EP1222563A2 - Systeme pour effectuer une transaction - Google Patents

Systeme pour effectuer une transaction

Info

Publication number
EP1222563A2
EP1222563A2 EP00949309A EP00949309A EP1222563A2 EP 1222563 A2 EP1222563 A2 EP 1222563A2 EP 00949309 A EP00949309 A EP 00949309A EP 00949309 A EP00949309 A EP 00949309A EP 1222563 A2 EP1222563 A2 EP 1222563A2
Authority
EP
European Patent Office
Prior art keywords
terminal
transaction
data
node computer
functionality
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP00949309A
Other languages
German (de)
English (en)
Inventor
Norbert Albrecht
Walter Hinz
Hermann Weilacher
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1222563A2 publication Critical patent/EP1222563A2/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/18Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/085Payment architectures involving remote charge determination or related payment systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/202Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F5/00Coin-actuated mechanisms; Interlocks
    • G07F5/18Coin-actuated mechanisms; Interlocks specially adapted for controlling several coin-freed apparatus from one place
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/001Interfacing with vending machines using mobile or wearable devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/002Vending machines being part of a centrally controlled network of vending machines

Definitions

  • the invention is based on a system according to the type of the main claim.
  • Such a system is known from EP-B-0 305 004. It describes a system for executing financial transactions, which provides user terminals, several of which are connected in parallel to a so-called concentrator. For their part, the concentrators are connected in parallel to a background bank system via a bank network. The connections between the system parts are secured independently of one another against researching the data traffic taking place via them. Security boxes, which are preferably designed in the form of smart cards, are used to secure the connections between terminals and concentrators. A key element of the system structure are the concentrators, which carry out the communication with the background system and have all the necessary means. The terminals connected to a concentrator are only able to communicate with the upstream concentrator. The structure of the terminals can thus be kept simple.
  • the device has a microprocessor unit, a memory device, an interface to an external program source and a number of subassemblies which can be controlled by controlling the microprocessor unit.
  • the modules are activated and controlled with the aid of application program packages which are transferred from the external program source to the memory device before the device is used for the first time.
  • the proposed concept permits the production of technically uniform devices which are matched to the place of use by loading corresponding application program packages on site.
  • a terminal in accordance with independent claim 9 and a method in accordance with independent claim 19 furthermore lead to the achievement of the object.
  • a terminal is not permanently determined by its technical design or equipment, but is variable and is only determined by software which it receives from an upstream node computer.
  • the technical design of the terminal there is only the requirement that they are capable of being supplied by the node computers
  • the end devices can be designed freely and in particular independently of their later functionality. End devices can advantageously be implemented in a technically uniform manner for very different transactions.
  • the terminal devices can be designed in a simple manner. In this way, the terminal-node computer interface can also be advantageously defined independently of the functionality of the terminal, thus regardless of the type of terminal and thus uniformly for all terminal types.
  • the free design of the terminal in a fixed framework in connection with a uniform design of the interfaces of the terminal node computer makes it much easier to set up new system software features and / or to change existing ones.
  • a particularly favorable embodiment provides that system changes are almost instantaneous take effect on the end devices.
  • each end device can be used to carry out several different transactions.
  • Terminal functionalities can also be set up at any time and the development of software for new functionalities is made considerably easier since interfaces, network or terminal peculiarities do not have to be taken into account.
  • Service and maintenance routines are also made significantly easier.
  • the proposed transaction system is suitable, among other things, for use in banking or payment applications, for issuing electronic tickets or as a health insurance card.
  • a terminal according to the invention according to independent claim 9 is characterized in that it enables the construction of a transaction system according to the main claim.
  • the inventive method according to independent claim 19 has the advantage that its implementation leads to a system according to the main claim.
  • FIG. 1 shows the structure of a transaction system
  • Figure 2 shows a section of the structure shown in Figure 1
  • Figure 3 is a flowchart illustrating the operation of a
  • FIG. 5 shows an example of a data exchange between a terminal and a node computer
  • FIG. 6 shows a data exchange when using a terminal
  • FIG. 1 shows a terminal 11 for executing a transaction, which is connected to a node computer 40 via a terminal network 30.
  • the node computer 40 is in turn connected to a central unit 60 via a background network 50.
  • Further terminals 10 can be connected to the terminal network 30 in parallel to the terminal 11, which terminals have the same basic structure as the terminal 11, but do not have to be identical to it.
  • Additional node computers 40 can be connected to the background network 50 parallel to the node computer 41, each of which in turn originates from a terminal network 30 to which one or more terminals 10 are connected.
  • Further central units 61 can also be connected to the background network 50 parallel to the central unit 60.
  • Terminal network 30 and background network 50 can be implemented in whole or in part as fixed or wireless networks;
  • the terminal network 30 can be implemented via the Internet. Accordingly, the connection of the terminals 10, 11, the node computers 40, 41 and also the central tral units 60, 61 to the respective networks 30, 50 wired and / or contactless.
  • the network structure shown in FIG. 1 enables a large number of different transactions to be carried out, inter alia for executing payment functions in the form of direct debit or as a wallet, credit card functions, customer card functions, end user applications, health insurance functions, service and maintenance functions or diagnostic functions.
  • FIG. 2 shows in more detail a section of the network structure illustrated in FIG. 1 with a terminal 11, a node computer 41 and a central unit 61.
  • a main component of the terminal 11 is a microprocessor 12, which is connected via a device-internal bus 16 to a memory device.
  • Device 20 an operating device 13, an image display unit 14, a user data interface 15, a contacting or contactless interface 16 to the terminal network 30 and a security box 17 is connected.
  • the memory device 20 is divided in a manner known per se into a volatile section 21, usually in the form of a RAM, which serves in particular as a working memory for the processor 12, and a non-volatile section 22, which in turn is in a read-only area 23, usually in the form of a ROM, and a readable and writable area 24, usually in the form of an EEPROM.
  • a volatile section 21 usually in the form of a RAM, which serves in particular as a working memory for the processor 12, and a non-volatile section 22, which in turn is in a read-only area 23, usually in the form of a ROM, and a readable and writable area 24, usually in the form of an EEPROM.
  • the read-only area 23 there are, in particular, original operating program data, which are indispensable for the production of a basic operational readiness of the terminal 11 and which must not be changed afterwards, in particular a bootstrap program for loading program packages to determine the terminal functionality.
  • the readable and writable area 24 there
  • the operating device 13 enables a user to initiate and / or continue a transaction. For this purpose, it has actuating means by means of which the user can generate control signals which are fed to the processor 12 via the bus 16. The input of the control signals is supported by displays on the image display unit 14.
  • the operating device is designed as a keypad, which can expediently be integrated into the image display unit 14 in the form of softkeys.
  • the operating device 13 can have means for identifying a user, for example devices that evaluate biometric data, such as a fingerprint recognition device.
  • the user data interface 15 is preferably designed as a read / write unit for communication with a portable data carrier 80, which forms part of the terminal 11 for the following description.
  • the data carrier 80 carries a microcomputer 81, which in turn has a microprocessor and a memory, the latter basically being able to be constructed like the memory device 20.
  • the communication between user data interface 15 and microcomputer 81 can be contact-based or contactless.
  • the portable data carrier 80 is expediently designed as a chip or magnetic stripe card, but can also have any other forms, such as the shape of a wristwatch.
  • the security box 17 supports the system security and contains information by means of which information output and received from the terminal network 30 via the interface 16 is encrypted or decrypted in order to prevent the unauthorized persons from researching the data traffic taking place via the terminal network 30.
  • the portable data carrier 80 contains information that is required to carry out a transaction using the terminal 11. Such information can be, for example, an account number for carrying out a bank transaction, a value memory content for carrying out a payment process, the name of an insurance company for preparing a medical treatment bill or a total memory content for recording bonus information.
  • the microcomputer 81 of the portable data carrier 80 can also contain data for producing a terminal functionality. Furthermore, it can contain operationally necessary components of the terminal-side processor 12, the terminal-side storage unit 20 or the security box 17, so that operation of the terminal 11 is only possible in unity with the portable data carrier 80.
  • the processor 12, the memory device 20 and / or the security box 17 can be dispensed with entirely or partially on the terminal side.
  • Other terminal components 13, 14 can also be implemented partially or entirely on the data carrier 80;
  • the selection and type of distribution can basically be freely designed according to the point of expediency.
  • the one or more node computers 40, 41 form servers for the terminals 10, 11, which execute the transactions triggered by the connected terminals 10, 11 in interaction with the terminals 10, 11 and thereby connect the terminals 10, 11 via the background network 50, 11 and central units 60, 61.
  • the node computers 40, 41 are equipped with correspondingly powerful processor units 44 and large storage devices 45.
  • processor unit 44 Via a tactless or contact-based first interface 42, processor unit 44 is connected to terminal network 30, via a contactless or contact-related second interface 43 to background network 50.
  • the node computer is provided to secure both data traffic to terminals 10, 11 and data traffic to background network 50 41 via a cipher box 46. It manages and processes information for encrypting or decrypting the data exchange taking place with the respective terminal 10, 11 or the respective central unit 60, 61. Encryption and decryption are based on mechanisms known per se.
  • the storage unit 45 therefore generally contains a large amount of data relating to the manufacture of the connected devices Terminals 10, 11 possible functionalities.
  • the central units 60, 61 typically have the form of conventional data centers, as can be found at network operators, banks, credit card institutes, charging centers, authorization centers, service centers and the like. Since central units 60, 61 are sufficiently known in this sense and they are used for the system according to the invention only in their known functions, their structure is not discussed in more detail here.
  • a characteristic property of the transaction system shown in FIG. 1 is that the respective functionality is not permanently assigned to the terminals 10, 11, but is determined by software that they receive from the node computers 41. The determination can be permanent or situational change depending on ons. Essential parts of a functionality can advantageously be relocated to the node computers 40, 41.
  • FIG. 2 illustrates this property using the sequence of steps when carrying out a transaction.
  • a user first triggers a transaction via the operating device 13, step 100.
  • the terminal processor 12 checks whether the data for the production of the functionality required for the intended transaction are available in the storage unit 20. If this is the case, the processor 12 immediately executes the first transaction steps possible with the existing data, step 102.
  • the processor 12 causes the user data interface 15, which is then designed as a reading unit, to read out the card data from the memory of the card microcomputer 81 and the user for inputting further control signals via the operating device 13, for example user identification information.
  • the processor 12 also generates a start sequence, step 106, which indicates which transaction was triggered and which contains information which identifies the respective terminal 10, 11.
  • the processor 12 If the check in step 102 reveals that the data for the production of a functionality required to carry out a transaction are not available in the memory unit 20, the processor 12 only forms the start sequence.
  • the processor 12 encrypts the start sequence and, if available, the data available on the basis of first executed transaction steps with the aid of the security information contained in the security box 17 and sends it via the terminal network 30 to the associated node computer 41.
  • Its processor unit 44 receives the data via the interface 42 and decrypts it using the decryption information contained in the cipher box 46.
  • the decrypted data is then checked by the processor unit 44 to determine whether it consists of only one start sequence or already contains the result data of the first transaction steps, step 110.
  • the processor unit 44 determines the terminal device functionality required to carry out the triggered transaction and checks, whether the associated data is present in the storage unit 45 of the node computer 41. If this is not the case, the processor unit 44 requests it from a central unit 60, 61 via the background network 50. If the required data are available, the processor unit 44 provides them for transmission to the terminal 11, step 116.
  • step 110 If the check in step 110 reveals that the first data received from the terminal 10, 11 already contain results of the first executed transaction steps, the processor unit 44 processes these and generates first response data. As a rule, it carries out a data exchange with the central units 60, 61 via the background network 50.
  • the processor unit 44 checks whether further data for the production of the required functionality are to be supplied to the terminal 11 for the execution of the next transaction steps, step 114. If so, it continues with the execution of the step 116 and checks whether the data still required are present in the storage unit 45. If it determines that the required data is not available in the storage unit 45, it requests it from the corresponding central unit 60, 61 via the background network 50. The data, if required, and the first response data are then sent by the node computer 40, 41 to the terminal 11 via the terminal network 30.
  • the terminal processor 12 takes over the data in the storage unit 20 he the execution of the first transaction steps. The resulting first data is sent back to the node computer 41, which then executes the sequence of steps 102.
  • the terminal processor 12 causes the next transaction steps to be carried out. If further data for the production of the functionality required to carry out the transaction were transmitted with the further response data, he takes this into the storage unit 20 and uses it directly to carry out the next transaction steps.
  • the data for establishing the functionality for carrying out the transaction can be retained in the storage unit after the transaction has been completed.
  • the terminal processor 12 then carries out the first transaction steps immediately after a transaction has been triggered, without first requesting the data from the node computer 41 to produce the required functionality.
  • the terminal 11 can carry out the transactions that are possible due to a functionality at any time without the need to request data from a node computer 40, 41.
  • the data for establishing the functionality for a transaction is deleted again after the transaction is completed.
  • the terminal processor 12 then reloads the data required to produce the required functionality each time a transaction is executed.
  • the storage device 20 can only consist of a volatile storage area 21 in addition to the area 23 for storing the original program data.
  • the transfer of data required to establish the functionality for a particular transaction does not necessarily have to be triggered by triggering the transaction itself. Rather, it can also take place independently of the actual initiation of a particular transaction. Any defined events can be triggered. For example, it can be provided that when a terminal is connected to a network for the first time, the data for the most important or most frequently carried out transactions is transferred to the terminal. In a variant of this, data for the most important or the most frequently executed transactions are loaded when any of the most important or most frequent transactions is triggered for the first time.
  • Another possible trigger event is the regular or on request implementation of service or maintenance measures on the end devices. In all cases, a data transmission once triggered can be used for the regular updating of functionalities already set up in a terminal; obsolete versions are overwritten with current ones in the memory of the end device.
  • FIG. 4 illustrates a possible sequence of data transmission from the node computer to the terminal that is not directly transaction-bound.
  • the sequence is initiated by the occurrence of a predetermined event, step 101, for example by reaching a service time.
  • the terminal 11 thereupon again forms a start sequence, step 106, which indicates which transaction was triggered and which contains information which identifies the respective terminal 11 and sends it to the associated node computer.
  • the node computer 41 checks whether the start sequence specifies immediately unambiguous data to be transmitted, step 111.
  • the node computer If this is not the case, the node computer generates a request to determine the data to be transmitted to the terminal and sends this to the terminal, step 113.
  • the terminal executes the request and names the desired data to the node computer in a corresponding response, step 115.
  • the node computer 41 checks whether the required data are present in the storage unit 45. If he determines that the required data is not available in his storage unit 45, he requests it from the corresponding central unit 61 via the background network 50. He then sends the data via the terminal network 30 to the terminal 1, step 119.
  • step 119 If the information about the data to be transmitted follows directly from the start sequence when it is checked in step 111, the node computer immediately executes step 119. Provision can also be made to equip the end devices with a selection of functionalities even when they are new. The selection can expediently include the most important or the most frequently used functionalities. If the storage capacity permits this in particular, all possible functionalities can also be set up on one terminal.
  • FIG. 5 illustrates a possible data exchange between a node computer 41 and a terminal 11 used as a payment transaction terminal.
  • the transaction is a payment transaction which entails the transfer of a sum of money from an account corresponding to chip card 80 at a first bank with central unit 61 to an account at a second bank with central unit 61.
  • the terminal 11 is a terminal installed at a dealer, to which a virtual dealer card, i. a data carrier implemented in the form of a chip card was created.
  • the payment transaction is triggered by inserting the chip card 80 into the user data interface 15 designed as a reading device. If the terminal device 11 detects that a transaction is to be carried out, the user's authorization to use the card 80 is first advantageously checked in a known manner, for example by Check a PIN. If this test is positive, the terminal 11 reads general card data, for example a card number, from the memory 83 of the chip card and / or a bank account. If the card enables several different transactions, for example, it can be operated either as a wallet or as a debit or credit card, the end device 11 causes the user to select a transaction, ie to select a payment method, by displaying it on the image display device 14.
  • general card data for example a card number
  • the terminal 11 provides data for terminal identification and date information.
  • the terminal forms a start sequence, step 200, from general card data, amount, terminal information data and date information, which it sends to the node computer 41.
  • the transmission of the start sequence and the entire subsequent data exchange between terminal 11 and node computer 41 are encrypted, with methods known per se being used for the encryption.
  • a first key is expediently assigned to the terminal 11 and is formed as part of the start sequence or, if appropriate, in an upstream step on the basis of the terminal identification. It subsequently serves as a comprehensive transport key with which the entire data exchange between terminal 11 and node computer 41 is secured.
  • a further key is expediently assigned to chip card 80 and is used to form data security codes, in particular to be able to check the integrity of data.
  • the node computer 41 determines the central unit 61 corresponding to the bank connection designated in the start sequence, in which the account belonging to the card 80 is created, step 202. It begins a data exchange with the determined central unit 61. For example, it first checks whether the intended payment transaction is even permitted. If the intended transaction is fundamentally possible thereafter, the node computer 41 transmits to the terminal 11 data which the terminal Set up device 11 to carry out the intended transaction and in particular include commands which cause user data interface 15 to carry out further accesses to chip card 80, step 204. In addition, the data contains commands which cause terminal device 11 to tell who the recipient is or should be the giver of a payment.
  • the received data and chip card commands are carried out by the terminal 11, step 206. If the chip card 80 is prepared to carry out a debit, the terminal 11 sends a feedback to the node computer 41 after encryption, step 208, which in the underlying example contains information that from the Card a payment is to be made to the virtual merchant card belonging to the terminal.
  • the node computer 41 determines to whom an amount to be debited or debited from the card 80 or the associated account should be credited or debited, in the assumed example of the virtual merchant card. Using the terminal information data sent in the start sequence, the node computer 41 therefore reads out the memory of the virtual dealer card and determines the central unit 60 associated with the dealer card. With this, it then opens a data exchange, step 210, in order to set up the virtual dealer card for booking.
  • the node computer 41 sends the terminal 11 booking commands which, on the terminal side, result in the entry of the debit in the memory of the chip card 80, step 218 the background network 50 executes the booking between the central units 60, 61 involved.
  • the terminal 11 makes the entry of the debit on the chip card, step 220, and acknowledges the completion of the transaction by sending a confirmatory feedback to the node computer 41, step 222.
  • the node computer 41 When the booking part of the transaction has ended, the node computer 41 generates control data which the terminal device 11 displays to show a document display of the executed transaction, i.e. Initiate via the booking process carried out on the image display device 14, step 224. If a document output is assigned to the terminal 11, for example in the form of a printer, the node computer 41 expediently also generates control data for printing out a document. It sends the control data to the terminal 11, which executes them without further processing, step 226.
  • FIG. 6 illustrates, as a further possible use of the transaction system shown in FIG. 2, a variant in which the terminal 11 is used to issue electronic tickets. It is assumed that the electronic ticket has the form of a data record which is inserted into the memory of a chip card 80. The end device 11 accordingly has a user data interface 15 in the form of a chip card contacting unit.
  • a ticket issuing transaction is triggered by the customer presenting the chip card 80 to the terminal 11 and / or, for example via the operating device 13, notifying that he wants to carry out the "electronic ticket" transaction, step 300, in order to acquire an electronic ticket. Detects the terminal 11 that a ticket issue transaction is to be carried out, a check of the loading authorization of the customer to use the chip card 80 for the intended transaction, for example in a known manner by checking a PIN.
  • the terminal 11 determines the card number of the chip card 80 and checks whether it is set up to carry out an "electronic ticket” transaction, Step 302. If this is not the case, it also determines whether sufficient free storage space is available to set up the functionality.
  • the terminal 11 then generates a start sequence 306 which contains the card number and a terminal identification. If the functionality required to carry out the “electronic ticket” transaction is not available in the storage unit 20 of the terminal 11, the start sequence 306 also contains information which indicates that the terminal 11 contains the data for setting up the functionality mentioned in the following application needed.
  • the start sequence 306 is encrypted by means of an overarching transport key assigned to the terminal 11, which is generated using the terminal identification as part of the start sequence or in an upstream, separate data exchange according to a conventional method.
  • the entire subsequent data exchange between terminal 11 and node computer 41 is secured with the transport key.
  • the generation and use of the key are based in a manner known per se on the fact that the communication participants independently of each other know a secret that is not about the end device.
  • tenetz 30 can be exchanged between terminal 11 and node computer 41.
  • the secret is stored on the one hand in the terminal 11, preferably in the security box 17, and is managed on the other side in the node computer 41 or via the background network 50 by the central units 60, 61. If a secret necessary for generating a key is not available in a node computer 41, the latter obtains it from the managing central unit 60, 61.
  • the encrypted start sequence 306 is sent by the terminal 11 to the assigned node computer 41.
  • its processor unit 44 checks whether the application “electronic ticket” is present in the memory unit 45 of the node computer 41, step 308. If this is not the case, the node computer 41, for example with the aid of the terminal device information, determines a central unit 60, 61, which has the data resalizing the application, and requests the data from it via the background network 50. Application data are available, step 310 , the node computer 41 transmits them to the terminal 11.
  • Its processor 12 accepts the application data in the memory unit 20 and executes the functionality set up, step 312.
  • the terminal 11 requests the customer here via the image display device 14 to select a ticket.
  • the selection is user-guided in the dialog.
  • the customer uses the operating device 13 in accordance with a request from the image display device 14 in each case to provide information which is necessary for determining the required ticket, such as the start and destination, travel time, number of people, travel class etc., step 314. These are in the terminal If all the information required to determine a ticket has been entered, the terminal 11 transmits the selection data to the node computer 41. From the data on the ticket selection received from the terminal 11, the node computer 41 determines a data record representing the electronic ticket, step 316.
  • the node computer 41 is expediently set up to perform simple and particularly frequently requested ticket determinations, such as the determination of a ticket of the local transport company, directly by to carry out the processor unit 44 of the node computer 41.
  • the determination of a ticket requires complex program sequences, which usually require the activation of a central unit 60, 61 via the background network 50.
  • the resulting ticket data record contains, in addition to the information used for the determination, the possible ticket alternatives and, in particular, the ticket price (s).
  • the node computer 41 then generates a chip card-specific key from the card number and a secret, which is also permanently stored in the chip card 80, which key subsequently serves to form a data security code, step 318.
  • the node computer 41 If the node computer 41 has generated a chip card-specific key, it thus forms a data security code for the resulting ticket data record, for example a MAC (Message Authentication Code), and encrypts the resulting ticket data block consisting of ticket data record and data security code with the aid of the transport key, step 320.
  • the resulting encrypted ticket data block the node computer 41 transmits to the terminal 11.
  • the incoming ticket data block decrypts the end device 11 with the help of the transport key that it, z. B. in the security box 17 on generated in the same way as the node computer 41.
  • the terminal 11 also carries out a preliminary check of the integrity of the ticket data record, for example by checking whether the decrypted ticket data record has certain values at defined positions.
  • the decoded ticket data set is forwarded by the terminal 11 to the chip card 80, which checks its integrity by checking the data security code using the chip card-specific key present on the chip card 80.
  • the terminal 11 prompts the customer by corresponding display on the image display unit 14 to check the electronic ticket for correctness and to confirm the purchase, step 322. If the ticket data record contains several possible electronic ticket alternatives, this requires this Terminal 11 prompts the customer to make a selection from the alternatives offered. In simple, no-alternative cases, for example when buying a ticket for a local transport company, the customer does not have to select and confirm the purchase.
  • the confirmed part of the ticket data record which makes up the selected ticket is first temporarily stored in the storage device 20 of the terminal 11, step 324. Furthermore, the terminal 11 initiates the payment of the electronic ticket. Scheins, step 326.
  • the payment process can be carried out by cash payment or, as described in connection with FIG. 5, by confiscation of electronic money stored on chip card 80.
  • the node computer 41 When the payment process is complete, the node computer 41 generates an acknowledgment signal, step 328, which it transmits to the node computer 41.
  • the node computer 41 After receiving the acknowledgment signal, the node computer 41 generates a control command which causes the processor 12 of the terminal 11 to transfer the ticket data record stored in the storage device 20 to the chip card 80.
  • the terminal 11 carries out the transfer of the electronic ticket to the chip card, step 330, and acknowledges the completion of the transaction by sending a confirmatory feedback to the node computer 41, step 332.
  • the receipt of this feedback in the node computer 41 can, for example, be followed by the output of a Connect receipt, for example by a printer connected to the terminal 11.
  • FIG. 7 illustrates, as a further possible use of the transaction system shown in FIG. 2, a variant in which a terminal is used in a health insurance card system.
  • the health insurance card again has the form of a chip card 80 and the functionality for handling health insurance cards is already present in the storage unit 20 of the terminal 11.
  • the terminal 11 is located, for example, in a doctor's office, a hospital or an institution for billing medical services, such as health insurance.
  • the medical staff are granted different access rights than the members of the health insurance.
  • a transaction using a health insurance card 80 hereinafter simply referred to as a card, is initiated by presenting the card 80 to the user data interface 15 of the terminal 11, step 400.
  • the terminal 11 then actuates via the image display unit 14 that a transaction using a health insurance card is requested was and prompts - in normal operation - the operator to indicate whether he wants to access the card 80 only for reading or writing and reading, step 402. Furthermore, it prompts the operator, step 404, to indicate which data stored on the card 80 he wants to access.
  • the data held in the memory device of the card 80 are expediently structured according to their factual nature, for example in terms of billing technology or medicine, this structure being further subdivided, for example, according to the type of medical specialty.
  • the outline areas are protected individually or in groups by area-based access keys against read and write access.
  • the access keys are preferably derived from the card-specific key and information characterizing the operator, for example a doctor, or the outline area, for example a medical specialty.
  • the terminal 11 prompts the operator via the image display unit 14 to identify himself, step 406. This can be done, for example, by means of the operating device 13 by entering a code for identifying a doctor , a hospital or health insurance. The terminal 11 also determines the card number of the card 80.
  • the terminal 11 forms a starting point from the information about the desired type of access, the card area to be accessed, the identification code, the number of the presented card 80 and the terminal identification. sequence, step 408, which it transmits to the assigned node computer 41.
  • the transmission is encrypted using a transport key, which is generated using the terminal device identification, if necessary, in an upstream data exchange step and with which the entire subsequent data exchange between terminal device 11 and node computer 41 is secured.
  • the start sequence 408 After the start sequence 408 has been received in the node computer 41, it forms a card-specific key with the aid of the card number and a secret assigned to the card 80. If the secret is not in the
  • Node computer 41 itself available, it determines it via the background network 50 from the managing central unit 60, 61.
  • the node computer 41 checks whether the information necessary for evaluating the start sequence 408 is in the memory 45. If this is not the case, it determines a central unit 60 suitable for evaluating the start sequence and initiates a data exchange with it via the background network 15, step 412. In the course of the following data exchange, the node computer 41 checks using the one transmitted with the start sequence 408 Operator identification codes as to whether operator access to card 80 is permitted. If this is the case, device data are provided in the node computer 41, which enable the terminal 11 to carry out the desired access to the card 80, step 414. The device data for this preferably include one or more access keys assigned to individual areas of the card 80.
  • the node computer 41 then uses the card-specific key to form a data backup code for the device data, step 416.
  • the data record consisting of device data and data backup code becomes then encrypted with the transport key and sent to the terminal 11.
  • an access type for emergencies is expediently set up in the terminal 11.
  • An emergency transaction is triggered like a transaction in normal operation, however in step 406 the operator does not identify himself by an individual identification, but by an emergency identification.
  • the node computer 41 or a central unit 60, 61 recognizes an emergency identification after generating a key for forming a data security code and a transport key, when evaluating the start sequence 408, it provides the node computer 41 with a set of access keys based on the card number, which is at least one Allows read access to all medical data on the health insurance card 80. To accelerate the execution of the transaction, provision can be made for an additional check of the authorization of the operator to be dispensed with.
  • the node computer provides the access key data record with a data backup code, step 416, encrypts both with the transport key and transmits the resulting data record to the terminal 11.
  • the functionality assigned in the terminals can be limited to passing data to a data carrier on the one hand, and extensive data processing can be set up directly by a terminal on the other hand.
  • the encryption vary with a transport key and data carrier-related key in a wide range, with encryption being completely eliminated on the one hand and additional encryption provided on the other.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un système pour effectuer des transactions, présentant des terminaux permettant, dans son principe, d'effectuer une pluralité de différentes transactions. A cet effet, les terminaux (10, 11) sont connectés, via un réseau de terminaux (30), avec au moins un calculateur nodal (40, 41), au moyen desquels ils peuvent être installés en vue d'effectuer une transaction. La particularité d'effectuer une autre transaction jusqu'à présent non réalisée est dès lors possible, à tout moment, sans dispositions spéciales d'agencement. A cet effet, l'invention est caractérisée en ce qu'il est prévu un terminal (10, 11) qui, en réponse à un signal de déclenchement en relation avec l'autre transaction, fournit, à partir d'un calculateur nodal (40, 41), des données générant la fonctionnalité requise pour effectuer l'autre transaction. La transaction s'effectue alors en interaction entre un terminal (10, 11) et un calculateur nodal (40, 41).
EP00949309A 1999-07-12 2000-07-11 Systeme pour effectuer une transaction Ceased EP1222563A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19932149 1999-07-12
DE19932149A DE19932149A1 (de) 1999-07-12 1999-07-12 System zur Ausführung von Transaktionen
PCT/EP2000/006577 WO2001004771A2 (fr) 1999-07-12 2000-07-11 Systeme pour effectuer une transaction

Publications (1)

Publication Number Publication Date
EP1222563A2 true EP1222563A2 (fr) 2002-07-17

Family

ID=7914272

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00949309A Ceased EP1222563A2 (fr) 1999-07-12 2000-07-11 Systeme pour effectuer une transaction

Country Status (9)

Country Link
US (1) US7433848B1 (fr)
EP (1) EP1222563A2 (fr)
JP (1) JP2003504759A (fr)
CN (1) CN100392589C (fr)
AU (1) AU6271500A (fr)
BR (1) BR0012415A (fr)
CA (1) CA2379136A1 (fr)
DE (1) DE19932149A1 (fr)
WO (1) WO2001004771A2 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2269160C2 (ru) 2001-03-16 2006-01-27 Де Ля Рю Интернэшнл Лимитед Устройство для обработки документов
GB0106974D0 (en) * 2001-03-20 2001-05-09 Rue De Int Ltd Funds deposit apparatus
US7066335B2 (en) 2001-12-19 2006-06-27 Pretech As Apparatus for receiving and distributing cash
EP1512096A1 (fr) 2002-06-10 2005-03-09 Rudolph Volker Moyen de paiement electronique a caracteristiques de securite a reglage individuel pour internet ou des reseaux mobiles
DE10331733A1 (de) * 2003-07-11 2005-01-27 Rene Lehmann Bezahlsystem
EP2005398A1 (fr) * 2006-03-27 2008-12-24 Fabrizio Borracci Procédé de fabrication d'une carte personnelle sécurisée et son processus d'usinage
DE102009043090A1 (de) * 2009-09-25 2011-03-31 Wincor Nixdorf International Gmbh Vorrichtung zur Handhabung von Wertscheinen
DE102009043093A1 (de) 2009-09-25 2011-03-31 Wincor Nixdorf International Gmbh Vorrichtung zur Handhabung von Wertscheinen und Geldkassette zur Aufnahme von Wertscheinen
DE102009043091A1 (de) * 2009-09-25 2011-03-31 Wincor Nixdorf International Gmbh Vorrichtung zur Handhabung von Wertscheinen
DE102010013202A1 (de) * 2010-03-29 2011-09-29 Giesecke & Devrient Gmbh Verfahren zum sicheren Übertragen einer Anwendung von einem Server in eine Lesegeräteinheit

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL8702012A (nl) 1987-08-28 1989-03-16 Philips Nv Transaktiesysteem bevattende een of meerdere gastheercentrales en een aantal gedistribueerde eindstations, die via een netwerksysteem met enige gastheercentrale koppelbaar zijn, alsmede koncentratiestation en eindstation geschikt voor gebruik in zo een transaktiesysteem en exploitantidentifikatie-element te gebruiken bij zo een eindstation.
DE3815071A1 (de) 1988-05-04 1989-11-16 Loewe Opta Gmbh Verfahren zur bestimmungsgemaessen programmierung eines bildschirmtextgeraetes
US5195130A (en) 1988-05-05 1993-03-16 Transaction Technology, Inc. Computer and telephone apparatus with user friendly computer interface and enhanced integrity features
US5815577A (en) * 1994-03-18 1998-09-29 Innovonics, Inc. Methods and apparatus for securely encrypting data in conjunction with a personal computer
US5715399A (en) * 1995-03-30 1998-02-03 Amazon.Com, Inc. Secure method and system for communicating a list of credit card numbers over a non-secure network
US6138140A (en) 1995-07-14 2000-10-24 Sony Corporation Data processing method and device
US5878141A (en) * 1995-08-25 1999-03-02 Microsoft Corporation Computerized purchasing system and method for mediating purchase transactions over an interactive network
US5809141A (en) * 1996-07-30 1998-09-15 Ericsson Inc. Method and apparatus for enabling mobile-to-mobile calls in a communication system
US6134705A (en) * 1996-10-28 2000-10-17 Altera Corporation Generation of sub-netlists for use in incremental compilation
JPH10337401A (ja) * 1997-03-12 1998-12-22 Nukem Nuklear Gmbh 含塩溶液の濃縮のための方法及び装置
US6950939B2 (en) * 2000-12-08 2005-09-27 Sony Corporation Personal transaction device with secure storage on a removable memory device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0104771A2 *

Also Published As

Publication number Publication date
DE19932149A1 (de) 2001-01-25
CN1610882A (zh) 2005-04-27
BR0012415A (pt) 2002-03-26
WO2001004771A2 (fr) 2001-01-18
US7433848B1 (en) 2008-10-07
CN100392589C (zh) 2008-06-04
AU6271500A (en) 2001-01-30
JP2003504759A (ja) 2003-02-04
WO2001004771A3 (fr) 2002-05-02
CA2379136A1 (fr) 2001-01-18

Similar Documents

Publication Publication Date Title
DE69736752T2 (de) System und Vorrichtung zum Personalisieren von Chipkarten
DE69127560T2 (de) Gegenseitiges Erkennungssystem
DE69521156T2 (de) Verfahren zum Authentisieren eines Schalterterminals in einem System zur Durchführung von Überweisungen
DE69332889T2 (de) Host-benutzer-transaktionssystem
DE19539801C2 (de) Überwachung von Transaktionen mit Chipkarten
DE2645564C2 (de) Automatischer Geldausgeber
DE69829642T2 (de) Authentifizierungssystem mit chipkarte
DE69500751T2 (de) Verfahren zum Druckführen einer Transaktion zwischen einer Chipkarte und einem Datensystem
DE3700663C2 (fr)
DE3044463C2 (fr)
DE19755819C1 (de) Verteiltes Zahlungssystem und Verfahren für den bargeldlosen Zahlungsverkehr mittels einer Börsenchipkarte
EP1222563A2 (fr) Systeme pour effectuer une transaction
DE69512175T2 (de) Verfahren und vorrichtung zur erzeugung eines gemeinsamen schlüssels in zwei vorrichtungen für die durchführung einer gemeinsamen verschlüsselungsprozedur
AT401205B (de) System zur identifizierung eines kartenbenutzers
EP1971108B1 (fr) Identification d'un utilisateur d'un terminal mobile et génération d'une autorisation d'action
DE69900566T2 (de) Verfahren zur Personalisierung einer IC-Karte
EP1066607A1 (fr) Appareil et procede pour la distribution securisee de bons de valeur
DE4441413C2 (de) Datenaustauschsystem
WO2016071196A1 (fr) Procédé de modification d'une structure de données enregistrée dans une carte à puce, dispositif de signature et système électronique
EP2169579A1 (fr) Procédé et dispositif d'accès à un document lisible sur machine
DE10136414A1 (de) Verfahren zum Bezug einer über ein Datennetz angebotenen Leistung
EP1388138B1 (fr) Procede et dispositif de paiement de donnees pouvant etre appelees par l'intermediaire d'un reseau de donnees
WO2022253424A1 (fr) Système de transaction pour des actifs financiers cryptographiques stockés de manière décentralisée dans un réseau informatique
DE102013223082B4 (de) Identitätsverifikationsverfahren und Identitätsverifikationssystem
EP1596615B1 (fr) Carte sim avec une memoire variable et procédé associé

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20021104

17Q First examination report despatched

Effective date: 20040727

17Q First examination report despatched

Effective date: 20040727

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20080708