EP2695121A2 - Vérification de l'authenticité du terminal - Google Patents

Vérification de l'authenticité du terminal

Info

Publication number
EP2695121A2
EP2695121A2 EP11854421.2A EP11854421A EP2695121A2 EP 2695121 A2 EP2695121 A2 EP 2695121A2 EP 11854421 A EP11854421 A EP 11854421A EP 2695121 A2 EP2695121 A2 EP 2695121A2
Authority
EP
European Patent Office
Prior art keywords
terminal
payment
card
secure
customer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP11854421.2A
Other languages
German (de)
English (en)
Inventor
Lars Olof Kanngard
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP2695121A2 publication Critical patent/EP2695121A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security

Definitions

  • the present application relates to payment systems, and more particularly to a method of verification of terminal authenticity.
  • Figure 1 schematically shows one method by which verification of terminal authenticity might occur.
  • Figure 2 shows an example of a transaction made using one sample embodiment of a disclosed payment system.
  • Figure 3 shows one sample embodiment of an off-line credit implementation.
  • Figure 4 shows an example of a simplified printout produced by a terminal.
  • Figure 5 schematically shows one sample embodiment of terminal interaction from the view of a buyer.
  • Figure 6 schematically shows one sample embodiment of terminal interaction from the view of a merchant.
  • Figure 7 schematically shows one sample embodiment of interaction with a terminal for the purpose of bill management and payment.
  • Figure 8 schematically shows one sample embodiment of data collection for bill management. DETAILED DESCRIPTION OF SAMPLE EMBODIMENTS
  • SCT secure card transaction
  • This document describes the SCT architecture which provides a more secure transaction on a point of sale (POS) device.
  • POS point of sale
  • the terminal helps the merchant- and the customer smartcards to negotiate a session encryption key
  • the terminal retrieves the encrypted merchant id from the merchant smartcard.
  • the terminal sends the amount and a opaque block of information consisting of among other things the terminal id, the encrypted merchant id, and the transaction code to the customer smartcard.
  • the customer smartcard retrieves the personal account number (PAN) from itself
  • the customer smartcard encrypts all of this using its private RSA key into a message and delivers it to the terminal.
  • the message needs to have an unencrypted header with a card reference number so the datacenter can decrypt it using the public RSA key belonging to the card.
  • This function is rather self-explanatory. It allows the user to change the PIN on the card.
  • the off-line credit is used to allow for some low value purchases to be accepted even if the terminal is temporarily off-line with the processing center.
  • the terminal will accept the transaction and store the encrypted transaction in the blob storage area of the merchant smartcard. All of these pending transactions are sent for processing at when the terminal is on-line again.
  • Figure 3 is a table illustrating some important concepts.
  • a wallet usually means that funds must be transferred in advance from the customer account thus reducing the balance of the account.
  • a wallet is also meant to be used in a non-error situation, this in contrast to this credit functionality that is created as a means for our customers to make a transaction even if the processing center or communications links are temporarily down.
  • This invention lets the user know that the device (e.g. EDC terminal, ATM, Info kiosk or a similar device) is authentic and have not been replaced with a fake device by a third party in order to collect personal data from the users.
  • the device e.g. EDC terminal, ATM, Info kiosk or a similar device
  • the image can be kept in the card or in the device.
  • the images can either be real world pictures suitable to be displayed on devices with only low resolution monochrome displays, or a set of hand drawn geometrical images or an image generated algorithmically from the decrypted data.
  • the device retrieves an image (encrypted with the public part of a public key infrastructure (PKI) key)
  • PKI public key infrastructure
  • the device decrypts the image with the private part of a PKI key (shared by all devices)
  • the device shows the image on its display
  • the device retrieves an reference number (encrypted with the public part of a PKI key)
  • the device decrypts the number with the private part of a PKI key (shared by all devices). This number is an index into an array of stored images in the device. [00048] 4) The device shows the image on its display.
  • IVR integrated voice response
  • a system which handles the whole chain of events to pay a bill for non-bankable customer, typically emerging market, but not limited to, without the primary use of a printed bill, notification, request, remainder or written demand, which system also are suitable for Non-Bank institutions or by the way any other institution or organization who has a need to make the processing and or the handling settlement of values, via a better way.
  • a system which handles; notification, verification, reminders, feed-backs, rescheduling response or action/s, payment and or settlement as well as channeling relevant data back-to or from a client and the service provider.
  • the disclosed inventions in various embodiments, will handle the storage of any electronic material related a transaction, so that the user at any time, easily and effectively can preferable access the same online but if needed also have any record reproduced to other media, such as paper, electronic format, file or any other format available at such time.
  • the disclosed inventions in various embodiments, can either operate as an integral solution to a typical billing and or administration system or operate as an offered service from a service provider or an entity offering solutions towards non-bankable customer, but not limited to.
  • SMS short message service
  • the disclosed inventions in various embodiments, can handle, if needed both off-line as well as on-line transactions and it can also if suitable be implemented as an application in a customer device to handle part or whole of a transaction.
  • the disclosed inventions in various embodiments, can have the feature to validate that a notification was both sent and displayed/visible for the customer, at a given time.
  • the disclosed inventions in various embodiments, can also be integrated to a network or cluster of EDC/EFT or POS terminals, multi function and multi service terminals or electronic Business Machine (eBM) Terminals or any other device, such as information screens or information kiosks or any other device, which can display or print the notification or the details of the request, which also include any other future media of interact with the user.
  • EBM electronic Business Machine
  • the disclosed inventions in various embodiments, can also be integrated or could use any such terminal in combination with the use of an identifier, stored value card, preferably equipped with a smart-chip or any other intelligent device, so that the user (costumer) can be identified and verified as the rightful user of such Identifier, where after the notification would be displayed or printed to the customer.
  • the disclosed inventions in various embodiments, can also be integrated to such Terminals, so that when a customer can uses his or her card, stored value card, debit card, credit card or another type of card or identifier, the notification could appear as a message of a printed receipt.
  • the disclosed inventions in various embodiments, can also be integrated with Terminal/s in such manner that the notification/request can suggest or demand a response or the customer may like to request or inform the Biller or the Client by entering the response directly on the Terminal in use.
  • the disclosed inventions in various embodiments, can also in the case of use for bill payments and collection provide the service that when a customer is identified or entered a bill identification number, i.e. account or customer number, the bill, in this example, is due to be paid at a specific date, the customer may then enter an alternative payment date and or make a schedule for when the bill will be paid partly or whole. If applicable and offered as an online and instant service the billets system or the service provider or the processing center can than at such time directly respond back to accept such request or state the terms accepted or agreed.
  • the disclosed inventions in various embodiments, can also be integrated and use OTP (one time pin) feature in any shape or form where also USSD or any application on a device such a mobile phone could communicate a second or third level of verification, to increase the level of security.
  • OTP one time pin
  • the disclosed inventions in various embodiments, can also be integrated with Terminals, so when a customer is identified, by means of identifier, card, biometric data or any other method or techniques used at such time, the bill, request or form would be displayed or printed.
  • the Terminal has a printer, see Figure 4, this is referred to as a simplified-printout, which can be combined with or in exchange of be made as a 'full-print-out' which is further explained in the tables below.
  • 1 Collection of billing data This first step can as one example of explaining the process if it is to be used for handling the billing of electrical consumption, not limited to. Where the data can be reported
  • Notification of new bill is and can be used as a reminder, that therein is a bill or an event (payment, settlement, installment) which will occur in the near future, which for the prime target group is a feature they can not enjoy due to lack of basic tools such as electronic calendars, PCs, lap-tops and highend mobile phones or iPads etc... depending on the Biller, this feature can use different medias to reach the consumer, via SMS, email, info-kiosks [00087] 2.1 By SMS on cell phone
  • the disclosed inventions in various embodiments, can, depending on user groups be designed and deployed in such manner that when a customer (user) are using a card, or any other media to identify the user, the display or media can suggest, or printout can suggest that there is a bill to be paid or a number of bills to be paid or one or several forms or requests which should be dealt with.
  • display we refer to any media or medium which can signal, visualize the said content to the customer, which also include techniques for blind people and people with special needs.
  • the system can be used for any other chain of events where a 'normal' paper structured way of channel facts, records, request is being exchanged to a paper-free or less solution as this claimed innovation.
  • a time management and attendance solution where even the worker can print out his payroll slip or his attendance record from any SCT POS terminal, in a shop, camp or office.
  • SCT Multi Function POS terminals will be provided to companies who will handle and distribute the PayRoll cards to the workers, free of charge during the agreed deployment phase.
  • Another group of improvements uses the secure payment capabilities of the above architecture to implement a payroll system which allows non-banking or unbankable employees (or contractors or vendors) to receive electronic payment, and to easily reroute portions of their payments electronically to various destinations.
  • the secure transaction capabilities of the above architecture make this possible.
  • the ViA PayRollTM suite comprises of:
  • PayRoll Card The SCT Card, preferably issued as a PayRoll Card (PIN enabled smartcard) ensures the workers have easy access to his salary without the need to withdraw cash from ATM's. Workers can use their SCT Cards for the smallest transactions and will find SCT POS terminals at many locations, including the labor camps.
  • This architecture also provides Online PayRoll administration for small and medium sized enterprises (and for larger companies).
  • a simplified Batch & Upload solution is utilized where standard files can be administrated to handle thousands of workers' salaries.
  • the SCT Multi Function POS terminal can now be found at labor camps and small merchants, where workers spend their time after work and where they can now use their SCT Cards rather than cash.
  • Each employee has its own SCT Card that they would use to insert in the SCT POS terminal; they are then registered as being at the work.
  • ViA eMeal solution is a modern way of eliminating food coupons and thereby saving money and making the whole process faster, more cost effective and also simplified for the workers.
  • a separate meal card as for example a simple barcode -based plastic card.
  • a method for performing secure value transactions comprising: allowing a human user to engage a first smartcard with a terminal; performing a preliminary tripwire step, wherein said first smart card and said terminal mutually contribute data fractions to mutually generate an image which is displayed to the human user on a display which communicates with at least some portions of said terminal; and, if the human user chooses to continue after viewing said image, then allowing said first card to initiate a secure data exchange, which is routed through said terminal, with a second smartcard; wherein said secure data exchange involves an exchange of value.
  • STS data security techniques can be combined with the techniques in the present application.
  • the Secure Transaction String concept (“STS") is described in US2007-0033149, which is hereby incorporated by reference.
  • STS Secure Transaction String concept
  • This security architecture mitigates the problem of sharing too much information between the parties involved in POS transaction in the current networks.
  • the first link in the chain only needs to know enough of the card number to deduce where to route the rest of the information, the rest of the information will still be encrypted by other keys that the first link doesn't have access to. If this link is compromised, or against the rules stores all transactions locally unencrypted, the other blocks are still encrypted and secure.
  • a card can be a contactless device using any wireless interface such as radio frequency identification (RFID) or near-field communication (NFC).
  • RFID radio frequency identification
  • NFC near-field communication
  • the "card” does not necessarily have the familiar form factor of a credit card or smart card. Instead, it can be configured as a "data key” or fob or ring or otherwise.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

L'invention concerne des procédés et des systèmes pour améliorer des solutions de paiement non-bancaires par une vérification l'authenticité du terminal. Un groupe d'améliorations utilise les capacités de paiement sécurisé de l'architecture susmentionnée pour implémenter un système de paiement des factures. Des paiements électroniques de consommateurs non clients de la banque sont actuellement entièrement sécurisés. Divers procédés sont discutés pour inclure des consommateurs non-bancaires dans ce système de paiement. Un autre groupe d'améliorations utilise les capacités de paiement sécurisé de l'architecture susmentionnée pour implémenter un système de paie qui permette à des employés(ou des entrepreneurs ou vendeurs) non-bancaires ou sans accès bancaire de recevoir un paiement électronique, et de facilement réacheminer par voie électronique des parties de leurs paiements à diverses destinations. Cela est devenu possible par les capacités de transaction sécurisée de l'architecture susmentionnée.
EP11854421.2A 2010-12-30 2011-12-30 Vérification de l'authenticité du terminal Withdrawn EP2695121A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201061428245P 2010-12-30 2010-12-30
US201061428244P 2010-12-30 2010-12-30
PCT/IB2011/003344 WO2012090074A2 (fr) 2010-12-30 2011-12-30 Vérification de l'authenticité du terminal

Publications (1)

Publication Number Publication Date
EP2695121A2 true EP2695121A2 (fr) 2014-02-12

Family

ID=46383578

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11854421.2A Withdrawn EP2695121A2 (fr) 2010-12-30 2011-12-30 Vérification de l'authenticité du terminal

Country Status (4)

Country Link
EP (1) EP2695121A2 (fr)
CN (1) CN103548047A (fr)
SG (1) SG194001A1 (fr)
WO (1) WO2012090074A2 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160057168A1 (en) * 2013-04-15 2016-02-25 Tactegic Holdings Pty Limited System and methods for efficient network security adjustment
CN105590206B (zh) * 2014-11-26 2020-10-23 中国银联股份有限公司 电子现金交易中验证终端真实性的方法
CN105760750B (zh) * 2016-02-01 2019-06-14 北京华胜天成科技股份有限公司 软件篡改识别方法和系统
CN109478282A (zh) 2016-07-15 2019-03-15 维萨国际服务协会 通过交易装置进行数字资产分发
CN109087096B (zh) * 2018-07-19 2020-12-15 中国联合网络通信集团有限公司 区块链对账方法、装置、设备及存储介质

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2829795A (en) * 1994-06-21 1996-01-15 Renee Keller Modular optical memory card image display point of sale terminal
US20020107797A1 (en) * 2000-12-13 2002-08-08 Combaluzier Pierre Michel Electronic remittance transfer from a merchant's smart card to a consumer loyalty smart card identified by a transaction authorization code
CN1871613A (zh) * 2002-04-03 2006-11-29 第一数据公司 在销售终端进行交易的系统及方法
AU2003250508A1 (en) * 2002-07-12 2004-02-02 European Tax Free Shopping Limited Methods and systems for effecting payment card transactions
IES20020712A2 (en) * 2002-09-04 2004-03-10 Mainline Corporate Holdings A method and system for transferring funds
JPWO2006082907A1 (ja) * 2005-02-04 2008-06-26 ソフトバンクBb株式会社 電子マネー決済システムおよび電子マネー決済方法
KR20070109130A (ko) * 2006-05-09 2007-11-15 강원대학교산학협력단 Id카드와 그 id카드의 인증 시스템 및 방법
KR20080062608A (ko) * 2006-12-29 2008-07-03 노틸러스효성 주식회사 금융자동화기기에 있어서 이미지 스캔을 통한 카드 인식방법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2012090074A3 *

Also Published As

Publication number Publication date
WO2012090074A2 (fr) 2012-07-05
SG194001A1 (en) 2013-11-29
WO2012090074A3 (fr) 2012-11-01
CN103548047A (zh) 2014-01-29

Similar Documents

Publication Publication Date Title
US20120254027A1 (en) Terminal Authenticity Verification
US10861020B2 (en) Transaction security apparatus and method
US20200193440A1 (en) Transaction processing method, apparatus and system
US9235841B2 (en) Transaction security apparatus and method
US7766225B2 (en) Issuing a value-bearing card associated with only non-personally identifying information
WO2012090074A2 (fr) Vérification de l'authenticité du terminal
US20120221465A1 (en) Clearinghouse system for monetary and non-monetary transfers of value
CN101673443B (zh) 网络收银机系统及其实现方法
US20180357640A1 (en) Method, system, and apparatus for data transmission and transactions
US20210326840A1 (en) Issuing a virtual value-bearing card associated with only non-personally identifying information from a kiosk
AU2011253607B2 (en) A transaction processing method, apparatus and system
AU2013203552A1 (en) A transaction processing method, apparatus and system
AU2017276353A1 (en) A transaction processing method, apparatus and system
WO2015118388A1 (fr) Système et procédé pour une transaction de paiement électronique
AU2005256142A1 (en) A transaction processing method, apparatus and system
BR102013001145A2 (pt) sistema de recarga para aquisição de crédito à vista

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20131108

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160701