EP2764480A1 - Système de transaction - Google Patents

Système de transaction

Info

Publication number
EP2764480A1
EP2764480A1 EP12769935.3A EP12769935A EP2764480A1 EP 2764480 A1 EP2764480 A1 EP 2764480A1 EP 12769935 A EP12769935 A EP 12769935A EP 2764480 A1 EP2764480 A1 EP 2764480A1
Authority
EP
European Patent Office
Prior art keywords
transaction
terminal
forwarding
data
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP12769935.3A
Other languages
German (de)
English (en)
Inventor
Wolfgang Rankl
Klaus Finkenzeller
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP2764480A1 publication Critical patent/EP2764480A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]

Definitions

  • the present invention relates to a method for carrying out a transaction with a contactlessly communicating terminal device and to a corresponding transaction system and associated components.
  • the object of the present invention is therefore to propose a transaction system and a method which takes into account the disadvantages mentioned.
  • a transaction system comprises at least one terminal device communicating contactlessly in the near area, a forwarding terminal and a transaction unit.
  • the forwarding terminal transmits forwarding information to the terminal device.
  • the forwarding information is transmitted to indicate that the forwarding terminal supports forwarding of transaction data to a transaction unit.
  • the forwarding end device makes itself known to the terminal device as transactional data relaying unit.
  • the forwarding information is provided for a distinction between forwarding units and transaction units in the terminal equipment.
  • the forwarding information is thus not part of the conventional transaction data, but is deliberately additionally sent.
  • the terminal device can recognize that the forwarding terminal is not an ordinary transaction unit but supports performing a transaction in a transaction system according to the invention.
  • a forwarding terminal for supporting a transaction between a contactlessly communicating terminal device and a transaction unit accordingly comprises a data communication interface for contactless data communication with the terminal device.
  • the forwarding terminal further comprises a forwarding application. This is set up to transmit forwarding information to the terminal device in order to indicate that the forwarding terminal supports a forwarding of transaction data to a server device and / or a transaction unit.
  • a contactless transaction system terminal device is arranged to execute transactions with transaction units located in its vicinity by contactless transmission of transaction data.
  • the terminal device comprises means for receiving forwarding information from a forwarding terminal, with which the forwarding terminal is able to identify itself to the terminal device as a transactional data forwarding unit, and to recognize the forwarding terminal as a forwarding unit on the basis of the forwarding information.
  • the terminal device can, before the
  • a server device for switching a transaction between a transaction unit and a contactlessly communicating terminal device via a forwarding terminal is arranged to provide transaction initiation data of the type described below to the forwarding terminal.
  • the server device is preferably arranged to mediate a data communication connection between the forwarding terminal and a transaction unit for performing a transaction between the terminal device and the transaction unit.
  • the server device may also be configured to provide a transaction unit for performing the transaction itself.
  • the described switching function can therefore additionally be present.
  • the server device can be used in the system as a classic agent or as an address broker.
  • As a classic mediator receives the Server device from the forwarding device transaction data and forwards the transaction data to the transaction unit.
  • the server device notifies the forwarding terminal of an address of the transaction unit. With the aid of the address, the forwarding terminal can establish a data communication connection (via a mobile radio network, the Internet and / or further networks) with the transaction unit.
  • the transaction data does not pass through the server device in this case.
  • the transaction unit may be a transaction unit (independent,) remotely located transaction unit, an internal transaction unit of the server device, or a separate transaction unit associated with the server device.
  • a reversibly inserted or permanently installed hardware security module is used as a separate transaction unit of the server device.
  • a remote transaction unit is used: a hardware security module as a separate unit (chip card, USB token, secure mass storage card ...), a hardware security module reversibly inserted in a terminal (chip card, in particular SIM card, USB token, secure Mass memory card), a hardware security module permanently installed in a terminal, a virtual security module in a terminal or a secure execution environment of a terminal.
  • the terminal device is basically set up to carry out a transaction with a transaction unit. For this purpose, contactless data communication between the terminal device and the transaction unit is established. This data communication can, as already indicated and described in detail below, be forwarded and relayed via various further components of the transaction system.
  • the transaction unit generates transaction data necessary for the transaction to be carried out. It is set up to execute a transaction application that is assigned to a transaction type specified by the terminal device. For different transactions (transaction types) correspondingly different transaction units or a transaction unit with correspondingly different transaction applications are used.
  • the server device may comprise the functionality of a transaction unit.
  • the server device may provide the transactional application executable and for this purpose comprises an application server device.
  • the transaction system includes one or more separate transaction units.
  • the server device is designed to convey data communication to the transaction unit by means of a switching server device.
  • the server device communicates the data communication either by providing an address of the transaction unit to the relay terminal or by transmitting the data of the data communication.
  • the server device is set up for a transaction to initiate a transaction. to select.
  • the server device for the selection of the transaction unit may comprise a list of the (for the respective transaction type) selectable transaction units.
  • the forwarding terminal is configured to establish contactless data communication with the terminal device and to forward transaction data to the transaction unit and optionally to the server device. According to the invention, the forwarding terminal is therefore that device within the transaction system which is connected directly to the terminal device.
  • Data and information for performing a transaction specified by the terminal device are forwarded via the forwarding terminal to the server device or - via the server device - to the transaction unit. Accordingly, data and information which are generated when the transaction application is executed on the transaction unit are forwarded back to the terminal device via the forwarding terminal.
  • data communication over a chain of devices beginning with the terminal device via the forwarding terminal (and the server device), results to the transaction unit.
  • the server device may further convey the data communication connection to the transaction unit.
  • a user who wishes to carry out a transaction with the terminal device does not require the respective portable data carrier assigned to the terminal device. Further it is not necessary Lich that on an accompanying terminal, the required transaction application is stored executable.
  • the forwarding terminal instead of the otherwise suitable portable data carrier used here - a data communication with the terminal device can be established.
  • the forwarding terminal only comprises a transaction-independent forwarding application for this purpose. Transaction data necessary to perform the transaction is forwarded from the forwarding terminal to the transaction unit. It is thus not necessary that the respectively suitable transaction application is stored on the forwarding terminal. It is still necessary that for carrying out, for example, a payment transaction credits of a predetermined type on the forwarding terminal is maintained, or that a user agreement between the user and the operator of the terminal device must be completed.
  • the server device can support a large number of different transaction applications and can hold transactions for various terminal devices.
  • the transaction system thereby becomes more efficient and easier to manage and maintain, as various transaction applications are maintained centrally at one location, the server device. For example, if the server device is not itself set up to perform the transaction application, it will pass the transaction data on to the transaction unit. There, the transaction application can then be executed. In this way too, the user can carry out a very wide variety of transactions by means of the simple forwarding terminal. to lead.
  • the server device always provides the appropriate transaction unit. In this case, for different transactions, a different transaction unit at the end of the transaction chain (by means of the server device) can be connected to the terminal device via the forwarding terminal.
  • a forwarding terminal for example, a reader for contactless and or contact smart cards, a mobile terminal, a smartphone, a notebook or the like can be used.
  • the transit data is forwarded via a network (Internet, mobile network, LAN, ).
  • the data communication between the forwarding terminal and the server device, between the forwarding terminal and the transaction unit and / or between the server device and the transaction unit may be over a suitable communication network, e.g. a mobile network, the Internet or the like.
  • the data communication between the terminal device and the relay terminal is contactless (short-range) data communication in the vicinity of the terminal device. This data communication usually takes place via one of the aforementioned known contactless data transmission protocols, such as ISO / IEC 14443, ISO / IEC 18092 (NFCIP-1) or ISO / IEC 21481 (NFCIP-2).
  • the transaction system comprises a plurality of forwarding terminals, a plurality of-even different-terminal units and, if appropriate, a plurality of transaction units, which in turn may themselves be set up to execute a plurality of transaction applications.
  • provision can be made for a forwarding terminal and / or a transaction unit to register each once at the server device.
  • the respective device (or the unit) transmits, for example, a unique identifier to the server device when registering with the server device, by means of which the respective device (or the unit) can be identified or addressed in the following.
  • a mobile number, a network address (eg an IP address), an account or the like can be used as identifier.
  • the server device can already provide the forwarding terminal with data concerning the transaction unit which the forwarding terminal can later use in establishing a data communication connection with the terminal device.
  • the forwarding terminal preferably transmits the forwarding information to the terminal device in an initialization phase.
  • Such an initialization phase serves to establish a data communication connection between the terminal device and the forwarding terminal.
  • essential parameters relating to the subsequent data communication between the terminal device and the forwarding terminal can be exchanged and negotiated.
  • transaction initialization data is transmitted from the relay line terminal to the terminal device.
  • the transaction initialization data may include, for example, a unique identification data of a transaction unit, to which the forwarding terminal forwards the data communication established with the terminal device, or of the forwarding terminal itself.
  • transaction parameters dependent on the transaction unit can also be part of the transaction initialization data. These transaction parameters generally relate to the transaction unit to which the forwarding terminal forwards the communication connection established with the terminal device.
  • This transaction initialization data may include the forwarding information.
  • a specific value range of identifiers - corresponding to the identification data - can be reserved for forwarding terminals.
  • a terminal device, to which the corresponding value range is known, can thus already recognize a forwarding terminal at its unique identification date as a terminal configured for forwarding transaction data. It is also possible that data records which are provided for coding manufacturer-specific parameters of transaction units comprise a forwarding information.
  • the transaction initialization data is typically provided to the routing terminal by the server device. This can take place in an upstream step, for example during a registration phase described above.
  • initial commands of the terminal device required for establishing such a data-communication link in an initial phase include strict timings regarding the response behavior of the forwarding-terminal. These time limits are not changeable by the forwarding terminal and thus to comply with as specified. Redirecting such commands to the server device for "requesting" necessary transaction initiation data, for example an identifier or other general transaction parameter, could lead to a violation of the time specifications and thus to a failure of the communication setup.This can be prevented by the forwarding terminal already having this transaction-independent transaction initialization data has.
  • the server device can also specify, by means of the transaction initialization data for the terminal device, which waiting times (delays) in the data communication between the terminal device and the forwarding terminal during the transaction phase, ie if the data communication between the terminal device and the forwarding terminal has already been established, ie after completion of the initial Phase, are allowed.
  • Corresponding data fields of the transaction initiation data can define permissible delay times. In this way, possible "timeout" errors can be avoided, which are based on the fact that commands sent by the terminal device to the transaction terminal or the server device in the role of the transaction terminal originate from the transaction device or the server device due to the communication link extended via the forwarding terminal. be answered too late ".
  • An adaptation, ie in the Re- extension, allowable response times may resolve the occurrence of this problem.
  • the forwarding terminal is arranged to forward transaction data from the ten inal facility to the transaction unit and back from the transaction unit to the terminal facility.
  • the forwarding terminal thus forms a mobile interface between different terminal devices and the transaction units, without requiring a specific adaptation of the forwarding terminal to a specific terminal device and the transaction made with respect to this.
  • the transaction may, as also described above, be performed by the server device, i. the server device thus provides the functionality of a transaction unit: it is connected via the forwarding terminal to the terminal device and comprises the transaction application associated with the transaction.
  • the server device may be merely mediating.
  • the server device establishes data communication between the terminal device via the forwarding terminal and via the server device. That is, the server device in turn forwards transaction data from the terminal device or the forwarding terminal to the transaction terminal.
  • the server device forwards transaction data received from the transaction terminal to the terminal device via the forwarding terminal.
  • the server device thus has switching and forwarding function according to this embodiment.
  • the forwarding terminal further comprises a data communication interface for data communication with the server device, for example via a mobile radio network or via the Internet.
  • the forwarding application is preferably set up to receive transaction initiation data from the server device.
  • the forwarding application is set up to forward transaction data from the terminal device to the server device and from the server device to the terminal device.
  • the forwarding terminal may perform the transaction as a forwarding unit or as a transaction unit, depending on the transaction type. In particular, the forwarding terminal is set up to perform transactions of different transaction types as a forwarding unit.
  • the exchange of transaction data should follow the given procedure, even if forwarding takes place.
  • the terminal device recognizes the forwarding terminal as a forwarding unit on the basis of the forwarding information, a corresponding preparation step is therefore carried out in the terminal device before the exchange of the transaction data.
  • a preparatory step in the terminal device a deactivation of a defense measure against forwarding attacks can take place.
  • the terminal device saves unnecessary time or effort for the execution of this test, which may for example be in a distance measurement or a transit time measurement.
  • Another preparatory step may be to check security policies for transactions made via forwarding terminals.
  • the terminal device stores and checks the security defaults to be applied only in case of forwarding.
  • the security requirement may include not performing a transaction or performing only with modified transaction parameters (maximum amount, ).
  • the terminal device retains control of when an a priori local transaction is executed even though it is no longer local.
  • the method as a whole can be accelerated if an adaptation of a communication parameter, in particular a communication waiting time, for the exchange of the transaction data takes place as a preparation step.
  • a user guidance of the terminal device can be adapted. As user guidance, the user of the forwarding terminal for the transaction is presented (displayed or spoken) with information supporting him in the user interaction, such as user input ("enter number of tickets"), expenses to the user ("please invalidate the ticket / stamp ").
  • a transaction system comprises a contactlessly communicating terminal device, a forwarding terminal according to the invention, a server device according to the invention and, if the server device does not provide the functionality of a transaction terminal, a transaction terminal for carrying out a method according to the invention.
  • FIG. 1 shows an embodiment of a transaction system
  • FIG. 2 schematically shows various security elements of a forwarding terminal
  • FIG. 3 shows a section of the internal structure of the forwarding end device from FIG. 2;
  • FIG. 4 shows a detail of the internal structure of a transaction terminal in connection with a portable data carrier
  • Figure 5 is an overview of essential steps of a transaction process (registration, registration, transaction);
  • FIGS. 6 and 7 show individual steps in the context of the transaction from FIG. 5 between a terminal device and other devices involved in the transaction.
  • the illustrated transaction system 10 includes a terminal device 100, a forwarding terminal 200, a server device 300, a transaction device 400, and a portable data carrier 500.
  • a terminal device 100 a forwarding terminal 200
  • a server device 300 a server device 300
  • a transaction device 400 a transaction device 400
  • a portable data carrier 500 a portable data carrier 500.
  • individual ones of the components, such as the data carrier 500 or these and the transaction terminal 400 is eliminated.
  • transactional system 10 includes one or a few interconnected server devices 300, a plurality of terminal devices 100, a plurality of re-routing terminals 200, and optionally a plurality of transaction terminals 400, each of these transaction terminals 400 optionally including a plurality of portable volumes 500 can be connected.
  • a terminal device 100 is set up to perform a transaction with a device configured for this purpose via contactless data communication. In this case, this device must be able to establish a data communication with the terminal device 100 and to provide a transactional application which is assigned to a transaction predetermined by the terminal device 100.
  • the terminal device 100 can be configured, for example, as an access control system, as a ticket terminal in public transport, as a payment terminal or the like.
  • the corresponding transaction then corresponds to an authentication application, possibly linked to the proof of a paid admission price, or the payment application of a given service, for example the use of public transport or the like.
  • As part of a payment application is then debited, for example, an electronic exchange, which is stored on the transaction unit.
  • individual ones of the transactional applications may be executably installed on a transactional terminal 400, such as a mobile station. This may then, assuming a suitable data communication interface, occur to the terminal device 100 as a data carrier 500 and perform a desired transaction.
  • a desired transaction application usually installed in advance and possibly an associated stock exchange must be charged.
  • the transaction system 10 shown in Figure 1 may support advantageous transaction methods described below by means of which the described disadvantages of known transaction systems can be avoided.
  • a forwarding terminal 200 is disposed in the vicinity of the terrninal device 100 and configured to establish a data communication connection with the terminal device 100. Transaction data concerning the transaction is not processed by the routing terminal 200, but forwarded to a remote transaction unit. Accordingly, the routing terminal 200 is arranged to forward data received from the transaction unit to the terminal device 100.
  • the forwarding terminal 200 for this purpose comprises a forwarding application 280, which will be described in more detail with reference to FIG. 3.
  • both the server device 300, the transaction terminal 400, and the portable volume 500 may be the transaction unit.
  • the specific illustration in FIG. 1 is oriented to the example of forwarding the transaction data from the forwarding terminal 200 via the server device 300 and the transaction terminal 400 to the portable data carrier 500 as a transaction unit.
  • the data communication between the terrninal device 100 and the forwarding terminal 200 is performed according to a known contactless (short-range) communication protocol, for example according to ISO / IEC 14443, as known in connection with contactless communicating smart cards, or according to one of the NFC protocols ("Near Field Communication "; ISO / IEC 18092 (NFCIP-1); ISO / IEC 21481 (NFCIP-2)).
  • the forwarding device 200 for this purpose comprises a suitable data communication interface 210, which will be described below with reference to FIG. 2.
  • the forwarding terminal 200 is in some sense a portable data carrier, ie it operates in a mode "being card.” This mode is supported by the data communication interface 210 as well as a mode "being reader” in which the device opposes a portable data carrier 500 can output as a terminal device.
  • the transaction terminal 400 has a data communication interface 410 corresponding to the data communication interface 210 (see FIG. 4).
  • the transaction terminal 400 operates opposite the portable data carrier 500 as a terminal.
  • the data carrier 500 can also be designed as a contact-type communicating data carrier which is connected to the transaction terminal 400 can be connected in a known manner via a suitable reader.
  • FIG. 1 shows a mobile radio network 1000 or the Internet 2000.
  • the server device 300 includes various components.
  • a registration server device 310 serves to register various forwarding devices 200 and / or transaction terminals 400 in the transaction system 10.
  • a forwarding terminal 200 or a transaction terminal 400 which would like to become part of the transaction system 10, can register with the server device 300 in a registration step.
  • the forwarding terminal 200 or the transaction terminal 400 can for this purpose be equipped with a registration application which establishes a connection to the server device 300.
  • a registration application which establishes a connection to the server device 300.
  • Such an application may be installed on a security element of the corresponding device 200, 400 (see Fig. 2).
  • registration data for each of the devices 200, 400 can be stored, for example a unique identifier of the device 200, 400, a mobile number, an IP address or the like.
  • the server device 300 can subsequently authenticate the device 200, 400 and if necessary, address it.
  • a suitably equipped terminal 200, 400 for example a mobile radio terminal, can play both the role of a forwarding terminal 200 and the role of a transaction terminal 400 in the transaction system 10.
  • a corresponding role selection can be made, whereby a terminal can also take both roles, although not in the same transaction.
  • it can be determined which forwarding terminal 200 may in principle be switched with which transaction terminal 400 for carrying out a transaction.
  • a transaction terminal 400 for example, specify within the framework of the registration that only one fixed predetermined Selection of uniquely identified forwarding terminals 200 in the manner described below may access a transaction application of the transaction terminal 400 or a data carrier 500 connected thereto.
  • a forwarding terminal 200 may, for example, specify that the transaction data forwarded by it should always be forwarded by the server device 300, if available, to a default transaction terminal 400.
  • the described registration data is stored and managed by the registration server device 310.
  • An update server 320 serves to optionally update data stored on the forwarding terminal 200 or the transaction terminal 400 for performing a transaction within the described transaction system 10. This may concern, for example, the forwarding application 280, 480 or individual transaction initiation data. Such updating is typically done over the air (OTA) and is not noticed by a user of the corresponding terminal 200, 400.
  • An application server facility 330 provides a number of different transaction applications 370.
  • the server device 300 provides the functionality of a transaction unit.
  • the application server device 330 includes a multiplicity of portable data carriers 350, which each support at least one transaction type, that is, have a transaction application 370 for this transaction type. For different transaction types, the server device accordingly provides different portable media 350.
  • the application server 330 may be enabled by a variety of conventional portable media 350 to perform a variety of transaction types.
  • the server device 300 manages data about the transaction units that can process relayed transaction data. For example, it stores the data in the form of a list of transaction units. Assigned to the transaction unit is a (forwarding) address. The forwarding address is adapted to establish (via the relaying terminal 200 or the server device 300) data communication (over a network 1000, 2000) with the transaction unit. In particular, it is specified for the transaction units which transaction type or which transaction types they support. Furthermore, a unique identifier for the transaction unit, at least for the transaction type, is stored. Finally, a user assignment to the transaction units and possibly user-specific specifications for the transaction units can continue to be stored. This managed data is preferably acquired by the registration server device 310.
  • the server device 300 is set up by the switch server device 340 to retrieve a transaction unit from the stored transactions. to select units.
  • the selection is dependent on one or a combination of the following selection parameters: the forwarding terminal 200 (or its user and / or location), the transaction type or preferences of the owner of the transaction unit.
  • the selection is preferably carried out on request by a forwarding terminal 200.
  • the switch server device 340 may notify the forwarding terminal of the forwarding address of the selected transaction unit.
  • the forwarding terminal 200 will establish data communication with the selected transaction unit using the forwarding address.
  • the forwarding terminal 200 can thus establish a connection, independent of the server 300, to the transaction terminal 400 or the portable data carrier 500 via the mobile radio network 1000 and / or the Internet 2000.
  • the server device 300 could even notify the forwarding terminal 200 that, despite the existing forwarding option, an application stored locally on the forwarding terminal 200, for example the application AID1 of the security element 220, should perform the transaction.
  • the switching server device 340 is furthermore set up to forward transaction data forwarded by the terminal device 100 to a selected or to be selected transaction unit 450, 500 for a transaction via the forwarding terminal 200.
  • the switch server device 340 thus provides an indirect data communication connection for performing a transaction within the transaction system 10 between a forwarding terminal 200 and the transaction terminal 400. Accordingly, the forwarding address in this embodiment need not be communicated to the routing terminal 200.
  • FIG. 2 shows a possible security structure of a terminal 200, 400 using the example of the forwarding terminal 200.
  • the transaction terminal 400 may be the same or similar.
  • the transaction unit 450 or the data carrier 500 use and process security-relevant or confidential data of a user, for example authentication data, funds or the like. Therefore, it is essential that the transaction data concerning the transaction be securely stored and managed in the respective devices 200, 400 that forward or process the transaction data.
  • the corresponding terminals 200, 400 include various security elements (modules).
  • the data communication interface 210 which is designed as an NFC interface, may itself already comprise a security element, for example in the form of a secure memory card (not shown).
  • a terminal 200 embodied as a mobile radio terminal comprises a (U) SIM mobile communication card 220. This may itself have its own antenna (not shown) or be connected to the data communication interface 210 and optionally serve as a security element.
  • a controller 230 of the terminal 200 may include a hardware-assisted, software-based secure area (such as ARM TrustZone technology) that provides another security element. Security-relevant data can be processed in this secure area under a substantially own security operating system.
  • the terminal 200 may include other known security elements, such as a secure memory card 250 or the like.
  • FIG. 1 Schematically, portions of the internal structure of the forwarding terminal 200 and FIG. 4 of the transaction terminal 400 are shown in FIG.
  • the SIM card 220 serving as a security element for the forwarding terminal 200 of FIG. 3 comprises a file EF_DIR known from the field of chip cards. Data contained therein, so-called application identifiers (AIDs), indicate which applications are supported by the device 200 or its SIM card 220.
  • AIDs application identifiers
  • the terminal device 100 assumes that the routing terminal 200 provides those applications designated by the identifiers AID1, AID2, AID3, and AID4.
  • the routing terminal 200 itself only supports a transactional application 270 which is identified with AID1.
  • the entries AID2, AID3 and AID4 are the forwarding terminal 200 in a registration step described in more detail below by the server device 300 as transaction initialization data 260 has been provided.
  • An appointment provider 100 which expects to execute a transaction on the forwarding terminal 200, for example, a transaction application designated AID3, in the present case assumes that the forwarding terminal 200 supports this transaction application and sends corresponding transaction data, for example in the form of known command APDUs. Since the forwarding terminal 200 only "simulates" the functionality with respect to the transaction application designated AID3 by means of the entry in the file EF_DIR, the forwarding terminal 200 forwards the received commands to the server device 300 or a transaction unit 400, 500 by means of the relaying application 280 (cf. also Fig. 7).
  • the forwarding terminal forwards transaction data to different transaction units depending on the transaction type.
  • the corresponding transaction applications are included in the server device 300 for the AID4 and AID5, in the transaction terminal 400 for AID2, and in the portable volume 500 for AID3.
  • the list is supported by the relay terminal
  • Transaction types in the form of the file EF_DIR 260, stored in the security element 220 of the forwarding terminal 200.
  • the list may be provided in other units of the forwarding terminal 200.
  • the list contains real entries, the actual local existing transactional applications, as well as virtual entries, the (not available locally or only) available via forwarding transactional applications.
  • the forwarding terminal forwards the transaction data transparently, ie unchanged. Therefore, the security element 220 for forwarding can be dispensed with.
  • a secure channel is established within the transaction between the terminal device 100 and the transaction unit 300, 400, 500, ie an end-to-end encryption takes place.
  • the security element 220 is a suitable storage, for example, for the login data (account data) for logging the forwarding terminal 200 in relation to the server 300.
  • the virtual entries of the list 260 could be provided by the server device 300, preferably in advance.
  • the list 260 can be dynamically adapted by the server device 300 to a location of the forwarding terminal 200 and possibly updated in response to a change of location.
  • the server device 300 can manage the forwarding terminal only the virtual entries or the complete list with virtual and real entries. For each forwarding terminal 200, the server device 300 will store only the real entries and possibly a reference to the currently stored set of virtual entries.
  • the list 260 or at least their virtual entries can also be queried by the server 300 only if required by the forwarding terminal 200, that is, not provided in advance.
  • a transactional application may be performed on the server device 300 by the application server 330 if it supports the type of transaction in question (for example, by the application 370 labeled AID4, see Figure 1).
  • the switch server application 340 is set up to transfer the transaction data in a suitable manner as described below. teltes transaction terminal 400 forward. If the transaction terminal 400 or its security element 450 supports the corresponding transaction application 470, denoted AID2, as indicated in FIG. 4, the transactional application 470 is executed there and a corresponding response command is sent via the translation server device 340 to the server device 300 and by means of the Forwarding application 280 of the forwarding terminal 200 to the Terntinal pain 100 transferred.
  • a forwarding application 480 of the transaction terminal 400 which essentially corresponds to the forwarding application 280 of the forwarding terminal 200 which forward transaction data (in the form of a command APDU) to the data carrier 500 (see also Fig. 7).
  • the transaction application AID3 is executed.
  • a corresponding response (response APDU) finds its way to the terminal device via the transaction terminal 400, the server device 300 and the routing terminal 200 through the intermediary of the forwarding application 480, the switching server device 340 and the forwarding application 280.
  • FIG. 4 shows components of a transaction terminal 400 and the portable data carrier 500.
  • the transaction terminal includes, among other things, a security element 450, which may also be configured as described above, and an interface for contactless short-range communication 410. Via the interface 410, the transaction terminal can, for example, communicate contactlessly with the data carrier 500.
  • the transaction terminal 400 like the forwarding terminal, may be a mobile Terminal, such as a mobile device, a PDA or notebook. As a transaction terminal but can also be a stationary device, such as a PC, network computer or a card reader, serve.
  • a transaction application 470 is arranged with the AID2.
  • a forwarding application 480 and a forwarding identification 420 are furthermore arranged in the security element 450.
  • the forwarding application 480 will, as a rule, not be located in the security element but in the transaction terminal 400.
  • the forwarding application 480 forwards the transaction data (command APDUs) received from the forwarding terminal 200 to the application 470 with the AID2 in the security element or to the application with the AID3 in the portable data carrier 500.
  • the response (response APDUs) of the application sends it back to the forwarding terminal 200.
  • the transmission path can be configured with or without the involvement of the server device 300.
  • the transaction application 470 of the security element 450 is set up via the interface 410 to perform contactless transactions with terminal devices (not shown). Like the tenriinal device 100, the transactional application 470 assumes that it is involved in a local transaction in the vicinity. This assumption also applies to the portable data carrier 500, which can act as a local transaction partner in the near range, for example with the transaction terminal 400 (in the mode "being reader") The transaction unit 450, 500 involved in the transaction is therefore in this case transmitting a transaction endpoint signal. wear.
  • the transaction endpoint signal is provided to signal to the transaction unit 450, 500 that it is performing the transaction as a remote endpoint of a forwarded transaction. In this context, further details on forwarding detection 420 will be described later with reference to FIG. 7.
  • Fig. 5 essential steps or phases of a transaction process are shown in overview.
  • the phases of the registration Sl, initiation S2 and transaction S3 can take place independently of one another in terms of time. For example, after a single registration S1, the registration S2 takes place daily and then any number of transactions S3.
  • a registration step the forwarding terminal 200 and the transaction units 400, 500 are required to register with the server device 300.
  • This step has already been described in detail above with respect to the registration server device 310.
  • a terminal 200, 400 in particular a forwarding terminal 200, logs on to the server device 300 for a subsequent transaction (see step S3).
  • the role of the terminal for the transaction is determined in substep TS21, ie it is determined whether a terminal as a forwarding terminal 200 or as a transaction terminal 400 at the transaction is involved. If necessary, this partial step can also be carried out during the registration if a device always wishes to operate only as a forwarding terminal 200 or only as a transaction terminal.
  • the server device provides transaction initiation data to the routing terminal 200. These serve to facilitate or facilitate the establishment of data communication between a terminal device 100 and the forwarding terminal 200 in sub-step TS31 during an initialization phase.
  • a terminal device 100 usually expects a contactlessly communicating data carrier 500 as a transaction partner. Accordingly, the procedure for setting up the data communication connection, as illustrated in FIG. 6 in steps T 1 to T 8, is illustrated in the case where the forwarding terminal 200 quasi as a contactless communicating smart card type A (according to ISO / IEC 14443) outputs.
  • a structure of a data communication with a type B data carrier is different, but basically similar.
  • step T 1 the forwarding terminal receives a REQUEST command, which in step T 1 has a predetermined ATQ value.
  • the following steps T3 to T6 are used to select the forwarding terminal 200 by the terminal device 100. This is necessary because at the same time several communication partners can be within range of the terrestrial device 100. This must be able and, for this purpose, in step T3, an anti-collision procedure is started to be able to identify and address each individual one of these possible communication partners in a targeted manner by means of a unique identifier of the UID sent for this purpose by the forwarding terminal 200.
  • step U3 selects UID upon receipt of the identifier
  • step U5 of the forwarding terminal 200 for further data communication, ie for performing a transaction, this is confirmed by the terminal device in step T6.
  • the steps Tl to T6 are only for the selection of forwarding terminal ts and are independent of a subsequently executed transaction.
  • Steps T7 and T8 are also transaction-independent.
  • the data set ATS ("to be selected") requested by the terminal device 100 in step T7 and provided by the routing terminal 200 in step T8 essentially describes protocol parameters of a type A protocol.
  • Data carrier with which the terminal device believes that data communication is due to the behavior of the forwarding terminal 200 could correspond, for example, to the data carrier 500 with which the terminal device 100 subsequently (see FIG. 7, steps TU to T18) actually performs a transaction with associated transaction application 570 with the AID3.
  • a parameter of the ATS data record defines the maximum waiting time which the terminal equipment 100 (in the initial phase subsequent transaction phase) after sending a Commands to wait for the response of the volume. After expiration of this period of time, a so-called "timeout" error occurs.Furthermore, the ATS data record comprises manufacturer-specific fields, so-called “historical bytes", which can comprise freely definable information.
  • the forwarding terminal 200 could forward all commands received by the terminal device 100 in steps T 1, T 3, T 5 and T 7 via the exchange server device 340 of the server device 300 and the forwarding application 480 of the transaction terminal 400 to the data carrier 500 by means of the forwarding application 280 forwards (or to the application server device 340 or the transaction terminal 400, if they provide the transaction application).
  • the volume 500 would then, exactly as if it were directly - i. without the described forwarding - would have built a data communication with the terminal device 100, sent corresponding response commands, which would have been redirected to the terminal device 100 on the reverse path.
  • the steps Tl to T8 are not only transaction-independent, ie the same for different types of transactions, but are predetermined steps to establish the communication connection according to a protocol layer (eg, according to ISO 14443).
  • Transaction data in the present sense are data of an application layer, which can also be referred to as application protocol data.
  • APDUs Application Protocol Data Units
  • command APDUs or response APDUs are sent as command APDUs or response APDUs.
  • transport protocol data The data of the protocol layer transmitted in the initialization phase can accordingly be referred to as transport protocol data.
  • the complete ISO / IEC 14443 protocol stack is also processed during the times T9-T12 or T9'-T12 'in the forwarding terminal 200. Only the application protocol data embedded in the ISO / IEC 144443 transport protocol (which is usually coded according to ISO / IEC 7816) will be forwarded transparently to the transaction unit. The application protocol data is forwarded by the forwarding terminal 200 via a network connection to a transaction unit 300, 400 or 500.
  • the network connection is established by the forwarding terminal 200 T51 in response to a selection T5 or T9 by the terminal device 100.
  • the forwarding terminal 200 is selected as a communication partner and in step T9 a transaction application
  • the forwarding terminal 200 is equipped in sub-step TS22 (see Fig. 5) of the server device 300 with transaction initialization data. These can serve the forwarding terminal 200 to carry out the steps T 1 to T 8 from FIG. 6 without asking the server device 300, the transaction terminal 400 or the data carrier 500. In this way, "timeout" errors can be avoided.
  • the forwarding terminal 200 could, for example, receive from the server device 300 a complete protocol stack of the corresponding communication protocol which determines the data communication between the forwarding terminal 200 and the terminal device 100.
  • the relay terminal 200 is enabled to communicate directly with the terminal device 100, particularly according to the steps T2 and T6. In general, however, the forwarding terminal 200 is already set up to carry out the protocol-appropriate steps.
  • Further transaction-independent transaction initialization data are the identifier UID transmitted in step T4 and / or the ATS data record transmitted in step T8.
  • identifier UID transmitted in step T4
  • ATS data record transmitted in step T8.
  • similar data sets are provided, for example in the context of a so-called ATTRIB prefix, which also includes data carrier parameters and an identifier.
  • the server device 300 can instruct the forwarding terminal 200 in sub-step TS221 of FIG. 5 the corresponding transaction initialization data. ten (UID, ATS). These may be suitably generated by the server device 300, for example, in the case where the server device 300 itself serves as a transaction terminal - by means of the application server 340. On the other hand, if an exchange of data communication to a transaction terminal 400 or a volume 500 via If a transaction terminal 400 is provided, the transaction initialization data (UID, ATS) of the server device 300 may have been provided by the transaction terminal 400 in advance, for example during registration (S1) or registration (S2; TS21) of the transaction terminal 400.
  • the server device 300 then provides the forwarding terminal 200 with, for example, the UID and ATS of the volume 500.
  • the provision of this transaction initialization data can already be carried out in the registration phase (step S1). This is especially true if it is already clear from this point of view, from the point of view of a registering forwarding terminal 200, by means of which transaction terminal 400 a subsequent transaction is to take place while forwarding transaction data through the forwarding terminal 200.
  • the forwarding terminal 200 may already be provided with transaction-dependent transaction initiation data by the server device 300 during the registration. These relate directly to a transactional application to be subsequently executed, for example a transaction application designated AID3.
  • a simple embodiment of transaction-dependent transaction initialization data are identifiers (AIDs) of the corresponding applications. These have already been described with reference to FIG. If the forwarding terminal 200 comprises, for example, the application identifier AID3 in a corresponding directory EF_DIR, then If the terrninal device 100 selects an application at the beginning of a transaction phase subsequent to the initialization phase (see Fig. 6, steps T9, T10), it may not query the forwarding terminal at the server device 300.
  • the forwarding terminal 200 confirms the selection of the application T9 This response of a transactional application to a selection is largely transaction-independent With this refinement, the forwarding terminal gains time to establish the network connection T51 in response to the application selection T9 For the few exceptional cases in which the forwarding terminal 200 should not simply acknowledge the selection T9 but forward it, the forwarding terminal 200 can use the transactio Initialization data are instructed accordingly.
  • the terminal device would like to select an application AID5 in step T9 ', to which the forwarding terminal 200 does not yet have an identifier entry, it forwards the received command to the server device 300 in step T10'. That is, the routing terminal 200 is generally configured to forward an identification information pertaining to a transaction application to the server device 300, here the SELECT (AID5) command received from the terminal device 100. The routing terminal 200 is also set up transaction-dependent transaction initialization data at the server device 300 to request. The forwarding of the SELECT (AID5) command also means requesting the Traris reliesesel required by the forwarding terminal 200 to respond to the command.
  • the server device 300 provides, similar to the above-described, corresponding transaction initialization data now in step TU ', which the relay terminal 200 desirably finally forwarded in step T12' to the terminal device 100.
  • the server device 300 could provide the forwarding terminal 200, for example in steps TS222 (see FIG. In this way, subsequently, the execution of the transaction can be accelerated since individual portions of the transaction application can be executed in the forwarding terminal 200 itself and, accordingly, fewer data must be forwarded between different transaction devices.
  • security-relevant portions of a corresponding transaction application are preferably always carried out in the server device 300, ie the application server device 330, or the transaction terminal 400 or the data carrier 500 optionally connected thereto.
  • the latter is not the preferred embodiment, since the actual transaction flow for all participants, including the transaction unit as far as possible should remain unchanged. Transaction data are therefore always passed on and processed or answered only remotely in the transaction unit.
  • transaction-dependent transaction initialization data in particular installation of executable portions of a transaction application in the forwarding terminal 200 by the server device 300, can be made dependent on the consent of a user of the forwarding terminal device 200.
  • an automatic installation may also be provided which requires no user interaction.
  • specifications can be made which relate to a pending transaction forwarded by the forwarding terminal. For example, depending on the transaction or identity of the forwarding terminal, access to an electronic purse on the transaction terminal 400 may be prohibited or appropriately limited. Other specifications are possible.
  • step S3 of FIG. in the context of the actual transaction with the terminal device 100.
  • the forwarding terminal 200 can transmit to the terminal device 100 forwarding information WLI.
  • the forwarding terminal 200 indicates to the terminal device 100 that it is set up to transaction data, in particular transaction commands in the form of APDUs forward a remote transaction unit 300, 400 or 500.
  • the forwarding is supported in the forwarding terminal 200 by the forwarding application 280.
  • the forwarding information is preferably transmitted in the form of transaction initialization data UID, ATS to the terminal device 100. This transaction initialization data has previously received the forwarding terminal 200 (see sub-step TS22, Fig. 5) from the server device 300.
  • the forwarding information WLI can be transmitted, for example, by means of the UID in such a way that a predetermined number of known number ranges of UIDs is reserved for such forwarding terminals 200 that support a forwarding of transaction data.
  • the server device 300 can thus allocate such a "forwarding UID" to the forwarding terminal 200 in sub-step TS22.
  • the routing terminal 200 specifies the "forwarding UID” instead of its own device-specific UID in step T4. In this way, the forwarding information WLI can be effectively transmitted to the terminal device 100 without the need for protocol adaptation or modification.
  • the forwarding information WLI may also, as indicated with respect to step T8, be transmitted to the terminal device 100 by means of the ATS, for example by means of the "historical bytes" described above.
  • the forwarding information WLI can also be forwarded from the forwarding terminal 200 to the terminal device at another time, for example after completion of the initialization phase and in another suitable manner, for example by means of a command specifically defined for it. 100 are transferred.
  • the terrrunal device 100 could, for example, before the start of the actual data communication, after step T8, send a command to the forwarding terminal 200, which serves to query the forwarding capability of the forwarding terminal 200.
  • the subsequent data communication-determining parameters can be set by the forwarding terminal 200 by means of the ATS.
  • the forwarding terminal 200 obtains the ATS data as transaction initialization data from the server device 300, it is up to the server device 300 to set appropriate parameters for a subsequent transaction.
  • This relates in particular to information about the maximum time that the terminal device 100 has to wait for the response of the forwarding terminal 200 after sending a command.
  • a corresponding parameter for example the ATS parameter described above
  • FWI frame waiting integer
  • the permissible response time of the forwarding terminal 200 with respect to the terminal device 100 can thus be raised by the server device 300.
  • a step T81 the terminal device recognizes on the basis of the received forwarding information that the local (in the vicinity) arranged, supposed transaction partner is a forwarding unit. It can differentiate between forwarding units and local transaction units based on the forwarding information. It therefore recognizes from the forwarding information that the locally located device will not execute the transaction itself.
  • the Termmal Anlagen reacts to this 100 with custom or additional steps for the transaction.
  • the terminal device 100 decides whether it wishes to carry out the transactions. For example, if the terminal device 100 has stored as a security indication that its (or the current) transaction type may only be executed with local transaction units, it does not continue the transaction. In the present case, the terminal device decides to carry out the transaction. Another security requirement requires the terminal device to set the maximum amount (transaction limit) to a lower value than it does for local transactions.
  • the present terminal device 100 recognizes forwarding and still performs the transaction instead of aborting or otherwise invalidating it. Any additional defense and / or detection mechanisms for forwarding that may be present in the terminal device can then be switched off.
  • Known approaches in this connection are transit time measurements, distance measurement or specially adapted transaction protocols.
  • a particularly important preparation step is an adaptation of the communication parameter waiting time for the exchange of the transaction data.
  • the waiting time could also be increased in additional communication steps at the request of the forwarding terminal, but should automatically be adapted here and thus faster when detected forwarding in the terminal direction.
  • the forwarding information is transmitted in the transmission protocol data. It is transaction-independent, ie it applies to all transaction types. However, the forwarding information is preferably transmitted for a selected transaction type. This would be possible, for example, in step T10.
  • the forwarding information can be transmitted either in the transmission protocol data of step T10 in which the transaction data are transmitted or in the transaction data itself (answer: "ok")
  • the ISO 7816-4 allows slightly different coded responses, all of which positive acknowledgment "ok".
  • steps TU through T18 illustrate performing a transaction between the terminal device 100 and the volume 500.
  • the associated transaction data, command and response APDUs are thereby forwarded via the forwarding device 200 between the terminal device 100 and the server device 300 (steps T12, T18).
  • the server device 300 mediates a data communication connection between the relay terminal 200 and the transaction terminal 400 by the relay server device 340 (steps T13, T17).
  • the transaction terminal 400 in this embodiment uses the volume 500 to perform the transaction application (AID3). In doing so, the transaction terminal 400 operates somewhat as a second forwarding terminal by forwarding the command APDUs to the volume 500 in step T14 and, in step T15, forwarding received APDUs back to the server 300 in step T16.
  • steps T14 and T15 may be omitted since the transaction application may be executed directly in the transaction terminal 400.
  • the rest of the procedure remains as described. In particular, it remains transparent to the remaining transaction devices whether the transaction terminal 400 itself or with the aid of the data carrier 500 executes the transaction application.
  • the relay terminal 200 forwards the transaction data to and from the transaction unit 400, 500 without the involvement of the server 300 are also not shown.
  • a transaction application for example AID5
  • AID5 can also be executed in the server device 300 by means of the application server device 330.
  • a separate transaction device 400 and in particular a data carrier 500 are dispensable or not integrated.
  • the application server device 330 preferably provides a plurality of transaction applications AID4, AID5 (see Fig. 1) and thereby can support a variety of transactions against a variety of terminal devices 100.
  • the application server device 330 has a plurality of conventional portable data carriers 350, for one or more types of transactions, which are respectively used as transaction units via a contactless reader (structure and function similar to FIG. 4) or multiple contactless readers ,
  • the forwarding terminal 200 sends a corresponding request for extension of the response interval within which a response command is received at the terminal device 100 to the terminal device 100 (not shown in Fig. 7). According to the ISO / IEC 14443 protocol, this can be done by means of a "frame waitmg time extension" request (FWX).
  • the routing terminal 200 is configured to communicate transaction information, i. an identification information pertaining to the transaction application, to be forwarded to the server device 300.
  • identification information may be, for example, an application identifier (AID; AFI, "type B” data carrier) or the like, and thus the forwarding terminal 200 becomes multi-application capable, without even a single transaction application on the forwarding terminal 200
  • the server device 300 recognizes which transactional application is required based on the identification information, and if it is supported by the application server device 330, can already execute it there which supports the corresponding transaction application, possibly by means of a data carrier 500.
  • the evaluation of the identification information and subsequent processing are, as described, the responsibility of the server unit 300.
  • the forwarding terminal 200 has a selection information AI for Selecting a given transaction terminal 400 sends to the server device 300.
  • the selection information AI is processed by the switching server device 340 and taken into account in the switching of the corresponding transaction terminal 400 selected by the forwarding terminal 200. It is also possible for a corresponding selection information item AI to be transmitted to the server device 300 already in the registration phase (FIG. 5) or in the registration phase (FIG. In this way, a user of the forwarding terminal 200, preferably transaction-dependent, can specify via which transaction terminal 400 a particular transaction is to be carried out in each case.
  • the selection information AI can be designed such that it allows the relaying terminal 200 alternatively to set up a direct connection to the transaction unit (without integration of the server device).
  • a transaction end point signal TES may be transmitted to the transaction unit.
  • the alternative step 91 for transmitting the transaction end point signal TES in step T13 will be described later.
  • the server device 300 transmits to the transaction terminal 400 a transaction end point signal TES.
  • the transaction terminal 400 can recognize that it operates as the transaction end point of a chain of transaction devices 200, 300, 400.
  • the role of the transaction endpoint signal is thus similar to that of forwarding information.
  • the transaction terminal 400 For recognizing and further processing the transaction end point signal TES, the transaction terminal 400 includes a forwarding identification 420 on a security element SE 450 (see FIG. 4). Detecting the operation as a transaction endpoint in a forwarded transaction is advantageous for several reasons. By way of example, a specific transaction, which is carried out locally via contactless data communication in the manner described, will not be regularly detectable by the user of a transaction terminal 400. Rather, in the common proximity-based transaction systems, it is assumed that the user places his portable data carrier 500 or his terminal 400 with the security element 450 in the vicinity of the transaction terminal and thus triggers the transaction. In the present system approach, no further interaction of the user would be required for this, provided that the transaction terminal 400 is online and has been registered and registered in advance at the server device 300.
  • the forwarding line 420 requests a user release for the forwarded transaction, which does not require any user release in the case of local (conventional) execution. Furthermore, it can be provided for transaction types with / without conventionally provided user approval to obtain a forwarding consent with which the user explicitly agrees to the forwarding of the transaction data.
  • the user of the transaction terminal 400 must actively agree to perform the transaction before it is executed, for example, by operating a key or the like. However, it can also be provided that the transaction is always carried out when the user of the transaction terminal 400 does not actively interrupt the transaction announced by the transaction end point signal TES to the user (passive release).
  • the transaction end point signal TES may additionally include information indicating via which further transaction devices 200, 300 the transaction is to be performed.
  • the transaction endpoint signal TES may include authentication information concerning the server device 300 or the forwarding terminal 200.
  • the transaction unit 350, 450, 500 may then authenticate the server device 300 or the forwarding terminal 200.
  • a corresponding authentication message can be displayed to a user of the transaction terminal 400. This can then, for example, depending on the identity of the device of a transaction agree or not.
  • default settings to be made in the transaction terminal 400, which stipulate that upon receipt of a transaction endpoint signal TES, a notification of the user can be omitted if the transaction has been forwarded via transactional devices authenticated on the basis of the transaction endpoint signal TES and allowed as default.
  • the transaction unit can also include defense measures against forwarding attacks. Upon detection of a forwarded transaction indicated by a transaction end point signal TES, these (sometimes very expensive) defenses are deactivated.
  • the transaction unit may check security policies for forwarded transaction. If appropriate, the transaction unit accordingly refuses such a forwarded transaction. Preferably, however, it carries out the following adjustments in preparation for the transaction.
  • the priority of the transaction application for execution on the transaction unit is increased.
  • the response time of the transaction unit is optimized. For example, a Priority level (in the operating system of the transaction unit) are increased.
  • a transaction end point signal TES may be generated by the server device 300 as shown in FIG. Alternatively, the transaction end point signal TES is generated in the relay terminal 200. Generally, the transaction endpoint signal is transmitted as data of an application layer and preferably received by the transaction unit prior to the transaction data.
  • FIG. 6 shows a particularly advantageous embodiment in which the forwarding terminal 200 generates the generated transaction end point signal TES in response to a first command T9 within the transaction and sends it to the transaction unit in step 91. Since the forwarding terminal 200 directly responds to the first received command T9 without forwarding T10, the transaction unit 350, 450, 500, after recognizing the received transaction end point signal TES, gains time to perform the respective preparation steps.
  • the communication link is established to the transaction unit 350, 450, 500.
  • the data carrier 500 recognizes the transaction end point signal TES and then reacts as described above.
  • the transaction endpoint signal may be transmitted to the transaction device in the form of a modified transaction selection signal.
  • a modified selection signal “Select AID-TES-3” can be generated which is transmitted to the transaction unit in step T91
  • the forwarding detection is selected by this -APDU, carries out the preparation steps and subsequently (internally) selects the transaction application AID3 on the transaction unit.
  • the transaction end point signal TES could also be generated in the forwarding application 480, which is arranged in the transaction terminal 400 or in its security element 450.
  • this variant is less secure and can be technically more complex.
  • the forwarding identifier 420 is preferably a separate (software) component of the security element 450 or the portable data carrier 500.
  • the changed behavior of the transaction unit described in more detail above after the recognition of a transaction endpoint signal can also be described as follows.
  • the transaction unit receives a transaction endpoint signal, it switches to a forwarding mode and executes the (unmodified) transaction application in this mode.
  • the conventional transaction application 470 in the transaction unit 450 or in the portable data carrier 500 can be kept unchanged.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'exécution d'une transaction entre un dispositif terminal (100) à communication sans contact et une unité de transaction (350, 450, 500) par l'intermédiaire d'un terminal de retransmission (200). Selon l'invention, le terminal de retransmission (200) transmet une information de retransmission -WLI- au dispositif terminal (100) pour indiquer que le terminal de retransmission (200) assure une retransmission des données de transaction.
EP12769935.3A 2011-10-06 2012-10-04 Système de transaction Ceased EP2764480A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE201110114990 DE102011114990A1 (de) 2011-10-06 2011-10-06 Transaktionssystem
PCT/EP2012/004158 WO2013050153A1 (fr) 2011-10-06 2012-10-04 Système de transaction

Publications (1)

Publication Number Publication Date
EP2764480A1 true EP2764480A1 (fr) 2014-08-13

Family

ID=47010491

Family Applications (1)

Application Number Title Priority Date Filing Date
EP12769935.3A Ceased EP2764480A1 (fr) 2011-10-06 2012-10-04 Système de transaction

Country Status (3)

Country Link
EP (1) EP2764480A1 (fr)
DE (1) DE102011114990A1 (fr)
WO (1) WO2013050153A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3005519A1 (fr) * 2013-05-07 2014-11-14 Jean-Claude Pastorelli Systeme de paiement securise par carte bancaire
EP3021516A1 (fr) 2014-11-11 2016-05-18 Giesecke & Devrient GmbH Procédé et serveur pour fournir des codes de transaction
DE102015000657A1 (de) * 2015-01-20 2016-07-21 Giesecke & Devrient Gmbh Verfahren und System zum sicheren Durchführen einer Transaktion

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1977402A2 (fr) * 2005-12-30 2008-10-08 Skyetek, Inc Systeme de securite par etiquettes rfid sans interruption
FI121196B (fi) * 2006-05-15 2010-08-13 Teliasonera Finland Oyj Menetelmä ja järjestelmä älykortin arvon lataamiseen
US8523069B2 (en) * 2006-09-28 2013-09-03 Visa U.S.A. Inc. Mobile transit fare payment
WO2009039419A1 (fr) * 2007-09-21 2009-03-26 Wireless Dynamics, Inc. Carte à puce sans fil et réseau de zone personnelle intégré, communication en champ proche et système de paiement sans contact
US20100153721A1 (en) * 2008-12-12 2010-06-17 Anders Mellqvist Portable Electronic Devices, Systems, Methods and Computer Program Products for Accessing Remote Secure Elements

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2013050153A1 *

Also Published As

Publication number Publication date
DE102011114990A1 (de) 2013-04-11
WO2013050153A1 (fr) 2013-04-11

Similar Documents

Publication Publication Date Title
DE69729008T2 (de) Verfahren zum senden von steuerbefehlen für eine sim-karte von einer externen vorrichtung an eine sim-karte
DE102016100110B4 (de) Verwaltung einer Ressourcenkontoanwendung
EP2764479B1 (fr) Systeme de transaction
WO2016037841A1 (fr) Procédé et dispositif de commande d'un système de caisse
WO2014095362A1 (fr) Système de transactions en ligne
WO2016192842A1 (fr) Terminal et procédé de paiement mobile dans un environnement d'exécution sécurisé
DE60100050T2 (de) Mobiltelefon mit Chipkartenleser
EP2779722B1 (fr) Procédé de personnalisation d'un module de sécurité d'un terminal de télécommunication
EP2393032A1 (fr) Procédé de sortie d'une application à l'aide d'un support de données portatif
DE102012102383A1 (de) Steuerungsverfahren mittels Weiterleitung für eine Kommunikation zwischen elektronischen Geräten, und entsprechende Geräte
WO2013050153A1 (fr) Système de transaction
EP3428866A2 (fr) Dispositif de transmission et de traitement de données et procédé de transmission et de traitement de données destinés au paiement d'une marchandise ou d'un service
WO2013050151A1 (fr) Système de transaction
DE102007024144B3 (de) Verfahren und Anordnung zur schnellen Kurzanmeldung eines Benutzers an einem Diensleistungsportal mittels einer mobilen Kommunikationseinrichtung
EP3341882A1 (fr) Système de transaction
DE102012102382B4 (de) Steuerungsverfahren für eine Kommunikation zwischen elektronischen Geräten und entsprechende Geräte
DE102015120352A1 (de) Standardmässig voreingestellte datenpaket-routung in einer nfc-vorrichtung
WO2016066253A1 (fr) Procédé permettant l'exécution sans fil d'une transaction
WO2013127520A1 (fr) Libération de transaction authentifiée
DE102007004337A1 (de) Sicherheitsmodul
WO2017032453A1 (fr) Gestion, authentification et activation d'un support de données
EP2840757B1 (fr) Administration individuelle et centrale des cartes de puce
EP4105870A1 (fr) Procédé et système de collecte des points bonus
WO2013143636A1 (fr) Procédé de sélection d'une application dans une carte parmi plusieurs cartes virtuelles d'un support de données portable
DE102012021318A1 (de) Guthabenabfrage

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20140506

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
RIC1 Information provided on ipc code assigned before grant

Ipc: G06Q 20/32 20120101ALI20170324BHEP

Ipc: G06Q 20/36 20120101ALI20170324BHEP

Ipc: G06Q 30/06 20120101AFI20170324BHEP

Ipc: G06Q 20/34 20120101ALI20170324BHEP

17Q First examination report despatched

Effective date: 20170503

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20191129