WO2002093512A2 - Virtuelle chipkarte - Google Patents
Virtuelle chipkarte Download PDFInfo
- Publication number
- WO2002093512A2 WO2002093512A2 PCT/CH2002/000205 CH0200205W WO02093512A2 WO 2002093512 A2 WO2002093512 A2 WO 2002093512A2 CH 0200205 W CH0200205 W CH 0200205W WO 02093512 A2 WO02093512 A2 WO 02093512A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vcc
- key
- chip card
- data
- encrypted
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
Definitions
- the invention relates to a virtual chip card and a method for accessing sensitive data stored on such a virtual chip card, and a system for storing and accessing such virtual chip cards.
- This authorization check takes place, for example, via a communication link Communication with the computer of the cardholder's bank takes place. This communication can be used to check, for example, whether the cardholder's account still has sufficient cover for the desired payment amount or whether there is a suitable framework for a credit facility. If this is the case, the payment is authorized and the payment process is completed.
- 3A and 3B illustrate the method steps when accessing the virtual chip card
- FIG. 1 shows an exemplary embodiment of a virtual chip card VCC according to the invention.
- the exemplary embodiment of the virtual chip card VCC shown in FIG. 1 is encrypted in its entirety with an inaccessible master key K BB and is stored in this encrypted form on the computer 3 (FIG. 2) of a service provider.
- the virtual chip card VCC is therefore completely inaccessible to the staff of the service provider since it is stored in encrypted form and the staff of the service provider do not have the master key K BB (possibly with the exception of a few people such as the chief information officer) knows.
- the virtual chip card VCC comprises a control part CP and a data part DP.
- the data part DP contains the sensitive data, for example personal data, keys for asymmetrical encryption methods, passwords for computer applications, etc., but in a form encrypted with the key K.
- the further communication between the inaccessible unit BB and the holder of the virtual chip card VCC (or the device 1) encrypted with the session key K s (step 52) instead.
- data in plain text in the inaccessible unit BB is transmitted in encrypted form using the session key K s to the destination (that is to say to the device 1 or to the cardholder located there) or other operations are also carried out under the session key K s ,
- the data is safe and not accessible to third parties, or any operations are carried out in a safe and inaccessible manner. At no time can unauthorized third parties access any confidential information, be it keys or data.
- the virtual chip card is encrypted with the master key K BB in the inaccessible unit BB and, if necessary, in an updated form if the card holder has made changes returned in this form to the computer 3 of the service provider (step 53), where the - possibly updated - virtual chip card VCC is stored. Communication is then ended (step 54).
- the virtual chip card VCC is stored on the computer 3 of the service provider, but in an encrypted form (namely encrypted with the master key K BB of the black box BB), which is used by the staff of the service provider cannot be decrypted.
- the virtual chip card VCC were not encrypted with the master key K BB but were stored unencrypted on the computer 3, the data in plain text are nevertheless not readable by third parties, not even by the service provider staff.
- the RVCC root chip card is created in the inaccessible unit BB (black box) and is able to have the issuing chip cards IVCC issued by the inaccessible unit BB.
- a service provider is entitled to issue virtual (VCC) smart cards to its (end) customers, its computer must be authorized to do so by the inaccessible unit BB, i.e. it must receive an IVCC issuer chip card. Since the service provider should never have knowledge of the data on a VCC of an end customer, even when creating a VCC for a cardholder, the data at the service provider must not be in plain text.
- the end customer requests the creation of a virtual chip card VCC, which in the exemplary embodiment described is stored in encrypted form (namely encrypted with the main key K BB of the black box) on the computer 3 (database) of the service provider, he must first compare to identify the service provider and to inform the service provider of the desired password (However, in encrypted form, namely encrypted with the public key of the inaccessible unit K PUB , BB , so that the service provider cannot read this password). The service provider will check the creditworthiness of the end customer.
- the service provider determines that he is creating a virtual chip card VCC for the end customer and wants to save it in an encrypted form on his computer 3 (database) and make it available, he informs the inaccessible unit BB, which knows that the Service provider is authorized due to its issuer chip card IVCC to issue new virtual chip cards VCC.
- the inaccessible unit BB then generates a corresponding virtual chip card VCC for the user (end customer of the service provider), decrypts the password communicated by the user with the public key K PUB , EB with the complementary private key, and assigns this password to the password to be created virtual chip card VCC and generates an associated checkerboard pattern.
- the black box BB does not have to be a separate physical unit, but can be installed in software on the computer 3 of the service provider without the service provider personnel having the possibility of accessing the data of the virtual chip cards VCC.
- two software components are installed on the computer 3 of the service provider when the Black Box BB is implemented in software, an administration software and a processing software.
- VCC virtual chip card processing software and, on the other hand, management of the contents of the VCC virtual chip card database.
- the management software can perform the following operations in particular: - Have a new virtual chip card VCC added - Delete existing virtual chip cards.
- the processing software is for the service provider inaccessible and to a certain extent represents the Black Box BB. It has the following tasks in particular:
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02717924A EP1388137A2 (de) | 2001-05-11 | 2002-04-12 | Virtuelle chipkarte |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH865/01 | 2001-05-11 | ||
CH8652001 | 2001-05-11 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002093512A2 true WO2002093512A2 (de) | 2002-11-21 |
WO2002093512A3 WO2002093512A3 (de) | 2003-02-20 |
Family
ID=4543564
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CH2002/000205 WO2002093512A2 (de) | 2001-05-11 | 2002-04-12 | Virtuelle chipkarte |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1388137A2 (de) |
WO (1) | WO2002093512A2 (de) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0769767A2 (de) * | 1995-10-20 | 1997-04-23 | Lucent Technologies Inc. | Chipkarten verwendende gesicherte Geldüberweisungstechniken |
DE19726451A1 (de) * | 1996-11-17 | 1998-05-20 | Tils Peter | Geldkarte, insbesondere Kreditkarte, Euroscheckkarte, Krankenkassenkarte etc. |
EP0950972A2 (de) * | 1997-11-12 | 1999-10-20 | Citicorp Development Center, Inc. | System und Verfahren zum gesicherten Speichern von elektronischen Daten |
WO2000067220A1 (en) * | 1999-05-03 | 2000-11-09 | The Chase Manhattan Bank | A virtual private lock box |
-
2002
- 2002-04-12 EP EP02717924A patent/EP1388137A2/de not_active Withdrawn
- 2002-04-12 WO PCT/CH2002/000205 patent/WO2002093512A2/de not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0769767A2 (de) * | 1995-10-20 | 1997-04-23 | Lucent Technologies Inc. | Chipkarten verwendende gesicherte Geldüberweisungstechniken |
DE19726451A1 (de) * | 1996-11-17 | 1998-05-20 | Tils Peter | Geldkarte, insbesondere Kreditkarte, Euroscheckkarte, Krankenkassenkarte etc. |
EP0950972A2 (de) * | 1997-11-12 | 1999-10-20 | Citicorp Development Center, Inc. | System und Verfahren zum gesicherten Speichern von elektronischen Daten |
WO2000067220A1 (en) * | 1999-05-03 | 2000-11-09 | The Chase Manhattan Bank | A virtual private lock box |
Also Published As
Publication number | Publication date |
---|---|
WO2002093512A3 (de) | 2003-02-20 |
EP1388137A2 (de) | 2004-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69814406T2 (de) | Tragbare elektronische vorrichtung für systeme zur gesicherten kommunikation und verfahren zur initialisierung der parameter | |
DE69435079T2 (de) | Chipkarte für eine Vielzahl von Dienstleistungsanbietern und für entfernte Aufstellung derselben | |
DE69531711T2 (de) | Sichere Geldübertragungstechniken mit Chipkarten | |
EP0281057B1 (de) | Schaltungsanordnung zur Sicherung des Zugangs zu einem Datenverarbeitungssystem mit Hilfe einer Chipkarte | |
DE69829642T2 (de) | Authentifizierungssystem mit chipkarte | |
DE10297521T5 (de) | Verbraucher-zentrisches kontext-bewußtes Vermittlungsmodell | |
DE3319919A1 (de) | Schutzsystem fuer intelligenz-karten | |
WO2002023303A2 (de) | Verfahren zum absichern einer transaktion auf einem computernetzwerk | |
DE3103514A1 (de) | Verfahren und vorrichtung zum steuern einer gesicherten transaktion | |
DE3044463A1 (de) | Verfahren und vorrichtung zum codieren einer karte | |
EP0970447B1 (de) | Netzwerkunterstütztes chipkarten-transaktionsverfahren | |
DE60008795T2 (de) | Informatikvorrichtung zur anwendung von akkredtierungsdaten auf eine software oder auf einen dienst | |
DE102011116489A1 (de) | Mobiles Endgerät, Transaktionsterminal und Verfahren zur Durchführung einer Transaktion an einem Transaktionsterminal mittels eines mobilen Endgeräts | |
DE60029379T2 (de) | Verfahren und Gerät, die einem Rechnerbenutzer erlauben, vor der Eingabe von privilegierten Informationen ein System zu authentifizieren | |
DE4230866B4 (de) | Datenaustauschsystem | |
DE102007008651A1 (de) | Chipkarte und Verfahren zur Freischaltung einer Chipkarten-Funktion | |
EP1152379A2 (de) | Verfahren zum anfordern der ausführung einer mit der karte verbundenen verpflichtung durch den kartenhalter und zum anerkennen dieser verpflichtung durch den kartenausgeber | |
WO2009121197A1 (de) | System und verfahren zum bereitstellen von benutzermedien | |
WO1998050894A1 (de) | System zum gesicherten lesen und bearbeiten von daten auf intelligenten datenträgern | |
DE69825410T2 (de) | Verfahren zur Kompression von digitalen Zertifikaten zur Verwendung in einer Chipkarte | |
EP2399218B1 (de) | Verfahren zur erzeugung eines identifikators | |
DE10297517T5 (de) | Automatisiertes digitales Rechte-Management und Zahlungssystem mit eingebettetem Inhalt | |
DE10048939B4 (de) | Bedingte Unterdrückung der Überprüfung eines Karteninhabers | |
DE60122912T2 (de) | Verfahren zum liefern von identifikationsdaten einer bezahlkarte an einen anwender | |
WO2002093512A2 (de) | Virtuelle chipkarte |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002717924 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002717924 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |