EP1415285A2 - Verfahren zum bezug einer über ein datennetz angebotenen leistung - Google Patents

Verfahren zum bezug einer über ein datennetz angebotenen leistung

Info

Publication number
EP1415285A2
EP1415285A2 EP02767245A EP02767245A EP1415285A2 EP 1415285 A2 EP1415285 A2 EP 1415285A2 EP 02767245 A EP02767245 A EP 02767245A EP 02767245 A EP02767245 A EP 02767245A EP 1415285 A2 EP1415285 A2 EP 1415285A2
Authority
EP
European Patent Office
Prior art keywords
identifier
processing center
service
transaction medium
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP02767245A
Other languages
German (de)
English (en)
French (fr)
Inventor
Duc Tai Vu
Christian Pho Duc
Tschangiz Scheybani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1415285A2 publication Critical patent/EP1415285A2/de
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/343Cards including a counter
    • G06Q20/3437Cards including a counter the counter having non-monetary units, e.g. trips
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0613Third-party assisted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/0014Coin-freed apparatus for hiring articles; Coin-freed facilities or services for vending, access and use of specific services not covered anywhere else in G07F17/00
    • G07F17/0021Access to services on a time-basis

Definitions

  • the invention is based on a method according to the type of the main claim. Such a method is e.g. from the prospectus "Geld card im Netz" published in 2000 by the applicant.
  • This describes the payment of a service that can be ordered via the Internet by means of a cash card.
  • a simplified procedure for a payment process is shown on the fourth page of the prospectus a home computer orders a service from a service provider, for example an information service or an online shop, via the Internet.
  • the service provider then contacts a payment center and initiates the execution of a payment transaction at the latter.
  • the payment center now provides information via the Internet , the home computer and a card reader connected to it, connect to the cash card and debit the required payment amount, and the payment center then confirms the successful payment to the service provider, who ultimately delivers the required service.
  • the known method is secure with regard to the actual transaction phase, in which the payment amount is transmitted from the cash card to the payment center, and consequently the contribution required for the purchase of the service is transmitted from a transaction medium to a processing center.
  • the ordering process preceding the transaction phase is not secured by the procedure.
  • the assurance that a service supplied by the service provider is actually that ordered by a user and that the subsequently transferred payment amount corresponds to the previously agreed upon must be effected separately between the user and the service provider. If no security measures are taken, an attack on the order / delivery process can for example, consist in the fact that a service provided by the service provider benefits the attacker instead of the original customer.
  • the method according to the invention has the advantage that only system components are required for its implementation which must be present anyway for the execution of a transaction phase.
  • the ordering process is homogeneously linked to the subsequent compensation process. If it is necessary, the connection can be used to clearly prove the connection between the order process and the transaction phase.
  • the security level can be set as required.
  • the processing center can always have the same structure. The entire process can be carried out anonymously.
  • the method according to the invention is particularly suitable for loading a dedicated account maintained with a service provider, for example for loading a so-called prepaid account with a telephone company.
  • the processing center After receiving the identifier of the transaction medium, the processing center advantageously generates an identifier by means of which an entire reference process can later be clearly assigned to a transaction medium and a processing center.
  • the time between the individual process steps is advantageously monitored; If a predetermined maximum time is exceeded, the ordering process is canceled. Such a timeout monitor makes it particularly difficult for attackers to be involved in the ordering process.
  • the identifier of the transaction medium and the identifier of the processing center are logged both in the user system and in the processing center itself.
  • a user initially requests a desired service from a service provider according to its type, e.g. loading a specific prepaid account with a telephone company. Only then does he specify the recipient and the scope of the desired service to the processing center.
  • This structure ensures that the user always makes contact with the service provider, but the service provider does not have to take any further measures to secure the ordering process.
  • the assignment of a desired service to a customer is expediently made by entering reference information on the user end system and transmission to the processing center.
  • Show it: 1 shows the structure of a system suitable for executing the proposed method
  • the system includes a user end system 10, which is connected via a first data network 20 to a processing center 30 and a service provider 40.
  • the processing center 30 and the service provider 40 are also connected to one another via a second data network 22.
  • the second data network 22 can be designed as a separate data network or also within the first data network 20.
  • the network participants 10, 30 and 40 are only shown once, in practice they can each be present more than once.
  • a large number of user end systems 10 and a large number of service providers 40 are typically connected to the data network 20.
  • a plurality of processing centers 30 are also connected to the data network 20.
  • Several processing centers 30 can each be connected to a plurality of service providers 40 via one or more second data networks 22.
  • the user end system 10 enables a user 1 to determine, order and compensate for a service that can be ordered via the data network 20 by providing certain data, the possession of which is required for the purchase of a service.
  • a transaction medium 2 Internally, it is structured into a transaction medium 2, a security terminal 14 designed for communication with the transaction medium 2, and a user network interface. place 19, which is connected on the one hand to the security terminal 14 and on the other hand to the data network 20.
  • the physical separation of the structural components 2, 14, 19 depends on the selected security level. For the greatest possible security, components 2, 14, 19 are each designed as independent modules, in a medium security level user network interface 19 and security terminal 14 are designed as independent modules, while transaction medium 2 is only available in a virtual form, ie as a software solution. With low security requirements, all components 2, 14, 19 can also be implemented in a single common structural unit.
  • the transaction medium 2 enables a user 1 to obtain a service from a service provider 40 which is distributed via a data network 20 and for which the provision of a contribution by a transaction medium 2 is required. It enables the execution of transactions for which the possession of certain data is required and in which sensitive data and information are exchanged between the security terminal 14 and another network subscriber 30, 40. For example, the transfer of payment amounts to a cash account of a payment recipient is made possible by direct withdrawal of money in electronic form from the transaction medium 2 or by irrevocable, indirect initiation of the transfer of a payment amount from a money account assigned to the transaction medium 2.
  • the transaction medium 2 has its security effect by securely accommodating sensitive data on a specially designed medium, which is preferably a separate unit.
  • the transaction medium 2 has a tamper-proof storage device 4, in which data are stored, the possession of which is necessary to obtain a line. is required.
  • data can be money in electronic form, for example, or data that enables direct access to a money account managed in an external facility.
  • data can be stored in the storage device 4, the meaning of which lies solely in the information it represents, such as cryptographic keys or access codes.
  • Payment channels and reference information can also be set up next to one another in the same transaction medium 2.
  • the transaction medium 2 is further assigned an individual identifier KM, which is stored on the transaction medium 2, expediently in the storage device 4.
  • the identifier KM can also be stored in another storage device of the user end system 10 or in a network subscriber connected via the data network 20.
  • the identifier KM is information that is used after the execution of a pre-negotiation phase by means of the transaction medium 2 as part of the implementation of a compensation phase.
  • the transaction medium 2 is preferably designed as an independent structural unit.
  • the transaction medium 2 is in the form of a portable data carrier in credit card format; in particular, the transaction medium 2 can be a chip card.
  • the memory device 4 is implemented in the chip of the card and the data to be presented for the purchase of a service, for example representing electronic money or an access code, and the identifier KM are located in the card chip.
  • transaction medium 2 can only be executed in a virtual form, for example as a software solution.
  • the transaction medium 2 can also be formed by the interaction of several separate, distributed components which are connected to one another by the identifier KM. For example, it can consist of a portable data carrier, on which the identifier KM is stored, and an associated storage device 4, which is implemented as a software solution in the user end system 10 or in one of the network subscribers connected via the data network 20.
  • the security terminal 14 corresponds on the one hand to the transaction medium 2 and enables access to the data stored in the storage device 4. On the other hand, it forms the end of a secure end-to-end connection on the user system side.
  • the security terminal 2 controls and secures the entire data exchange as part of the method for obtaining a service via a data network 20 and contains the necessary means. In particular, it secures the pre-negotiation phase, provides confirmation or error messages and logs the data exchange that is carried out.
  • the core element of the security terminal 14 is a processor device which is designed to establish a secure end-to-end connection between a transaction medium 2 and a processing center 30, ie a connection whose security is only brought about by the terminals involved in a transaction , and to carry out movements of data between the transaction medium 2 and the processing center 30 via this secure connection with the involvement of a user 1.
  • security terminal 14 has an access device 15, by means of which it can access the data stored on the transaction medium 2 and the identifier KM.
  • the access device 15 preferably enables read and write access to the data on the transaction medium 2, and consequently both the removal of content represented by the data from the transaction medium 2 and, conversely, the application of content represented by the data to the transaction medium 2.
  • the security terminal 14 also has input means 16, preferably in the form of a keyboard, for the transmission of information by a user 1 to the security terminal 14, and output means 17, expediently in the form of a display, for the communication of information by the security terminal 14 to a user 1.
  • the security terminal 14 is tamper-proof so that an unauthorized removal of data, such as data representing monetary values, from the transaction medium 2 or the generation of such data by a user 1 are excluded.
  • the access device 15, input means 16 and output means 17 are each designed to be manipulation-proof and are connected to the processor device to form a unit such that a hardware or software attack on one of the components 15, 16, 17 is only possible if it is destroyed or at least can only be carried out in such a way that it is immediately visible.
  • the processor device includes means for encrypting and decrypting incoming and outgoing data, as well as means for authenticating certificates received from transaction partners.
  • the security terminal 14 is expediently a so-called class 3 chip card reader, ie a device with an access device 15 in the form of a chip card reader, its own tamper-proof keyboard, a tamper-proof alphanumeric display for displaying security-relevant data the transfer to a chip card and encryption software.
  • class 3 chip card reader ie a device with an access device 15 in the form of a chip card reader, its own tamper-proof keyboard, a tamper-proof alphanumeric display for displaying security-relevant data the transfer to a chip card and encryption software.
  • the security terminal 14 can also be an integral part of the user network interface
  • the functionality of the security terminal 14 can be implemented as a hardware plug-in module with an independent processor device or also in the form of a pure software solution using the processor device of the user network interface 19.
  • the user network interface 19 is a device that allows a user 1 to interactively contact a processing center 30 or a service provider 40 via the data network 20.
  • the basis of the user network interface 19 is a computer with all the usual structural features.
  • the user network interface 19 has an input / output device 18, which playback means, e.g. in the form of an image display, for displaying information transmitted to the user network interface 19 and input means, e.g. in the form of a keypad, which enable the user 1 to send information to the data network
  • the user network interface 19 comprises a bidirectional interface to the data network 20.
  • the processor device of the user network interface 19 is prepared to obtain and use or execute information and program elements via the data network 20.
  • a typical embodiment of the user network interface 19 is that of a home computer.
  • the user network interface 19 can also be implemented by a publicly accessible network terminal, such as those used in Internet cafes, or by an appropriately equipped cell phone.
  • the data network 20 is preferably the Internet.
  • the network subscribers 10, 30, 40 are organized as Internet subscribers and are adapted to the technical requirements applicable to this network in a manner known per se.
  • the data network 20 can also be implemented by any other network structure that is suitable for establishing a data or communication connection between a plurality of network participants 10, 30, 40.
  • the data network 20 can consist of an interconnection of several, physically different networks.
  • the user end system 10 can be connected via a mobile radio network which is linked to a fixed network via the mobile radio network operator.
  • the processing center 30 generally takes the form of a large-scale computer system with high computing power, on which functions for executing transactions in which sensitive data are exchanged are implemented in the form of software modules.
  • the processing center 30 is located at a service provider that specializes in processing transactions that can be carried out via a data network and is only accessible to a limited, particularly authorized group of people.
  • the processing center is 30 a payment center and is used to carry out payment transactions via a data network 20, in particular the Internet.
  • Essential elements of the processing center 30 are a transaction module 32, a compensation module 34 connected to it, and a router module 36 connected to the two aforementioned modules;
  • An important hardware element of the processing center 30 is a storage device 37.
  • the transaction module 32 contains means for controlling the data exchange with user systems 10 via the data network 20 and with processing centers 40 via the second data network 22, means for carrying out and securing an order process and means for arranging the delivery of a service.
  • the compensation module 34 serves to coordinate and process a secure data exchange to request a contribution required by the transaction medium 2, that is to say to carry out a payment transaction, in interaction with a transaction medium 2 via an associated security terminal 14 and has all the necessary program and hardware means. It also coordinates the processing of various parallel reference processes.
  • the compensation module 34 has an interface 35 to a background system 39, on which background processes necessary in connection with the performance of a service procurement process are carried out, the execution of which is not possible or not expedient by the processing center 30. Background operations of this kind are, for example, the management of money accounts and the handling of transactions between different money accounts.
  • a typical background system 39 are accordingly a bank or a group of banks or a clearing system in which a money account associated with the transaction medium 2 and a processing center 30 are managed.
  • the router module 36 manages the data exchange between the transaction module 32 and the processing center 40 via the second data network 22.
  • the storage device 37 contains a database 38 for receiving the identifiers KM of payment media 2 and session keys RS, SS, which are used in connection with the identifiers KM in the context of reference processes.
  • a storage key 37 of the processing center 30 and a corresponding secret key GS are also stored.
  • the service provider 40 is a network subscriber such as the user end system 10 or the processing center 30. Usually, it takes the form of a high-performance computer on which, under the control of an installation operator, services are provided in software form to which a user 1 can access via the data network 20.
  • the service provider 40 can be implemented by a networked computer network that only behaves logically like an individual network subscriber.
  • the services offered by the service provider 40 can in principle be any type of goods or services that can be distributed via a data network 20, for example physically pre-paid goods such as software programs, existing consumer goods or digital goods that are delivered upon proof of receipt authorization, such as a PIN (personal identification number).
  • the proposed method is particularly suitable for services that are provided by a service provider 40 without the user 1 being able to directly check the provision.
  • the method is suitable, for example, for using the mobile network of a mobile service provider on the basis of prepaid credit.
  • the proposed method supports a longer-term bond between a service provider 40 and a user 1, since it prompts the user 1 to contact the service provider 40.
  • Essential structural elements of the service provider 40 with regard to the method described here are a power management device 42, a user data area 46 and a network portal 44.
  • a reference file 47 is kept in the user data area 46 by the service management device 42 for each reference information RI that is transferred to a user 1 and on the basis of which a service provider 40 can order a service.
  • the reference files 47 are preferably purpose-specific and only allow transactions in relation to an individual or a group of defined services. In practice, they are used, for example, to manage credits for services that are still to be provided by service provider 40. In connection with services still to be rendered, the reference files 47 have the function of a credit account. In this case, it is advantageously provided that the service is only provided if the credit account 47 used for its payment is sufficiently covered.
  • the network portal 44 serves to establish the first contact between the service provider 40 and a user end system 10.
  • It informs a user 1 about the service provider 40 and the services offered by the service provider 40 and provides instructions for carrying out the payment for a desired service.
  • it contains data packets in software form which, after being called up, are transmitted via the data network 20 to a user end system 10 and are displayed there to the user 1.
  • the data network 20 is the Internet
  • the network portal 44 has the usual form of an Internet presence and is accessible to a user 1 as such.
  • the network portal 44 also provides data packets with information and program elements for carrying out a procurement process. These data packets, referred to below as loading applet LA, can be stored by the service provider 40 itself or by a network subscriber connected to it, in particular in the processing center 30. In the latter case, the network portal 44 holds and transmits references to the respective storage location.
  • the loading applets LA designate a processing center 30 via which a selected service can be obtained.
  • the loading applets LA each contain program elements which enable a user end system 10 to execute an order and an associated payment process via a processing center 30.
  • the charging applets LA can be transmitted to a user end system 10 via the data network 20.
  • the service provider 40 also has an interface 48 to a connection to a background system 49, on which background processes necessary in connection with the performance of a service purchase process are carried out, the execution of which by the service provider 40 itself is not possible or is not appropriate.
  • background operations include, in particular, the management of money accounts and the execution of money transfers between different money accounts.
  • the background system 49 is accordingly formed, for example, by a bank, a bank network or a clearing system in which a money account assigned to the service provider 40 is kept.
  • the background system 49 is connected to the background system 39 and can also be identical to that.
  • Processing center 30 and service provider 40 can also coincide and be implemented in the form of a single network subscriber.
  • the background system 39, 49 can also be an integral part of the processing center 30 or the service provider 40.
  • a bank forms an example of a network subscriber with the functionalities of the processing center 30, the service provider 40 and the background system 39, 49.
  • the usage process is basically divided into a pre-negotiation phase and a transaction phase, which in turn breaks down into a compensation phase and a delivery phase.
  • the pre-negotiation phase and the compensation phase are carried out between the user end system 10, in particular the security terminal 14 and the transaction medium 2, and the processing center 30;
  • the service provider 40 is also involved in the implementation of the delivery phase.
  • a service is ordered using the KM identifier, in the compensation phase using the identifier.
  • KM the demand for a contribution to be made by the payment medium 2 as a prerequisite for the delivery of the service and in the delivery phase the provision of the service for delivery to the user 1.
  • the service provider 40 is a mobile radio network operator and that a user 1 wants to use a user card to top up a network time credit account managed by this mobile network operator 40 by means of a money card To be able to continue using the cell phone.
  • the reference file 47 functions as a network time credit account
  • the service management device 42 appears as an account management unit
  • the transaction medium 2 as a money card
  • the service provided by the service provider 40 consists in making its network available for a limited period of time.
  • the contribution made by the transaction medium 2 and necessary for the purchase of the service is made by the transfer of electronic money from the money card 2 to a money account assigned to the mobile radio network operator.
  • the method is not restricted to the aforementioned example application. Rather, it can always be used if the purchase of a service distributed via a data network 20 takes place in that, using an identifier KM assigned to a transaction medium 2, an order process and then a transaction phase are carried out in succession.
  • Another application of this type is, for example, the purchase of information that is free of charge, but security-critical, such as a PIN, which subsequently enables access to the otherwise blocked service offers of a service provider 30.
  • step 202 a user 1 establishes a connection to the network portal 44 of a service provider 40 via the data network 20 by means of a user end system 10, which then looks at the information offer made available by the network portal 44 and selects the option “loading the prepaid account” from the information offer , Step 200.
  • the network portal 44 of the service provider 40 transmits to the user end system 10 a start data block that contains information about a processing center 30 to be selected, supported payment methods, a contact address AD for processing any complaints that may be necessary, and a loading applet LA or one Reference to its storage location, which causes the integration of a security terminal 14 in a reference process and the input of required information by the user 1, step 202.
  • the execution of step 202 is preferably carried out in a security mode, which is by both n the parties involved in the data exchange can be used directly, for example under encryption according to the SSL protocol.
  • the loading applet LA If the loading applet LA has been received and installed in the user network interface 19, it establishes a connection via the data network 20 to the processing center 30 designated in the start data block.
  • the loading applet LA first expediently initiates a mutual authentication between user 1 and processing center 30, step 203 after the connection has been established.
  • user 1 and processing center 30 mutually indicate theirs Authenticity by checking each partner's knowledge of a predefined secret.
  • the secret can be, for example, a PIN to be entered or one that is useful be stored by means of the security terminal 14 readable signature card from which it is read.
  • the loading applet LA opens the pre-negotiation phase. For this purpose, it causes the user 1 to define a payment method and a desired loading amount LS by generating a corresponding display on the input / output device 18, step 204. The user 1 makes the required entries by means of the input means of the input / output device 18. If the entry is completed, the loading applet LA generates a loading message B1 which contains the selected payment method, the defined loading amount LS and the complaint contact address AD, step 206.
  • the loading applet LA additionally generates an individual identifier KM for the payment medium 2.
  • the charging message B1 transmits the charging applet LA to the security terminal 14, step 208.
  • the security terminal 14 After receipt of the charging message Bl in the security terminal 14, the latter checks whether the transaction medium 2 is accessible to the access device 15. If this is not the case, the security terminal 14 transmits a feedback to the user network interface 19, which prompts the user on the playback means of the input / output device 18 to present a request to the user 1 to present the transaction medium 2 to the access device 15. If the transaction medium 2 is only realized virtually, it receives the user 1 receives a request to make it accessible by corresponding inputs via the input / output device 18.
  • the security terminal 14 If the transaction medium 2 is presented and access is possible, the security terminal 14 requests the transaction medium 2's individual identifier KM, step 210, via the access device 15. The transaction medium 2 then transmits its individual identifier KM, step 212, to the security terminal 14.
  • the security terminal 14 receives the identifier KM from the loading applet LA in the message sent in step 208.
  • the loading applet LA can directly contain the identifier KM. It can also only act as an intermediary and obtain the identifier KM in a separate data exchange via the data network 20, for example from the processing center 30. It can also be provided that the identifier KM is displayed to the user 1 on the output means 17 of the security terminal 14 and must be confirmed by the user 1.
  • the identifier KM and the loading sum LS determined by the user 1 are stored by the security terminal 14 for further use in the subsequent process sequence, step 214. Furthermore, the security terminal 14 generates a session key SK, step 216.
  • the session key SK is generated using a customary method, typically according to a method based on the generation of random numbers.
  • the transaction medium 2 can also be included in this and, for example, supply a random number.
  • the security terminal 14 stores the session key SK for the further procedure analogous to the storage of the identifier KM, step 218.
  • the security terminal 14 then prompts the user 1, by means of a corresponding display on the output means 17, to enter reference information RI, which denotes the binding of the user 1 to the service provider 40, step 300.
  • the reference information RI for example, in the telephone number of the associated cell phone.
  • the user 1 confirms the reference information RI by repeating the input.
  • the security terminal 14 If the reference information RI entered by the user 1 is then available, the security terminal 14 generates a first pre-negotiation message B2. For this purpose, it forms an information block which contains the reference information RI, the session key SK, the identifier KM and the loading sum LS and encrypts this with the public key ⁇ S of the processing center 30, step 302.
  • the public key ⁇ S of the processing center 30 can be used within the have been transmitted to the network portal 44 as part of the initial contact start data block. Alternatively, a separate method step can also be provided, in which the security terminal 14 requests the public key ⁇ S from the processing center 30 from the latter.
  • the pre-negotiation message B2 which is then secured by encryption, is transmitted via the data network 20 to the processing center 30 designated by the loading applet LA, step 304.
  • the security terminal 14 also starts a time monitoring, step 305. This becomes one or more Defines time periods within which one or more predetermined messages must have been received from the processing center 30. Passes a time span without receiving the expected message, the procedure is terminated. For example, the periods of time until the receipt of a second pre-negotiation message B5 and / or until the start of the payment process are monitored.
  • the processing center 30 Upon receipt there, the processing center 30 decrypts the secured pre-negotiation message B2 with the secret key GS corresponding to the public key ⁇ S used for the encryption and determines the identifier KM of the transaction medium 2 and the session key SK, step 306. At the same time, the processing center 30 also starts one Time monitoring, step 307. In this, it monitors, for example, the time period until an enable signal B6 is received.
  • the processing center 30 then checks, step 308, whether the identifier KM is already stored in its database 38, step 308. If this is the case, the processing center 30 checks whether the session key RS last stored in connection with the same identifier KM is still valid, Step 310. A predetermined period of validity is assigned to each session key SS. If this has not yet expired, the processing center 30 requests the last valid session key PS, step 402, from the security terminal 14 by means of a request B3 via the data network 20. The request B3 is secured by encryption with the transmitted session key SK.
  • the processing center 30 takes over the transmitted reference information RI, the transmitted loading sum LS and the identifier KM in the storage device 37, step 316. If the check in step 308 shows that the transmitted identifier KM is not yet contained therein, the processing center 30 adopts it as a new entry in the database 38, step 309.
  • step 310 If the check in step 310 shows that the session key RS last stored in connection with the same identifier KM is no longer valid due to the expiry of the period of validity, the processing center 30 makes the transmitted session key SK the new valid session key SS and transfers it to its storage device 37, step 314th
  • the security terminal 14 receives the request B3 and decrypts it with the session key SK, step 403. Then, in turn, it forms a secure response B4, which contains the identifier KM of the transaction medium 2 and the session key PS used in the last previous payment process, step 406. The backup takes place by encryption with the public key ⁇ S of the processing center 30. The response B4 thus secured transmits the security terminal 14 to the processing center 30, step 408.
  • the processing center 30 again compares the previous session key PS resulting from the decryption with the stored session key RS, step 412.
  • the processing center 30 transmits an error message to the security terminal 14 and breaks the communication to the security terminal 14, step 413. It can also be provided that the termination is carried out without an error message.
  • step 412 If the check in step 412 shows that the compared session keys PS and RS match, the processing center 30 defines the previously stored session key PS as the new valid session key SS, step 414.
  • the processing center 30 In the next step, the processing center 30 generates a pre-authorization identifier KV, step 500.
  • the pre-authorization identifier KV is used to uniquely identify a transaction. It is stored by the processing center 30 and later supports the proof of the successful execution of the two phases, especially in the event of an error after the completion of the pre-negotiation and the compensation phase.
  • Preauthorization identifier KV is expediently obtained by executing an algorithm that can be traced later; in a particularly simple manner, the pre-authorization identifier is a consecutive number.
  • the processing center 30 By means of the pre-authorization identifier KV, it then forms a second pre-negotiation message B5.
  • the processing center 30 combines the pre-authorization identifier KV with the stored information for the identifier KM, the loading sum LS and the reference information RI, signs this information group with the secret key GS of the processing center 30 and also encrypts it with the session key SS, step 502
  • the processing center 30 transmits the resulting second pre-negotiation message B5 via the data network 20 to the security terminal 14, step 504. This decrypts the second pre-negotiation message B5 again using the session key SS, step 505, and checks the signature using the public key ⁇ S of the processing center 30, step 506.
  • the security terminal 14 checks whether the pre-negotiation message B5 is within the permissible time period is received, step 507.
  • the presentations for the reference information RI and the loading sum LS after the decryption are then compared by the security terminal 14 with the previously stored corresponding information, step 508. If this comparison reveals that one or more of the compared information do not match , the security terminal 14 terminates the communication with the processing center 30 without further feedback, step 509.
  • step 508 If the comparison in step 508 shows that all the compared information matches, the security terminal 14 displays the reference information RI and the loading sum LS on the output means 17 and asks the user 1 for confirmation via the input means 16, step 510. Via the input means 16 des Security terminal 14 then user 1 confirms the information, step 512.
  • the security terminal 14 If the confirmation has been made by the user 1, the security terminal 14 generates an enable signal B6 and sends this to the processing center 30, step 514.
  • the processing center 30 also generates a protocol PA with all of the data and information transmitted to the security terminal 14.
  • the protocol PA transmits it to the security terminal 14, which checks it and, if necessary, supplements it with further information available in the security terminal 14, step 516. authorization identifier KV and the signature of the processing center 30. Completed, it sends the security terminal 14 to the user network interface 19, where it is stored.
  • a user 1 can, in the event of a subsequent premature termination of the method, make a complaint. This concludes the pre-negotiation phase and the compensation phase follows with the demand for the contribution to be made by transaction medium 2 as the first part of the transaction phase.
  • the processing center 30 After receiving the release signal B6, the processing center 30 first checks, as part of the time monitoring, whether it has been received within the permissible time period, step 517. If this is the case, the processing center 30 initiates a payment process known per se via the data network 20, step 518. In the course of the time monitoring, the security terminal 14 first checks whether the start of the payment process has taken place within the permissible time period, step 519. If this is the case, the payment process is carried out.
  • the payment process takes place between the user end system 10 and the compensation module 34 in the processing center 30. Like the pre-negotiation phase, it is based on the use of the KM identifier of the transaction medium 2. By integrating the KM identifier in the payment process and in the pre-negotiation phase, between the two transactions - sections of the route created a direct connection. Based on the identifier KM, an assignment can be made later, if necessary.
  • the payment process can be of the type described in the introductory publication “Geld badge im Netz”. First of all, the existence of a secure end-to-end connection between the processing center 30 and the security terminal 14 is ensured by using transaction medium 2 and Mutually authenticate processing center 30.
  • the identifier KM of the transaction medium 2 is used to determine a key for the encryption and a key or a pair of keys is derived with the help of the identifier KM, thus forming a clear link between the ordering process and the payment process.
  • a data exchange then takes place using the key or the key pair, in which the electronic money in the memory 4 of the transaction medium 2 is reduced by the payment amount, ie the loading amount LS, and a corresponding amount is credited to the processing center 30, the payment amount is therefore transferred from the transaction medium 2 to the processing center 30.
  • the payment process does not necessarily have to be carried out by the user using the same structural resources that were used for the pre-negotiation phase.
  • a special one is also possible
  • the identifier KM To use payment medium that is connected to the transaction medium 2 via the identifier KM, but is not identical to the transaction medium 2 and / or to dispense with the use of the security terminal 14. In the first case, however, the identifier KM must either be stored in the user end system 10 or with a network subscriber connected via the data network 20 or must be entered manually by the user 1. If the payment process is unsuccessful, the entire reference process is ended, step 521. User 1 receives an error message provided as part of the payment process.
  • the compensation module 34 confirms this to the transaction module 32 by transmitting a confirmation signal which contains the identifier KM. The compensation phase is now complete.
  • the processing center 30 now initiates the delivery phase as part of the transaction phase.
  • the router module 36 By means of the router module 36, it establishes a connection to the service provider 40 via the background data network 22 and transmits a charging request B7, step 600.
  • This contains the preauthorization identifier KV, the reference information RI, the identifier KM and the loading sum LS.
  • the power management device 42 After receipt by the service provider 40, the power management device 42 forms a network time credit corresponding to the loading amount LS, step 602. If the service ordered by the user 1 is used, in the example, telephoning in the mobile network of the network operator by reducing an existing network time credit, the charging takes place the service provider 40 stores the network time credit in the reference file 47 designated in the loading request B7.
  • the user 1 assigned to the reference information RI is transmitted value units which correspond to the network time credit, and consequently to the load sum LS. If this is the case, the service provider 40 generates the value units after receipt of the load sum LS, step 604. The value units are transmitted to user 1. In parallel, the network time credit is managed in the reference file 47.
  • the service provider 40 transmits an acknowledgment signal B8 to the processing center 30, step 606. If such have been generated, the service provider 40 also transmits the processing center 30 together with the acknowledgment signal B8 or immediately afterwards the units of value, step 607.
  • the processing center 30 Upon receipt of the acknowledgment signal B8, the processing center 30 in turn forms a loading receipt B9 which contains the reference information RI, the loading amount LS, the pre-authorization identifier KV and the identifier KM. She signs the loading receipt with the secret key GS of the processing center 30 and encrypts it with the session key SS, step 608.
  • the loading receipt B9 thus formed is transmitted via the data network 20 to the user end system 10, step 610. Together or immediately thereafter, it transmits the user end system 10 furthermore the possibly formed value units, step 611.
  • the processing center 30 If an error occurs when loading the user account 47 in step 602 or if the processing center 30 does not receive an acknowledgment signal B8 from the service provider 40 after issuing a charging request B7, the processing center 30 generates a provisional charging receipt BIO, step 612. how it contains a loading receipt B9 after successful loading.
  • the provisional loading receipt BIO contains an uncertainty notice FU, which indicates the possible presence of an error and which contains a contact address under which the user 1 can complain, step 614.
  • the provisional loading receipt BIO is also provided with the secret key GS signed the processing center and encrypted the session key SS.
  • the loading receipt B9 or the provisional loading receipt BIO is decrypted by the security terminal 14 using the session key SS, step 616.
  • the security terminal 14 presents the user 1 to the user 1 via the output means 17, step 616, confirming the successful execution of the charging process upon receipt of a loading receipt B9 or the indication of a possible error upon receipt of a provisional loading receipt BIO together with the complaint contact address transmitted.
  • the security terminal causes the storage of any transmitted value units, step 619. This can take place in one of the components of the user end system 10, with a network subscriber connected via the data network 20, or also in an external device, for example in a cell phone.
  • the formation of a confirmation of the receipt of the value units by the security terminal 14 and their return to the processing center 30 can be provided, step 620.
  • the measure is particularly expedient if the value units are data acts, the meaning of which consists in the knowledge of a user 1 or which subsequently remain on the transaction medium 2 for repeated use, for example a PIN or a cryptographic key.
  • the processing center 30 forms a protocol PB over the entire data exchange that continues to write the protocol PA. It transmits the entire protocol PB or at least the parts newly added to the protocol PA to the security terminal 14, which checks it and supplements it with the information available only in the security terminal 14.
  • the protocol PB then contains all the essential information exchanged by the processing center 30 and by the service provider 40 with the user end system 10 via the data network 20.
  • the complete protocol PB transfers the security terminal 14 to the user network interface, where it is stored, step 622.
  • the coupling between the pre-negotiation phase, the compensation phase and the delivery phase can take place in a weakened form.
  • the identifier KM of a transaction medium 2 in the processing center 30 can be converted into a simple standard value, which only confirms the existence of an identifier KM.
  • the design of the time monitoring can be varied. In addition to those described, other or other time periods can be monitored. Monitoring can also include correlations between different time periods. Furthermore, the network subscribers 10, 30 and 40 can be configured in many ways. In particular, both components can be combined or can be distributed over a large number of further components.
  • the encryption techniques used can also be configured within a wide range. Both other principles and additional encryption can be used.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
EP02767245A 2001-07-26 2002-07-22 Verfahren zum bezug einer über ein datennetz angebotenen leistung Ceased EP1415285A2 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10136414A DE10136414A1 (de) 2001-07-26 2001-07-26 Verfahren zum Bezug einer über ein Datennetz angebotenen Leistung
DE10136414 2001-07-26
PCT/EP2002/008163 WO2003012701A2 (de) 2001-07-26 2002-07-22 Verfahren zum bezug einer über ein datennetz angebotenen leistung

Publications (1)

Publication Number Publication Date
EP1415285A2 true EP1415285A2 (de) 2004-05-06

Family

ID=7693163

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02767245A Ceased EP1415285A2 (de) 2001-07-26 2002-07-22 Verfahren zum bezug einer über ein datennetz angebotenen leistung

Country Status (8)

Country Link
US (1) US8595131B2 (ja)
EP (1) EP1415285A2 (ja)
JP (1) JP2004537814A (ja)
CN (1) CN1554079A (ja)
AU (1) AU2002331280A1 (ja)
DE (1) DE10136414A1 (ja)
RU (1) RU2296367C2 (ja)
WO (1) WO2003012701A2 (ja)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT503263A2 (de) * 2006-02-27 2007-09-15 Bdc Edv Consulting Gmbh Vorrichtung zur erstellung digitaler signaturen
RU2414749C1 (ru) * 2008-08-08 2011-03-20 Вячеслав Олегович Долгих Персональный носитель данных
RU2388053C1 (ru) * 2008-11-06 2010-04-27 Александр Геннадьевич Рожков Способ проверки транзакций, автоматическая система для проверки транзакций и узел для проверки транзакций (варианты)
US8621212B2 (en) * 2009-12-22 2013-12-31 Infineon Technologies Ag Systems and methods for cryptographically enhanced automatic blacklist management and enforcement
US8468343B2 (en) * 2010-01-13 2013-06-18 Futurewei Technologies, Inc. System and method for securing wireless transmissions
US8630411B2 (en) 2011-02-17 2014-01-14 Infineon Technologies Ag Systems and methods for device and data authentication

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH682700A5 (de) 1991-07-29 1993-10-29 Andreas Peiker Verfahren zum automatischen Verifizieren und Bestätigen von Aufträgen resp. Bestellungen.
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
US5809143A (en) * 1995-12-12 1998-09-15 Hughes; Thomas S. Secure keyboard
SE512748C2 (sv) 1997-05-15 2000-05-08 Access Security Sweden Ab Förfarande, aktivt kort, system samt användning av aktivt kort för att genomföra en elektronisk transaktion
NO311468B1 (no) 1999-03-16 2001-11-26 Ilya Kruglenko Fremgangsmåte og system for sikker netthandel
US6873974B1 (en) * 1999-08-17 2005-03-29 Citibank, N.A. System and method for use of distributed electronic wallets
EP1218865B1 (en) * 1999-09-24 2003-07-23 Robert Hodgson Apparatus for and method of secure atm debit card and credit card payment transactions via the internet
WO2001045008A1 (en) * 1999-12-16 2001-06-21 Debit.Net, Inc. Secure networked transaction system
IL133771A0 (en) * 1999-12-28 2001-04-30 Regev Eyal Closed loop transaction
US20010047336A1 (en) * 2000-04-03 2001-11-29 Maycock Sidney M. Credit card management system
US6931382B2 (en) * 2001-01-24 2005-08-16 Cdck Corporation Payment instrument authorization technique
US20020178063A1 (en) * 2001-05-25 2002-11-28 Kelly Gravelle Community concept for payment using RF ID transponders
US20020188549A1 (en) * 2001-06-11 2002-12-12 Mark Nordlicht Selectable market transaction over a network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO03012701A2 *

Also Published As

Publication number Publication date
WO2003012701A3 (de) 2003-11-06
AU2002331280A1 (en) 2003-02-17
CN1554079A (zh) 2004-12-08
WO2003012701A2 (de) 2003-02-13
US8595131B2 (en) 2013-11-26
US20040243474A1 (en) 2004-12-02
JP2004537814A (ja) 2004-12-16
RU2296367C2 (ru) 2007-03-27
RU2004105845A (ru) 2005-06-10
DE10136414A1 (de) 2003-02-20

Similar Documents

Publication Publication Date Title
DE69631706T2 (de) System zum Ermöglichen des Bestellens und Bezahlens von Dienstleistungen mittels eines Kommunikationsnetzwerkes
DE69527369T2 (de) Kommunikationsgerät
DE29624480U1 (de) System zum Ermöglichen des Bestellens und Bezahlens von Dienstleistungen mittels eines Kommunikationsnetzwerkes
WO2014079597A1 (de) Verfahren, vorrichtung und dienstleistungsmittel zur authentifizierung eines kunden für eine durch ein dienstleistungsmittel zu erbringende dienstleistung
EP3245607A1 (de) Verfahren zum lesen von attributen aus einem id-token
EP1282087A1 (de) Verfahren zur Durchführung von Transaktionen von elektronischen Geldbeträgen zwischen Teilnehmerendgeräten eines Kommunikationsnetzes, Transaktionsserver und Programmmodul hierfür
EP1347620B1 (de) Abrechnung einer kostenpflichtigen Nutzung von im Internet bereitgestellten Daten durch ein Mobilfunkendgerät
DE10143876A1 (de) Blockierungs-Server
EP1665184A1 (de) Verfahren zur abwicklung einer elektronischen transaktion
EP1326216A1 (de) Verfahren und Vorrichtung zur elektronischen Zahlung durch mobile Kommunikationsgeräte
WO2003012701A2 (de) Verfahren zum bezug einer über ein datennetz angebotenen leistung
EP1222563A2 (de) System zur ausführung einer transaktion
EP1486088B1 (de) VERFAHREN ZUR BEREITSTELLUNG UND ABRECHNUNG VON WIM-FUNKTIONALITÄTEN BEI MOBILEN KOMMUNIKATIONSENDEINRICHTUNGEN
EP1027801B1 (de) Verrechnungsverfahren in einem telekommunikationssystem
DE102005062061B4 (de) Verfahren und Vorrichtung zum mobilfunknetzbasierten Zugriff auf in einem öffentlichen Datennetz bereitgestellten und eine Freigabe erfordernden Inhalten
DE19818708A1 (de) Verfahren zum Nachladen eines Portoguthabens in eine elektronische Frankiereinrichtung
EP1183847B1 (de) Verfahren zur gesicherten übermittlung von geschützten daten
DE3619566A1 (de) Verfahren und system zur datenuebertragung
EP1388138A1 (de) Verfahren und anordnung zum bezahlen von über ein datennetz abrufbaren datenangeboten
DE10213073A1 (de) Verfahren zum Abrechnen einer kostenpflichtigen Benutzung von Daten und Datenübertragungsnetz
EP1344194A2 (de) Verhahren und vorrichtung zur übertragung von elektronischen werteinheiten
EP0978963A2 (de) Verfahren und Vorrichtung zur automatischen Abrechnung von Benutzungsgebühren
DE10312059A1 (de) System und Verfahren zum Aufbau eines semimobilen Datennetzes
DE29807597U1 (de) Ladeterminal für Geldkarten
EP2115995A1 (de) Elektronische visitenkarte

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17P Request for examination filed

Effective date: 20040506

17Q First examination report despatched

Effective date: 20090204

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20161010