EP1218862A1 - Procede pour l'initialisation de supports de donnees mobiles - Google Patents

Procede pour l'initialisation de supports de donnees mobiles

Info

Publication number
EP1218862A1
EP1218862A1 EP01944863A EP01944863A EP1218862A1 EP 1218862 A1 EP1218862 A1 EP 1218862A1 EP 01944863 A EP01944863 A EP 01944863A EP 01944863 A EP01944863 A EP 01944863A EP 1218862 A1 EP1218862 A1 EP 1218862A1
Authority
EP
European Patent Office
Prior art keywords
authorization
data
initialization
network
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP01944863A
Other languages
German (de)
English (en)
Inventor
Klaus Ulrich Klosa
Roman Eppenberger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dormakaba Schweiz AG
Original Assignee
Kaba Schliessysteme AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kaba Schliessysteme AG filed Critical Kaba Schliessysteme AG
Publication of EP1218862A1 publication Critical patent/EP1218862A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data

Definitions

  • the invention relates to a method for initializing mobile data carriers with assigned decentralized read and write stations within the framework of an authorization system according to the preamble of claim 1.
  • Mobile data carriers for example contactless or contact-based identification media, chip cards or prepaid cards etc.
  • Initialization is to enable this access or the exercise of applications the data carrier and the associated read and write stations are necessary in the context of an authorization system with corresponding initialization information.
  • This initialization can refer to application-specific data (e.g. booking, a monetary value on the data carrier) and system-specific data (e.g. card issuer number, data organization for multi-applications, access rules on data carriers, etc.).
  • This initialization data or applications can also be initialized and changed gradually, step by step and at different times.
  • BESTATIGUNGSKOPIE This initialization is a safety-critical and very time-consuming process, which is also restricted to a certain location and can only take place at locations in a secure environment.
  • An example of this is described in WO 97/34265.
  • This describes a system with non-contact passive electronic data carriers as identification media IM with assigned read and write stations WR as part of an authorization system A, the data carriers being able to contain several independent applications. Here every identification medium and every application must be initialized according to the rules of the hierarchical authorization system.
  • special programming write and read stations as well as special authorization media in a secure environment are required and all decentralized read and write stations can also be baptized or initialized with a special authorization medium in order to be able to start their functions.
  • the initialization is therefore very complex and restricted and the initialization and administration of the authorization media is also security-critical and complex.
  • a completely different type of data transmission over a network is known in contact card systems, where the entire organization and all authorizations have to start from a single system center.
  • contact card systems where the entire organization and all authorizations have to start from a single system center.
  • a method for electronic personalization and initialization of chip cards from a central chip card administration system is known. These initializations take place via a communication channel to a chip card control system or reader, which physically contacts the chip card and forwards the data directly to the chip card.
  • the following problem cannot be solved even with such systems.
  • This object is achieved according to the invention by a method for initializing mobile data carriers according to claim 1 and a system according to claim 28.
  • the initialization via a network with secure communication and with authorizations by means of authorization at remote authorization instances in a secure environment, the mentioned further application and Possible uses of such systems with mobile data carriers and decentralized read and write stations have been significantly expanded.
  • FIG. 1 is a diagram of an inventive method for
  • Fig. 3 shows the inventive method for initializing
  • FIG. 11 schematically shows the organization in an authorization system with several authorization or organizational levels, several
  • 1 to 3 illustrate the method according to the invention for the initialization of mobile data carriers IM at assigned decentralized read and write stations WR within the framework of an authorization system A which defines hierarchical rules valid for the whole system of read and write stations, data carriers, authorization instances and authorization means , as described for example on a system with contactless identification media in WO 97/34265.
  • this known system serves only as a possible application example of the invention.
  • the method according to the invention is illustrated in FIG. 3:
  • the initialization data DI contain authorization information AI, which are entered into the authorization instance by the authorization means AM and initialization information II, which are also entered into the authorization instance HA or retrieved from it.
  • the mobile data carriers IM are initialized accordingly with the initialization data DI and thus transferred into initialized data carriers IMj, or the decentralized read and write station WR is initialized with the initialization data DI and converted into an initialized write and reading station transferred: WRk.
  • 1 and 2 illustrated the secure communication over a network N up to the decentralized read and write stations A-WR in an unsecured environment and.
  • the initialization takes place via a secure private network Np, which ensures the secure environment right up to the read and write stations.
  • Np secure private network
  • 2 shows an example of the initialization according to the invention via an open network No with encryption and double-sided security gates G1 and G2 in order to ensure the necessary secure communication via the open network.
  • the decentralized read and write stations WR and A-WR which are normally located in an unsecured environment, are integrated into the secure environment of the authorization authority HA for the initializations and thus the initialization takes place in a secure environment g instead.
  • applications with the identification media IM at the write and read stations WR can again be carried out in an unsecured environment as before.
  • the secure environment g via the network therefore only has to be established temporarily for the initialization.
  • FIG. 4 possible execution of authorization instances HA and authorization means AM are first illustrated.
  • the authorization system A is rather determined by compliance with hierarchical authorization rules, these authorization rules being implanted and stored in various locally distributed authorization instances HAi, for example on a chip or as a program.
  • these authorization rules or the authorization means AM form one locally distributed "virtual authorization system center" ⁇ . Belonging to system A for all writing and reading stations and all identification media is ensured by basic system preparation or basic initialization.
  • an authorization corresponding to the organizational level with the authorization information A-I is required.
  • this authorization information A-I corresponding to the authorization system A is transmitted to the authorization instance HA.
  • the authorization instances HA can, according to FIG. 4, e.g. consist of a host computer H with the corresponding authorization rules of the system A or from a remote authorization read and write station R-A-WR.
  • the authorization means AM can consist, for example, of an authorization identification medium AM-IM, which contains the authorization information A-I, or of authorization data AM-I, e.g. can be called up or executed as software (program) in a host H.
  • the handling (holder) of the authorization medium is carried out in accordance with the security requirements.
  • security is guaranteed by identification of the user, e.g. using a PIN code or biometric data or using an assigned special identification medium (ID-AM).
  • the authorization information A-I (j) relates to the authorization for the initialization j of a data carrier IM.
  • Appi applications are entered, generated or created in the authorization authority HA accessed and initialized as described via the network and the decentralized authorized read and write station A-WR in the data carrier IM: IMj (with Appi).
  • the authorization information A-I (k) is entered, generated or called up by the authorization means AM of the authorization instance HA.
  • the initialization information I-I (k) is also entered into the authorization instance.
  • the authorization information A-I (k) is first transmitted from the authorization instance HA to the writing and reading station WR, after which the initialization information I-I (k) is then transmitted.
  • the write and read station WR can also be initialized by means of corresponding initialization data I-I (k), with which, for example, additional functions can be introduced in the read and write station.
  • FIG. 6 shows the transfer or initialization of a decentralized write and read station WR into an authorized write and read station A-WR in order to be able to carry out initializations of mobile data carriers IM.
  • the writing and reading station WR must first be initialized with the authorization function FA.
  • the authorization information AI-FA must be entered by an authorization means AM into the authorization instance HA, whereupon the initialization or the transfer of the decentralized read and write station WR into an authorized write and read station A-WR with authorization function FA is carried out. Subsequently, the initialization of applications as before (FIG.
  • This authorization function FA does not have to be permanently activated, it can also be deleted again, or interrupted with the network connection or deleted after a certain time or a certain number of initializations, as a result of which the authorized writing and reading station A-WR returns to an ordinary one decentralized writing and reading station WR is returned.
  • 4-6 show further possible functions which can be initialized or executed via the network N.
  • Status information S-I about events at the authorized or at the decentralized read and write stations A-WR, WR and or at the mobile data carriers IM can be reported via the network to corresponding authorization instances and used there, for example, for usage and license billing. Examples will be explained later.
  • Secured communication of the initialization data DI via the network is very important, so that the security of the entire system with the mobile Data carriers are not affected by data transmission over the network.
  • any network can be used to transfer the initialization data (such as LAN, WAN, Internet, intranet and extranet, etc.).
  • the initialization according to the invention can also take place via a virtual private network, i.e. a private data network that uses public telecommunications networks, e.g. as a company network, whereby encryption and tunneling mechanisms ensure that only authorized users have access, e.g. over the Internet IP (Internet protocol), VPM (Virtual Private Networks).
  • a virtual private network i.e. a private data network that uses public telecommunications networks, e.g. as a company network, whereby encryption and tunneling mechanisms ensure that only authorized users have access, e.g. over the Internet IP (Internet protocol), VPM (Virtual Private Networks).
  • the level of security of this communication is guaranteed in accordance with the importance of the initialization or the initialization data.
  • a security that corresponds to the importance of the applications or the initialization quantities must be both external and internal Security can be granted.
  • the external security regarding the network should not be less than the desired internal security.
  • Different levels of importance or authorization can be, for example: Loading an additional application such as a loyalty bonus on a customer card of a supermarket only requires a relatively low level of security, since the potential damage from unauthorized actions is low.
  • access authorization for usage levels of the highest level of secrecy in an IT data system or the initialization of completely new data carriers and, above all, the posting of money amounts require a high security level.
  • FIG. 7 now illustrates an example with several authorization instances HAI, HA2, HA3, each with the corresponding authorization means AMI, AM2, AM3 within the framework of the authorization system A, which their own independent applications Appi, App2, App3 with their initialization data DU, DI2, DI3 Send networks N1, N2, N3 to corresponding assigned authorized read and write stations A-WR, in which the mobile data carriers IM are initialized accordingly.
  • the networks can be different, for example N1 an open network and N2 a private network, or two or more authorization instances can use the same network, but with their own security rules.
  • the read and write stations must correspond to the authorization instance, i.e.
  • the read station A-WR2 is only accessible to the authorization instance HA3, ie assigned to it with corresponding applications App3, while the write and read station A-WR1 in this example all three authorization instances HAI, HA2, HA3 with their corresponding applications Appi, App2, App3 is assigned and accessible.
  • 8-11 illustrate further examples of initialization sets over several networks or over several network levels (also in the same network) with several authorization instances HA and authorization means AM as well as with several or different authorization levels OLi.
  • FIG. 8 shows an example with several authorization instances HAI, HA2 with authorization means AMI, AM2 and with different applications Appi, App2.
  • the corresponding initialization data DU, DI2 are transmitted over the same network in one stage to the decentralized authorized read and write stations A-WR for the initialization of both applications Appi, App2 in the data carriers IMj. This can be done independently of the authorization level OLi (also for different OLi of the authorization instances HAi, the authorization means AMi, the applications Appi).
  • FIG. 9 shows, analogously to FIG. 8, a plurality of authorization instances HA and authorization means AM for applications Appi, but the initialization takes place via a number of network stages N1, N2 to the authorized read and write stations A-WR.
  • the network stages Nl and N2 can be formed in the same or in different networks.
  • the application Appi with I-Il of the authorization instance HAI goes here via the network level N1 to the authorization instance HA2 and continues unchanged via the network level N2 to the authorized read and write station.
  • the application App2 on the authorization instance HA2 is only routed via network level N2. This is also independent of the OLi authorization level.
  • FIG. 10 shows a further example similar to FIG. 9 with several authorization instances, applications and network stages, two applications here on different different authorization levels are shown, such as the Appi application on OLn and the App2 application on OLn + 1.
  • This example shows on the application Appi of the authorization instance HAI that this can also be supplemented in the authorization instance HA2 in I-I1 +, so that the corresponding application in the data carrier IMj corresponds to this application Appl +.
  • a writing and reading station can also be used e.g. 4 in the authorized writing and reading station A-WR, initialization information is changed or supplemented in I-I +.
  • the top organizational level OL0 corresponds to the level at which all read and write stations and all data media IM are initialized (e.g. via the system data field CDF) in the sense of belonging to the authorization system A by various authorization bodies HAiO or authorization authorities HAiO.l assigned to them.
  • the system's authorization rules ensure the independence and mutual non-interference of the independent applications Appi, App2, App3 of the corresponding independent users at organizational level OLI.
  • authorization instances HA with the corresponding authorization means AM can also be formed at these levels from OL2 and between the Various, locally distributed authorization instances HA can be used to implement corresponding network connections and initializations via network levels, in accordance with the rules explained.
  • Authorization system A ensures that the applications of the various authorization instances are independent of one another and cannot be influenced by one another.
  • An example with several independent applications in one data carrier is further illustrated in FIG. 13.
  • contactless and passive identification media or data carriers can be used, which can also communicate with a read and write station at a distance, e.g. at entry gates.
  • different types of initialization can be carried out via networks with different hierarchical levels in the authorization system A and correspondingly different security requirements.
  • 12 shows an example of a high hierarchical level and security requirements, in which an empty mobile data medium prepared in accordance with the system is reinitialized with applications.
  • This data carrier IM is prepared by system data of the authorization system A in a system data field CDF, which defines and ensures membership in system A, but which does not yet contain any applications in an application data field ADF prepared for this purpose.
  • the reinitialization DI with the initialization information II from applications app in this application data field ADF represents a first upper initialization level.
  • 13 illustrates the initialization of additional new applications, here, for example, the App3 application, with initialization data DI3 of an authorization instance HA3.
  • FIG. 13 shows the initialization of an application extension App2.2 of an authorization instance HA2 in addition to the existing application App2 by means of corresponding initialization data DI2.2.
  • This is illustrated in the following example of a mountain restaurant for the data carrier of FIG. 13 with a data organization in a data carrier IM with several independent applications Appi, App2, A ⁇ p3 and with a fixed data part CDF corresponding to the authorization system A.
  • the Appi application is e.g.
  • an authorized writing and reading station the ski card publisher as Appi application
  • the same guest could use his ski card in the evening in the valley below another independent application App3, e.g. Access to sports facilities, reinitialize with initialization data DI3 of the authorization authority HA3, if this has not yet been set up on its data carrier.
  • App3 e.g. Access to sports facilities
  • Fig. 12 shows a further embodiment variant of a mobile data carrier
  • Application microprocessor AppuP has, which application program data contains II-Cod. With such data carriers with integrated intelligence, combined applications can be realized, some of them in writing and Reading station WR and partially contained in the data carrier IM and they allow the handling of user authorizations ai (FIG. 14).
  • the initialization according to the invention via a suitable secured network can enable completely new applications and business models, e.g. Initialization-bound business models by using status information S-I, e.g .:
  • License billing for newly initialized data carriers and newly initialized applications With each initialization of a new data carrier or a new application in a data carrier IM, a corresponding agreed license fee is charged via the network to the authorization authority HA.
  • License billing for each use If an application is used from a data carrier at a read and write station, a license fee can be charged by the authorization authority HA (e.g. a host H) for this use. This can either be invoiced on an ongoing basis if the writing and reading station WR remains connected online to the authorization authority HA via the network, or the connection via the network can take place periodically. The usage data S-I can then be stored in the writing and reading station WR and periodically exchanged and billed with the authorization authority HA.
  • the authorization authority HA e.g. a host H
  • the initialization according to the invention via the network and the communication associated therewith can, depending on the application, both with a permanent one
  • Network connection or only periodically.
  • time-limited applications can be renewed again and again by means of appropriate periodic initializations (eg monthly).
  • initialization sets 14 illustrates various variants of possible initialization sets via a network, the initialization sets also containing initialization communication, or user communication and / or identification communication between authorization authority HA, authorized writing and reading station A-WR and identification medium or data carrier IM.
  • An initialization can originate from the authorization authority HA or it can also be requested from the writing and reading station A-WR or from the owner of the data carrier IM.
  • user authorization i.e.
  • the consent of the owner 12 of the writing and reading station or of the owner 13 of the data carrier is necessary, which can be, for example, personal data of the owner 12 of the writing and reading station (aw) or personal data (ai) of the owner 13 of the data carrier such as PIN as authorization means -Codes, biometric data etc.
  • PIN personal data of the owner 12 of the writing and reading station
  • Ai personal data of the owner 13 of the data carrier
  • PIN personal data of the owner 12 of the writing and reading station
  • biometric data biometric data
  • a user authorization ai for initialization can be carried out by the owner 13 of the data carrier
  • authorization can also be carried out for initialization by means of an additional identification authorization means ID-AM.
  • ID-AM an additional identification authorization means
  • One example is the loading of money cards at a writing and reading station as a card reader.
  • the holder of a money card as a data carrier with his authorization, ie user authorization ai can also load money via a PC and the Internet.
  • the method according to the invention can also be used to carry out multi-stage initializations via networks, e.g. in several hierarchical steps according to the authorization system A.
  • the owner of the authorization system A is a manufacturer HAO with headquarters and headquarters in Europe, where blank cards or data carriers IM are produced, which for example, the system organization with the data field CDF.
  • These blank cards are distributed through a network of subsidiaries HA0.1 as country representatives, e.g. in the USA, where a further basic initialization of the cards can also be carried out from the manufacturer's head office HAO as the highest authority.
  • the subsidiary HA0.1 sells these cards with independent applications to independent users who represent the authorization bodies HAI, HA2, HA3 and whose cards are distinguished by a user code that can be initialized via the network at the subsidiary HA0.1 by the central office HAO if the daughter HA0.1 is not authorized to do so.
  • HAO and HA0.1 are at OLO level. This results in the following initialization levels
  • HAO -> HA0.1 -> HAI At a next hierarchy level, these cards IM are then initialized by the authorization instances HAI, HA2, HA3 (ie the independent users) with their desired applications Appi, App2, App3 via further organizational levels and at decentralized authorized read and write stations A-WR.
  • Initialization and authorization rules and hierarchical gradations of system A ensure that the holder HAO of authorization system A can keep control over the system compatibility of the cards and at the same time for an independent user HAI, HA2 etc. that he has control over cards with his Keeps applications within the scope of its powers from the assigned organizational level (e.g. OLI). This results in further initialization levels, e.g.
  • the independent users HAI, HA2, HA3 etc. with the independent applications are also at the organizational level OLI.
  • Gl G2 security gates for secure communication via the network g secure environment u unsecured environment IM mobile data carrier, identification medium
  • WRk initialized WR j refers to IM k refers to WR
  • AM authorization means AM-IM authorization identification media

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne un procédé servant à initialiser des supports de données mobiles (IM) sur des stations de lecture et d'écriture décentralisées associées (WR) dans le cadre d'un système d'autorisation (A). Des données d'initialisation (DI, A-I, I-I) sont générées sur une instance d'autorisation (HA) dans un environnement sécurisé (g) à l'aide de moyens d'autorisation (AM) et sont envoyées par l'intermédiaire d'un réseau (N), dans une communication sécurisée et selon des règles de sécurité correspondant au système d'autorisation (A), à une station de lecture et d'écriture décentralisée autorisée (A-WR) où les supports de données mobiles (IM) sont initialisés à l'aide des données d'initialisation (DI) ou bien sont envoyées par l'intermédiaire du réseau à une station de lecture et d'écriture décentralisée (WR) grâce à laquelle la station de lecture et d'écriture est initialisée. Ce procédé d'initialisation ouvre de nouvelles possibilités d'application et d'utilisation de tels systèmes.
EP01944863A 2000-07-11 2001-07-10 Procede pour l'initialisation de supports de donnees mobiles Ceased EP1218862A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH13652000 2000-07-11
CH136500 2000-07-11
PCT/CH2001/000433 WO2002005225A1 (fr) 2000-07-11 2001-07-10 Procede pour l'initialisation de supports de donnees mobiles

Publications (1)

Publication Number Publication Date
EP1218862A1 true EP1218862A1 (fr) 2002-07-03

Family

ID=4565418

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01944863A Ceased EP1218862A1 (fr) 2000-07-11 2001-07-10 Procede pour l'initialisation de supports de donnees mobiles

Country Status (10)

Country Link
US (1) US7631187B2 (fr)
EP (1) EP1218862A1 (fr)
JP (1) JP2004503031A (fr)
CN (1) CN1193321C (fr)
AU (1) AU6725601A (fr)
BR (1) BR0106966A (fr)
CA (1) CA2384498C (fr)
MX (1) MXPA02002602A (fr)
WO (1) WO2002005225A1 (fr)
ZA (1) ZA200201905B (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1338996A1 (fr) * 2002-02-22 2003-08-27 BetaResearch Gesellschaft für Entwicklung und Vermarktung digitaler Infrastrukturen mbH Dispositif et procédé de personnalisation d'une carte à puce
AU2003244914A1 (en) * 2003-07-04 2005-01-21 Nokia Corporation Key storage administration
FR2879867A1 (fr) * 2004-12-22 2006-06-23 Gemplus Sa Systeme d'allocation de carte a puce a un operateur de reseau
DE102006027200A1 (de) * 2006-06-12 2007-12-27 Giesecke & Devrient Gmbh Datenträger und Verfahren zur kontaktlosen Kommunikation zwischen dem Datenträger und einem Lesegerät
EP2154623A1 (fr) * 2008-08-15 2010-02-17 Legic Identsystems AG Système d'autorisation doté d'une dispositif de stockage d'autorisation sans fil
EP3022439B1 (fr) 2013-07-19 2019-06-05 Fluid Management Operations LLC Pompe à nutation avec trois chambres

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997034265A1 (fr) * 1996-03-11 1997-09-18 Kaba Schliesssysteme Ag Moyen d'identification avec support de donnees electronique passif

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US582876A (en) * 1897-05-18 Berger
FR2536928B1 (fr) 1982-11-30 1989-10-06 France Etat Systeme pour chiffrer et dechiffrer des informations, du type utilisant un systeme de dechiffrement a cle publique
DE3736258A1 (de) * 1987-10-27 1989-05-11 Mannesmann Kienzle Gmbh Datenkartenanordnung
US5623547A (en) 1990-04-12 1997-04-22 Jonhig Limited Value transfer system
EP0722596A4 (fr) 1991-11-12 1997-03-05 Security Domain Pty Ltd Procede et systeme de personnalisation securisee et decentralisee de cartes a memoire
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5396558A (en) 1992-09-18 1995-03-07 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
DE4317380C1 (de) * 1993-05-25 1994-08-18 Siemens Ag Verfahren zur Authentifikation zwischen zwei elektronischen Einrichtungen
FR2725537B1 (fr) 1994-10-11 1996-11-22 Bull Cp8 Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe
DE19517818C2 (de) * 1995-05-18 1997-12-18 Angewandte Digital Elektronik Verfahren zur Ausgabe von individuellen Chipkarten an eine Mehrzahl von einzelnen Chipkartennutzer unter Verwendung einer neutralen Chipkartenausgabestation
CA2186415A1 (fr) * 1995-10-10 1997-04-11 David Michael Claus Methodes sures de transfert de fonds utilisant des cartes a puce
NL1001761C2 (nl) * 1995-11-28 1997-05-30 Ronald Barend Van Santbrink Stelsel voor contactloze data-uitwisseling tussen een lees- en schrijf- eenheid en één of meer informatiedragers.
US5889941A (en) * 1996-04-15 1999-03-30 Ubiq Inc. System and apparatus for smart card personalization
US5923884A (en) 1996-08-30 1999-07-13 Gemplus S.C.A. System and method for loading applications onto a smart card
US6317832B1 (en) * 1997-02-21 2001-11-13 Mondex International Limited Secure multiple application card system and process
DE19708189C2 (de) * 1997-02-28 2000-02-17 Deutsche Telekom Mobil Zu einem öffentlichen Mobilkommunikationssystem kompatibles nicht öffentliches Schnurlos-Kommunikationssystem
DE19710249C2 (de) * 1997-03-12 2002-03-28 Siemens Nixdorf Inf Syst Netzwerkunterstütztes Chipkarten-Transaktionsverfahren und Anordnung zur Abwicklung von Transaktionen
WO1998043212A1 (fr) * 1997-03-24 1998-10-01 Visa International Service Association Procede et dispositif de carte a puce multi-application permettant de telecharger une application sur la carte posterieurement a son emission
US6488211B1 (en) * 1997-05-15 2002-12-03 Mondex International Limited System and method for flexibly loading in IC card
US6230267B1 (en) * 1997-05-15 2001-05-08 Mondex International Limited IC card transportation key set
DE19720431A1 (de) 1997-05-15 1998-11-19 Beta Research Ges Fuer Entwick Vorrichtung und Verfahren zur Personalisierung von Chipkarten
EP0949595A3 (fr) * 1998-03-30 2001-09-26 Citicorp Development Center, Inc. Méthode et système pour la gestion des applications pour une carte à puce multifonctionnelle
US6092202A (en) * 1998-05-22 2000-07-18 N*Able Technologies, Inc. Method and system for secure transactions in a computer system
US6871278B1 (en) * 2000-07-06 2005-03-22 Lasercard Corporation Secure transactions with passive storage media
JP2002070375A (ja) * 2000-09-05 2002-03-08 Fujitsu Ltd 電子鍵および電子鍵システム
DE10259384B3 (de) * 2002-12-18 2004-05-13 Siemens Ag Vorrichtung zur Ermittlung des Energiezustandes eines Energiespeichers eines mobilen Datenträgers
DE102006008248A1 (de) * 2006-02-22 2007-08-23 Giesecke & Devrient Gmbh Betriebssystem für eine Chipkarte mit einem Multi-Tasking Kernel

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997034265A1 (fr) * 1996-03-11 1997-09-18 Kaba Schliesssysteme Ag Moyen d'identification avec support de donnees electronique passif

Also Published As

Publication number Publication date
CA2384498C (fr) 2012-02-14
US20030033527A1 (en) 2003-02-13
BR0106966A (pt) 2002-05-14
WO2002005225A1 (fr) 2002-01-17
JP2004503031A (ja) 2004-01-29
AU6725601A (en) 2002-01-21
CN1393006A (zh) 2003-01-22
ZA200201905B (en) 2003-03-07
US7631187B2 (en) 2009-12-08
CN1193321C (zh) 2005-03-16
MXPA02002602A (es) 2003-06-30
CA2384498A1 (fr) 2002-01-17

Similar Documents

Publication Publication Date Title
DE60119400T2 (de) Datenverarbeitungssystem, tragbare elektronische Vorrichtung, Zugangsvorrichtung zur tragbaren elektronischen Vorrichtung, und Verfahren zum Gebrauch von Speicherraum
EP0306892B1 (fr) Dispositif de circuit avec une carte contenant au moins une partie du dispositif destiné au commerce, à l'identification et/ou au fonctionnement
DE69814406T2 (de) Tragbare elektronische vorrichtung für systeme zur gesicherten kommunikation und verfahren zur initialisierung der parameter
DE69013180T4 (de) Elektronisches Chipkartenzahlungssystem für öffentliche Transport- oder Dienstleistungen.
DE69824437T2 (de) Personalisieren von chipkarten
DE69937010T2 (de) Datenspeichervorrichtung und -verfahren
DE69927643T2 (de) Informationsverarbeitung und Datenspeicherung
EP2626824A1 (fr) Gestion de portefeuilles virtuels préparés par un terminal mobile
DE10296888T5 (de) System und Verfahren zur sicheren Eingabe und Authentifikation von verbraucherzentrierter Information
CH705774B1 (de) Verfahren, System und Karte zur Authentifizierung eines Benutzers durch eine Anwendung.
DE4230866B4 (de) Datenaustauschsystem
DE19718115A1 (de) Chipkarte und Verfahren zur Verwendung der Chipkarte
EP1218862A1 (fr) Procede pour l'initialisation de supports de donnees mobiles
DE19938695A1 (de) Verfahren und Vorrichtung zur elektronischen Abwicklung von bargeldlosen Zahlungen mittels Sicherheitsmodulen
DE10297517T5 (de) Automatisiertes digitales Rechte-Management und Zahlungssystem mit eingebettetem Inhalt
DE4441038A1 (de) Verfahren zum Erwerb und Speichern von Berechtigungen mit Hilfe von Chipkarten
EP1141904A1 (fr) Procede de manipulation fiable de monnaie ou d'unites de valeurs avec des supports de donnees prepayes
DE19705620C2 (de) Anordnung und Verfahren zur dezentralen Chipkartenidentifikation
WO1992004694A1 (fr) Procede et dispositif de teletransmission confidentielle de donnees
DE60027605T2 (de) System zum verteilen von fahrkarten über eine vielzahl von betreibern
DE19723862C2 (de) Mobiler Datenträger für Sicherheitsmodule
EP0970449A2 (fr) Support de donnees portable et procede permettant son utilisation de fa on protegee par voie cryptographique avec des cles de chiffrement interchangeables
EP0945817A2 (fr) Méthode pour l'utilisation d'horloges avec des cartes à puce
DE10151200A1 (de) System, Verfahren und Computerprogramm-Produkt zur Erzeugung und/oder Verwendung einer mobilen Digitalkarte
WO1998045818A2 (fr) Procede pour l'utilisation d'unites memoires de cartes a puce

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020406

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

17Q First examination report despatched

Effective date: 20070705

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20160501