold VP1 is not made and VP1 is not used.
  • the card does not deliver the transaction signature ST.
  • a tolerance on VP2 is defined to accept values of COMPT slightly higher than VP2 and thus allow the crossing by COMPT of the value VP2 which blocks the card.
  • the card can be disposable, when VP2 is reached, the card is no longer usable. However, in particular if the card is consigned, the holder can return the card to the bank which, using a secure procedure, resets the value of COMPT to zero, before reintroducing it into a new use cycle.
  • the card can be released by the bank using a secure online procedure.
  • the bearer is authenticated, for example, using a second payment card or a code verified by the bank's server, and ACCT is reset after verification by the card of a certificate. calculated by the bank.
  • the counters CPT1 and CPT2 are incremented from the value 0 to a ceiling value. It is also possible to count down, the counters being initialized at the ceiling value
  • the accumulated amount is compared, not to an amount previously recharged in the card, but to a maximum value fixed according to the risk that the issuer of the card believes to take.
  • This comparison is a means of limiting the client's spending over time, and this is one of the roles of the card, in addition to authentication.
  • the maximum value chosen can be considered as a kind of permanent credit granted to creditworthy customers, the bank being remunerated for example through a commission on transactions.
  • Small transactions are delivered: - either individually by the merchant, like transactions of normal amount, using the banking infrastructure.
  • the only function of client accumulation in the card is then to limit the client's expenses (moderating role); - or with a merchant cumulation option, which supposes that the client cumulation is also delivered (by card, during a transaction) to the bank for invoicing. This option obviously does not allow the same controls as the first.
  • the ST1 signature printed on the customer ticket, is used to resolve any disputes.
  • the data of a transaction are stored in the delivery file of the terminal and then collected once a day by the collection center of the merchant's bank. Small amount transactions are transmitted to the bearer's bank and are not processed individually by it: they are stored to allow the audit of the system, resolve any disputes, and compensate the merchant bank.
  • the merchant's bank account is credited according to the cumulative amount of small amounts collected in the terminal daily.
  • the amount of a transaction is accumulated in the credit counter of the card.
  • the card checks the value of the credit counter and the duration of the credit.
  • the credit card counter has reached the ceiling value set by the bank.
  • the data in the table is managed in the map.
  • the date of the transaction, the amount of the transaction are provided to the card by the terminal.
  • the security is that of the bank card because debits are verified a posteriori by the holder, the merchant and the bank;
  • the bank card network is not modified and there is the possibility of reusing the aggregation server for payphone transaction amounts over a month by bank card; - it is no longer possible to mislead the terminal on the response to the verification of the carrier code, because the transaction will only be continued if the carrier code is correct.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

The invention concerns a method for managing an electronic transaction using a client card with microprocessor chip and a reading terminal capable of interacting with said card, whereby the reading terminal transmits to said card a signal indicating thereto the amount of the transaction and whereby the card compares said amount to a threshold value of amount for transaction and commands a procedure for authenticating the bearer when said amount is greater than said threshold. The invention is characterised in that, when said amount is less than said threshold, said smart card compares to a threshold value a counter value, called summation of small amounts, which it increments by the value of the amount of the transaction and a procedure for authenticating the bearer is commanded by said card based on the result of said comparison.

Description

PROCEDE DE GESTION D'UNE TRANSACTION ELECTRONIQUE METHOD FOR MANAGING AN ELECTRONIC TRANSACTION
PAR CARTE A PUCE, TERMINAL ET CARTE A PUCEBY CHIP CARD, TERMINAL AND CHIP CARD
METTANT EN ŒUVRE CE PROCEDEIMPLEMENTING THIS PROCESS
La présente invention concerne les transactions électroniques réalisées au moyen d'une carte à puce.The present invention relates to electronic transactions carried out by means of a smart card.
Elle propose un procédé pour la gestion d'une telle transaction électronique, ainsi qu'un terminal et une carte à puce mettant en œuvre ce procédé. Habituellement, lors d'une transaction avec une carte à puce, c'est le terminal de lecture dans lequel la carte à puce est engagée qui gère la procédure d'authentification de la carte et du porteur de celle-ci, ainsi que la procédure de validation de la transaction.It provides a method for managing such an electronic transaction, as well as a terminal and a smart card implementing this method. Usually, during a transaction with a smart card, it is the reading terminal in which the smart card is engaged which manages the procedure for authenticating the card and the holder thereof, as well as the procedure validation of the transaction.
Notamment, le terminal du terminal de lecture demande systématiquement au porteur de la carte de lui indiquer son code d'authentification. Et si le montant de la transaction dépasse un certain seuil, le terminal de lecture peut décider d'interroger un centre d'autorisation extérieur.In particular, the terminal of the reading terminal systematically requests the card holder to indicate their authentication code. And if the amount of the transaction exceeds a certain threshold, the reading terminal can decide to interrogate an outside authorization center.
Toutefois, on souhaite désormais pouvoir réaliser des transactions électroniques très rapides, susceptibles d'intervenir dans des temps très courts - par exemple inférieurs à 100ms - pour lesquels l'authentification du porteur n'est pas réalisable.However, we now wish to be able to carry out very rapid electronic transactions, capable of intervening in very short times - for example less than 100 ms - for which the authentication of the carrier is not feasible.
A ce jour, ce sont les systèmes appelés "porte-monnaies électroniques" qui permettent de réaliser des transactions électroniques rapides.To date, it is the systems called "electronic wallets" which allow rapid electronic transactions to be carried out.
Un porte-monnaie électronique est un dispositif qui comporte une mémoire dans laquelle est stockée une valeur correspondant à une somme monétaire qui est décrémentée au fur et à mesure des transactions faites au moyen dudit porte-monnaie. Toutefois, les porte-monnaies électroniques présentent des inconvénients. En particulier, ils n'assurent pas la même sécurité de transaction que des cartes bancaires. Notamment, il peut arriver avec un porte-monnaie électronique que celui-ci enregistre un débit alors que la transaction au niveau du terminal de lecture n'est pas prise en compte.An electronic wallet is a device which comprises a memory in which is stored a value corresponding to a monetary sum which is decremented as and when transactions made by means of said wallet. However, electronic wallets have drawbacks. In particular, they do not provide the same transaction security as bank cards. In particular, it can happen with a electronic wallet that it records a debit while the transaction at the reading terminal is not taken into account.
Un but de l'invention est de proposer un procédé pour la gestion d'une transaction électronique qui permette de réaliser des transactions aussi vite qu'avec un porte-monnaie électronique, mais avec une sécurité analogue à celle que permettent les protocoles de transactions par carte bancaire actuellement connus.An object of the invention is to propose a method for managing an electronic transaction which makes it possible to carry out transactions as quickly as with an electronic purse, but with a security similar to that which the protocols of transactions by bank card currently known.
La solution selon l'invention consiste en un procédé pour la gestion d'une transaction électronique au moyen d'une carte bancaire du type à puce à micro-processeur et d'un terminal de lecture apte à dialoguer avec ladite carte, dans lequel le terminal de lecture transmet à ladite carte un signal qui lui indique le montant de la transaction et dans lequel ladite carte compare ce montant à une valeur seuil de montant de transaction et commande une procédure d'authentification du porteur lorsque ce montant est supérieur audit seuil, caractérisé en ce que, lorsque ce montant est inférieur audit seuil, ladite carte à puce compare à une valeur seuil la valeur d'un compteur, dit de cumul des petits montants, qu'elle incrémente de la valeur du montant de la transaction et en ce qu'une procédure d'authentification du porteur de la carte est commandée par ladite carte en fonction du résultat de cette comparaison.The solution according to the invention consists of a method for managing an electronic transaction by means of a micro-processor chip type bank card and a reading terminal capable of communicating with said card, in which the reading terminal transmits to said card a signal which indicates to it the amount of the transaction and in which said card compares this amount with a threshold value of transaction amount and controls a procedure for authentication of the holder when this amount is greater than said threshold, characterized in that, when this amount is lower than said threshold, said smart card compares to a threshold value the value of a counter, known as the cumulative of small amounts, which it increments by the value of the amount of the transaction and in that a card holder authentication procedure is controlled by said card according to the result of this comparison.
Ainsi, un porteur de carte bénéficie avec sa carte bancaire d'un service qui pour lui s'apparente à celui d'un porte-monnaie électronique, mais qui est d'une plus grande sécurité, puisqu'il utilise l'infrastructure existant pour les cartes bancaires. En outre, la fonction traditionnelle de rechargement y est supprimée, ce qui confère un plus grand confort à l'utilisation de la carte.Thus, a card holder benefits with his bank card from a service which for him is similar to that of an electronic wallet, but which is of greater security, since he uses the existing infrastructure to bank cards. In addition, the traditional recharging function is eliminated, which makes it easier to use the card.
Ce procédé est avantageusement complété par les différentes caractéristiques suivantes prises seules ou selon toutes leurs combinaisons techniquement possibles : - la valeur du compteur est remplacée par ladite valeur incrémentée lorsque la valeur du montant de la transaction est inférieure à la valeur seuil de montant de transaction ; - la valeur du compteur de cumul de petits montants est remplacée par ladite valeur incrémentée lorsque, en fonction du résultat de la comparaison, la procédure d'authentification du porteur de la carte n'est pas commandée par ladite carte ; - lorsque le code d'identification du porteur de la carte a été vérifié, la carte incrémente de la valeur du montant de la transaction, la somme du compteur de petits montants et d'un deuxième compteur, elle compare la somme incrémentée à une valeur seuil et commande l'interrogation par le terminal de lecture d'un centre d'autorisation en fonction du résultat de cette comparaison, ladite carte remettant à zéro les deux compteurs lorsque l'autorisation est donnée par ledit centre, la valeur du deuxième compteur étant remplacée par la valeur de la somme incrémentée, si en fonction du résultat de la comparaison, la carte décide de ne pas demander au terminal de lecture d'interroger le centre d'autorisation, la valeur du compteur de petits montants étant alors remise à zéro ;This process is advantageously supplemented by the following different characteristics taken alone or in all their technically possible combinations: - the counter value is replaced by said incremented value when the value of the transaction amount is less than the threshold value of the transaction amount; the value of the counter for accumulating small amounts is replaced by said incremented value when, depending on the result of the comparison, the authentication procedure of the card holder is not controlled by said card; - when the identification code of the card holder has been verified, the card increments the value of the transaction amount, the sum of the counter for small amounts and a second counter, it compares the amount incremented with a value threshold and controls the interrogation by the reading terminal of an authorization center as a function of the result of this comparison, said card resetting the two counters to zero when the authorization is given by said center, the value of the second counter being replaced by the value of the incremented sum, if according to the result of the comparison, the card decides not to ask the reading terminal to interrogate the authorization center, the value of the counter for small amounts then being reset to zero ;
- l'incrémentation mise en œuvre par la carte à puce est une incrémentation positive ;- the increment implemented by the smart card is a positive increment;
- l'incrémentation mise en œuvre par la carte à puce est une incrémentation négative. L'invention concerne également une carte à puce à micro-processeur destinée à être utilisée pour réaliser des transactions électroniques, caractérisée en ce qu'elle comporte des moyens pour mettre en œuvre le procédé précité.- the increment implemented by the smart card is a negative increment. The invention also relates to a micro-processor chip card intended to be used for carrying out electronic transactions, characterized in that it includes means for implementing the above-mentioned method.
Avantageusement, cette carte à puce comporte des moyens mémoires pour mémoriser une ou plusieurs valeurs seuils et/ou des valeurs de compteur, ainsi que des moyens de comparaison.Advantageously, this smart card includes memory means for storing one or more threshold values and / or counter values, as well as comparison means.
L'invention concerne en outre un terminal de lecture de cartes à puce à micro-processeur, destiné à être utilisé pour réaliser des transactions électroniques, caractérisé en ce qu'il comporte des moyens pour mettre en œuvre le procédé précité.The invention further relates to a micro-processor chip card reader terminal, intended to be used for carrying out electronic transactions, characterized in that it comprises means for implementing the aforementioned method.
D'autres caractéristiques et avantages de l'invention ressortiront encore de la description qui suit de plusieurs modes de mise en œuvre de l'invention. Cette description est purement illustrative et non limitative. Elle doit être lue en regard des dessins annexés sur lesquels : - la figure 1 est un organigramme illustrant un mode de mise en œuvre possible pour le procédé proposé par l'invention ; - la figure 2 est un organigramme illustrant un autre mode de mise en œuvre possible.Other characteristics and advantages of the invention will emerge from the following description of several modes of implementation of the invention. This description is purely illustrative and not limiting. It should be read with reference to the appended drawings in which: - Figure 1 is a flowchart illustrating a possible mode of implementation for the method proposed by the invention; - Figure 2 is a flowchart illustrating another possible mode of implementation.
Les différentes étapes des procédés de gestion illustrés sur les figures 1 et 2 sont mises en œuvre lors d'une transaction électronique réalisée au moyen d'une carte à puce de type bancaire. Cette carte à puce comporte un microprocesseur qui est programmé de façon à mettre en œuvre un protocole qui correspond à ces différentes étapes, ainsi que des mémoires ROM, EPROM, EEPROM ou RAM dans lesquelles sont mémorisés les différentes valeurs calculées ou prises en compte lors de ces différentes étapes (montant de la transaction, valeurs de compteur(s), plafond(s), etc.).The various stages of the management methods illustrated in FIGS. 1 and 2 are implemented during an electronic transaction carried out by means of a smart card of the banking type. This smart card comprises a microprocessor which is programmed so as to implement a protocol which corresponds to these different stages, as well as ROM, EPROM, EEPROM or RAM memories in which the various values calculated or taken into account during storage are stored. these different stages (amount of the transaction, counter values (s), ceiling (s), etc.).
Le terminal de lecture est programmé pour mettre en œuvre le même procédé, la carte à puce et ledit terminal comportant des moyens leur permettant de dialoguer, ces moyens pouvant être de tout type (bus utilisant des pistes de connexion portées par la carte à puce, échanges par émission/réception RF, etc.).The reading terminal is programmed to implement the same method, the smart card and said terminal comprising means allowing them to dialogue, these means being able to be of any type (bus using connection tracks carried by the smart card, exchanges by RF transmission / reception, etc.).
Sur la figure 1 , les étapes mises en œuvre par la carte à puce sont présentées dans le bloc référencé par C, celles mises en œuvre par le terminal de lecture étant présentées dans le bloc référencé par L.In FIG. 1, the steps implemented by the smart card are presented in the block referenced by C, those implemented by the reading terminal being presented in the block referenced by L.
La transaction débute par une initialisation de la carte à puce commandée par le terminal de lecture (étape 1).The transaction begins with an initialization of the smart card controlled by the reading terminal (step 1).
Celle-ci, en réponse, transmet au terminal de lecture son identification (étape 2).The latter, in response, transmits its identification to the reading terminal (step 2).
Puis le terminal de lecture demande à l'opérateur de saisir le montant M de la transaction (étape 3). Il transmet ce montant M à la carte. Celle-ci met en œuvre un test 4 sur la valeur de ce montant M.Then the reading terminal requests the operator to enter the amount M of the transaction (step 3). It transmits this amount M to the card. This implements a test 4 on the value of this amount M.
Si ce montant M est inférieur à une valeur plafond VP1 , la carte incrémente un compteur COMPT de la valeur de ce montant M (étape 5). La carte compare alors la valeur de ce compteur COMPT à un seuil VP2, qui peut être différent du seuil VP1.If this amount M is less than a ceiling value VP1, the card increments a counter COMPT by the value of this amount M (step 5). The card then compares the value of this counter COMPT with a threshold VP2, which may be different from the threshold VP1.
Si le compteur COMPT est inférieur à VP2, le micro-processeur de la carte calcule la signature ST de la transaction (étape 7) et la transmet au terminal de lecture qui la vérifie et archive le montant de la transaction, ainsi que le détail de celle-ci (étapes 8 et 9).If the counter COMPT is less than VP2, the microprocessor of the card calculates the signature ST of the transaction (step 7) and transmits it to the reading terminal which verifies it and archives the amount of the transaction, as well as the detail of this one (steps 8 and 9).
Si par contre, la valeur du compteur COMPT est supérieure à VP2, la carte demande au terminal de lecture la présentation du code du porteur (étape 10). Le porteur saisit son code (étape 11).If on the other hand, the value of the counter COMPT is greater than VP2, the card requests the reading terminal to present the code of the carrier (step 10). The carrier enters his code (step 11).
Le code est transmis par le terminal de lecture à la carte qui le vérifie (étape 12).The code is transmitted by the reading terminal to the card which verifies it (step 12).
Après vérification, le micro-processeur de la carte reprend le traitement et calcule la signature ST de transaction (étape 7). Entre l'étape de vérification 12 et l'étape de calcul 7, le compteur COMPT est remis à zéro. Ainsi, le compteur COMPT est remis à zéro après chaque vérification positive du code confidentiel (étape 20).After verification, the microprocessor of the card resumes processing and calculates the transaction signature ST (step 7). Between the verification step 12 and the calculation step 7, the counter COMPT is reset to zero. Thus, the counter COMPT is reset to zero after each positive verification of the confidential code (step 20).
Le code du porteur est également demandé par la carte lorsque le montant M est supérieur à la valeur seuil VP1 (réponse "oui" au test 4). Dans ce cas, le code du porteur est vérifié et le montant M n'est pas cumulé sur le compteur COMPT.The carrier code is also requested by the card when the amount M is greater than the threshold value VP1 ("yes" answer to test 4). In this case, the bearer's code is verified and the amount M is not accumulated on the ACCOUNT counter.
Les étapes classiques d'une transaction par carte bancaire se déroulent.The classic stages of a credit card transaction take place.
Eventuellement, ou en variante, il peut être prévu que la carte demande la connexion du terminal de lecture au système bancaire pour en obtenir une autorisation de transaction.Optionally, or alternatively, provision may be made for the card to request the connection of the reading terminal to the banking system in order to obtain a transaction authorization.
Avec l'autorisation de transaction, le terminal de lecture peut, en fonction des informations fournies par le système bancaire, transmettre à la carte un ordre de remise à jour des plafonds VP1 et VP2. Comme on l'aura compris, dans la variante de mise en œuvre qui vient d'être décrite en référence à la figure 1 , la carte de paiement cumule sur le compteur interne COMPT le montant des transactions inférieures à un certain seuil et ne demande une authentification du porteur que lorsque le montant M est supérieur à ce seuil ou lorsque la somme cumulée des transactions antérieures devient supérieure à un seuil donné.With the transaction authorization, the reading terminal can, according to the information provided by the banking system, transmit to the card an order to update the VP1 and VP2 ceilings. As will be understood, in the implementation variant which has just been described with reference to FIG. 1, the payment card accumulates on the internal counter COMPT the amount of transactions below a certain threshold and does not request a carrier authentication only when the amount M is greater than this threshold or when the cumulative sum of previous transactions becomes greater than a given threshold.
En variante, il peut être prévu que le compteur COMPT est remis à zéro uniquement dans l'hypothèse où il est vérifié que la valeur du compteur COMPT est supérieure à la valeur seuil VP2 dans l'étape 6 et où le code saisi est reconnu correct par la carte.As a variant, provision may be made for the counter COMPT to be reset only if it is verified that the value of the counter COMPT is greater than the threshold value VP2 in step 6 and where the code entered is recognized as correct by card.
Dans cette hypothèse, le compteur COMPT n'est pas remis à zéro si, lors de l'étape 4, il est vérifié que le montant M est supérieur à la valeur seuil VP1. II n'est remis à zéro que si le montant M est inférieur à la valeur seuilIn this hypothesis, the counter COMPT is not reset to zero if, during step 4, it is verified that the amount M is greater than the threshold value VP1. It is only reset if the amount M is less than the threshold value
VP1 et si il est vérifié dans l'étape 6 que le compteur COMPT est supérieur à VP2 et si le code vérifié est correct.VP1 and if it is checked in step 6 that the counter COMPT is higher than VP2 and if the verified code is correct.
Ainsi, le compteur COMPT n'est remis à zéro que lorsque d'une part la somme des petits montants atteint le seuil VP2 et d'autre part le porteur est authentifié par son code.Thus, the counter COMPT is only reset to zero when on the one hand the sum of the small amounts reaches the threshold VP2 and on the other hand the holder is authenticated by his code.
En variante encore, la carte peut être utilisée pour réaliser un paiement incrémental, par exemple dans le cas d'une communication à partir d'une cabine téléphonique publique.In another variant, the card can be used to make an incremental payment, for example in the case of a communication from a public telephone booth.
Dans ce cas, une boucle d'incrément est ajoutée entre les étapes 7 et 3, et la signature ST est en fonction de la somme incrémentée (ΣM) à la fin de la communication, ΣM étant remis à zéro dans la carte à l'issue de l'étape d'identification 2.In this case, an increment loop is added between steps 7 and 3, and the ST signature is based on the incremented sum (ΣM) at the end of the communication, ΣM being reset to zero in the card at from the identification step 2.
Ainsi, on ne conserve en fin de communication qu'un seul ordre de virement ST contenant la somme des taxes consommées ; l'utilisateur paye en fonction de la durée de la communication et au fil des taxes consommées.Thus, only one ST transfer order containing the sum of the taxes consumed is kept at the end of the communication; the user pays according to the duration of the communication and over the taxes consumed.
Une autre variante de mise en œuvre est illustrée sur la figure 2.Another implementation variant is illustrated in FIG. 2.
Cette deuxième variante consiste à gérer un deuxième compteurThis second variant consists in managing a second counter
CPT2 dans la carte agrégeant les cumuls effectués sur un premier compteur CPT1 de petits montants. Si la valeur du compteur CPT2 atteint une deuxième valeur plafond VP2, définie par la banque et enregistrée préalablement dans la carte, la carte exigera le contrôle d'un certificat calculé par un centre d'autorisation.CPT2 in the card aggregating the accumulations made on a first counter CPT1 of small amounts. If the value of the counter CPT2 reaches a second ceiling value VP2, defined by the bank and recorded previously in the card, the card will require the control of a certificate calculated by an authorization center.
La procédure est la suivante :The procedure is as follows:
La carte ajoute le montant M de la transaction à la valeur lue dans CPT1.The card adds the amount M of the transaction to the value read in CPT1.
Si (test 13) la somme CPT1+M atteint la valeur plafond VP1 , la carte exige le contrôle du code confidentiel du porteur (étapes 10, 11 et 12).If (test 13) the sum CPT1 + M reaches the ceiling value VP1, the card requires the control of the confidential code of the holder (steps 10, 11 and 12).
Si le code confidentiel est correct, la carte ajoute la valeur de CPT1+M à la valeur lue dans CPT2. La nouvelle valeur obtenue est comparée à un seuil VP2 (test 14).If the confidential code is correct, the card adds the value of CPT1 + M to the value read in CPT2. The new value obtained is compared to a VP2 threshold (test 14).
Si la somme CPT1+M+CPT2 atteint le plafond VP2, la carte exige (étape 15) le contrôle d'un certificat calculé par un centre d'autorisation interrogé par le terminal du terminal de lecture L (étape 16).If the sum CPT1 + M + CPT2 reaches the ceiling VP2, the card requires (step 15) the control of a certificate calculated by an authorization center interrogated by the terminal of the reading terminal L (step 16).
Si le certificat est correct, la carte remet à zéro les compteurs CPT1 et CPT2 (étape 17) puis calcule et délivre la signature de la transaction (étapes 7 et suivantes).If the certificate is correct, the card resets the counters CPT1 and CPT2 to zero (step 17) then calculates and delivers the signature of the transaction (steps 7 and following).
Si le certificat est incorrect, la carte ne délivre pas la signature de la transaction et laisse en l'état les valeurs des compteurs CPT1 et CPT2.If the certificate is incorrect, the card does not deliver the signature of the transaction and leaves the values of the counters CPT1 and CPT2 as they are.
Si la somme CPT1+M+CPT2 n'a pas atteint la valeur plafond VP2, la carte remet à zéro le compteur CPT1 et met à jour le compteur CPT2 en remplaçant sa valeur précédente par CPT2+CPT1+M (étape 18). Puis elle calcule et délivre la signature de la transaction (étapes 7, 8 et 9).If the sum CPT1 + M + CPT2 has not reached the ceiling value VP2, the card resets the counter CPT1 to zero and updates the counter CPT2 by replacing its previous value with CPT2 + CPT1 + M (step 18). Then it calculates and delivers the signature of the transaction (steps 7, 8 and 9).
Si le code confidentiel n'est pas correct, la carte C ne délivre pas la signature de la transaction et laisse en l'état les compteurs CPT1 et CPT2. Si la somme CPT1+M n'atteint pas la valeur plafond VP1 , la carte met à jour le compteur CPT1 en remplaçant sa valeur précédente par la somme CPT1+M (étape 19) , puis elle délivre la signature de la transaction (étapes 7, 8 et 9).If the confidential code is not correct, the card C does not deliver the signature of the transaction and leaves the counters CPT1 and CPT2 as they are. If the sum CPT1 + M does not reach the ceiling value VP1, the card updates the counter CPT1 by replacing its previous value with the sum CPT1 + M (step 19), then it delivers the signature of the transaction (steps 7 , 8 and 9).
La carte qui vient d'être décrite peut être utilisée en postdébit. Les montants débités sont cumulés, par exemple sur 30 jours au plus, par numéro de compte porteur, et le compte porteur est débité après dépassement du plafond VP2 ou à l'issue des 30 jours de la valeur des montants cumulés depuis le dernier débit du compte. Les montants peuvent être cumulés :The card which has just been described can be used in post-flow. The amounts debited are accumulated, for example over 30 days at most, by bearer account number, and the bearer account is debited after exceeding the VP2 ceiling or at the end of 30 days of the value of the amounts accumulated since the last debit from the account. The amounts can be accumulated:
- sur le serveur de collecte après collecte des transactions stockées sur les terminaux commerçants. Dans ce cas, le dépassement du plafond VP2 déclenche dans la carte via le terminal une demande d'autorisation de montant égal au nouveau plafond VP2 qui peut être redéfini par la banque.- on the collection server after collection of the transactions stored on the merchant terminals. In this case, exceeding the VP2 ceiling triggers in the card via the terminal an authorization request for an amount equal to the new VP2 ceiling which can be redefined by the bank.
- Dans la carte elle-même. Dans ce cas, le dépassement du plafond VP2 déclenche dans la carte via le terminal une remise du cumul et une demande d'autorisation. Il est nécessaire dans ce cas de faire payer au client une caution au moment de l'obtention de sa carte, pour éviter la perte ou le vol « volontaire » de sa carte (évitant ainsi le débit du cumul). Cette caution peut être déguisée, c'est-à-dire incluse dans l'abonnement annuel de la carte.- In the card itself. In this case, exceeding the VP2 ceiling triggers a discount in the card via the terminal and an authorization request. It is necessary in this case to make the customer pay a deposit when obtaining his card, to avoid loss or the "voluntary" theft of his card (thus avoiding the debit of the accumulation). This deposit can be disguised, that is to say included in the annual subscription of the card.
La carte peut également être utilisée en prédébit. Dans ce cas, la valeur VP1 , et pour la variante de la figure 2, la valeur VP2, est (ou sont) prépayée(s) par le porteur et mise(s) à jour dans la carte, à l'aide du certificat reçu qui est fonction du montant prépayé par l'utilisateur. Si l'utilisateur se trouve sur un terminal sans clavier d'identification ou non connecté à un réseau de télécommunication, et que la valeur prépayée VP1 , VP2 est atteinte, il devra se présenter sur un dispositif de la banque (guichet automatique - distributeur de billet ou téléphone public) pour que puisse être réalisées les opérations de contrôle du certificat émis par le centre d'autorisation. La transaction dans ce cas étant fictive, aucun montant n'étant débité du compte du client, sauf dans l'application prédébit. En variante encore, la carte peut ne pas disposer du code d'authentification du porteur.The card can also be used in advance. In this case, the value VP1, and for the variant of FIG. 2, the value VP2, is (or are) prepaid by the carrier and updated in the card, using the certificate receipt which depends on the amount prepaid by the user. If the user is on a terminal without an identification keypad or not connected to a telecommunications network, and the prepaid value VP1, VP2 is reached, he must present himself on a bank device (ATM - ATM) ticket or public telephone) so that the certificate control operations issued by the authorization center can be carried out. The transaction in this case is fictitious, no amount being debited from the customer's account, except in the pre-charge application. In another variant, the card may not have the authentication code of the holder.
Dans ce cas, la comparaison du montant de la transaction au seuil VP1 n'est pas faite et VP1 n'est pas utilisé. Lorsque la valeur COMPT mémorisée dans la carte est supérieure ou égale au seuil VP2, la carte ne délivre pas la signature ST de transaction. Une tolérance sur VP2 est définie pour accepter des valeurs de COMPT légèrement supérieures à VP2 et ainsi permettre le franchissement par COMPT de la valeur VP2 qui bloque la carte.In this case, the comparison of the transaction amount with the threshold VP1 is not made and VP1 is not used. When the value COMPT stored in the card is greater than or equal to the threshold VP2, the card does not deliver the transaction signature ST. A tolerance on VP2 is defined to accept values of COMPT slightly higher than VP2 and thus allow the crossing by COMPT of the value VP2 which blocks the card.
La carte peut être jetable, lorsque VP2 est atteint, la carte n'est plus utilisable. Toutefois, en particulier si la carte est consignée, le porteur peut retourner la carte à la banque qui à l'aide d'une procédure sécurisée remet à zéro la valeur de COMPT, avant de la réintroduire dans un nouveau cycle d'utilisation.The card can be disposable, when VP2 is reached, the card is no longer usable. However, in particular if the card is consigned, the holder can return the card to the bank which, using a secure procedure, resets the value of COMPT to zero, before reintroducing it into a new use cycle.
Ou bien, la carte peut être débloquée par la banque à l'aide d'une procédure sécurisée en ligne. Au cours de cette procédure le porteur est authentifié, par exemple, à l'aide d'une deuxième carte de paiement ou un code vérifié par le serveur de la banque, et COMPT est remis à zéro après vérification par la carte d'un certificat calculé par la banque.Or, the card can be released by the bank using a secure online procedure. During this procedure, the bearer is authenticated, for example, using a second payment card or a code verified by the bank's server, and ACCT is reset after verification by the card of a certificate. calculated by the bank.
Dans les exemples qui précèdent, les compteurs CPT1 et CPT2 sont incrémentés de la valeur 0 à une valeur plafond. Il est aussi possible de procéder par décomptage, les compteurs étant initialisés à la valeur plafondIn the above examples, the counters CPT1 and CPT2 are incremented from the value 0 to a ceiling value. It is also possible to count down, the counters being initialized at the ceiling value
VP1 et VP2 puis décrémentés jusqu'à la valeur 0, le comptage peut se faire également sur des valeurs négatives etc.VP1 and VP2 then decremented to the value 0, counting can also be done on negative values etc.
Comme on l'aura compris, avec le procédé de gestion proposé par l'invention, le montant cumulé est comparé, non pas à un montant préalablement rechargé dans la carte, mais à une valeur maximale fixée en fonction du risque que l'émetteur de la carte estime prendre. Cette comparaison est un moyen de limiter les dépenses du client dans le temps, et c'est là un des rôles de la carte, en plus de l'authentification. La valeur maximale choisie peut être considérée comme une sorte de crédit permanent accordé aux clients solvables, la banque se rémunérant par exemple grâce à une commission sur les transactions.As will be understood, with the management method proposed by the invention, the accumulated amount is compared, not to an amount previously recharged in the card, but to a maximum value fixed according to the risk that the issuer of the card believes to take. This comparison is a means of limiting the client's spending over time, and this is one of the roles of the card, in addition to authentication. The maximum value chosen can be considered as a kind of permanent credit granted to creditworthy customers, the bank being remunerated for example through a commission on transactions.
Les petites transactions sont remises : - soit individuellement par le commerçant, comme des transactions de montant normal, en utilisant l'infrastructure bancaire. La seule fonction du cumul client dans la carte est alors de limiter les dépenses du client (rôle modérateur) ; - soit avec une option de cumul commerçant, ce qui suppose que le cumul client est remis également (par la carte, au cours d'une transaction) en banque pour facturation. Cette option ne permet évidemment pas les mêmes contrôles que la première.Small transactions are delivered: - either individually by the merchant, like transactions of normal amount, using the banking infrastructure. The only function of client accumulation in the card is then to limit the client's expenses (moderating role); - or with a merchant cumulation option, which supposes that the client cumulation is also delivered (by card, during a transaction) to the bank for invoicing. This option obviously does not allow the same controls as the first.
Une gestion de crédit dans la carte peut être la suivante :Credit management in the card can be as follows:
- une transaction pour être valide doit être signée par la carte. La signature ST1, imprimée sur le ticket client sert à résoudre d'éventuels litiges.- a transaction to be valid must be signed by the card. The ST1 signature, printed on the customer ticket, is used to resolve any disputes.
- Les données d'une transaction sont stockées dans le fichier remise du terminal puis collectées une fois par jour par ie centre de collecte de la banque du commerçant. Les transactions de petits montants sont transmises à la banque du porteur et ne sont pas traitées individuellement par celle-ci : elles sont stockées pour permettre I audit du système, résoudre d'éventuels litiges, et compenser la banque commerçant.- The data of a transaction are stored in the delivery file of the terminal and then collected once a day by the collection center of the merchant's bank. Small amount transactions are transmitted to the bearer's bank and are not processed individually by it: they are stored to allow the audit of the system, resolve any disputes, and compensate the merchant bank.
- Le compte bancaire du commerçant est crédité d'après le cumul des petits montants collectés dans le terminal quotidiennement.- The merchant's bank account is credited according to the cumulative amount of small amounts collected in the terminal daily.
- Le montant d'une transaction est cumulé dans le compteur crédit de la carte. La carte vérifie la valeur du compteur crédit et la durée du crédit.- The amount of a transaction is accumulated in the credit counter of the card. The card checks the value of the credit counter and the duration of the credit.
Des exemples de transactions traitées par la carte sont donnés dans les tableaux suivants. Tableau 1/Examples of transactions processed by the card are given in the following tables. Table 1 /
Le compteur crédit de la carte a atteint la valeur plafond fixée par la banque. Les données du tableau sont gérées dans la carte. La date de la transaction, le montant de la transaction sont fournis à la carte par le terminal.The credit card counter has reached the ceiling value set by the bank. The data in the table is managed in the map. The date of the transaction, the amount of the transaction are provided to the card by the terminal.
Tableau II/ Table II /
La durée maximum du crédit de la carte est atteinte.The maximum credit duration of the card has been reached.
Le procédé de transaction proposé par l'invention présente de nombreux avantages :The transaction method proposed by the invention has many advantages:
- la sécurité est celle de la carte bancaire car les débits sont vérifiés a posteriori par le porteur, le commerçant et la banque ;- the security is that of the bank card because debits are verified a posteriori by the holder, the merchant and the bank;
- le paiement avec carte débit-crédit peut être effectué sur une carte sans contact car il n'y a plus saisie systématique du code confidentiel de plus, en cas d'interruption des échanges sans contact, la transaction peut être facilement annulée ;- payment with debit-credit card can be made on a contactless card because there is no longer any systematic entry of the confidential code, in the event of interruption of contactless exchanges, the transaction can be easily canceled;
- le réseau carte bancaire n'est pas modifié et il y a possibilité de réutiliser le serveur d'agrégation des montants de transactions de publiphonie sur un mois par carte bancaire ; - il n'est plus possible de tromper le terminal sur la réponse à la vérification du code porteur, car la transaction ne sera poursuivie que si le code porteur est correct. - the bank card network is not modified and there is the possibility of reusing the aggregation server for payphone transaction amounts over a month by bank card; - it is no longer possible to mislead the terminal on the response to the verification of the carrier code, because the transaction will only be continued if the carrier code is correct.

Claims

REVENDICATIONS
1. Procédé pour la gestion d'une transaction électronique au moyen d'une carte bancaire du type à puce à micro-processeur et d'un terminal de lecture apte à dialoguer avec ladite carte, dans lequel le terminal de lecture transmet à ladite carte un signal qui lui indique le montant de la transaction et dans lequel ladite carte compare ce montant à une valeur seuil de montant de transaction et commande une procédure d'authentification du porteur lorsque ce montant est supérieur audit seuil, caractérisé en ce que, lorsque ce montant est inférieur audit seuil, ladite carte à puce compare à une valeur seuil la valeur d'un compteur, dit de cumul des petits montants, qu'elle incrémente de la valeur du montant de la transaction et en ce qu'une procédure d'authentification du porteur de la carte est commandée par ladite carte en fonction du résultat de cette comparaison. 1. Method for managing an electronic transaction by means of a micro-processor chip type bank card and a reading terminal capable of communicating with said card, in which the reading terminal transmits to said card a signal which indicates to him the amount of the transaction and in which said card compares this amount to a threshold value of transaction amount and controls a procedure for authentication of the holder when this amount is greater than said threshold, characterized in that, when this amount is less than said threshold, said smart card compares to a threshold value the value of a counter, known as the accumulation of small amounts, which it increments by the value of the amount of the transaction and in that a authentication of the card holder is controlled by said card according to the result of this comparison.
2. Procédé selon la revendication 1 , caractérisé en ce que la valeur du compteur est remplacée par ladite valeur incrémentée lorsque la valeur du montant de la transaction est inférieure à la valeur seuil de montant de transaction.2. Method according to claim 1, characterized in that the counter value is replaced by said incremented value when the value of the transaction amount is less than the threshold value of transaction amount.
3. Procédé selon l'une des revendications précédentes, caractérisé en ce que la valeur du compteur de cumul de petits montants est remplacée par ladite valeur incrémentée lorsque, en fonction du résultat de la comparaison, la procédure d'authentification du porteur de la carte n'est pas commandée par ladite carte.3. Method according to one of the preceding claims, characterized in that the value of the counter for accumulating small amounts is replaced by said incremented value when, depending on the result of the comparison, the authentication procedure of the card holder is not ordered by said card.
4. Procédé selon la revendication 3, caractérisé en ce que lorsque le code d'identification du porteur de la carte a été vérifié, la carte incrémente de la valeur du montant de la transaction, la somme du compteur de petits montants et d'un deuxième compteur, en ce qu'elle compare la somme incrémentée à une valeur seuil et commande l'interrogation par le terminal de lecture d'un centre d'autorisation en fonction du résultat de cette comparaison, ladite carte remettant à zéro les deux compteurs lorsque l'autorisation est donnée par ledit centre, la valeur du deuxième compteur étant remplacée par la valeur de la somme incrémentée, si en fonction du résultat de la comparaison, la carte décide de ne pas demander au terminal de lecture d'interroger le centre d'autorisation, la valeur du compteur de petits montants étant alors remise à zéro.4. Method according to claim 3, characterized in that when the identification code of the card holder has been verified, the card increments by the value of the amount of the transaction, the sum of the counter of small amounts and a second counter, in that it compares the sum incremented with a threshold value and controls the interrogation by the reading terminal of an authorization center according to the result of this comparison, said card resetting the two counters when the authorization is given by said center, the value of the second counter being replaced by the value of the incremented sum, if, depending on the result of the comparison, the card decides not to ask the terminal reading to interrogate the authorization center, the value of the counter for small amounts then being reset to zero.
5. procédé selon l'une des revendications précédentes, caractérisé en ce que l'incrémentation mise en œuvre par la carte à puce est une incrémentation positive.5. Method according to one of the preceding claims, characterized in that the increment implemented by the smart card is a positive increment.
6. Procédé selon l'une des revendications 1 à 4, caractérisé en ce que l'incrémentation mise en œuvre par la carte à puce est une incrémentation négative.6. Method according to one of claims 1 to 4, characterized in that the increment implemented by the smart card is a negative increment.
7. Carte à puce à microprocesseur destinée à être utilisée pour réaliser des transactions électroniques, caractérisée en ce qu'elle comporte des moyens pour mettre en œuvre le procédé selon l'une des revendications précédentes.7. Chip card with microprocessor intended to be used to carry out electronic transactions, characterized in that it comprises means for implementing the method according to one of the preceding claims.
8. Carte à puce selon la revendication 7, caractérisée en ce que, pour mettre en œuvre le procédé selon l'une des revendications 1 à 6, elle comporte des moyens mémoires pour mémoriser une ou plusieurs valeurs seuils et/ou des valeurs de compteur, ainsi que des moyens de comparaison.8. Smart card according to claim 7, characterized in that, to implement the method according to one of claims 1 to 6, it comprises memory means for storing one or more threshold values and / or counter values , as well as means of comparison.
9. Terminal de lecture de cartes à puce à microprocesseur, destiné à être utilisé pour réaliser des transactions électroniques, caractérisé en ce qu'il comporte des moyens pour mettre en œuvre le procédé selon l'une des revendications 1 à 6. 9. Terminal for reading microprocessor smart cards, intended to be used for carrying out electronic transactions, characterized in that it comprises means for implementing the method according to one of claims 1 to 6.
EP99942993A 1998-09-18 1999-09-17 Method for managing an electronic transaction by smart card, terminal and smart card implementing same Ceased EP1114403A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9811706A FR2783623B1 (en) 1998-09-18 1998-09-18 METHOD FOR MANAGING AN ELECTRONIC TRANSACTION BY CHIP CARD, TERMINAL AND CHIP CARD IMPLEMENTING THIS METHOD
FR9811706 1998-09-18
PCT/FR1999/002214 WO2000017827A1 (en) 1998-09-18 1999-09-17 Method for managing an electronic transaction by smart card, terminal and smart card implementing same

Publications (1)

Publication Number Publication Date
EP1114403A1 true EP1114403A1 (en) 2001-07-11

Family

ID=9530612

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99942993A Ceased EP1114403A1 (en) 1998-09-18 1999-09-17 Method for managing an electronic transaction by smart card, terminal and smart card implementing same

Country Status (6)

Country Link
EP (1) EP1114403A1 (en)
JP (2) JP4411781B2 (en)
CN (1) CN100580720C (en)
FR (1) FR2783623B1 (en)
HK (1) HK1039673A1 (en)
WO (1) WO2000017827A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001043274A (en) * 1999-08-03 2001-02-16 Fujitsu Ltd Account settlement system and card
US10068220B2 (en) 2006-10-11 2018-09-04 Visa International Service Association Systems and methods for brokered authentication express seller links
CN101554005A (en) * 2006-10-11 2009-10-07 国际签证服务协会 Method and system for processing micropayment transactions
FR2986889B1 (en) * 2012-02-09 2014-10-17 Thales Sa PAYMENT SYSTEM, PAYMENT TERMINAL OF THE SYSTEM, AND PAYMENT METHOD THEREOF
US9451303B2 (en) 2012-02-27 2016-09-20 The Nielsen Company (Us), Llc Method and system for gathering and computing an audience's neurologically-based reactions in a distributed framework involving remote storage and computing
US9292858B2 (en) 2012-02-27 2016-03-22 The Nielsen Company (Us), Llc Data collection system for aggregating biologically based measures in asynchronous geographically distributed public environments

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0203542A3 (en) * 1985-05-31 1987-08-26 Siemens Aktiengesellschaft Berlin Und Munchen Method and apparatus for verifying ic cards
KR910002131B1 (en) * 1985-10-28 1991-04-04 가부시키가이샤 도시바 Portable electronics apparatus
DE3789326T2 (en) * 1986-01-21 1994-07-07 Fujitsu Ltd Automatic transaction machine.
FR2657706B1 (en) * 1990-01-30 1992-11-27 Gemplus Card Internal Sa METHOD AND DEVICE FOR MANAGING TRANSACTIONS USING MICROCIRCUIT CARDS.
KR0146624B1 (en) * 1994-12-19 1998-09-15 김광호 Credit dealing card and credit dealing apparatus and method thereof
JPH09128601A (en) * 1995-10-31 1997-05-16 Universal Denshi Keisan Kk Postpaid card system
JPH1027196A (en) * 1996-07-09 1998-01-27 Hitachi Ltd Electronic transaction settlement system
JPH1063721A (en) * 1996-08-14 1998-03-06 Toshiba Corp Card, card transaction system, card supplying method, and card transaction method
JPH1063722A (en) * 1996-08-14 1998-03-06 Toshiba Corp Card transaction system and its method
JP3667519B2 (en) * 1998-02-04 2005-07-06 日本信販株式会社 Credit card issuing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0017827A1 *

Also Published As

Publication number Publication date
CN1322336A (en) 2001-11-14
CN100580720C (en) 2010-01-13
JP2002525766A (en) 2002-08-13
FR2783623B1 (en) 2003-05-09
JP2009245442A (en) 2009-10-22
HK1039673A1 (en) 2002-05-03
JP4411781B2 (en) 2010-02-10
WO2000017827A1 (en) 2000-03-30
FR2783623A1 (en) 2000-03-24

Similar Documents

Publication Publication Date Title
US8762274B2 (en) Remote currency dispensation systems and methods
JP2001521663A (en) Transaction system
WO2013045832A1 (en) Payment reporting method and system, and use for automated vehicle rental
CA2434236A1 (en) Electronic cash system for an electronic wallet
EP1114403A1 (en) Method for managing an electronic transaction by smart card, terminal and smart card implementing same
WO2008065271A2 (en) Method and system for withdrawing money using a mobile telephone
JP7495973B2 (en) Secure payment method and system
EP1875426A2 (en) Mobile terminal for secure electronic transactions and secure electronic transaction system
CA2249461A1 (en) Portable device for performing secure internal and smart card transactions, and method therefor
KR101123627B1 (en) A system for accumulating the changes and the method of providing the change accumulation service
WO2009077380A1 (en) Method for communicating from a transaction terminal with a server, and corresponding electronic terminal, server and system
JP2002525766A5 (en)
EP4075358B1 (en) Management of the memory in a device for processing transactions
EP2800072A2 (en) Method for issuing SIM mobile telephone cards with prepaid or postpaid subscription by an automaton
EP1354288A1 (en) Method using electronic banking cards for making secure transactions
KR20100131860A (en) System and method for lossaccept process of electronic money
WO2013045831A1 (en) Payment method and system, and use for automated vehicle rental
BE1028068B1 (en) Computerized billing tracking process
WO2023099496A1 (en) Method for processing a digital proof, system and corresponding program
WO2002023497A1 (en) Electronic note of fiduciary value, protocol for payment of electronic commerce purchases and corresponding server system
FR2782564A1 (en) Electronic purse and payment protocol for making secure payments in different currencies, comprises storage of certificated conversion table and comparison of electronic signatures
WO2001089148A2 (en) Improved data exchange installation in a network and associated banking card and method
FR2980892A1 (en) METHOD AND SYSTEM FOR PAYMENT OF CONSUMPTION REPEATED OVER TIME AND APPLICATION TO RENT VEHICLES.
FR2582830A1 (en) Device making it possible to determine a relationship between a referenced document and an individual
EP1199864A1 (en) System to securely access a service

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010417

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20030410

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20110923

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1039673

Country of ref document: HK