WO2004055744A1 - Communication entre un appareil de commande, un module de vendeur et un module de client - Google Patents

Communication entre un appareil de commande, un module de vendeur et un module de client Download PDF

Info

Publication number
WO2004055744A1
WO2004055744A1 PCT/EP2003/014254 EP0314254W WO2004055744A1 WO 2004055744 A1 WO2004055744 A1 WO 2004055744A1 EP 0314254 W EP0314254 W EP 0314254W WO 2004055744 A1 WO2004055744 A1 WO 2004055744A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
customer
provider
provider module
operating device
Prior art date
Application number
PCT/EP2003/014254
Other languages
German (de)
English (en)
Inventor
Daniel Ciesinger
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=32336379&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2004055744(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Priority to AU2003296651A priority Critical patent/AU2003296651A1/en
Publication of WO2004055744A1 publication Critical patent/WO2004055744A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Definitions

  • the invention relates generally to the field of electronic communication and in particular to the field of secure handling of data in transactions between a provider and a customer.
  • the invention further relates to the use of at least one portable data carrier, e.g. a smart card in this context.
  • the object of the invention is to provide a technology for communication between an operating device, a provider module and a customer module which, on the one hand, offers great flexibility for a large number of possible applications and, on the other hand, offers good protection against unauthorized use.
  • the invention should also be able to be implemented inexpensively.
  • this object is achieved in whole or in part by a method having the features of claim 1, a provider module according to claim 8, a customer module according to claim 10 and a computer program product according to claim 11.
  • the dependent claims define preferred embodiments of the invention.
  • the invention is based on the basic idea of using the provider module on the one hand to mediate a data exchange between the operating device and the customer module and on the other hand for authentication to the customer module.
  • This measure creates a system in which the customer module can only check the authorization of the querying body before issuing confidential information.
  • the system structure according to the invention makes it possible to use customer and provider modules which are based on a client-server communication model with requests and responses. Such modules are available in a variety of configurations.
  • provider module and "customer module” denotes the role of the users of these modules in typical applications.
  • the provider module is assigned to a provider of goods, services or intangible services, for example a dealer, a pharmacist, a doctor, an issuing agency for bonus points and so on.
  • the customer module is owned by the customer.
  • these typical roles are only to be understood as examples and not as a restriction of the scope of protection. Rather, all modules that can request authentication should rather be regarded as customer modules in the sense of the present invention, and all modules that are able to authenticate themselves as provider modules.
  • the invention is particularly flexible because it separates the security-critical authentication method from the actual application - for example, the submission of prescriptions or the administration of bonus points.
  • the application can be developed with significantly less effort and with significantly greater freedom than with previously known systems.
  • the invention enables the interaction between the provider module, for example a dealer card, and the customer module to be implemented via a local or global network, for example the Internet, without media break.
  • the system according to the invention can in principle also be used as a system for cashless payment or as a wallet system - similar to the already mentioned Mondex system or the money card known in Germany.
  • the customer module is designed as a portable data carrier
  • the provider module can also be a portable data carrier in preferred embodiments.
  • portable data carriers are, in particular, chip cards with their own intelligence (smart cards) that are the size of credit cards or in compact designs, such as Mobile phone SIMs can be configured.
  • the portable data carrier can also be a non-card-shaped assembly, e.g. a USB dongle.
  • the provider module is a program executed on a secure server that simulates the function of a physical provider module and is therefore referred to as a "virtual provider module".
  • the communication between the operating device and the provider module and / or between the provider module and the customer module takes place via at least one Internet protocol.
  • Internet protocols are TCP / IP (Transmission Control Protocol / Internet Protocol), UDP / IP (User Datagram Protocol / Internet Protocol), IPSec (IP Security Protocol), TLS (Transport Layer Security), SSL (Secure Sockets Layer ), HTTP (Hypertext Transfer Protocol) and S-HTTP (Secure HTTP).
  • the provider module can be authenticated to the customer module by means of HTTP digest authentication or by means of SSL client authentication.
  • the protocols mentioned are well known per se and are described in detail in the corresponding RFC standards and other documents. The protocols as such are not the subject of the present invention.
  • an authentication of the customer module to the provider module is preferably also provided.
  • the data transmission takes place between the
  • Provider module and the customer module in a secure, e.g. encrypted, form can be used for a plurality of communication processes between the provider module and the customer module without repeated authentication.
  • authentication of one or both communication partners and / or encryption of the transmitted messages can also take place in the communication between the operating device and the provider module.
  • the computer program product according to the invention has program commands in order to implement or execute the method according to the invention in a data carrier.
  • a computer program product can be a physical medium for example a semiconductor memory or a floppy disk or a CD-ROM.
  • the computer program product can also be a non-physical medium, for example a signal transmitted over a computer network.
  • the computer pro computer program product can be a data carrier operating system or a part thereof or a program provided for execution by the data carrier.
  • the provider module, the customer module and the computer program product have features which correspond to the features mentioned above and / or to the features mentioned in the dependent method claims.
  • Fig. 1 is a block diagram with components of an embodiment of the invention.
  • FIG. 2 shows an exemplary flow chart of a communication process.
  • the operating device 10 is a personal computer (PC) with input means, such as a keyboard and a mouse, and output means, such as a screen.
  • the operating device 10 executes an Internet browser, such as the browser known by the Internet Explorer brand. In Fig. 1, this browser is symbolic by a on the screen of the operating device 10 shown browser window 18.
  • the operating device 10 can also be designed differently, for example as a compact device with a display and a keypad.
  • the provider module 12 and the customer module 14 are each designed as a portable data carrier.
  • each of these data carriers is a chip card which, in a manner known per se, has a semiconductor chip with a processor core, a plurality of memory fields designed in different technologies and an interface for wired or wireless communication.
  • the data carriers are each connected to the network 16 via an interface device 20, 22.
  • the interface devices 20, 22 are shown as external devices.
  • alternative embodiments provide for integrating the interface device 20 and / or the interface device 22 into the operating device 10.
  • the provider module 12 can be permanently or removably installed in the operating device 10, while the customer module 14 can generally be easily inserted into the interface device 22 and removed again.
  • both the provider module 12 and the customer module 14 are designed as an Internet smart card, that is to say as a chip card in which an Internet protocol stack is implemented.
  • the Internet protocol stack includes, for example, the Internet protocols TCP / IP for the transport and network layer and HTTP for the application layer, a security layer using SSL being placed on the transport layer.
  • TCP / IP Internet protocols
  • HTTP HyperText Transfer Protocol
  • SSL Secure Sockets Layer
  • other or additional protocols can also be used, in particular for security and authentication purposes.
  • the network 16 is a local TCP / IP network, which can either be separated from the outside world or can be connected to the Internet via suitable protective devices. In particular, in configurations in which one or both interface devices 20, 22 are or are integrated in the operating device 10, the network 16 can only make one or two point-to-point connections between the operating device 10 and the provider module 12 and / or between the provider module 12 and de customer module 14.
  • the browser can, for example, by entering the IP address in the
  • the provider module 12 Access the browser's address list directly to the provider module 12.
  • the provider module 12 then presents a website that allows the selection of various transactions and the entry of the network parameters of the customer module.
  • the network parameters of the customer module 14 are set, then a transaction is selected, whereupon the provider module 12 establishes a network connection to the customer module 14, authenticates itself and transmits the instructions and parameters required for the transaction into the customer module.
  • the customer module 14 then transmits the requested data to the provider module 12, which processes the data received and transmits a suitable success message to the browser.
  • the browser running on the operating device 10 is configured such that it uses the provider module 12 as a proxy for the communication with the customer module 14.
  • an address of the provider module 12 is entered in a configuration field of the browser provided for setting up proxies. Name conflicts cannot occur in a local network 16.
  • the browser then routes all actually directed to the customer module 14 Requirements for the provider module 12.
  • the provider module 12 is also configured such that it can access the customer module 14 via the local network 16 and works as a proxy for the customer module 14.
  • the address of the customer module 14 (e.g. http: // ambience.loca!) Is entered in the address bar of the browser running on the operating device 10.
  • the browser then sends a request to the provider module 12 serving as a proxy. If the request does not include access to specially protected data, the provider module 12 can easily forward it to the customer module 14.
  • the customer module 14 works as an Internet server and responds to the incoming HTTP request with a suitable HTTP response.
  • the response may include an HTML document that defines selection fields for several operations offered by customer module 14.
  • the answer is passed on to the operating device 10 via the provider module 12.
  • There the browser displays the HTML document from the customer module 14 on the screen.
  • a section of the HTML document is visible, which contains the operation "output recipe" offered by the customer module 14 as the only selection field.
  • FIG. 2 shows an example flow that is executed when this request concerns confidential data. This is for example wise in the operation "issue prescription" of a patient card, because the stored prescription should only be made accessible to authorized persons - eg pharmacists.
  • the request generated when the "Issue recipe" operation is selected is marked as security-critical, for example in that it does not specify "http:” but "https:” as the protocol.
  • Step 30 in FIG. 2 relates to the transmission of this request from the operating device 10 to the provider module 12.
  • the provider module 12 analyzes the incoming request and determines that authentication with the customer module 14 is required, because otherwise the customer module 14 would not answer the request. The provider module 12 then carries out the authentication. In the present exemplary embodiment, this is done in the communication steps 32 and 34, which are only shown schematically in FIG. 2, in that the provider module 12 establishes a secure SSL connection with the customer module 14. The provider module 12 forms the client and the customer module 14 forms the server.
  • the client In connection with the establishment of the SSL connection, in addition to authenticating the server with the client and agreeing on a session key for the further, encrypted communication, the client is also authenticated with the server, which is known as SSL Client Authentication.
  • SSL Client Authentication For example, a challenge-response method known per se can be used for this authentication.
  • the client receives data from the server - the so-called challenge - that the client processes in a cryptographic operation using a private key of the client.
  • the client sends the result to the server, which then uses the complementary, public the client's public key checks whether the client actually has the correct private key.
  • the keys of the provider modules 12 used in the SSL authentication are issued by trustworthy organizations - so-called trust centers.
  • the trust centers are also entered in the customer module 14 as trustworthy.
  • PKI Public Key Infrastructure
  • Such a key management known as Public Key Infrastructure (PKI) is particularly necessary if a group of dealers or service providers is to be given access to customer modules 14.
  • the provider module 12. Forwards the request to the customer module 14 in step 36.
  • the customer module 14 processes the request and generates the desired answer in step 38.
  • This can be, for example, an HTTP response with the recipe stored in the customer module 14 in the form of an HTML document.
  • the answer is sent in step 40 from the customer module 14 to the provider module 12 ; transmitted and forwarded in step 42 from the provider module 12 to the operating device 10.
  • There the HTML document contained in the answer is displayed in step 44 by the browser in the browser window 18. Further communication steps can now follow, each of which has a request directed from the operating device 10 via the provider module 12 to the customer module 14 and a response directed from the customer module 14 via the provider module 12 to the operating device 10.
  • a renewed authentication is generally not necessary, especially not if - as in the present exemplary embodiment - a secure data transmission path has been established between the provider module 12 and the customer module 14 in the course of the first authentication.
  • alternative embodiments are also provided in which the method shown in FIG. 2, including the authentication, is repeated for each request-response pair.
  • the provider module 12 is set up to monitor the requests arriving from the operating device 10 and to initiate the authentication in steps 32 and 34 before forwarding the first security-critical request.
  • the provider module 12 initially forwards all incoming requests to the customer module 14 and the authentication process only begins in response to an error message or another authentication request from the customer module 14.
  • design variants are conceivable in which the provider module 12 always authenticates itself with the customer module 14 - possibly in connection with the establishment of a secure data transmission channel - before it begins to act as a proxy for the transmission of messages between the operating device 10 and the customer module 14 ,
  • versions are particularly useful for online retailers in which the customer module 14 is accessed by means of a browser and this then initiates communication with the provider module 12.
  • the provider module 12 is designed as a virtual provider module.
  • the secure server over the network 16 - either locally or over a virtual private network (VPN) or via 'a secure data transmission channel in the Internet - to reach.
  • the virtual provider module which is provided by the secured server, then communicates with the operating device 10 and the customer module 14, just as in the sequence shown in FIG. 2, and carries out the required authentication with respect to the customer module 14.
  • the secured server provides a plurality of virtual provider modules - for a single provider or for several providers.

Abstract

Procédé de communication via un réseau (16) entre un appareil de commande (10), un module de vendeur (12) et un module de client (14) conçu sous forme de support de données portable, selon lequel une demande est transmise (30) de l'appareil de commande (10) au module de vendeur (12), le module de vendeur (12) s'authentifie (32, 34) auprès du module de client (14), la demande est transmise (36) du module de vendeur (12) au module de client (14), une réponse à la demande est transmise du module de client (14) au module de vendeur (12) et la réponse est transmise (42) du module de vendeur (12) à l'appareil de commande (10). Un module de vendeur (12), un module de client (14) et un produit sous forme de programme informatique présentent des caractéristiques correspondantes. La présente invention concerne une technique de communication entre l'appareil de commande (10), le module de vendeur (12) et le module de client (14), qui offre d'une part une grande souplesse pour une pluralité d'utilisations possibles et d'autre part une bonne protection contre l'utilisation non autorisée.
PCT/EP2003/014254 2002-12-16 2003-12-15 Communication entre un appareil de commande, un module de vendeur et un module de client WO2004055744A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003296651A AU2003296651A1 (en) 2002-12-16 2003-12-15 Communication between an operator device, a seller module and a customer module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10258769.8 2002-12-16
DE10258769.8A DE10258769C5 (de) 2002-12-16 2002-12-16 Kommunikation zwischen einem Bediengerät, einem Anbietermodul und einem Kundenmodul

Publications (1)

Publication Number Publication Date
WO2004055744A1 true WO2004055744A1 (fr) 2004-07-01

Family

ID=32336379

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2003/014254 WO2004055744A1 (fr) 2002-12-16 2003-12-15 Communication entre un appareil de commande, un module de vendeur et un module de client

Country Status (3)

Country Link
AU (1) AU2003296651A1 (fr)
DE (1) DE10258769C5 (fr)
WO (1) WO2004055744A1 (fr)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10356512A1 (de) * 2003-12-03 2005-07-07 Siemens Ag Vorrichtung zur Ermöglichung eines elektronischen Zahlungsverkehrs im Gesundheitssystem mit Hilfe von maschinenlesbaren Medien für Patienten und Leistungserbringer
DE102006057201B4 (de) * 2006-12-05 2008-08-21 Vita-X Ag Chipkarte und Verfahren zur Verwendung als Patientenkarte
DE102007055653A1 (de) * 2007-11-21 2009-05-28 Giesecke & Devrient Gmbh Portabler Datenträger mit Web-Server
DE102008000897B4 (de) 2008-03-31 2018-05-03 Compugroup Medical Se Kommunikationsverfahren einer elektronischen Gesundheitskarte mit einem Lesegerät
DE102008002588B4 (de) 2008-05-15 2010-06-02 Compugroup Holding Ag Verfahren zur Erzeugung eines asymmetrischen kryptografischen Schlüsselpaares und dessen Anwendung
DE202008013415U1 (de) 2008-10-10 2009-03-19 Compugroup Holding Ag Datenverarbeitungssystem zur Bereitstellung von Berechtigungsschlüsseln
DE102009001718B4 (de) 2009-03-20 2010-12-30 Compugroup Holding Ag Verfahren zur Bereitstellung von kryptografischen Schlüsselpaaren
EP2348452B1 (fr) 2009-12-18 2014-07-02 CompuGroup Medical AG Procédé implémenté par ordinateur pour générer un pseudonyme, support de stockage lisible sur ordinateur et système informatique
EP2348449A3 (fr) 2009-12-18 2013-07-10 CompuGroup Medical AG Procédé implémenté informatique pour générer un pseudonyme, support de stockage lisible sur ordinateur et système informatique
EP2348447B1 (fr) 2009-12-18 2014-07-16 CompuGroup Medical AG Procédé implémenté informatique pour générer un pseudonyme, support de stockage lisible sur ordinateur et système informatique
US8266435B2 (en) 2010-01-25 2012-09-11 Compugroup Holding Ag Method for generating an asymmetric cryptographic key pair and its application
EP2365456B1 (fr) 2010-03-11 2016-07-20 CompuGroup Medical SE Procédé implémenté informatique pour générer un pseudonyme, support de stockage lisible sur ordinateur et système informatique

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (fr) * 1991-09-05 1993-03-12 Gemplus Card Int Procede de transmission d'information confidentielle entre deux cartes a puces.
WO1997022092A2 (fr) * 1995-12-14 1997-06-19 Venda Security Corporation Carte de donnees personnelles protegees et procede d'utilisation de cette carte
US5878134A (en) * 1994-10-03 1999-03-02 News Data Com Ltd. Secure access systems utilizing more than one IC card
US5979773A (en) * 1994-12-02 1999-11-09 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods
WO2000079411A2 (fr) * 1999-06-21 2000-12-28 Sun Microsystems, Inc. Procede et appareil pour la realisation de transactions commerciales via internet
US6247644B1 (en) * 1998-04-28 2001-06-19 Axis Ab Self actuating network smart card device
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
EP1111505A1 (fr) * 1999-12-21 2001-06-27 Motorola, Inc. Architecture pour l'exécution d'applications dans un environnement de communication de données
US20020065730A1 (en) * 2000-11-30 2002-05-30 Naoaki Nii Method of and a system for distributing electronic content

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725200B1 (en) * 1994-09-13 2004-04-20 Irmgard Rost Personal data archive system
GB9513379D0 (en) * 1995-06-30 1995-09-06 Jonhig Ltd Electronic purse system
JPH0950465A (ja) * 1995-08-04 1997-02-18 Hitachi Ltd 電子ショッピング方法、電子ショッピングシステムおよび文書認証方法
NL1001509C2 (nl) * 1995-10-26 1997-05-02 Nederland Ptt Werkwijze voor het annuleren van een transactie met een elektronisch betaalmiddel, alsmede betaalmiddel voor toepassing van de werkwijze.
US7036738B1 (en) * 1999-05-03 2006-05-02 Microsoft Corporation PCMCIA-compliant smart card secured memory assembly for porting user profiles and documents
US6845367B2 (en) * 1999-12-23 2005-01-18 International Business Machines Corporation Process and device for internet payments by means of security modules
JP2001216400A (ja) * 2000-02-04 2001-08-10 Teikoku Databank Ltd 電子商取引システム
AU2001236812A1 (en) * 2000-02-09 2001-08-20 Internetcash.Com Method and system for making anonymous electronic payments on the world wide web
DE10031220C2 (de) * 2000-06-27 2002-05-29 Ulrich Michael Kipper Verfahren und Vorrichtung zur Abwicklung einer Transaktion in einem elektronischen Kommunikationsnetzwerk
US20020029169A1 (en) * 2000-09-05 2002-03-07 Katsuhiko Oki Method and system for e-transaction
DE10058249A1 (de) * 2000-11-23 2002-06-13 Anthros Gmbh & Co Kg Verfahren zur gesicherten elektronischen Übermittlung von Transaktionsdaten
US7114178B2 (en) * 2001-05-22 2006-09-26 Ericsson Inc. Security system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (fr) * 1991-09-05 1993-03-12 Gemplus Card Int Procede de transmission d'information confidentielle entre deux cartes a puces.
US5878134A (en) * 1994-10-03 1999-03-02 News Data Com Ltd. Secure access systems utilizing more than one IC card
US5979773A (en) * 1994-12-02 1999-11-09 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods
WO1997022092A2 (fr) * 1995-12-14 1997-06-19 Venda Security Corporation Carte de donnees personnelles protegees et procede d'utilisation de cette carte
US6247644B1 (en) * 1998-04-28 2001-06-19 Axis Ab Self actuating network smart card device
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
WO2000079411A2 (fr) * 1999-06-21 2000-12-28 Sun Microsystems, Inc. Procede et appareil pour la realisation de transactions commerciales via internet
EP1111505A1 (fr) * 1999-12-21 2001-06-27 Motorola, Inc. Architecture pour l'exécution d'applications dans un environnement de communication de données
US20020065730A1 (en) * 2000-11-30 2002-05-30 Naoaki Nii Method of and a system for distributing electronic content

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BLOBEL B ET AL: "Securing interoperability between chip card based medical information systems and health networks", INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, ELSEVIER SCIENTIFIC PUBLISHERS, SHANNON, IR, VOL. 64, NR. 2-3, PAGE(S) 401-415, ISSN: 1386-5056, XP004329226 *
JEAN S ET AL: "Smart cards integration in Distributed Information Systems: the Interactive execution model", XP002273457 *
WON JAY SONG ET AL: "The internet- and digital signature-based prescription order communication system using synchronized smart cards in the 2-way type terminal", PROCEEDINGS OF THE 23RD. ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY. 2001 CONFERENCE PROCEEDINGS. (EMBS). INSTANBUL, TURKEY, OCT. 25 - 28, 2001, ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN M, ISBN: 0-7803-7211-5, XP010593918 *

Also Published As

Publication number Publication date
DE10258769B4 (de) 2012-05-31
DE10258769C5 (de) 2017-08-17
DE10258769A1 (de) 2004-06-24
AU2003296651A1 (en) 2004-07-09

Similar Documents

Publication Publication Date Title
EP1108308B1 (fr) Systeme et procede permettant de controler le deroulement d'une session dans les applications en reseau
DE60200093T2 (de) Sichere Benutzerauthenifizierung über ein Kommunikationsnetzwerk
EP1358533B1 (fr) Procede, systeme et moyen de securite pour authentifier un utilisateur
DE60214632T2 (de) Multidomäne Berechtigung und Authentifizierung
DE60200081T2 (de) Sichere Benutzer- und Datenauthenifizierung über ein Kommunikationsnetzwerk
DE60209217T2 (de) Endgeräte-kommunikationssystem
EP2769330B1 (fr) Procédé d'appel d'un programme client
DE10065667A1 (de) Verfahren und Vorrichtung zur Gemeinschaftsverwaltung bei einem Vornehmen von Diensten bei entfernten Systemen
EP2856437A1 (fr) Procédé et dispositif pour commander un mécanisme de verrouillage au moyen d'un terminal mobile
DE112004002462T5 (de) Mit dem Internetprotokoll kompatibles Zugangsauthentifizierungs-System
WO2010112368A2 (fr) Procédé de lecture d'attributs sur un jeton d'identification, via une liaison radio mobile
EP2454704A1 (fr) Procédé de lecture d'attributs d'un jeton d'identification
WO2010031700A2 (fr) Procédé de télécommunications, produit de programme informatique, et système informatique
EP1792248A1 (fr) Appareil portatif pour liberer un acces
DE10258769B4 (de) Kommunikation zwischen einem Bediengerät, einem Anbietermodul und einem Kundenmodul
EP3748521B1 (fr) Méthode pour lire les attributs d'un témoin d'identité
EP2080147A1 (fr) Procédé pour l'exécution d'une application à l'aide d'un support de données portable
DE602004012059T2 (de) Techniken zum dynamischen Aufbauen und Handhaben von Authentisierung und Vertrauensverhältnissen
DE102008062984A1 (de) Prozess zur Authentifizierung eines Nutzers durch ein Zertifikat unter Verwendung eines Ausserband-Nachrichtenaustausches
EP1697820B1 (fr) Procede pour activer un acces a un systeme informatique ou a un programme
WO2009052983A1 (fr) Carte à puce internet
DE10250195A1 (de) Verfahren und Anordnung zum Authentifizieren einer Bedieneinheit sowie Übertragen einer Authentifizierungsinformation zu der Bedieneinheit
WO2002067532A1 (fr) Procede pour transmettre des donnees, serveur mandataire et systeme de transmission de donnees
DE102018204447A1 (de) Automatisiertes Verfahren zum Schutz von elektronischen Daten zum Zwecke der Datenverarbeitung durch Dritte unter Einbezug transparenter und unterbrechungssicherer Vergütung
EP3502971B1 (fr) Carte à puce de processeur et son procédé de fonctionnement

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP