MXPA97008581A - Transaction recovery in a valo transfer system - Google Patents
Transaction recovery in a valo transfer systemInfo
- Publication number
- MXPA97008581A MXPA97008581A MXPA/A/1997/008581A MX9708581A MXPA97008581A MX PA97008581 A MXPA97008581 A MX PA97008581A MX 9708581 A MX9708581 A MX 9708581A MX PA97008581 A MXPA97008581 A MX PA97008581A
- Authority
- MX
- Mexico
- Prior art keywords
- transaction
- fund
- ifd
- payment
- electronic
- Prior art date
Links
- 238000011084 recovery Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 18
- 238000001514 detection method Methods 0.000 claims abstract description 3
- 230000003111 delayed Effects 0.000 claims description 7
- 230000001808 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 description 34
- 230000000977 initiatory Effects 0.000 description 20
- UIIMBOGNXHQVGW-UHFFFAOYSA-M buffer Substances [Na+].OC([O-])=O UIIMBOGNXHQVGW-UHFFFAOYSA-M 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000015654 memory Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000000717 retained Effects 0.000 description 3
- 239000000969 carrier Substances 0.000 description 2
- 230000001052 transient Effects 0.000 description 2
- 241001627144 Iris versicolor Species 0.000 description 1
- 230000000875 corresponding Effects 0.000 description 1
- 230000003247 decreasing Effects 0.000 description 1
- 239000007858 starting material Substances 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Abstract
A system of transfer of securities to transfer the value in the transactions between electronic funds as electronic cash and has a procedure of recovery of transaction failure whereby a pending record stores the transaction messages after they are sent. During the detection of an error, an interface device (IFD) can issue a payment resume command to resend the last transaction message and resume transaction.
Description
"RECOVERY OF TRANSACTION IN A SYSTEM OF TRANSFER OF SECURITIES"
The invention relates to a system for transferring securities for transactions exempt from cash and in particular for the recovery of failed transactions. The value transfer systems have been proposed to allow the exchange of money values between "electronic funds". These systems are described, for example, in International Patent Publications Nos. WO 91/16691 and WO 93/08545. Unauthorized tamper-proof carriers such as integrated circuit cards (ICC), otherwise known as "smart cards", are incorporated into microprocessors and electronic memories if they carry electronic funds. Strictly speaking, electronic funds are computer "applications" that consist of programs and associated data and smart cards are an example of an application bearer device (ACD). In order to exchange the value between the electronic funds the cards (ACD) carrying the respective funds are put into communication through one or more of the interface devices (IFD). For example, in the charge value, or "electronic cash" in your bank's fund, a customer will enter their card into an automatic paying machine (ATM) associated with the bank. The ATM is an interface device that is coupled with the ACD that carries the bank's electronic fund. The interface device (IFD) exchanges information between the fund and the electronic cash required to transfer from the bank's fund to the client's fund. This is an online transaction as it relates to the bank. Another form of interface device is a point-of-sale (POS) terminal at an outlet of the retail merchant. Here the customer can enter their card in the terminal, thus connecting their electronic fund with that of the retail merchant. Goods can be purchased by transferring electronic cash from the customer's fund to the merchant's fund. This is an off-line transaction as it relates to the bank. Remote transactions are also possible, where two background carrier cards are introduced into the respective interface devices that communicate with one another through odems and a communication network. In this way, the value can be exchanged in transactions over the telephone or on the Internet, for example.
A transaction, typically for exchange of values, consists of the exchange of a number of messages between the funds in accordance with a predetermined protocol. It is possible that the message sequence is interrupted due to a number of reasons. There may be equipment failure, power loss or message corruption, due to electrical noise or difficulty of synchronization, for example. Most network systems have error correction facilities at the modem level. Even so, there is a potential for a transaction to fail due to the interruption of the message sequence of the transaction. The present invention investigates to provide a system having facilities for recovery so that interrupted transactions are completed. In accordance with the invention, a value transfer system comprising a plurality of electronic funds is provided; a plurality of application carrying devices (ACD) to carry the electronic funds; and a plurality of interface devices (IFD) for coupling together pairs of the ACDs to enable the transfer of securities transactions between pairs of electronic funds, wherein a transaction between a pair of electronic funds in the ACD is carried out. by means of an IFD it comprises an exchange of transaction messages in a sequence of compliance with a predetermined protocol, each transaction message is sent from an electronic fund of a pair of IFD and from the IFD to another electronic fund of the pair, storage means are provided for storing the transaction messages after they are sent, and the IFD is effective for invoking a recovery procedure if the predetermined sequence of transaction messages fails, the recovery procedure comprises the step of deriving the storage medium the last sent transaction message and sending it again to resume the sequence. Preferably, each electronic fund includes a pending record that retains the details of the present or last transaction, the pending records of said pair of funds constituting the storage means. In addition, it is preferable that each electronic fund has a section record that is a storage of the details of the transactions that have failed, the contents of the pending record being copied into a record in the exception record during the failure, to retrieve a transaction what has failed. The recovery procedure may include a trial method, with the IFD being effective when following this method to: (a) interrogate a first electronic fund of the pair to derive its pending record from the last transaction message sent; (b) send that transaction message to the other electronic fund of the pair, to resume the transaction; and if this results in an error; (c) interrogating the other electronic fund of the pair to derive from its pending record the last transaction message that was sent; and (d) sending that transaction message to the first electronic fund of the pair to resume the transaction. The scoring method can result in the sending of superfine messages and in some situations it may be better to use a more structured predetermined recovery method. In this, the IFD is effective to: (a) interrogate both electronic funds of the pair to determine from their pending records which electronic fund has advanced the most in the transaction that has failed; (b) interrogating the electronic fund that has further advanced in the transaction that has failed to derive the last transaction message it sent from its pending record; and (c) sending that transaction message to the other electronic fund of the pair to resume the transaction.
Instead of, or in addition to storing the transaction messages in the pending records in the electronic funds, the message can be stored after being sent in a buffer in the IFD. Then the IFD does not need to recover the last message sent from the electronic funds. Many of the transaction failures will be transient and preferably then the IFD is effective to invoke the automatic recovery procedure and immediately in a transparent manner to the users. Sometimes, however, a transaction can be interrupted more significantly, for example by removing a card from an IFD, for example. Then, a procedure for the delayed recovery of transactions is necessary and a preferred provision is that the IFD must interrogate the electronic funds at the beginning of a proposed transaction in order to determine if there is a transaction that has failed pending among those funds, which it may be able to resume so that a delayed recovery procedure can be initiated. The invention will be further described with reference to the accompanying drawings, of which:
Figure 1 is a schematic diagram of a value transfer system according to the invention; Figure 2 is a schematic diagram of an arrangement of the point of sale terminal of the system of Figure 1; Figure 3 is a diagram illustrating remote communication between electronic funds; Figure 4 is a diagram showing the records in the electronic background of the system of Figure 1; Figure 5 is a diagram illustrating the flow of command messages and response transaction in a typical value transfer transaction at a point of sale terminal in the value transfer system; Figures 6 to 8 are diagrams showing the flow of response command and transaction messages in three respective examples of immediate automatic implementation of the transaction recovery procedure in the securities transfer system; Figure 9 is a digram showing the flow of response command and transaction messages in the implementation of a predetermined and delayed recovery procedure in the value transfer system; and Figure 10 is a diagram showing the flow of command and response transaction messages in the implementation of a predetermined and delayed recovery procedure in the value transfer system. Referring to Figures 1 and 2, the value transfer system according to the invention is an electronic cash money system of the kind described in International Patent Publications Nos. WO 91/16691 and WO 93/08545. Each of a number of smart cards 1 is an application bearer device (ACD) having a microprocessor, a RAM or a ROM that is of the electrically erasable programmable type (EEPROM). Electronic funds are applications in the ACD that hold programs and data including valuable data that is electronic cash. The electronic cash is transfered from bottom to bottom by coupling the respective ACDs electrically together through one or two interface devices (IFD) and exchanging messages of the transaction. The messages take the fof commands issued by the IFD and the responses provided by the funds. The responses include a message of transfer of values whereby a register of values in the electronic payer fund is decreased by an amount and that in the electronic fund of the beneficiary is increased by the same amount. As described in the international patent publications mentioned above, electronic funds and transaction messages are secured by a cryptographic public / secret-code system. One fof DFI is a personal "portfolio" that has two slots to accept the respective DTAs and controls the transfer of funds between the electronic funds in it. Figure 2 shows a portfolio IFD 5 that has two lc smart cards, Id inserted. The IFD has a screen 6 and a keyboard 7. Internally, the IFD has a microprocessor 8, a RAM 9 and an EEPROM 10. Within RAM 9 there are two buffers 11, 12. Each buffer is a portion of the memory which retains the transaction messages after they are sent from the IFD respectively to the ACDs lc and Id. An alternative arrangement is to provide a single buffer retaining the last sent message, independently from which of the ACDs. The memory or buffers can be in the EEPROM instead of in the RAM. Figure 2 also shows the ACDs comprising microprocessors 13c, 13d; RAM 14c, 14d; and EEPROM 15c, 15d. An example of a securities transfer transaction is the charging of electronic cash in an electronic fund of the customer from a bank such as bank 16 in Figure 1. Here, the IFD that couples the customer's ACD with the bank's ACD it is an automatic payment machine 17. Now the customer can buy merchandise or items from a retail merchant by presenting his ACD to a POS point of sale terminal with which the retail merchant's ACD is also attached. A transaction to transfer the value of electronic cash can be initiated. This is an offline transaction as it relates to the bank. Retail merchants can deposit the accumulated electronic cash in their own banks through additional transactions, either in a type of automatic payment machine type or by telephone as illustrated schematically in Figure 3. Here, the ACD of the merchant retail is coupled with an IFD 18 which is a combined card and modem reader. This is connected via telephone with an IFD 19 at the retail merchant bank which is again a combined modem and card reader that is coupled with the bank's ACD Ib.
Figure 4 schematically illustrates part of the EEPROM 4 of an ACD that retains the electronic fund data keeping three records of a payment: The details of the current or last payment are retained in a pending register 20. When the payment has reached a critical point but is still not completed, the payment is eligible for recovery. While the details remain in the pending record, most of the recent payment protocol message that was sent through the fund during this payment (if any) may be recovered again. This critical point occurs during the successful processing of either a command for the Beneficiary to Begin Payment (in the beneficiary's fund). A command for Payment Request (at the bottom of the payer). A payment retained at this stage may be eligible for recovery. There is only one pending record. An exception record 21 stores the details of the payments that failed to complete successfully but can no longer be recovered. Entries in this record are never overwritten, but can be cleared by a back-end provider (eg, a bank). Payments can not be made when the exception record is full.
A payment record 22 maintains the details of the last satisfactory payments. If it is a circular record: when it is complete, the oldest entry is overwritten with details of the new payment. As soon as you change the balance in a fund, a payment record is created. This happens during the handling of the Payment Request (in the payer's fund) or a Payment Value (in the beneficiary's fund). In the case of the payer fund, in this stage, the payment record is marked as incomplete. (In the beneficiary's fund, the payment has now been completed effectively, since no additional messages are expected). Each transaction between the electronic funds consists of a set of command transaction messages generated by the IFD and corresponding to the response transaction messages generated by the respective electronic funds. The electronic fund and the IFD programs follow a predetermined sequence of command and response. If the sequence is disturbed by a fault or interference of a certain kind, then the transaction will be stopped with an "out of sequence message" error. A normal command and response sequence will now be described. The commands are described in three games: pre-payment, payment initiation and payment protocol controls. The technique in general is that the pre-payment and initiation of payment commands are issued which are prepared for payment, and these are followed by a flow of minimum payment protocol messages that normally must be completed without failure that only occurs when all the pre-testing has been carried out. Pre-Payment Controls Fund Registration and Registration Orders These are issued by an IFD to obtain the different items of information from the bottom. The information includes the lengths of the variable length data elements. The Background Registration command provides the length of the Register command response and a memory write flag. The response to the Registration command provides: Configuration Information about the Fund Application, such as how many bags the fund contains, the capacity of the payment and the exception records, and the allowed number of personal code tests. The current status information, indicating the number of exception records not used, the current count of the number of consecutive incorrect personal code tests made, and the degree to which the internal memory is downloaded (expressed as a percentage).
A character game code, indicating the character set used for the narrative background. The Registry command also indicates whether there is a previously attempted payment that has failed to complete that is eligible for recovery. This will be discussed later. Payment Registration Command This provides information that will be supplied to the counterpart fund in the Payment Initiation command. The information can also be used by the DFIs. Payment Initiation Controls There are two variants: Payment Initiation Payroll and Payment Initiation Beneficiary. The controls are similar, but only the Payment Initiation Beneficiary returns the information in its response. Payer of Payment Starter This is directed to the payer fund. Provide the fund with details of the payment to be made (address, value and currency) and the counterpart fund. The fund then checks (not necessarily in this order) that: There is a bag for this currency, which contains sufficient funds for payment;
There is a free element in the exception record to retain the details of the payment, if a failure occurs; The two funds have different background identifiers. (This should always be the case); The beneficiary's fund class is in this fund class list; The background is not blocked or unlocked. If these checks are successful, and there is a previously incomplete payment in the pending record, it moves to the exception record. If the exception record is now complete, the payment can not continue. The command results in a response of the current state. If all the checks are successful, the details provided are stored and the subsequent payment protocol controls must be based on the same information. The currency of failure for the fund is now the one announced for this payment. The payer fund is now waiting for a Payment Request command. Beneficiary of Initiation of Payment Regarding the Payment Initiation Payer, this command provides the fund with details of the payment to be made (address, value and currency) and the counterpart's fund.
The fund then checks (again, not necessarily in this order) that: The fund can handle a payment in the indicated currency (if it is a supported currency, and if there is a bag that can be used for the currency); Payment will not cause the value limit of the currency to be exceeded; There is a free element in the exception record to retain payment details if a failure occurs; The two funds have different background identifiers. (This must always be the case); The background is not unlocked. If these checks are successful, and there is an incomplete payment previously in the pending record, it moves to the exception record. If the exception record is complete, the payment can not continue. If all the checks are successful, the details provided are stored, and the subsequent payment controls must be based on the same information. If an appropriate bag is assigned to the specific currency, this becomes a currency of failure for the fund. The data in the response is a Payment Request signature that is used as the data for a Payment Request command at the bottom of the payer. Payment Protocol Controls The payment protocol controls include the three commands that transfer the value from one fund to the other: Request for Payment, where the beneficiary's fund requests the value; The Payment Value, where the payer's fund sends the value; Payment Acknowledgment, where the beneficiary's fund recognizes the payment. The sequence is implemented in a more complicated way, because the funds do not communicate directly with one another through an IFD (or multiple IFDs). It works as follows: The data for Payment Request is obtained in response to a command from the Beneficiary of Payment Initiation sent to the beneficiary's fund. It is changed in a command, and sent as a command of Payment Request at the bottom of the payment; The payer fund responds to the Payment Request message with a Payment Value message. This is sent as a Payment Value command to the beneficiary's fund; The beneficiary's fund responds to the command of Payment Value with a Payment Acknowledgment message.
This is sent as a Payment Acknowledgment command at the bottom of the payer. The payer fund responds with the current status information. The normal sequence of commands and responses in a payment transaction is shown in Figure 5. In this Figure, the text in the boxes represents commands and the arrows indicate responses (data flow). It is possible that a technical failure manifests itself during a transaction. For example, a transaction message may be corrupted, the power supply may be broken or interrupted, or an ACD may be removed from an IFD. Some of the faults can be transient and others more considerable. The present invention provides ways to recover interrupted transactions. The recovery can be either immediate (as soon as a failure is detected) or delayed (when the funds are resubmitted to the DFIs after the payment has failed). Within these types of recovery, there are two other possible ways for DFIs to work to obtain a recovery: The test method or based on direct knowledge of the exact status of the payment is in: the DFIs then continue with the payment (the method of trial and error is applied and the Failure occurs when a message has been sent to a fund if a response is not received The IFD will not know if the fund has received and processed the message, if so, trying to resend the message may result in an error message In some cases, recovery may not be appropriate - payment may have already been completed successfully); Default: when the DFIs investigate securities returned from funds and can then determine which fund should send a Payment Remand command in order to recover the payment. When both funds are local to an IFD, the tentative recovery may be more appropriate since the total expense of issuing the wrong command initially has no chance of being important. In cases where two remote IFDs are involved, it may not be ideal to a tentative approach since it can be a waste of messages through the communication link. Instead of using the trial method, the DFIs can use the default recovery method. Note that the default recovery mechanism can be used in any circumstances (not just for remote recovery). There is also a need for users to be informed that a previous failure has occurred so that they can invoke recovery if appropriate.
The following illustrations are based on the immediate recovery of payments when both funds are local to the IFD. Figure 6 shows a sequence in which: A. The IFD fails to receive a response to the Payment Request command sent to the Payer's Fund. B. The IFD sends the Payment Request to the Payer's Fund again. C. On the second attempt, the IFD receives a Payment Value message from the Payer's Fund. (In this case, the Payment Request has not been previously processed by the Beneficiary's Fund). In this example it will be noted that the IFD retains the transaction messages in the buffers after they are sent. The buffers are illustrated in Figure 2. Figure 7 shows a sequence in which: A. The DFI stops receiving a response to the Payment Request command sent to the Payer's Fund. B. In this case, you have not retained the message of
Request for Payment, and therefore send an Extract of Payment to the Beneficiary Fund to recover the Payment Request. C. When sending the Request for Payment to the Payer's Fund for the second time, the Payer's Fund satisfactorily returns the Payment Value. (As with Figure 6, it is successful because the Payer Fund has not received and processed the Payment Request on the first attempt). Figure 8 shows a sequence in which: A. The DFI stops receiving a response to a Payment Request command sent to the Payer's Fund. B. Send the Payment Extract to the Beneficiary Fund to retrieve the Payment Request message. C. When sending the Payment Request to the Payer a second time, the Payer's Fund responds with an "out of sequence message" because it has previously processed the Payment Request. D. The IFD then issues an Extract of Payment to
Payer Fund to obtain the Payment Value message that you have not received the first time. An additional example, not shown, is when there is a recurring error in the interface between the IFD and a background. For example, the IFD sends a Payment Value message to the Beneficiary Fund and does not receive a valid response. Retrieves the Payment Value from the Payer's Fund, repeats the sequence for a predetermined number of times but without success and then stops, warning the user of the failure.
Pre-determined recovery Before describing how DFIs can recover a payment in a predetermined way (instead of using the method of trial and error), it is necessary to explain how a fund indicates to DFIs the stage it has reached in the payment. The following fields of recovery management data are used to indicate this: a. Flag of failure of payment, in the response of the Registry. This can adopt the values of: no failure fails the beneficiary's fund (note that this does not necessarily indicate that a failure has occurred in the beneficiary's fund) failure of the payer fund. b. Flag of outstanding exception, in the response of the Registry. This can adopt the values of: no outstanding exception pending exception present. c. Payment stage failed, in the response of the Payment Register that Failed.
The values of this field depend on the implementation. However, DFIs can use this field to determine which fund has advanced the most in a payment: the higher the value, the more progress the fund has made. There are four logical values, to which reference is made in the present, VI, V2, V3 and V4, where 0 < = VI < V2 < V3 < V4 < - 255. Under some circumstances, the fund will not return to any of these securities, but will respond to a Payment Registration command that has Failed with the error "unable to resume payment". Depending on these values, the IFD can predict if the payment resumption will work but can not necessarily predict which Payment message will be made
Regress because you do not know the actual values associated with VI, V2, V3 and V4. The following fields are also necessary in order to verify that this is the same pair of funds that was involved in the failed payment: d. The Fund ID of the counterpart of the payment record response that has failed. and. The sequence number of the counterpart of the answer of the Payment Record that has Failed. Figure 9 shows the sequence of commands and responses in a predefined recovery procedure. The steps are:
A. Send a Registration command to each fund, and inspect the flag of payment failure in the response message. If one fund returns the failure of the payer fund and the other returns the failure of the beneficiary fund, then recovery may be possible. B. I sent a Payment Registration command that has Failed to each fund. If each answer contains the PID of the other background, and if the sequence numbers match, then recovery is possible. C. I sent the Renew Payment to any fund that reports the highest value of the failed payment stage. D. I sent the response of the Payment Resumption in one command to the other fund and then continued with the payment. It should be understood that the default recovery can be initiated during a transaction that has failed automatically during the detection of a failure. Likewise, the checks and resumption of the transaction, if appropriate, can be part of the normal transaction protocol. Therefore, at the beginning of each transaction, the funds are checked and, if possible, a pending transaction is completed before the next transaction is made. A special protocol is required when transactions are carried out remotely between electronic funds each having its own IFD, as illustrated in Figure 3, for example. Here, there is the IFD-IFD message flow and a so-called Virtual ACD Protocol is used. This protocol allows an IFD to send commands to a remote or remote ACD through a remote IFD. Any IFD can do this. The IFD that receives this command can either: pass the command through the ACD without inspecting it, or pass it to the ACD if it is acceptable, and interpret the message and any response, or return an error ("the message can not be processed") ), or - re-interpret the command, and handle it as if it were an IFD-IFD message. The IFD that issues the command is known as the "master", and the IFD that receives the command is called here as the "subsidiary". During the transfer of the value, as will be discussed below, there is an agreement that a transfer of the value involving two DFIs is initiated by an IFD-IFD Initiative Value Transfer command, and that after this command there is an understanding about which IFD is the "teacher" and which is the "subsidiary". However, an IFD may have to handle the case where a virtual ACD payment command is received outside of this scheme. (In theory, due to the full duplex link between the DFIs, there could be an attempt to intersperse two transfers of values in opposite directions, so that each DFI is at the same time the master for one payment and the subsidiary for the other. be permissible if different funds are involved). When transferring remote securities, both DFIs must be able to determine the current status of the payment transaction justly carried out. It is easy for the teacher to do so as long as he knows what is happening through the transfer of values. All DFIs always supervise and prevent the issuing of Paid Initiation Payers from a remote IFD. For the subsidiary IFD there are three options: (1) Examine all messages before they are passed on to the ACD, and all the responses so that at the end of payment can be reported exactly what has happened, or (2) monitor the Payroll Beneficiary commands: to reject all but the first of these commands that follow an Initiation Value Transfer command: and to read and compare all the values of the fund's stock before and after payment, so that payment details can be made known; or (3) To supervise the Payroll Beneficiary's controls; to allow each payment to continue; and to read and compare all the values of the fund stock before and after each payment (such as for option (2)) so that the details of the payment can be reported. In options (2) and (3), the command data of the
Beneficiary of Initiation of Payment can be interpreted to determine the details of the payment, instead of to compare the values of the stock exchange. It is not considered appropriate for the beneficiary's IFD to compare the values of the stock market before and after a payment and then look at the last record of the underlying transaction to determine what has happened, since without identifying the controls of the Beneficiary of Initiation of Payment The IFD can not reliably then determine the number of transactions that have occurred. Supervision of all controls (the first option) can be said to protect the card holder to the maximum extent. For example, you can provide the option to reject a payment that is not compatible with the previous command of Transfer of Initiation Value; or it can be used to prevent an unauthorized attempt to unlock a remote fund. However, the options that do not depend on the interpretation command headers or the data in the Payroll Beneficiary's commands, provide the best proof of future against changes in the system. (The subsidiary IFD does not need to be at the same level of system software release as the teacher, but the DFIs can still interwork). Figure 10 shows a typical message sequence involved in the delayed retrieval of a payment where the two funds that were involved in the original are now distant one from the other. The steps are the following: a. The users (payer and beneficiary) agree to carry out the recovery, and ensure that the appropriate games are available to their respective DFIs. b. One of the users (in this example, the beneficiary) asks your IFD to start the recovery. c. The beneficiary's IFD issues appropriate local controls to its fund, including the Register and the Payment Record that has Failed. If the Register's flag of payment failure is "no failure", or if the Payment Record that has Failed indicates "unable to resume payment", informs the beneficiary that recovery is impossible. d. If all is well, the data of the failed payment and the Fund ID send in an Initiation Recovery command to the other IFD. and. The payer's IFD selects an appropriate fund according to the fund ID of the specified counterparty of the payment data that has failed from the Initiation Recovery command. Having found this, it issues appropriate local controls to its fund, including the Register and the Payment Record that has Failed. If any of: the flag of failed payment returned from the Register indicates "no failure", or - Payment Record that has Failed indicates
"Unable to resume payment", or The Fund's Ids and sequence numbers do not match, informs the payer that recovery is impossible and returns an error response to the beneficiary's IFD. F. If all is well, return the payment data that has failed to the payer fund in the Initiation Recovery response. g. The beneficiary's IFD is now the master in the virtual ACD protocol. Compare the values of the Payment Stage that has Failed as it is returned from the two funds, and send a Payment Resume command to any fund that discovers the highest value of the payment stage that has failed. (In this example, it is the payer fund, and therefore the Payment Resume is sent to a virtual ACD command). h. The beneficiary's IFD receives a response from the Payment Resumption, in this example a Payment Value message. Send this to a Payment Value command that sends it to the beneficiary's fund. The payment then continues normally. The use of the Initiation Recovery command could theoretically initiation IFD could carry out the recovery simply by using the Virtual ACD commands. However: The subsidiary IFD could not report its intention to recover, or the result of the recovery, its user, since he would not know what is happening. - If the subsidiary IFD had more than one fund, the teacher could not in any way inform the fund which to use.
Claims (8)
1. A system of transfer of values comprising a plurality of electronic funds; a plurality of application carrying devices (ACD) to carry the electronic funds; and a plurality of interface devices (IFD) for coupling together pairs of the ACDs to allow for the transfer of securities transactions between pairs of electronic funds, where a transaction between a pair of electronic funds in the ACDs is carried out. coupled by an IFD comprises an exchange of transaction messages in a sequence according to a predetermined protocol, each transaction message is sent from an electronic fund of one pair of the IFD and the IFD to the other electronic fund of the pair, means are provided storage to store the transaction messages after they send, and the IFD is effective to invoke the recovery procedure if the predetermined sequence of transaction messages fails, the recovery procedure comprising the step of deriving the storage medium from the last message of sent transaction and re-send the same to resume the sequence.
2. A value transfer system according to claim 1, wherein each electronic fund includes a pending record that retains the details of the current or last transaction, the pending records of the pair of funds constituting the storage means.
3. A system for transferring securities according to claim 2, wherein the recovery procedure includes a trial and error method, the IFD being effective when it follows this method to: (a) interrogate a first electronic fund of the pair that derives from your pending record the last transaction message from which you sent; (b) sending that transaction message to the other electronic fund of the pair to resume the transaction; and if this results in an error; (c) interrogating the other electronic fund of the pair to derive the last transaction message it sent from its pending record; and (d) sending the transaction message to the first electronic peer fund to resume the transaction.
4. A value transfer system according to claim 2 or claim 3, wherein the recovery procedure includes a predetermined method, the IFD being effective when it follows this method to: (a) interrogate both electronic funds of the pair to determine from your pending records which electronic fund has advanced the most in the transaction that has failed; (b) interrogating the electronic fund that has advanced the most in the transaction that has failed to derive the last transaction message it sent from its pending record; (c) sending that transaction message to the other electronic fund of the pair to resume the transaction.
5. A value transfer system according to claim 1, wherein the storage means is included in the IFD.
6. A securities transfer system according to any of the preceding claims, wherein the IFD is effective to invoke the automatic recovery procedure and immediately during a transaction during the detection of a failure in the predetermined sequence of the transaction message .
7. A securities transfer system according to any of claims 1 to 4, wherein the IFD is effective to interrogate the electronic funds at the beginning of a proposed transaction to determine if there is a transaction that has failed pending between those funds You may be able to resume so that a delayed recovery procedure can be started.
8. A securities transfer system according to claim 2, wherein each electronic fund has an exception record that is a storage of the details of the transactions that have failed, the content of the pending record being copied into a record in the exception record during the failure, in order to recover a transaction that has failed.
Applications Claiming Priority (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GBGB9509762.2A GB9509762D0 (en) | 1995-05-15 | 1995-05-15 | Electronic purse system |
| GB9509763.0 | 1995-05-15 | ||
| GB9509762.2 | 1995-05-15 | ||
| GB9509766.3 | 1995-05-15 | ||
| GBGB9509766.3A GB9509766D0 (en) | 1995-05-15 | 1995-05-15 | Electronic purse system |
| GBGB9509763.0A GB9509763D0 (en) | 1995-05-15 | 1995-05-15 | Electronic purse interface system |
| PCT/GB1996/001146 WO1996036947A1 (en) | 1995-05-15 | 1996-05-14 | Transaction recovery in a value transfer system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| MXPA97008581A true MXPA97008581A (en) | 1998-02-01 |
| MX9708581A MX9708581A (en) | 1998-02-28 |
Family
ID=27267721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| MX9708581A MX9708581A (en) | 1995-05-15 | 1996-05-14 | Transaction recovery in a value transfer system. |
Country Status (29)
| Country | Link |
|---|---|
| US (1) | US5982293A (en) |
| EP (1) | EP0829070B1 (en) |
| JP (1) | JPH11505348A (en) |
| KR (1) | KR100314122B1 (en) |
| CN (1) | CN1075216C (en) |
| AT (1) | ATE208518T1 (en) |
| AU (1) | AU696468B2 (en) |
| BG (1) | BG102028A (en) |
| BR (1) | BR9608371A (en) |
| CA (1) | CA2220070C (en) |
| CZ (1) | CZ353097A3 (en) |
| DE (1) | DE69616784T2 (en) |
| DK (1) | DK0829070T3 (en) |
| EE (1) | EE9700304A (en) |
| ES (1) | ES2167562T3 (en) |
| HK (1) | HK1003073A1 (en) |
| HU (1) | HUP9802917A2 (en) |
| IS (1) | IS4601A (en) |
| MX (1) | MX9708581A (en) |
| NO (1) | NO317493B1 (en) |
| NZ (1) | NZ307593A (en) |
| PL (1) | PL323313A1 (en) |
| PT (1) | PT829070E (en) |
| RU (1) | RU2182726C2 (en) |
| SK (1) | SK151197A3 (en) |
| TR (1) | TR199701368T1 (en) |
| TW (1) | TW306996B (en) |
| WO (1) | WO1996036947A1 (en) |
| ZA (1) | ZA963821B (en) |
Families Citing this family (75)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH10162089A (en) * | 1996-12-02 | 1998-06-19 | Oki Electric Ind Co Ltd | Electronic transaction system |
| EP0851396A1 (en) * | 1996-12-23 | 1998-07-01 | Koninklijke KPN N.V. | System for increasing a value of an electronic payment card |
| US6078888A (en) | 1997-07-16 | 2000-06-20 | Gilbarco Inc. | Cryptography security for remote dispenser transactions |
| EP0996937A1 (en) * | 1997-07-16 | 2000-05-03 | Gilbarco Inc. | Secure transactions |
| GB2328042B (en) * | 1997-07-26 | 2002-10-09 | Ibm | Smartcard transaction processing |
| DE19755819C1 (en) * | 1997-12-16 | 1999-08-26 | Ibm | Distributed payment system and method for cashless payment transactions using a stock exchange chip card |
| JP2000003424A (en) | 1998-04-17 | 2000-01-07 | Hitachi Ltd | Ic card provided with memory content shift control part, and data storing method for ic card |
| JP3717031B2 (en) * | 1998-06-05 | 2005-11-16 | 富士通株式会社 | Electronic money apparatus, method, card, and computer-readable recording medium recording electronic money processing program |
| DE69817543T2 (en) * | 1998-06-08 | 2004-06-24 | International Business Machines Corp. | Automatic data recovery in chip cards |
| EP0964361A1 (en) * | 1998-06-08 | 1999-12-15 | International Business Machines Corporation | Protection of sensitive information contained in integrated circuit cards |
| FR2784483B1 (en) * | 1998-10-13 | 2000-12-29 | Innovatron Electronique | METHOD FOR EXCHANGING DATA BETWEEN AN AUTOMATON AND A HANDHELD OBJECT, IN PARTICULAR A MICROCIRCUIT CARD, LIKELY TO BE DEBIT BY THE AUTOMATON IN REPLACEMENT OF THE DELIVERY OF GOODS OR SERVICES |
| JP2000276543A (en) | 1999-03-26 | 2000-10-06 | Fujitsu Ltd | Numerical data processor and numerical data processing method |
| DE60042009D1 (en) * | 1999-08-12 | 2009-05-28 | Panasonic Corp | ELECTRONIC INFORMATION SECURITY SYSTEM |
| US7889052B2 (en) | 2001-07-10 | 2011-02-15 | Xatra Fund Mx, Llc | Authorizing payment subsequent to RF transactions |
| US7239226B2 (en) | 2001-07-10 | 2007-07-03 | American Express Travel Related Services Company, Inc. | System and method for payment using radio frequency identification in contact and contactless transactions |
| US7172112B2 (en) | 2000-01-21 | 2007-02-06 | American Express Travel Related Services Company, Inc. | Public/private dual card system and method |
| US8543423B2 (en) | 2002-07-16 | 2013-09-24 | American Express Travel Related Services Company, Inc. | Method and apparatus for enrolling with multiple transaction environments |
| US8429041B2 (en) | 2003-05-09 | 2013-04-23 | American Express Travel Related Services Company, Inc. | Systems and methods for managing account information lifecycles |
| AU2001243473A1 (en) | 2000-03-07 | 2001-09-17 | American Express Travel Related Services Company, Inc. | System for facilitating a transaction |
| KR100483207B1 (en) * | 2000-07-26 | 2005-04-15 | 케이비 테크놀러지 (주) | Method for loading value to electronic purse |
| KR20020063377A (en) * | 2001-01-29 | 2002-08-03 | 주식회사 마이비 | Method for charging value to electronic purse using internet |
| US7650314B1 (en) | 2001-05-25 | 2010-01-19 | American Express Travel Related Services Company, Inc. | System and method for securing a recurrent billing transaction |
| US8001054B1 (en) | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
| US7805378B2 (en) | 2001-07-10 | 2010-09-28 | American Express Travel Related Servicex Company, Inc. | System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions |
| US8635131B1 (en) | 2001-07-10 | 2014-01-21 | American Express Travel Related Services Company, Inc. | System and method for managing a transaction protocol |
| US8294552B2 (en) | 2001-07-10 | 2012-10-23 | Xatra Fund Mx, Llc | Facial scan biometrics on a payment device |
| US7360689B2 (en) | 2001-07-10 | 2008-04-22 | American Express Travel Related Services Company, Inc. | Method and system for proffering multiple biometrics for use with a FOB |
| US7119659B2 (en) | 2001-07-10 | 2006-10-10 | American Express Travel Related Services Company, Inc. | Systems and methods for providing a RF transaction device for use in a private label transaction |
| US7668750B2 (en) | 2001-07-10 | 2010-02-23 | David S Bonalle | Securing RF transactions using a transactions counter |
| US8548927B2 (en) | 2001-07-10 | 2013-10-01 | Xatra Fund Mx, Llc | Biometric registration for facilitating an RF transaction |
| US8279042B2 (en) * | 2001-07-10 | 2012-10-02 | Xatra Fund Mx, Llc | Iris scan biometrics on a payment device |
| US7925535B2 (en) | 2001-07-10 | 2011-04-12 | American Express Travel Related Services Company, Inc. | System and method for securing RF transactions using a radio frequency identification device including a random number generator |
| US7249112B2 (en) | 2002-07-09 | 2007-07-24 | American Express Travel Related Services Company, Inc. | System and method for assigning a funding source for a radio frequency identification device |
| US7746215B1 (en) | 2001-07-10 | 2010-06-29 | Fred Bishop | RF transactions using a wireless reader grid |
| US7996324B2 (en) | 2001-07-10 | 2011-08-09 | American Express Travel Related Services Company, Inc. | Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia |
| US7762457B2 (en) | 2001-07-10 | 2010-07-27 | American Express Travel Related Services Company, Inc. | System and method for dynamic fob synchronization and personalization |
| US7303120B2 (en) | 2001-07-10 | 2007-12-04 | American Express Travel Related Services Company, Inc. | System for biometric security using a FOB |
| US7705732B2 (en) | 2001-07-10 | 2010-04-27 | Fred Bishop | Authenticating an RF transaction using a transaction counter |
| US7735725B1 (en) | 2001-07-10 | 2010-06-15 | Fred Bishop | Processing an RF transaction using a routing number |
| US20040236699A1 (en) | 2001-07-10 | 2004-11-25 | American Express Travel Related Services Company, Inc. | Method and system for hand geometry recognition biometrics on a fob |
| US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
| US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
| US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
| US8960535B2 (en) | 2001-07-10 | 2015-02-24 | Iii Holdings 1, Llc | Method and system for resource management and evaluation |
| US7503480B2 (en) | 2001-07-10 | 2009-03-17 | American Express Travel Related Services Company, Inc. | Method and system for tracking user performance |
| GB2378781B (en) * | 2001-08-16 | 2005-06-01 | Sun Microsystems Inc | Message brokering |
| GB2378782B (en) * | 2001-08-16 | 2005-04-13 | Sun Microsystems Inc | Message brokering |
| JP3860448B2 (en) * | 2001-09-28 | 2006-12-20 | 富士通株式会社 | Terminal device, transaction management system, transaction processing method, and program |
| KR100958229B1 (en) * | 2002-02-01 | 2010-05-17 | 파나소닉 주식회사 | License information exchange system |
| KR20030086780A (en) * | 2002-05-07 | 2003-11-12 | 케이비 테크놀러지 (주) | Apparatus and method for auto-charging of electronic purse |
| US8396809B1 (en) | 2002-05-14 | 2013-03-12 | Hewlett-Packard Development Company, L.P. | Method for reducing purchase time |
| US6700483B2 (en) | 2002-07-12 | 2004-03-02 | Honeywell International Inc. | Alarm recovery method and system using two notification messages |
| FR2842622B1 (en) * | 2002-07-18 | 2004-09-24 | Xiring | METHOD AND EQUIPMENT FOR TRANSFERRING DATA BETWEEN TWO MICROCIRCUIT CARDS |
| US6805287B2 (en) | 2002-09-12 | 2004-10-19 | American Express Travel Related Services Company, Inc. | System and method for converting a stored value card to a credit card |
| JP2005309975A (en) * | 2004-04-23 | 2005-11-04 | Sony Corp | Data communication system, method, and device |
| EP1770614A4 (en) * | 2004-04-27 | 2009-01-21 | Bitwallet Inc | Money terminal processing server, money terminal processing method, money terminal, calculation instruction input device, and price modification information input device |
| US7318550B2 (en) | 2004-07-01 | 2008-01-15 | American Express Travel Related Services Company, Inc. | Biometric safeguard method for use with a smartcard |
| WO2006049582A1 (en) * | 2004-11-05 | 2006-05-11 | Mobile Money International Sdn Bhd | An electronic-purse transaction method and system |
| US20070265945A1 (en) * | 2006-05-10 | 2007-11-15 | International Business Machines Corporation | Communicating event messages corresponding to event indicators |
| US20070265946A1 (en) * | 2006-05-10 | 2007-11-15 | International Business Machines Corporation | Aggregating event indicators |
| US7958032B2 (en) * | 2006-05-10 | 2011-06-07 | International Business Machines Corporation | Generating event messages corresponding to event indicators |
| US10152712B2 (en) * | 2006-05-10 | 2018-12-11 | Paypal, Inc. | Inspecting event indicators |
| JP5137338B2 (en) * | 2006-06-06 | 2013-02-06 | 株式会社三菱東京Ufj銀行 | Information processing apparatus, information processing server, information processing apparatus control method, information processing server control method, and program |
| EP1912182A1 (en) * | 2006-10-12 | 2008-04-16 | Proton World International N.V. | Authorisation of a transaction between an electronic circuit and a terminal |
| US8762240B2 (en) | 2007-11-21 | 2014-06-24 | Nec Corporation | Electronic value exchange system, terminal device, recovery device and method of exchanging electronic value adoptable thereto |
| CN101557574B (en) * | 2009-02-17 | 2011-05-11 | 中兴通讯股份有限公司 | Intelligent service system for preventing false increase of transfer amount of prepaid users and implement method thereof |
| US9230259B1 (en) | 2009-03-20 | 2016-01-05 | Jpmorgan Chase Bank, N.A. | Systems and methods for mobile ordering and payment |
| US9189786B2 (en) * | 2010-03-31 | 2015-11-17 | Mastercard International Incorporated | Systems and methods for operating transaction terminals |
| CN103679976B (en) * | 2012-09-25 | 2016-02-17 | 中国银联股份有限公司 | A kind of system and method that IC-card is read and write |
| CN104899178A (en) * | 2014-04-03 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Service processing method and device |
| US10402821B2 (en) | 2015-07-30 | 2019-09-03 | Ebay Inc. | Redirecting to a trusted device for secured data transmission |
| CN106297073B (en) * | 2016-07-29 | 2018-12-11 | 深圳怡化电脑股份有限公司 | A kind of self-aided terminal method for processing business and system |
| CN106875269B (en) * | 2016-08-16 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Resource replacement method and device |
| RU2677384C1 (en) * | 2017-12-14 | 2019-01-16 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Way of automatic calculation of the included money in case of failures |
| US11227280B2 (en) * | 2019-03-25 | 2022-01-18 | Capital One Services, Llc | Systems and methods for increased efficiency and reliability of contactless card transactions |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IE820411L (en) * | 1982-02-25 | 1983-08-25 | L M Ericsson Ltd | Portable device for storing and transferring data |
| ATE175512T1 (en) * | 1986-09-02 | 1999-01-15 | Pitney Bowes Inc | TRANSACTION SYSTEM WITH MODULAR PRINTER |
| DE3731736A1 (en) * | 1986-09-27 | 1988-04-07 | Toshiba Kawasaki Kk | Processing system for a portable electronic device |
| GB9121995D0 (en) * | 1991-10-16 | 1991-11-27 | Jonhig Ltd | Value transfer system |
| GB9307623D0 (en) * | 1993-04-13 | 1993-06-02 | Jonhig Ltd | Data writing to eeprom |
-
1996
- 1996-05-14 TW TW085105643A patent/TW306996B/zh not_active IP Right Cessation
- 1996-05-14 HU HU9802917A patent/HUP9802917A2/en unknown
- 1996-05-14 WO PCT/GB1996/001146 patent/WO1996036947A1/en active IP Right Grant
- 1996-05-14 CZ CZ973530A patent/CZ353097A3/en unknown
- 1996-05-14 US US08/945,582 patent/US5982293A/en not_active Expired - Lifetime
- 1996-05-14 AU AU56985/96A patent/AU696468B2/en not_active Ceased
- 1996-05-14 EE EE9700304A patent/EE9700304A/en unknown
- 1996-05-14 RU RU97120696/09A patent/RU2182726C2/en not_active IP Right Cessation
- 1996-05-14 CA CA002220070A patent/CA2220070C/en not_active Expired - Fee Related
- 1996-05-14 EP EP96915096A patent/EP0829070B1/en not_active Expired - Lifetime
- 1996-05-14 PT PT96915096T patent/PT829070E/en unknown
- 1996-05-14 NZ NZ307593A patent/NZ307593A/en not_active IP Right Cessation
- 1996-05-14 PL PL96323313A patent/PL323313A1/en unknown
- 1996-05-14 DK DK96915096T patent/DK0829070T3/en active
- 1996-05-14 TR TR97/01368T patent/TR199701368T1/en unknown
- 1996-05-14 JP JP8534625A patent/JPH11505348A/en active Pending
- 1996-05-14 AT AT96915096T patent/ATE208518T1/en active
- 1996-05-14 SK SK1511-97A patent/SK151197A3/en unknown
- 1996-05-14 KR KR1019970708153A patent/KR100314122B1/en not_active IP Right Cessation
- 1996-05-14 MX MX9708581A patent/MX9708581A/en active IP Right Grant
- 1996-05-14 ES ES96915096T patent/ES2167562T3/en not_active Expired - Lifetime
- 1996-05-14 DE DE69616784T patent/DE69616784T2/en not_active Expired - Lifetime
- 1996-05-14 BR BR9608371-9A patent/BR9608371A/en not_active IP Right Cessation
- 1996-05-14 CN CN96195242A patent/CN1075216C/en not_active Expired - Fee Related
- 1996-05-14 ZA ZA963821A patent/ZA963821B/en unknown
-
1997
- 1997-10-28 IS IS4601A patent/IS4601A/en unknown
- 1997-11-06 BG BG102028A patent/BG102028A/en unknown
- 1997-11-12 NO NO19975199A patent/NO317493B1/en not_active IP Right Cessation
-
1998
- 1998-03-18 HK HK98102261A patent/HK1003073A1/en not_active IP Right Cessation
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| MXPA97008581A (en) | Transaction recovery in a valo transfer system | |
| CA2220070C (en) | Transaction recovery in a value transfer system | |
| US6016963A (en) | Integrated circuit card with means for performing risk management | |
| EP0668579B1 (en) | Secure money transfer techniques using smart cards | |
| US5691525A (en) | Data transfer system and data transfer terminal device | |
| EP0958559B1 (en) | Method and system of transferring currency from a first account to an ATM | |
| US20010051920A1 (en) | Financial transaction and/or wireless communication device authorization, notification and/or security apparatus and method | |
| EP0546584A1 (en) | Data transfer method | |
| NO150618B (en) | PROCEDURE FOR APPROVAL OF FINANCIAL TRANSACTIONS IN RESPECT OF CODED DATA ON A DOCUMENT | |
| KR100542386B1 (en) | System and method for managing a payment relation between the enterprises | |
| WO2000005689A9 (en) | Device and method for authorized funds transfer | |
| US6105864A (en) | Terminal device and terminal system | |
| US20130138519A1 (en) | Point of Sale Activation and Reload System | |
| US6029152A (en) | Processing of transaction data | |
| KR100209857B1 (en) | Electronic money device | |
| GB2306241A (en) | Transferring data between smart cards and a network | |
| JPH09128468A (en) | Method and device for execution of safe financial transaction | |
| EP0500956B1 (en) | Data transfer system and data transfer terminal unit | |
| KR100366852B1 (en) | Remote management system of automatic vending machine | |
| KR20040022777A (en) | System for network-based security loan service using a depositary receipt and method thereof | |
| JP3762548B2 (en) | Game card system failure processing method and game card system | |
| JP2005174310A (en) | Ic card type digital money system and its method, and program | |
| US8392301B1 (en) | Financial system for isolated economic environment | |
| JP2003132228A (en) | Automatic transaction device dealing with card loaded with ic chip | |
| JP2000005429A (en) | Dealing with trouble in game card system |