WO1999004374A1 - Transactions protegees - Google Patents
Transactions protegees Download PDFInfo
- Publication number
- WO1999004374A1 WO1999004374A1 PCT/GB1998/002083 GB9802083W WO9904374A1 WO 1999004374 A1 WO1999004374 A1 WO 1999004374A1 GB 9802083 W GB9802083 W GB 9802083W WO 9904374 A1 WO9904374 A1 WO 9904374A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- host
- data
- transponder
- point
- tag
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/28—Pre-payment schemes, e.g. "pay before"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4093—Monitoring of device authentication
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F13/00—Coin-freed apparatus for controlling dispensing or fluids, semiliquids or granular material from reservoirs
- G07F13/02—Coin-freed apparatus for controlling dispensing or fluids, semiliquids or granular material from reservoirs by volume
- G07F13/025—Coin-freed apparatus for controlling dispensing or fluids, semiliquids or granular material from reservoirs by volume wherein the volume is determined during delivery
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0866—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
Definitions
- the present invention relates generally to providing secure transactions between a
- transponder in a fuel delivery, retail sales and service environment.
- a customer is not limited to the purchase of fuel at the dispenser. More recent
- dispensers allow the customer to purchase services, such as car washes, and goods such as
- transponder equipped with a remote intelligent communications device, or transponder (hereinafter
- a tag capable of remotely communicating with fuel dispensers
- tags and dispensers operate in conjunction to provide a cashless and cardless transaction system where transactions are automatically charged or
- electromagnetic radiation such as radio frequency transmissions, infrared, direct electrical
- Tag transponder technology is used in many areas of technology relating to vehicles.
- Such technology is used in tracking vehicles, navigational aids, toll collection, diagnostics,
- a stolen tag provides a thief an indefinite amount of time to
- fuel dispenser or other source such as a restaurant or other goods or services provider that
- the businesses may want to provide loyalty points for a tag holder relating to
- Security is enhanced if the manner of encryption or the key used for
- transponder and host are arranged to communicate information and/or instructions between
- transducer authenticates that the information and/or instruction received originated from the
- the authentication being based on data available to the host and transponder which
- the authentication may be by way of the
- the transponder, (tag) is adapted to bi-directionally communicate with a POS
- a fuel dispenser which further communicates with a host network to provide authorization of the tag and carry out any desired purchases or transactions.
- a host network to provide authorization of the tag and carry out any desired purchases or transactions.
- invention may maintain all or a majority of account and financial information requiring
- the POS device has, or has access to, critical financial or account information. But, the
- the invention In order to avoid placing this information at risk during transactions, the invention
- the tag identifier is transmitted to the host system through the POS device, and
- the host network checks to see that the tag, and not a counterfeit, has sent the identifier. Once the host system determines that an authorized tag sent the identifier, the host authorizes
- the POS device to further interact with the tag and allow all or certain subsequent
- the tag is authenticated using identical cryptography techniques known only by
- the POS device will
- the tag then encrypts the random number with an encryption technique using a
- the interrogator passes the ID number, the encrypted random number and the original random number to the host through the associated POS device.
- the host determines or
- a new session key is generated for each
- the tag random number is preferably generated upon receipt of the random number generated at the POS device.
- the tag random number is
- Each tag includes memory for storing various types of data, including information and
- the memory and associated electronics allow data to be stored in the
- commands sent from remote sources including, but not limited to the POS device.
- the tag may include portions of memory which are accessible and modifiable by numerous fuel dispensers, restaurant interrogators and the like.
- Various portions of memory may have different security levels with corresponding passwords.
- the tag may include portions of memory which are accessible and modifiable by numerous fuel dispensers, restaurant interrogators and the like.
- Various portions of memory may have different security levels with corresponding passwords.
- the tag may include portions of memory which are accessible and modifiable by numerous fuel dispensers, restaurant interrogators and the like.
- Various portions of memory may have different security levels with corresponding passwords.
- memory is partitioned into four or more groups wherein the associated electronics may store
- group I may require all functions to
- a second group may require the store, add and subtract functions be
- Group II may be arranged so that sources other then the host can check
- a third group may be configured so that the store and add functions are secure while the read
- the source may subtract a loyalty point for a benefit provided, as well as ensure the benefit
- group IV may be arranged such that customer information is accessible by sources
- Group IV is
- FIGURE 1 is a schematic of a tag constructed and implemented according to a preferred
- embodiment of the present invention interacting with a POS device and host network.
- FIGURE 2 A is a schematic representation of the tag 100 constructed according to the
- FIGURE 2B is a schematic of a POS device and host network constructed according to the
- FIGURE 2C is a schematic representation of the tag 100 having integrated electronics
- FIGURE 3A shows a preferred format for a tag ID.
- FIGURE 3B shows sample tag ID values for bytes 5 and 6 for the tag ID format shown in
- FIGURES 4A TO 19 illustrate various processes and data organisation employed in a
- a secure transaction system generally designated 10 includes or is associated with three major subsystems: a remote communication unit 100 (hereinafter a tag); a POS device 200 and a host network 300.
- a remote communication unit 100 hereinafter a tag
- POS device 200 POS device
- host network 300 a host network
- remote communication units 100 are adapted to communicate with and through the
- POS device 200 in order to obtain authorization and communicate information to and from
- POS device 200 primarily only relays the encrypted information sent between the tag 100
- the POS device 200 is unable to decrypt such information.
- the tag unit 100 is integrated into a small carrying medium, such as a module in a vehicle
- the tag 100 provides remote bi-directional
- POS devices 200 are located at each fueling position 24 associated with fuel dispenser 22 of fuel dispensing environment 20.
- dispensers are operatively associated with a central station store 26 by a conventional wire
- dispensing environments 20 will provide services, such as car washes, in addition to goods.
- the store 26 will include a central site controller 28 to provide central control
- Each dispenser 22 and its respective POS electronics,
- the host network 300 via a telephone network 30.
- the host network 300 provides
- the transponders 100 In addition to communicating with the POS devices 200, the transponders 100 also communicate with the POS devices 200.
- These local sources 32 may include any number of goods or service
- the present invention provides virtually impenetrable security with respect to informational
- Such direct communications from the tag 100 to the POS device 200 are those
- Communications electronics 102 provide
- remote communications with various remote sources includes a transmitter 106 and receiver
- the transmitter 106 and receiver 108 operate to
- the communications electronics 102 also include a battery power supply 114, a communication
- controller 116 associated with a memory 120 having the software 122 necessary to operate
- the communications electronics 102 and communicate with the cryptography electronics
- I/O input/output
- the communication electronics 102 provide a clock 128 signal to the
- the cryptography electronics 104 include
- controller 130 memory 132 and software 134 necessary to encrypt and decrypt data, as
- the memory 120, 132 may include random
- controller 116 and the cryptography controller 130 may be integrated into one controller.
- the software and memory of the communication and cryptography modules could be integrated into one controller.
- associated controllers may be integrated into a single controller system and/or integrated
- a single controller 115 is associated with memory 117 having
- the communication electronics 102 are preferably the Micron MicroStampTM produced by
- the communication electronics 102 operate at
- the communication electronics 102 look for once it awakens is provided by the POS device
- communication electronics 102 process the received command and send an appropriate
- the communication electronics 102 then return to the sleep mode.
- communications electronics 102 cause the cryptography electronics 104 to awaken as
- the POS device 200 preferably includes a controller 202 forming communication electronics 204 and cryptography electronics 206.
- the controller 202 is
- the controller 202 interfaces with the telephone network 30 to provide bi-directional
- the POS device 200 includes a display 212
- an input device 214 such as a touch pad or touch screen associated with the display 212.
- the POS device 200 is a fuel dispenser having at least two fueling positions and a card
- reader 216 for receiving payment through any variety of credit, debit or smartcards and a
- the card and cash acceptors are present to service
- the host network 300 includes a control system 302 forming communication electronics 304
- the host network 300 also includes memory 310 associated with the electronics 304, 306.
- the host network 300 may include additional
- communications ports 312 for communicating with other POS devices.
- the tag cryptography electronics 104 implement the encryption standard
- the tag cryptography electronics 104 are used for two main functions in the tag 100. First, it provides a secure authentication procedure when implemented with the network host 300. Thus, if the tag 100 passes this authentication procedure, then to a high level of
- cryptography electronics 104 allow the host 300 to securely write data to the tag 100, read
- All data, including commands sent to the tag cryptography electronics 104, are sent as data within the WriteDigitalPort command.
- the buffer in the tag communication electronics 102 is preferably 64 bytes.
- the host network 300 When initially configuring tag 100, the host network 300 generates a tag
- ID identification number
- main tag key which is preferably a DES key
- the POS device 200 is not used during configuration.
- tag key is injected into every tag 100, and a secure algorithm is used to generate the main tag
- each market segment includes a classification as defined by the Standard Industrial Classification
- the classification (generally known as the SIC code) for the service
- This classification is preferably stored as four byte ASCII value
- Special codes may be stored in any of the tag ID fields, such as the
- tag ID issuing company field, to provide for local or network testing. If the tag ID is formatted as
- the tag ID is not passed on to the host 300. If the fifth and sixth data fields are coded 01 (hex 30 31), then the tag is a network test tag and the tag ID is passed on
- Such testing is typically used to test communication ability and assure
- the main tag keys are generated by
- the 8 byte number (rendered here in hexadecimal) would be of the form 34
- portions of the tag ID may be operated on by a
- the main DES tag key is generated using the master keys
- tags 100 are authenticated at the host 300 using a DES encrypted value
- the tag 100 is initialized directly at host 300 without transmitting the main tag key to or through any other
- step 1 the POS
- communication electronics 204 of the POS device 200 generate and send a random number
- the tag 100 encrypts the random number
- TRN encrypted random number
- ID identification number
- the tag ID number is 10
- the host 300 calculates (or looks up) the main
- tag key for the tag 100 using the tag ID and the secret master keys in the same manner as the
- main tag key was initially created from the tag ID.
- the host 300 recalculates
- the host cryptography electronics 206 encrypt the
- the tag 100 is a valid tag
- the host 300 can use the ID number to determine whether the ID number is a counterfeit.
- the POS device 200 is, or is incorporated within, a fuel
- the POS communication electronics 204 will continuously scan for a tag 100 within a particular communications field or range.
- the POS device 200 will recover the tag ID from the tag
- the POS device 200 generates the random number (CRN) and sends it to the tag 100.
- CRN random number
- the tag 100 then encrypts the random number (CRN) using
- the POS device 200 subsequently transmits the tag ID, the random
- CRN CRN
- ECRN encrypted random number
- the host 300 calculates the main tag key from the LD number in the same manner in
- CRN CRN
- the tag 100 is valid and authorized.
- the tag 100 is valid and authorized.
- host 300 may decrypt the encrypted random number (ECRN) and compare the result to the ECRN.
- ECRN encrypted random number
- the tag cryptography electronics 104 and memory 132 of the tag 100 includes
- the DES key counter is one byte in size and is incremented only when a new main
- tag key (a DES key) is written to the tag cryptography electronics 104.
- the DES key is written to the tag cryptography electronics 104.
- DES register allows an authorized tag programmer (i.e. host 300) to calculate a current DES password and main tag key and to change the main tag key if necessary.
- the DES password is an authorized tag programmer (i.e. host 300) to calculate a current DES password and main tag key and to change the main tag key if necessary.
- the current sequence number is used when transferring data between the tag 100 and
- current sequence number preferably corresponds to a tally of transactions or operations the
- the host typically sends a sequence number to the tag with each
- the command is ignored.
- the host will include a new sequence number
- Read commands preferably include the current sequence number.
- the register in the tag is updated accordingly. The sequence number adds further security by ensuring
- the host 300 is transmitting proper data and/or commands to the tag, that no unauthorized
- the password prevents unauthorized replacement of the main tag key in the DES
- the password is used to gain access to the key, while the key is what is used by the
- a loyalty plan may be a program where customers collect bonus points based on purchases and transactions.
- the bonus points may be stored on the
- the host 300 and tag 100 must have or be able to generate identical
- the DES password register can only be directly written once. After that,
- the tag cryptography electronics 104 refuse further attempts to write to the DES password register.
- the DES password is modified by the tag 100 when a main tag key is initially written to the tag 100.
- the tag 100 preferably uses the new main tag key to encrypt the
- the main tag key is preferably an 8 byte standard DES encryption key that
- the main tag key is loaded in the
- the memory size register stores a value representative of the amount of memory
- the memory size is preferably reported in
- each block having 8 bytes of data.
- the version number register is a read only register and stores the cryptography
- the begin and end block registers are generally set by the tag programmer to reflect desired groupings of the user memory in the memory 120 of the tag cryptography electronics 104. These registers preferably reflect the begin and end blocks of the groups starting from
- a group is unused or does not exist if the begin and end block
- registers for that group are both set to zero.
- the group mode register defines the acceptable commands for a particular group.
- the group mode register is an 8 bit register. Each bit position in the
- a logical ' 1 ' in a given bit position indicates that the respective command is selected for the respective group. For example, the group mode
- the tag 100 may receive and respond to various cryptography related commands,
- the tag 100 also generates a
- TRN tag random number
- TRN random number
- SK session key
- the host 300 uses its knowledge of the tag's original main tag key to calculate the tag's original main tag key to calculate the tag's original main tag key to
- the session key (SK) using the tag random number (TRN).
- TRN tag random number
- (SK) is used to encrypt or decrypt actual data and authenticator data transferred between the
- Authenticator data is the result of a security or checking process performed on
- the session key (SK) is preferably used a maximum of four times before it is
- TRN tag random number
- data is encrypted at the host with the session key (SK) generated during the
- session key (SK) is generated at the host 300 by encrypting the tag random number (TRN) with the main tag key. Session key (SK) generation may
- encryption is meant
- the authenticator data is preferably formed by concatenating a 4 byte, 32 bit cyclic
- CRC redundancy check
- the CRC occupies the least
- the authenticator data should also be
- session key (SK) is generated by
- TRN tag random number
- authenticated is generally 8 bytes long and assumed to be numeric. As above, authenticator
- the authenticator data is formed by
- the CRC occupies the least significant 4 bytes of the 8 byte authenticator
- the authenticator data is encrypted by the tag 100 using the tag's session key (SK).
- LRC longitudinal redundancy check
- communications block is formed by performing a byte-wise binary addition of every
- the set DES password command allows a tag programmer to load the DES or other
- the tag 100 will not accept a main tag key if the password is zero.
- the password is set to zero at initialization.
- the password can only be set once. After it is
- Possible replies from the tag 100 are:
- the set DES key command allows the tag programmer to directly set the main tag
- the DES DES
- Possible replies from the tag 100 are:
- main tag key is used to encrypt the current DES password.
- the result of that encryption is
- DES key counter is incremented by one.
- the DES key counter is zeroed at initial power on for the tag, and cannot be directly written or modified except by writing a new DES key to
- the set group registers command allows the tag programmer to set up group
- the DES password is given as part of
- This command may be configured to work even if the DES password is zero
- block numbers defined in this command are absolute, start from block zero (0) and
- begin and end block numbers may overlap.
- UNSIGNED SHORT END_BLOCK_GROUP_2 end third block
- UNSIGNED CHAR GROUP MODE 2 define group mode
- the possible replies from the tag 100 are:
- the encrypt random number command requests the tag 100 to encrypt the POS
- CRN device random number
- the tag 100 replies by sending the encrypted random number (ECRN) and the tag random
- TRN Tag random number
- the tag 100 is preferably triggered upon receipt of the encrypt random number command
- the tag random number (TRN) is not
- TRN random number
- SK session key
- the possible replies from the tag 100 are:
- the secure write data command causes the tag cryptography electronics 104 to store
- the block number in this command is relative to a group
- the following protocol command sequence securely writes data to a tag 100
- the possible replies from the tag 100 are:
- the secure add data command causes the tag cryptography electronics 104 to add
- the sequence number sent from the host 300 is one higher than the
- the possible replies from the tag 100 are:
- the secure subtract data command causes the tag cryptography electronics 104 to
- the sequence number is one higher than the sequence number stored in the
- the subtract function subtracts the number in the
- the possible replies from the tag 100 are:
- This commands returns data stored in a secure read memory area of the tag
- the possible replies from the tag 100 are:
- the unsecure write data command causes the tag cryptography electronics 104 to
- the possible replies from the tag 100 are :
- Unsecure Add Data causes the tag cryptography electronics 104 to add
- the sequence number is one higher than the sequence number stored in the
- the Add function adds the data in the block to the data in
- block number in this command is relative to a group and starts from block 0.
- the command protocol sequence would be:
- the possible replies from the tag 100 are:
- the unsecure subtract data command causes the tag cryptography electronics 104 to
- sequence number is one higher than the sequence number stored in the tag cryptography
- the Subtract function subtracts the number in the command from the number
- the unsecure read data command returns data stored in the tag cryptography
- the data size is assumed to be one block or 8 bytes.
- block number in this command is relative to a group and starts from block 0.
- the possible replies from the tag 100 are:
- UNSIGNED CHAR Command_Accepted ACK; UNSIGNED CHAR Current_Sequence_Number (send current sequence number);
- the read DES module status command reads the tag status registers and also returns the tag cryptography electronics 104 version number.
- the tag user memory 120 is preferably configured to include numeric counters or
- Each counter or register is called a block. Generally, each block is 8 bytes long.
- the tag user memory 120 is divided into four different areas called groups.
- each 8 byte block is capable of storing a maximum of 16 decimal numbers.
- Blocks are numbered from 0 to (x/8) - L A detailed example is given below on block
- SK session key
- the second group of blocks is composed of 32 blocks numbered from 32 to 63. This
- the third group of blocks is composed of 32 blocks numbered from 64 to 95. This
- group of blocks may accept both an unsecure read function and an unsecure subtract
- a local source 32 (or even the POS
- the last group of blocks is composed of 32 blocks numbered from 96 to 127 and will
- Figures 10 and 11 include preferable commands and the recommended usage
- the memory 120 is preferably 256 bytes long.
- the memory 120 is preferably divided into three different
- the SuperUser password is
- Each tag 100 will have a different SuperUser password, which
- password may include customer definition data fields as shown in Figures 13A and 13B.
- Partition 0 can be read by local sources without the SuperUser password. However, only the host 300, using the SuperUser password, may write data to this partition or otherwise modify
- the host network 300 may also generate a host authentication code from the tag ID.
- the SuperUser password and host authentication code will be different for each tag 100 and
- the second partition, partition number 1 allows the host 300, POS device 200 or
- the second partition preferably includes local and host authentication codes.
- the POS device 200 can calculate the
- the local authentication code is used for
- the POS device 200 whereas the host authentication code is sent to die host for authentication.
- the POS device 200 whereas the host authentication code is sent to die host for authentication.
- the POS device reads the local and host authentication code. If local transactions are desired, the POS device
- the host authentication code is passed on to the host for
- an administrative DES key is used to generate the administrator password
- partition number 1 provides a typical layout for the second partition, (partition number 1).
- the third partition, partition number 2 provides a scratch pad for any of the various partitions.
- the scratch pad provides complete read and write
- the scratch pad can be used for virtually any type of
- the scratch pad feature expands tag compatibility with virtually
- scratch pad area allows a local system to save information to be read a short time later at the same location or station.
- the scratch pad is 32 bytes long, and its organization of
- a User password may be used to limit
- user partition is preferably the same in all tags.
- Figure 15 shows a typical layout of the third partition
- the SuperUser password for the SuperUser partition number 0 is generated by the
- the host 300 is preferably unknown to the local sources, including the POS device 200.
- SuperUser password is different for each tag and is based on the tag ID.
- the administrator password is generated by the host 300 at the time the tag is
- Each tag gets a different administrator password, which is calculated from the
- the generation process uses a unique administrator DES key, preferably supplied by
- the administrator password generation process is shown in Figure 17.
- the administrator password is preferably generated by the POS device
- the result of this is an 8 byte value.
- the 8 byte value is
- tag administrator password that is injected and stored in the tag.
- the host authentication code is read by the POS device 200 from partition 1, the
- the code is transmitted to the host 300 to authenticate the tag.
- tag has a different authentication code, which is generated from the tag ID.
- tag ID are XORed with an 8 byte constant chosen by the host. The result is then XORed
- the local authentication code is also generated by the host 300 at the time the tag is
- Each tag 100 gets a different local authentication code that is calculated from the
- the generation process uses a DES key supplied by POS device provider
- the local authentication code Generation Process is shown in Figure 19.
- the local authentication code can be generated by the POS device to allow the local system
- tag ID are first XORed with the local authentication code generator DES key, then DES
- the local authentication code is stored in the tag's administrator
- the combination of cryptography and logical operations may be reduced, amplified or
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU83499/98A AU8349998A (en) | 1997-07-16 | 1998-07-16 | Secure transactions |
EP98933804A EP0996937A1 (fr) | 1997-07-16 | 1998-07-16 | Transactions protegees |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US89522597A | 1997-07-16 | 1997-07-16 | |
US89528297A | 1997-07-16 | 1997-07-16 | |
US08/895,225 | 1997-07-16 | ||
US08/895,282 | 1997-07-16 | ||
US08/895,417 | 1997-07-16 | ||
US08/895,417 US6078888A (en) | 1997-07-16 | 1997-07-16 | Cryptography security for remote dispenser transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999004374A1 true WO1999004374A1 (fr) | 1999-01-28 |
Family
ID=27420558
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1998/002083 WO1999004374A1 (fr) | 1997-07-16 | 1998-07-16 | Transactions protegees |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP0996937A1 (fr) |
AU (1) | AU8349998A (fr) |
WO (1) | WO1999004374A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999044936A1 (fr) | 1998-03-06 | 1999-09-10 | Marconi Commerce Systems Inc. | Pistolet de pompe de distribution de carburant |
EP1247262A1 (fr) * | 2000-01-12 | 2002-10-09 | Marconi Commerce Systems Inc. | Transactions fondees sur un telephone cellulaire |
WO2004100081A1 (fr) * | 2003-05-07 | 2004-11-18 | Daimlerchrysler Ag | Systeme d'autorisation d'acces pour vehicules comportant au moins un systeme de mise en marche sans clef |
CN100433114C (zh) * | 2001-11-21 | 2008-11-12 | 戈利亚斯公司 | 广告执行监控系统和方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0134109A2 (fr) * | 1983-08-01 | 1985-03-13 | Oki Electric Industry Company, Limited | Système d'appareils pour transactions automatiques |
US5521363A (en) * | 1994-02-16 | 1996-05-28 | Tannenbaum; David H. | System and method for tracking memory card transactions |
WO1996036947A1 (fr) * | 1995-05-15 | 1996-11-21 | Mondex International Limited | Reprise de transaction dans un systeme de transfert de valeurs |
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
EP0758777A2 (fr) * | 1995-08-10 | 1997-02-19 | Palomar Technologies Corporation | Système d'enregistrement de valeurs, utilisant un protocol de chiffrement sécurisé |
WO1997024689A1 (fr) * | 1995-12-29 | 1997-07-10 | Dresser Industries, Inc. | Systeme de distribution et procede correspondant, avec identification des clients en radiofrequence |
-
1998
- 1998-07-16 WO PCT/GB1998/002083 patent/WO1999004374A1/fr not_active Application Discontinuation
- 1998-07-16 AU AU83499/98A patent/AU8349998A/en not_active Abandoned
- 1998-07-16 EP EP98933804A patent/EP0996937A1/fr not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0134109A2 (fr) * | 1983-08-01 | 1985-03-13 | Oki Electric Industry Company, Limited | Système d'appareils pour transactions automatiques |
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
US5521363A (en) * | 1994-02-16 | 1996-05-28 | Tannenbaum; David H. | System and method for tracking memory card transactions |
WO1996036947A1 (fr) * | 1995-05-15 | 1996-11-21 | Mondex International Limited | Reprise de transaction dans un systeme de transfert de valeurs |
EP0758777A2 (fr) * | 1995-08-10 | 1997-02-19 | Palomar Technologies Corporation | Système d'enregistrement de valeurs, utilisant un protocol de chiffrement sécurisé |
WO1997024689A1 (fr) * | 1995-12-29 | 1997-07-10 | Dresser Industries, Inc. | Systeme de distribution et procede correspondant, avec identification des clients en radiofrequence |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999044936A1 (fr) | 1998-03-06 | 1999-09-10 | Marconi Commerce Systems Inc. | Pistolet de pompe de distribution de carburant |
EP1247262A1 (fr) * | 2000-01-12 | 2002-10-09 | Marconi Commerce Systems Inc. | Transactions fondees sur un telephone cellulaire |
CN100433114C (zh) * | 2001-11-21 | 2008-11-12 | 戈利亚斯公司 | 广告执行监控系统和方法 |
WO2004100081A1 (fr) * | 2003-05-07 | 2004-11-18 | Daimlerchrysler Ag | Systeme d'autorisation d'acces pour vehicules comportant au moins un systeme de mise en marche sans clef |
Also Published As
Publication number | Publication date |
---|---|
EP0996937A1 (fr) | 2000-05-03 |
AU8349998A (en) | 1999-02-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6078888A (en) | Cryptography security for remote dispenser transactions | |
US12021863B2 (en) | Self-authenticating chips | |
AU2006348401B2 (en) | System and method for generating an unpredictable number using a seeded algorithm | |
EP0674795B1 (fr) | Clavier pour numero d'identification personnel combine a un terminal | |
US5832090A (en) | Radio frequency transponder stored value system employing a secure encryption protocol | |
EP0696016B1 (fr) | Méthode pour administrer la sécurité pour un support de données sous forme de carte et support de données sous forme de carte | |
CA2621358C (fr) | Systeme et procede de securisation de numeros de comptes de dispositifs de proximite | |
US9033246B2 (en) | Methods and systems to remotely issue proximity payment devices | |
CA2691789C (fr) | Systeme et procede pour l'obscurcissement d'identifiant de compte | |
US8736424B2 (en) | Systems and methods for performing secure financial transactions | |
CN101599130B (zh) | 信息处理装置、信息处理方法以及通信系统 | |
US20160196547A1 (en) | Wireless transaction medium having combined magnetic stripe and radio frequency communications | |
US20100228668A1 (en) | Method and System for Conducting a Transaction Using a Proximity Device and an Identifier | |
US20060266822A1 (en) | Secure Credit Card with Near Field Communications | |
US20040182921A1 (en) | Card reader module with account encryption | |
CN104969245A (zh) | 用于安全元件交易和资产管理的装置和方法 | |
US20200211014A1 (en) | Security aspects of a self-authenticating credit card | |
CN101138242A (zh) | 交互式电视系统 | |
EP0996937A1 (fr) | Transactions protegees | |
WO2002080119A1 (fr) | Generation de jetons d'achat | |
JPH11167664A (ja) | Icカードを用いた決済方法およびシステム | |
JPS63262779A (ja) | Icカード認証システム | |
ZA200307147B (en) | Generation of vending tokens. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1998933804 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 83499/98 Country of ref document: AU |
|
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1998933804 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998933804 Country of ref document: EP |