EP3198546A1 - Procédé de transaction - Google Patents

Procédé de transaction

Info

Publication number
EP3198546A1
EP3198546A1 EP15771857.8A EP15771857A EP3198546A1 EP 3198546 A1 EP3198546 A1 EP 3198546A1 EP 15771857 A EP15771857 A EP 15771857A EP 3198546 A1 EP3198546 A1 EP 3198546A1
Authority
EP
European Patent Office
Prior art keywords
authentication server
time
service
passwords
secure element
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP15771857.8A
Other languages
German (de)
English (en)
Inventor
Caroline Grosser
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP3198546A1 publication Critical patent/EP3198546A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/085Payment architectures involving remote charge determination or related payment systems
    • G06Q20/0855Payment architectures involving remote charge determination or related payment systems involving a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions

Definitions

  • the present invention relates to a transaction method.
  • the present invention relates to a method for anonymous
  • a service used may be, for example, the acquisition of a music file and / or a text document.
  • Authentication agent uses a disk.
  • Authentication service known, which perform as a service the authentication of a person for a service, such as a cloud service.
  • Such authentication service providers are also known as "Authentication as a Service Providers" (AaaS) .Overhead for a cloud service claiming an authentication service provider is that it is no longer necessary for authentication
  • Such services require that users be required to charge a credit account with the service.
  • the credit account is necessary because the settlement of small amounts due to the high transaction fees is generally unattractive. Creating the credit account at the service requires the user to reveal their identity. Only so is a secure association between
  • an anonymous payment method is known from the prior art, in which the user buys a credit card with a PIN with cash, wherein this PIN is assigned a corresponding amount of money.
  • this prepaid card for example, a PaysafeCard
  • the cited prior art has the disadvantage that there is no payment method with which it is anonymously possible to pay small amounts. Because even with the anonymous payment method with the prepaid card, it is always necessary to pay a certain minimum amount. In addition, the user is usually not willing to enter his PIN for paying small amounts. Presentation of the invention
  • the object is achieved by a method according to
  • the invention is based on the idea of providing an authentication server as a link between a secure element, a payment device and a service device such that it is possible with the secure element to make an anonymous payment at the service device.
  • the method of anonymously performing a transaction comprises establishing a first connection between a secure element and an authentication server, establishing a second connection between the authentication server and a payment device, transferring an amount of money from the secure element to the payment via the authentication server Means, generating at least one one-time password (OTP), wherein the number of one-time passwords corresponds to the transferred amount of money, and sending the at least one one-time password
  • OTP one-time password
  • a “secure element” is a unit in a mobile device in which data can be stored in a particularly secure manner
  • the secure element can have different form factors
  • the secure element can be a chip permanently installed in the mobile device, a SIM card and / or or a (micro-) SD card
  • the "mobile device” is, for example, a mobile phone, a tablet PC or the like.
  • the mobile device is provided with an interface, in particular with a contactless interface, for example via GSM and / or WLAN, and / or a contact-type interface.
  • An “authentication server” in the sense of the invention is used to authenticate a user to another service, such as the payment device and / or the service device. [Weitere Card] Other tasks of the authentication server can be: care of several different service devices,
  • Decryption of received data payment of one-time passwords at the payment facility, verification of payment (successful redemption), generation of one-time passwords (OTPs), treatment of one-time passwords with the one-way function (eg hash), buffering of one-time passwords lists (OTP
  • One-time passwords to the corresponding desired service device transmission of the one-way function-treated one-time passwords (hashed OTPs) to the corresponding desired service device, Encrypting the one-time passwords (eg with a public key of the secure element), transmission of the encrypted original one-time password list to the secure element
  • a user can preferably make a payment anonymously Transfer money to the payment facility of a PaysafeCard
  • Alternative payment methods such as a prepaid credit card or the like are also possible.
  • the service facility provides a service upon receipt of the payment.
  • an amount once paid to the payment facility may be used to service a variety of service facilities. It is also possible that the amount may be used in a single service facility to account for a variety of different
  • the authentication server it is not necessary for the authentication server to permanently store the one-time passwords and / or the one-way passwords encrypted with the one-way function. Because the one-time passwords can be stored in the secure element and those with the
  • One-way function encrypted one-time passwords can be used in the
  • Service device to be stored. Furthermore, the Security requirements for the service device is not particularly high, since it is only necessary in this store the encrypted using the one-way passwords. If someone is the
  • Service means the original one-time password, i. without being encrypted with the one-way function to transmit.
  • the one-way function is a hash function according to one embodiment.
  • Such hash functions are known in cryptology and are characterized, inter alia, by the fact that it is practically impossible to find an input value for a given output value. In other words, it is relatively easy to get out of one
  • the one-time password may be preceded by a random string before being encrypted.
  • This method is also referred to as "cold" in cryptology, and describes a method in which the randomly chosen string is appended to the one-time password prior to applying the hash function. Using the random string in conjunction with the hashing function increases the security of the method additionally.
  • the generated one-time passwords may have an expiration date be provided in order to limit the access to the service of the service device in time.
  • the payment device confirms after receipt of the amount of money from the secure element (via the authentication server) the receipt of the amount of money at the authentication server. In this way, the arrives
  • Authentication server can have this amount. Furthermore, the service facility is informed by the authentication server of the payment received since the authentication server is aware that payment has been made. The actual transfer of money to the service facility can be done by methods known in the art.
  • Authentication server that at least one one-time password to the secure element, wherein the transmission of the one-time password to the secure element can preferably be encrypted.
  • the at least one one-time password is sent to the secure element without being encrypted with the one-way function.
  • the secure element is aware of the "original" one-time password and can use it to call a service at the service facility, thus authorizing a secure and easy one
  • the at least one one-time password is generated by the authentication server.
  • the authentication server after he has been informed that the payment device has received the amount of money to start generating the one-time passwords. This increases the security of the transaction process, since the payment device has no knowledge of the one-time passwords.
  • the authentication server can make a list with the
  • One-time passwords and passwords encrypted with the one-way function can advantageously serve to ensure an association between the passwords and the passwords encrypted with the one-way function.
  • the authentication server sends the at least one one-time password encrypted with the one-way function to the service device via the third connection. In this way it is ensured that the service device receives the one-way function encrypted one-time passwords directly from the authentication server.
  • the number of passwords may correspond to the amount of money. In this way, it is possible to divide a once paid to the payment facility amount of money in any number of individual amounts and assign each item a one-time password. It is possible that a one-time password always equals an equal amount of money, for example, two cents. Alternatively, it is possible for each one-time password to have a different height
  • Amount of money equals. In this way can be different
  • the service device has a list of one-way function encrypted and unused one-time passwords. These unused one-time passwords are used to pay a monetary amount to the service facility.
  • the secure element sends a non-encrypted with the one-time function
  • the service device applies the one-way function to the password.
  • the service facility recognizes that a valid payment intent exists and allows the requested service to be claimed from it.
  • One-time passwords (to which the on-way function has not been applied) are transmitted to the service facility.
  • the number of transmitted one-time passwords then corresponds to the amount to be paid.
  • Fig. 1 shows a schematic sequence of an inventive
  • Fig. 2 shows a schematic sequence of an inventive
  • Fig. 3 shows a sequence of a method according to the invention.
  • Fig. 1 shows schematically a procedure when transferring a sum of money from a secure element 10 to a payment device.
  • a first connection 20 is established between the secure element 10 and an authentication server 12 via an air interface (GSM / WLAN).
  • the secure element 10 notifies the authentication server 12 of its intention to pay a cash amount to a payment facility (payment facility) 14.
  • the authentication server 12 against which the secure element 10 has authenticated, establishes a second connection 22 with the payment device 14.
  • the second connection 22 may be constructed by known methods.
  • the amount of money is transmitted from the secure element 10 via the authentication server 12 to the payment device 14.
  • a prepaid credit card or other anonymous payment method such as a PaysafeCard may be used to pay.
  • the payment device confirms the receipt of the amount of money at the authentication server 12.
  • the authentication server 12 As soon as the authentication server 12 has been informed about the receipt of payment by the payment device 14 by means of the second connection 22, the authentication server 12 generates one-time passwords in accordance with the amount of the paid-in amount. If, for example, 10 euros were transferred to the payment facility, then the
  • Authentication server with a denomination of 2 et / password a total of 500 one-time passwords. The person in the knowledge of these one-time passwords can use them to pay for or to use a service 16 at authorized service facilities.
  • the one-time passwords are subsequently used by the
  • Authentication server 12 with a one-way function, such as a hash function, encrypted.
  • a one-way function such as a hash function
  • the one-time passwords may be supplemented with a random string before being encrypted. This approach is also called “strings" in cryptography
  • One-time passwords have a limited validity.
  • all one-time passwords encrypted with the one-way function are sent to a service device 16 or to a plurality of different ones
  • One-time passwords as well as one-way passwords encrypted with the one-way function are also encrypted with the one-way function.
  • the first connection 20 may be a secure connection.
  • the secure element 10 is in possession of the one-time passwords after transmitting the one-time passwords. To a paid service of
  • a fourth connection 28 is established between the secure element 10 and the service device 16.
  • the secure element 10 sends a one-time password to the service device 16.
  • the service device 16 applies the one-way function to the one-time password sent by the secure element 10.
  • the service device 16 checks whether it is stored with a one-way function encrypted one-time password that matches the password just encrypted with the one-way function. Conversely, if a match of the passwords is detected, this means, conversely, that the one-time password has not yet been used and, consequently, this can be used to make use of the service 16.
  • several "original" one-time passwords may be sent to the service facility 16 from the secure element 10. The number of one-time passwords corresponds to the amount of payable
  • FIG. 3 shows a flow chart which shows the sequence of the
  • a first connection 20 is established between a secure element 10 and an authentication server 12.
  • a second connection 22 between the authentication server 12 and a payment device 14 is established. Once these two links 10, 12 have been made, a monetary amount is transferred from the secure element 10 to the payment device 14 via the authentication server 12.
  • the payment device 14 confirms in a subsequent step S4 the receipt of the amount of money at the authentication server 12.
  • the authentication server 12 In a next step S5, the authentication server 12 generates at least one one-time password, the number of one-time passwords corresponding to the amount of money transferred to the payment device 14.
  • the authentication server 12 sends the at least one one-time password to a service device 16 via a third connection 24, wherein the one-time password is only sent after it has been encrypted with a one-way function (hash function).
  • the "original" one-time passwords can be sent to the secure element 10.
  • the conclusion of the transaction takes place, as shown in Fig. 2, by the secure element 10 via a fourth connection 28, which can be built analogously to the first connection 20, one of the transmitted in step S7 passwords to the service device 16.
  • the passwords can be stored in the secure element. This makes it difficult for third parties to illegally access the passwords in the secure element 10.
  • the service device 16 can check whether the one-time password has already been used
  • One-time password is valid. If it is a valid password, then after applying the one-time function to the
  • One-time password a match with a stored at the service device 16 password.
  • the service of the service device 16 can be used by the secure element 10.
  • Authentication server 12 verify that password duplication occurs after applying the one-way function. Should
  • the authentication server 12 generates another one-time password and applies the one-way function to this new one-way password.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé destiné à effectuer une transaction de manière anonyme, procédé selon lequel des mots de passe à usage unique chiffrés au moyen d'une fonction à usage unique sont envoyés d'un serveur d'authentification (12) à un appareil de service (16). Les mots de passe à usage unique déchiffrés sont envoyé du serveur d'authentification (12) à un élément sécurisé (10) d'un appareil mobile. Pour effectuer une transaction, l'élément sécurisé (10) envoie les mots de passe à usage unique à l'appareil de service (16).
EP15771857.8A 2014-09-24 2015-09-22 Procédé de transaction Ceased EP3198546A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014014109.8A DE102014014109A1 (de) 2014-09-24 2014-09-24 Transaktionsverfahren
PCT/EP2015/001882 WO2016045788A1 (fr) 2014-09-24 2015-09-22 Procédé de transaction

Publications (1)

Publication Number Publication Date
EP3198546A1 true EP3198546A1 (fr) 2017-08-02

Family

ID=54238377

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15771857.8A Ceased EP3198546A1 (fr) 2014-09-24 2015-09-22 Procédé de transaction

Country Status (4)

Country Link
US (1) US10839380B2 (fr)
EP (1) EP3198546A1 (fr)
DE (1) DE102014014109A1 (fr)
WO (1) WO2016045788A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11030624B2 (en) * 2018-10-04 2021-06-08 Capital One Services, Llc Techniques to perform computational analyses on transaction information for automatic teller machines

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19859959A1 (de) * 1998-12-29 2000-07-06 Manfred Matzel Verfahren für einen Geld- oder Vermögenstransfer und Geld- oder Vermögens-Einheitenkarte hierfür
DE19940448A1 (de) * 1999-08-25 2001-03-01 Nt Innovation Ohg I Gr Verfahren und Vorrichtung zur Ausgabe virtueller Wertmarken
US20010044787A1 (en) * 2000-01-13 2001-11-22 Gil Shwartz Secure private agent for electronic transactions
DE10009710A1 (de) * 2000-03-01 2001-09-13 Roland Eckert Verfahren zum Austausch von Zahlungsinformationen im internetfähigen bargeldlosen Zahlungsverkehr
EP1986146A1 (fr) * 2007-04-27 2008-10-29 Gemplus Procédé de transaction entre deux entités fournissant une révocation de l'anonymat pour des schémas arborescents sans partie certifiée
US9665868B2 (en) * 2010-05-10 2017-05-30 Ca, Inc. One-time use password systems and methods
WO2011141062A1 (fr) * 2010-05-12 2011-11-17 Novelty Group Limited Système de paiement, procédé de production d'au moins une paire de codes pour l'autorisation d'une opération de débit et procédé d'exécution d'une opération de paiement
DE102010033232A1 (de) * 2010-08-03 2012-02-09 Siemens Aktiengesellschaft Verfahren und Vorrichtung zum Bereitstellen eines Einmalpasswortes
DE102010055699A1 (de) * 2010-12-22 2012-06-28 Giesecke & Devrient Gmbh Kryptographisches Verfahren
DE102011108069A1 (de) * 2011-07-19 2013-01-24 Giesecke & Devrient Gmbh Verfahren zum Absichern einer Transaktion
DE102011122767A1 (de) * 2011-09-09 2013-03-14 Dr. Klein Gmbh & Co. Media Kgaa Verfahren zur Bezahlung mit mindestens einem elektronischen Zahlungsmittelschlüssel
DE102011119103A1 (de) 2011-11-22 2013-05-23 Giesecke & Devrient Gmbh Verfahren zum Authentisieren einer Person an einer Serverinstanz
EP2824629A4 (fr) * 2012-03-07 2015-11-25 Sony Corp Système de traitement de paiement, terminal de paiement, dispositif de communication, serveur de paiement et procédé de traitement de paiement
DE102012109041A1 (de) * 2012-09-25 2014-03-27 Retailo AG Verfahren zur Durchführung eines internetfähigen, bargeldlosen Zahlvorgangs von Kleinstbeträgen
US20140129447A1 (en) * 2012-11-05 2014-05-08 Netnumber, Inc. System and method for anonymous micro-transactions
US10796302B2 (en) * 2014-04-23 2020-10-06 Minkasu, Inc. Securely storing and using sensitive information for making payments using a wallet application

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2016045788A1 *

Also Published As

Publication number Publication date
DE102014014109A1 (de) 2016-03-24
US10839380B2 (en) 2020-11-17
US20180232727A1 (en) 2018-08-16
WO2016045788A1 (fr) 2016-03-31

Similar Documents

Publication Publication Date Title
EP3574610B1 (fr) Procédé de réalisation d'une authentification à deux facteurs
DE102009038645A1 (de) Verfahren und tragbarer Datenträger zum Übertragen eines geldwerten Betrages in Form eines elektronischen Datensatzes zwischen einer ersten nichtzentralen Instanz und einer zweiten nichtzentralen Instanz
EP2817758B1 (fr) Procédé de paiement informatisé
DE102009034436A1 (de) Verfahren und System zum Bezahlen mit geldwerten Beträgen in Form elektronischer Datensätze
EP3748521B1 (fr) Méthode pour lire les attributs d'un témoin d'identité
WO2017008939A1 (fr) Procédé et dispositif d'authentification d'un utilisateur de service pour une prestation de service à fournir
DE102012221288A1 (de) Verfahren, Vorrichtung und Dienstleistungsmittel zur Authentifizierung eines Kunden für eine durch ein Dienstleistungsmittel zu erbringende Dienstleistung
WO2004034343A2 (fr) Procede pour executer un processus de paiement dans le domaine du commerce electronique
EP4224786A1 (fr) Procédé et dispositif de génération de signatures électroniques
EP1665184A1 (fr) Procede pour effectuer une transaction electronique
DE102012201209A1 (de) Verfahren zur Erzeugung eines Pseudonyms mit Hilfe eines ID-Tokens
WO2013011043A1 (fr) Système mobile pour transactions financières
WO2014095001A1 (fr) Système de réputation et procédé
WO2013152986A1 (fr) Génération sécurisée d'un compte utilisateur dans un serveur de services
EP3206151B1 (fr) Procédé et système d'authentification d'un appareil de télécommunication mobile sur un système informatique de service et appareil de télécommunication mobile
DE102005008610A1 (de) Verfahren zum Bezahlen in Rechnernetzen
EP3198546A1 (fr) Procédé de transaction
DE102015209073B4 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE102012202744A1 (de) Verfahren zur Erzeugung eines Pseudonyms mit Hilfe eines ID-Tokens
EP3283999B1 (fr) Système électronique servant à produire un certificat
DE102014204122A1 (de) Elektronisches Transaktionsverfahren und Computersystem
EP3416120A1 (fr) Dispositif et procédé d'authentification d'utilisateur et d'autorisation d'accès
DE10229619A1 (de) Verfahren zur Durchführung eines Zahlungsvorganges
DE102014116294A1 (de) Verfahren zur Unterscheidung von missbräuchlichen Abfragen von zulässigen Abfragen durch einen Benutzer an einen Serviceprovider in einem Computernetzwerk
DE102015017060A1 (de) Verfahren zum Lesen von Attributen aus einem ID-Token

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20170424

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20180222

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20191121