WO2009070041A2 - Système de paiement et procédé de fonctionnement - Google Patents

Système de paiement et procédé de fonctionnement Download PDF

Info

Publication number
WO2009070041A2
WO2009070041A2 PCT/NZ2008/000322 NZ2008000322W WO2009070041A2 WO 2009070041 A2 WO2009070041 A2 WO 2009070041A2 NZ 2008000322 W NZ2008000322 W NZ 2008000322W WO 2009070041 A2 WO2009070041 A2 WO 2009070041A2
Authority
WO
WIPO (PCT)
Prior art keywords
pos terminal
computer system
transaction
key
operating configuration
Prior art date
Application number
PCT/NZ2008/000322
Other languages
English (en)
Other versions
WO2009070041A3 (fr
Inventor
Jason Nigel Gill
Rajeshwar Dutt
Sanjay Magan Soma
Original Assignee
Electronic Transaction Services Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from NZ563922A external-priority patent/NZ563922A/en
Priority claimed from AU2007237260A external-priority patent/AU2007237260A1/en
Application filed by Electronic Transaction Services Limited filed Critical Electronic Transaction Services Limited
Publication of WO2009070041A2 publication Critical patent/WO2009070041A2/fr
Publication of WO2009070041A3 publication Critical patent/WO2009070041A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems

Definitions

  • the present invention relates to a payment system and method for electronic transactions.
  • POS point-of-sale
  • a network such as a telephony network.
  • a customer wishes to purchase goods or services
  • a debit, credit or payment card is inserted or swiped through the terminal and the cost for the goods or services is entered into the POS terminal by the retailer.
  • the customer then authorises the payment either through entering a pin number or by signing an authorisation slip.
  • the POS terminal sends a transaction message to the payment system, which facilitates the transfer of funds from the customers account to the retailers account.
  • the retailer POS terminals can become obsolete. This means that, in time, the POS terminals might not be able to function correctly with an upgraded payment system. Alternatively, the POS terminals might not be able to provide additional features and functionality as they become available.
  • An improved system of the invention can do one or more of: increasing security through mutual authentication and/ or message encryption, increasing the flexibility of POS terminals and their ability to be updated.
  • the payment system might relate to the computer systems that communicate with the terminals and financial institutions to facilitate electronic transactions.
  • the payment system might also be considered to also comprise the terminals when connected to such a computer system, and any other features (such as networks) that might from such a payment system.
  • the present invention may be said to consist in a method of reconfiguring a
  • POS terminal comprising: receiving at a computer system configuration data indicating operating configuration of a POS terminal, verifying at the computer system that the operating configuration matches the required operating configuration of the POS terminal, and if not, providing from the computer system different configuration data to the POS terminal to reconfigure the POS terminal with the required operating configuration.
  • the POS terminal comprises EMV tags that can be activated and de-activated to configure the POS terminal's configuration, wherein the configuration data provided from the computer system triggers activation/de-activation of the required EMV tags to reconfigure the POS terminal with the required operating configuration.
  • the present invention may be said to consist in a method of transferring funds electronically between financial institutions in response to a transaction between a merchant and customer comprising: receiving at a computer system configuration data indicating operating configuration of a
  • the POS terminal verifying at the computer system that the operating configuration matches the required operating configuration of the POS terminal, and if not, providing from the computer system different configuration data to the POS terminal to reconfigure the POS terminal with the required operating configuration, receiving at the computer system a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arranging transfer of the transaction amount from the payer's financial institution to the payee's institution using the computer system.
  • the POS terminal comprises EMV tags that can be activated and de-activated to configure the POS terminal's configuration, wherein the configuration data provided from the computer system triggers activation and/or de-activation of the required EMV tags to reconfigure the POS terminal with the required operating configuration.
  • the present invention may be said to consist in a POS terminal for transferring funds electronically between financial institutions of a merchant and customer, the terminal adapted to: transmit configuration data to the computer system indicating operating configuration of the POS terminal, the computer system being adapted to verify that the received operating configuration matches the required operating configuration of the POS terminal, and if the POS terminal operating configuration does not match the required operating configuration, receive configuration data from the computer system to reconfigure the POS terminal with the required operating configuration.
  • the POS terminal comprises EMV tags that can be activated and de-activated to configure the POS terminal's configuration, wherein the POS terminal is further adapted to: reconfigure itself with the required operating configuration by activation and/or deactivation of the required EMV tags based on the configuration data received from the computer system.
  • the present invention may be said to consist in a payment system for transferring funds electronically between financial institutions of a merchant and customer comprising: a computer system connected to or for connection to a plurality of POS terminals and adapted to receive a transaction messages from the POS terminals, the computer system adapted tot receive configuration data from a POS terminal indicating operating configuration of the POS terminal, verify that the operating configuration matches the required operating configuration of the POS terminal, and if not, provide from the computer system different configuration data to the POS terminal to reconfigure the POS terminal with the required operating configuration.
  • the present invention may be said to consist in a payment system for transferring funds electronically between financial institutions of a merchant and customer comprising: a computer system connected to or for connection to a plurality of POS terminals and adapted to receive a transaction messages from the POS terminals, the computer system adapted to: receive configuration data from a POS terminal indicating operating configuration of the
  • each POS terminal comprises EMV tags that can be activated and de-activated to configure the POS terminal's configuration, wherein the configuration data provided from the computer system triggers activation and/or de-activation of the required EMV tags to reconfigure the POS terminal with the required operating configuration.
  • the present invention may be said to consist in a computer system for transferring funds electronically between financial institutions of a merchant and customer, the computer system adapted to: receive configuration data from a POS terminal indicating operating configuration of the POS terminal, verify that the operating configuration matches the required operating configuration of the POS terminal, and if not, provide from the computer system different configuration data to the POS terminal to reconfigure the POS terminal with the required operating configuration, receive a transaction message from the POS terminal indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arrange transfer of the transaction amount from the payer's financial institution to the payee's institution.
  • the POS terminal comprises EMV tags that can be activated and de-activated to configure the POS terminal's configuration, wherein the configuration data provided from the computer system triggers activation and/or de-activation of the required EMV tags to reconfigure the POS terminal with the required operating configuration.
  • the present invention may be said to consist in a POS terminal connected or for connection to a computer system forming part of a payment system for transferring funds electronicaEy between financial institutions between a merchant and customer, the POS terminal being adapted to send transaction messages to the computer system, a transaction message having encrypted data fields and indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, wherein the POS terminal is adapted to do one or more of: a) prior to sending the transaction message, obtain a master key from the computer system using mutual authentication, b) prior to sending the transaction message, transmit configuration data indicating operating configuration of the POS terminal, which is verified by the computer system against a database that the operating configuration matches the required operating configuration, and if not, receive configuration data from the computer system to reconfigure the POS terminal with the required operating configuration, c) encrypt the content in the message data fields using a transaction message key.
  • the present invention may be said to consist in a method of arranging communication for a transaction with a POS terminal comprising: receiving at a computer system a request from a POS terminal that initiates a key exchange process, authenticating the POS terminal at the computer system, providing from the computer system signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and providing from the computer system a master key to the POS terminal, wherein the master key can be utilised by the POS terminal for securing further key exchanges with the computer system.
  • the present invention may be said to consist in a method of transferring funds electronically between financial institutions in response to a transaction between a merchant and customer comprising: receiving at a computer system a request from a POS terminal that initiates a key exchange process, authenticating the POS terminal at the computer system, providing from the computer system signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and providing from the computer system a master key to the POS terminal, wherein the master key can be utilised by the POS terminal for securing further key exchanges with the computer system, receiving at the computer system a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arranging transfer of the transaction amount from the payer's financial institution to the payee's institution using the computer system.
  • the method further comprises: receiving at the computer system a request from the POS terminal to obtain a transaction message key, generating at the computer system a transaction message key and encrypting it with the master key, and providing from the computer system the encrypted transaction message key to the POS terminal, wherein the received transaction message is received from the POS terminal and is encrypted with the transaction key.
  • the present invention may be said to consist in a payment system for transferring funds electronically between financial institutions of a merchant and customer comprising: a computer system connected to or for connection to a plurality of POS terminals and adapted to receive a transaction messages from the POS terminals, the computer system adapted to: receive a request from a POS terminal that initiates a key exchange process, authenticate the POS terminal, provide signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and provide a master key to the POS terminal, wherein the master key can be utilised by the POS terminal for securing further key exchanges with the computer system.
  • the present invention may be said to consist in a payment system for transferring funds electronically between financial institutions of a merchant and customer comprising: a computer system connected to or for connection to a plurality of POS terminals and adapted to receive a transaction messages from the POS terminals, the computer system adapted to: receive a request from a POS terminal that initiates a key exchange process, authenticate the POS terminal, provide signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and provide a master key to the POS terminal, wherein, the master key can be utilised by the POS terminal for securing further key exchanges with the computer system. receive a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arrange transfer of the transaction amount from the payer's financial institution to the payee's institution.
  • the computer system is further adapted to: receive a request from the POS terminal to obtain a transaction message key, generate a transaction message key and encrypt it with the master key, and provide the encrypted transaction message key to the POS terminal, wherein the received transaction message is encrypted with the transaction key.
  • the present invention may be said to consist in a POS terminal for transferring funds electronically between financial institutions of a merchant and customer, the terminal adapted to: send a request from to a computer system that initiates a key exchange process, the computer system being adapted to authenticate the POS terminal, receive signed data from the computer system to enable authentication of the computer system by the POS terminal, and receive a master key from the computer system, wherein the master key can be utilised by the POS terminal for securing further key exchanges with the computer system.
  • the present invention may be said to consist in a computer system for transferring funds electronically between financial institutions of a merchant and customer, the computer system adapted to: receive a request from a POS terminal that initiates a key exchange process, authenticate the POS terminal, provide signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and provide a master key to the POS terminal, wherein the master key can be utilised by the POS terminal for securing further key exchanges with the computer system. receive a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arrange transfer of the transaction amount from the payer's financial institution to the payee's institution.
  • the computer system is further adapted to: receive a request from the POS terminal to obtain a transaction message key, generate a transaction message key and encrypt it with the master key, and provide the encrypted transaction message key to the POS terminal, wherein the received transaction message is encrypted with the transaction key.
  • the present invention may be said to consist in a method of transferring funds electronically between financial institutions in response to a transaction between a merchant and customer comprising: receiving at a computer system a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arranging transfer of the transaction amount from the payer's financial institution to the payee's institution using the computer system, wherein the transaction message is comprises a header and message portion, the message portion having data fields with encrypted content.
  • the transaction message is received from a POS terminal over a non-secure network.
  • the method further comprises: receiving at the computer system a request from a POS terminal that initiates a key exchange process, authenticating the POS terminal at the computer system, providing from the computer system signed data to the POS terminal to enable authentication of the computer system by the POS terminal, and providing from the computer system a master key to the POS terminal, wherein the master key can be utilised by the POS terminal fot securing further key exchanges with the computer system.
  • the method further comprises: receiving at the computer system a request from the POS terminal to obtain a transaction message kev. generating at the computer system a transaction message key and encrypting it with the master key, and providing from the computer system the encrypted transaction message key to the POS terminal, wherein the content of the data fields is encrypted with the transaction message key.
  • the method comprises: receiving at the computer system configuration data indicating operating configuration of the POS terminal, verifying at the computer system that the operating configuration matches the required operating configuration of the POS terminal, and if not, providing from the computer system different configuration data to the POS terminal to reconfigure the POS terminal with the required operating configuration.
  • the configuration data comprises EMV tags to specify at least some of the types of data provided in a transaction message.
  • the present invention may be said to consist in a method of transferring funds electronically between financial institutions in response to a transaction between a merchant and customer comprising: receiving at a computer system a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arranging transfer of the transaction amount from the payer's financial institution to the payee's institution, wherein the transaction message is comprises encrypted data fields.
  • the present invention may be said to consist in a payment system for transferring funds electronically between financial institutions of a merchant and customer comprising: a computer system connected to or for connection to a plurality of POS terminals and adapted to receive a transaction messages from the POS terminals, the computer system adapted to: receive a transaction message from a POS terminal indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arrange transfer of the transaction amount from the payer's financial institution to the payee's institution, wherein the transaction message is comprises a header and message portion, the message portion having data fields with encrypted content.
  • the present invention may be said to consist in a payment system according to claim 29 further comprising a plurality of POS terminals connected to the computer system via one or more networks.
  • the computer system communicates with a plurality of financial institutions via one or more networks.
  • the computer system comprises a switch for arranging funds transfers and a server for exchanging keys with the POS terminals.
  • the present invention may be said to consist in a computer system for transferring funds electronically between financial institutions of a merchant and customer, the computer system adapted to: receive a transaction message from a POS terminal indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arrange transfer of the transaction amount from the payer's financial institution to the payee's institution, wherein the transaction message is comprises a header and message portion, the message portion having data fields with encrypted content.
  • the computer system communicates with a plurality of financial institutions via one or more networks.
  • the computer system comprises a switch for arranging funds transfers and a server for exchanging keys with the POS terminals.
  • the present invention may be said to consist in a method of transferring funds electronically between financial institutions in response to a transaction between a merchant and customer comprising: receiving at a computer system a transaction message indicating a transaction amount and containing information for identifying the payer's and payee's financial institutions, arranging transfer of the transaction amount from the payer's financial institution to the payee's institution, wherein the transaction message is comprises encrypted data fields.
  • FIG. 1 is a block diagram showing an overview of a payment system according to the invention
  • FIG. 2 is a process diagram showing an overview of the payment system
  • Figures 3a, 3b, 4 are flow diagrams showing the mutual authentication and master key exchange
  • Figure 5 is a table of example EMV tags
  • Figure 6 is a table of a message structure with EMV tags
  • Figure 7 is a flow diagram of an encryption process/data exchange process
  • Figures 8, 9 are schematic diagrams of a message structure
  • Figure 10 is a process diagram of the EMV tag update process.
  • the payment system comprises a computer system 2 that facilitates electronic funds transfers. It comprises a switch 8 that independently communicates with a number of merchant POS terminals 3 and receives electronic transaction requests from them. The requests are received in the form of transaction messages e.g. 4 transmitted from the respective POS terminals 3.
  • the switch 8 is also in communication with a number of financial institutions 6, such as banks, via network 9.
  • the switch 8 facilitates the transfer of funds between the financial institutions 6 of respective parties (merchant/ customer or payee/payer) involved in the electronic transactions.
  • the computer system 2 also comprises a server 8 for carrying out logon, key exchange and other system administration procedures. In particular, the server carries out POS terminal key loading services.
  • the switch 7 and server 8 might be located remotely from each other, or provided in the same location.
  • the POS terminals 3 communicate with the central computer system 2 via a network 5, such as a telephony network. This could be a dial-up network, leased line, fixed IP, broadband IP, GPRS, CDMA or any other suitable telephony network.
  • Each POS terminal 3 comprises a PIN entry device (PED) 3a and a card reader device 3b.
  • PED PIN entry device
  • the POS terminal has the ability to load terminal master keys. It also is pre-loaded with a manufacturer key.
  • the payment system 1 might be considered to be the computer system alone, or some combination of one or more of the computer system, the POS terminals, the networks and other aspects that enable electronic transactions.
  • the payment system 1 works in the following manner.
  • a POS terminal 3 logs on to the system 1 upon installation in order to receive the required keys to operate. Then periodically, the POS terminal logs on to the computer system 2 to identify itself and to receive required session keys (including transaction message keys), updated configuration data, and other required data for operation.
  • the POS terminal operates in die normal manner for a POS terminal 3 from a user perspective. But, it can also operate in new ways in accordance with the received configuration and other data. In effect, the POS terminal is adapted to exploit the various new features of the system, including the ability to update its operation.
  • the periodic logon can happen automatically or manually. It might, for example, occur every 24 hours or when a particular POS terminal is turned on, such as at the beginning of a retail day.
  • Each POS terminal 3 is adapted to work with the payment system 1 and utilise the re-configuration features.
  • the POS terminal is operated and a transaction message 4 is created. This is done by introducing the customer's card to the card reader, and entering transaction details into the unit via a keypad.
  • the transaction message is sent to the computer system 2 (and more particularly the switch 8), which in turn arranges electronic transfer of funds between the customer and the retailer's bank accounts 6. It then returns a transaction complete message to the POS terminal 3.
  • the entire process is termed and "transaction" and comprises all or some of receiving card details to trigger a transaction, creating and sending a transaction message, arranging funds transfer, and providing confirmation.
  • the system contains a number of features that offer advantages over other specifications. Private keys for use in sending transaction messages can be securely loaded remotely. EMV applications, public keys and transaction and other message tags can be remotely managed according to POS terminal requirements. Transaction messages 4 can be more comprehensively encrypted, allowing them be sent over any network.
  • Each POS terminal 3 in the payment system 1 is also designed to operate with all major card schemes and proprietary debit formats. Therefore, a POS terminal 3 can connect with minimal manual intervention, be re-configured remotely to behave in different ways and support the varied needs of multiple acquiring banks. As a result, the POS terminals 3 do not have to be returned to "base" for reconfiguration and a single POS terminal can accept local debit cards as well as other cards.
  • the present invention allows for POS terminals 3 to be remotely configured to function as either a full EMV POS terminal, a standard magnetic strip terminal, or a combination of both based on the card scheme, acquirer and merchant requirements.
  • a merchant can use a single POS terminal adapted to be configured and reconfigured according to the present invention to carry out all these functionalities.
  • a POS terminal 3 of the payment system 1 can be configured to behave in the following ways:
  • Each POS terminal can be configured or re-configured with one or more of the above functionalities without any onsite reprogramming.
  • the configuration is determined by the merchant/ acquiring bank requirements or other local market features. It can have different requirements configured concurrently for each of the different card schemes it supports. These features are not limited to any particular POS terminal brand or proprietary POS terminal management system. All POS terminals 3 operating to the prescribed payment system 1 standard can operate in this manner. POS terminals require sufficient memory to store the flexible configuration.
  • the functionality of the present invention is implemented in software in the terminal.
  • the combination of remotely configurable POS terminal 3 behaviour and the ability to operate over any network offers a flexible POS terminal environment that can meet the needs of multiple merchants, card schemes, issuers and acquirers all driven from a single platform.
  • Direct integration with the processing platform enables all POS terminals to be configured in the same way, to avoid mismatched configuration or need to re-enter data, which occurs if an existing standalone-type POS terminal management system is used for each terminal type.
  • the result is a flexible payment system that can be adapted to meet a variety of merchant and acquirer requirements. It is possible to configure POS terminals 3 for one acquirer to behave quite differently from another and then re-configure their behaviour relatively easily. The flexibility of the system is based around the interactions that take place between the POS terminal 3 and the computer system 2.
  • FIG. 2 shows in a general sense the nature of the interaction 26 that takes place between a POS terminal 3 and the computer system 2 prior to and during a transaction.
  • the POS terminal is preconfigured with the manufacturer key and serial number. This occurs during manufacture of the POS terminal.
  • the POS terminal 3 can be installed and initialized. This first involves connecting the POS terminal to the computer system 2 in a way the merchant chooses through a variety of communications methods (dial, broadband, GPRS, CDMA, specialist IP service) 5.
  • the POS terminal checks whether it has a master key, step 21. If it does not, the POS terminal then logs on to the server and initiates a kev exchange orocess.
  • the POS terminal and server undergo key exchange process, which comprises a mutual authentication process, steps 20-21.
  • a master key is downloaded from the computer system 2 to the POS terminal 3, for encrypting subsequent transaction messages 4.
  • the POS terminal 3 During the periodic log on, the POS terminal 3 provides configuration data indicating its operating configuration to the switch 8, step 22. This comprises version details of software being executed, and other data as appropriate. This information is sent in an 0800 message in accordance with the AS2805 specification for network management.
  • the switch 8 checks the configuration data to see it matches the required configurations for that POS terminal 3. This information is stored in a database in the switch. The required configuration for a POS terminal 3 might change periodically, due to card issuer requirements, functionality updates and the like. If the configuration of the POS terminal 3 does not match the required configuration specified for that POS terminal, then the switch 8 provides (and the POS terminal downloads) various configuration data that is used to configure operation of the POS terminal 3 as part of the overall payment/ transaction system, step 23.
  • the configuration data also comprises data specifying the requirement to change the secure session keys after a defined period or number of transactions or both.
  • the information is sent in a 0300 message in accordance with the AS2805 specification for network management
  • the POS terminal 3 is then ready to facilitate transactions, steps 24, 25 in response to purchase of merchant goods/services by a customer. These transactions proceed in a manner to be described later, althotigh appear to proceed in the usual way from a user/ customer perspective. For example, such a transaction could proceed by way of a card swipe or dip, step 24.
  • the POS terminal 3 then initiates a transaction using downloaded parameters from the previous steps to determine how the transaction occurs.
  • a transaction message is sent to the switch, detailing among other things, the value of the transaction and the merchant who has undertaken the transaction and to whom the funds should be transferred. Information relating to the purchaser's card is also sent.
  • the merchant information and purchaser's card information provide information for identifying the respective payer's (purchaser) and payee's (merchant) financial institutions and corresponding accounts within those financial institutions.
  • the information is used by the switch 8 to identify the bank account numbers of the payer and payee in a table of such information.
  • the information is sent as a 0100 or 0200 message to the switch 8 in accordance with the AS2805 specification for network management.
  • the switch 8 actions the funds transfer in accordance with the transaction message.
  • the switch 8 responds with a 110 or 210 message in accordance with the AS2805 specification for network management, as appropriate and EMV processing scripts if required. If re ⁇ uii-ed. the host can force a lor ⁇ ff and initiate the sequence again at step 22 if parameters have been changed. That is, at any time, the POS terminal 3 can be centrally re-configured to support new operational and/ or system features, such as a new bank acquirer, new card scheme, or to amend the merchant's trading parameters. This is by way of a manual or automatic update process, steps 22, 23. The various functions of the system and method will now be described in further detail.
  • the POS terminal 3 undergoes an initialisation/installation process with the server of the computer system 2.
  • the POS terminal 3 checks if it already has a master key from the computer system step 20, and if not undergoes a key exchange process to obtain a master key. This process is termed "remote key injection" (RKI).
  • RKI remote key injection
  • a mutual authentication process steps 21, 22, Figure 2 is undertaken to obtain the key.
  • the master key is used for encrypting various communications between the POS terminal 3 and the server 7 or switch 8. In particular, it is used to encrypt the transaction message session keys (to be described later) when they are exchanged between the switch 8 and the POS terminal 3 during the pe ⁇ o ⁇ ic logon.
  • the RKI process carries out mutual authentication of both parties (server 7 and POS terminal 3) involved in the transaction to reduce the risk of compromise in the process. It also incorporates a secure communication method with equipment manufacturers that allows for the exchange of sensitive data that assists in securing the process.
  • the long process differs from others in the field in that it uses strong mutual authentication of parties at all stages.
  • the file received from POS terminal suppliers (the Key Data File) is signed with a public/private key pair and then not only does the PED device authenticate itself to the computer system 2, but the terminal verifies that the computer system 2 is the authorised source for the master key.
  • the Key Data File from the vendor contains records that match the PED serial number to the manufacturer's key for each device.
  • Figures 3a-4 show the flow diagrams of the RKI process, corresponding to steps 20, 21 of Figure 2.
  • the process comprises sign on ( Figure 3a), master key exchange (Figure 3b) and sign off ( Figure 4).
  • These processes take place as follows. Referring to Figure 3a, first the sign on takes place.
  • the POS terminal 3 initiates the key download process, step 30, by sending the computer system 2 (more particularly the server 7) a request that contains the POS terminal's PED's software version, manufacturer ID, vendor ID and unique serial number.
  • the PED's unique serial number is digitally signed with the PED's private key. This digital signature will be appended to field 60 of a network management request between the POS terminal and the server.
  • the server 7 verifies the digital signature of the PED's unique serial number using the PED's public key, step 31. It then checks the PED's software version against a list of permitted software versions in an "allowed versions" database, step 32. If the PED's software version is a permitted version, the computer system verifies the authenticity of the PED by verifying the manufacturer ID, vendor ID and unique serial number against the data provided by the vendor in the key data file, step 33.
  • the server then generates a statistically random public/private key pair Key tkLped and a randomly generated secret number Sn rki , step 34.
  • the public/private key pair is then linked to the PED's unique serial number by the computer system.
  • the serial number is sent from the POS terminal to the computer system, but also contained in the Key Data File as a cross check. That is, the server can check authenticity of the POS terminal using the information it receives, plus by using the serial number in the Key Data File, to which it has access. Looking at the Key Data File provides a back-up to checking the received serial number.
  • Both the public/private key and the secret number (Key rki - ped and Sn 1'1 " ) are signed with the computer system's private key prv Key rki , step 35.
  • the secret number Sn rki is encrypted using the PED's public key pub Key ped .
  • the public/private key pair pub Key tkl - ped and the secret number Sn rki are returned to the POS terminal in a message, step 36.
  • a master key is exchanged between the computer system 2 and the POS terminal 3 as follows, with reference to Figure 3b.
  • the POS terminal verifies the server's signature with b Key rld , step 37. If the key is valid, the POS terminal stores the b Key lki - ped for later use. Then, the POS terminal 3 responds with a message that contains the Sn 1' and the type of key it requires, step 38.
  • the server 7 receives the message and confirms that the Sn rla associated with the PED unique serial number is same as the Sn rki received in the message. It does this by checking the database, step 39.
  • the computer system 2 responds with a message containing the type of POS terminal master key Key**-TM 1 requested by the POS terminal (this could- also be a 3 rd party POS terminal master key).
  • the Key rkUm is encrypted with the pub Key pcd and signed using the prv Key rkLped , step 40.
  • the POS terminal 3 verifies the signature of the encrypted Key rkum using pub Key rki - ped and decrypts the Key rk! - tm using prv Key ped , and loads Key tki - tm into the appropriate key slot, step 41.
  • the master key Key* 1 - 1 " 1 is then ready for use in obtaining session keys. More particularly, it is used in the logon process to create the three session keys for encryption during the transaction process.
  • a sign off process is undertaken, as shown in Figure 4.
  • the POS terminal On successful Key lkUm loading, the POS terminal then sends an acknowledgment message to the RKI server, MAC'ed with the master key Key lkl - tm (symmetric key), step 42. This provides verification — if encryption is wrong then the MAC addresses do not match.
  • the server On 1-ftr.eint- of the acknowledgement the server validates the tnessaee MAC using the master key Key rki - tm , and sends an activation message for the merchant and terminal ID combination to server 7, step 43.
  • the server 7 then sends back a message to the POS terminal 3 to confirm that the master key loading process is complete, step 44.
  • the message contains a MAC from the computer system calculated using the master key Key tki - tm .
  • the POS terminal is required to end communications session (i.e. close socket or hang up phone line) on receipt of the sign off message, step 35.
  • the device periodically logons to the switch, step 22, 23 of Figure 2. This might automatically happen every 24 hours, for example.
  • transaction message session keys are obtained. These are transferred in an encrypted form using the master key.
  • the transaction message session keys can be used to encrypt transaction messages communicated between the POS terminal and switch.
  • PIN session keys and MAC keys are also generated and sent from the computer system to the POS terminal.
  • new session keys are generated by the switch 8, which returns the new session keys to the POS terminal encrypted under variants of the POS terminal master key.
  • Various configuration data can also be transferred from the switch to the POS terminal to update /reconfigure its functionality at this time. For example, activation of EMV tags can be updated.
  • the transaction message is created with fields in accordance with EMV tags where a smart
  • Chip is used by a customer for a transaction.
  • These tags are specified by the EMV standard.
  • EMV has approximately 170 elements of "tag" data that can be required to be sent from a POS terminal to an acquiring network. These can be mandated by the card issuer so that they can specify the information that is received when conducting a transaction using their card.
  • Each card issuer can stipulate different EMV tags to be used in relation to transactions involving their cards.
  • Each POS terminal 3 can be configured and reconfigured with different sets of EMV tags to alter the nature of the information contained in a transaction message. Those EMV tags can be activated and de-activated remotely to alter terminal functionality, as required.
  • any of the tags detailed in Figure 5 can be altered for each card scheme application defined in the POS terminal to match the requirements of that particular card scheme.
  • the requirements of the card scheme and how the POS terminal operates for that card is defined by the card issuer. Should these requirements change, the appropriate EMV tags used in the changed card scheme can be activated/de-activated remotely in the POS terminal, without the terminal application being reloaded and/or reconfigured manually by the terminal owner or technician. Therefore, a particular POS terminal 3 might have different "sets" of EMV tags for each respective card issuer.
  • a particular transaction message 4 created in response to a transaction for a particular card type will have data relating to the EMV tags specified for that card type.
  • FIG 5 shows some typical (although not all) EMV tags and a definition/description of their data /functionality. A full set of EMV tags need not be described as these are published in the EMV specification and are known by those skilled in the art.
  • Figure 6 shows an example of a transaction message 4 (such as that shown in Figure 9 later) with a number of field containing transaction data.
  • the EMV tags are specified in the integrated chip card (ICC) data field 55.
  • ICC integrated chip card
  • field 55 specifies the EMV tags in 5, along with content for those tags.
  • the EMV tag activation process is indicated in Figure 2, steps 22, 23. This forms part of the overall interaction process that takes place between the POS terminal 3 and computer system 2 (switch 8 and server 7).
  • the requirements for this data can vary for each different card scheme and may change over time.
  • the present invention proposes to keep POS terminals 3 deployed over several years hence has included a methodology to configure the EMV tags required remotely from the switching platform. This allows POS terminals 3 to change the tag data sent as part of a transaction without the need to change the POS terminal application or undergo re-certification. This has significant speed/flexibility implications when meeting future mandate or tag requirements.
  • Figure 7 shows the process in more detail.
  • the POS terminal 3 is preloaded with the various EMV tags it may need to utilize.
  • the POS terminal 3 then connects to die switch 8 during the periodic logon, step 70. In doing so it supplies a version number for the currently enabled configuration/application file that it is operating with.
  • the configuration/application file is a joint file that controls the configuration and applications available in the POS terminal. It also supplies the currently enabled public keys, which are the public keys for the particular chip cards the POS terminal will work with. Public keys are provided for each of the card schemes, such as VISA, Mastercard and the like. Card prefix records are also supplied, which specify rules on how and when cards will be accepted for use.
  • the switch 8 then verifies if the currently enabled application, public keys and card prefix records match those held by the host, step 71. It does this by checking the database held by the switch 8. This database specifies the configuration parameters that the requesting POS terminal 3 should be configured with. These may have been updated since the POS terminal 3 was last reconfigured.
  • the update might be due, for example, to changes in operation, improved features, the requirements of a particular application changing, new cards being released, or other occurrence.
  • a merchant has agreed to accept cards from a new card scheme
  • their EMV applications records and the operating parameters can be downloaded to the terminal.
  • keys, EMV application, and operating parameters can be attached to all terminals and downloaded.
  • Activation and/or de-activation of preloaded EMV tags can be triggered over download also. If the records do not match, the switch 8 returns a new set of application, public key and card prefix records and downloads these to the POS terminal, step 72 in a message. These messages contain a record for each supported EMV application and the EMV tags required for that application.
  • the acitivation/de-activation of the terminal EMV tags to implement the new application is triggered as part of an 0300 message download sequence. This is in accordance with the AS2805 specification for network management.
  • the POS terminal 3 uses the new application, public key, activated/ de-activated EMV tags and card prefix records to specify the nature of the transaction message and how the transaction proceeds, step 73.
  • the EMV tags required for each card scheme application are held in a master application record on the switch 8 for each acquiring bank 6 belonging to that scheme.
  • the POS terminal 3 is triggered by a downloaded message from the system to activate/ de-activate the EMV tags required.
  • the tags are requested from the Chip Card and later activated/de-activated in the transaction message.
  • These are the EMV tags that are specified for transfer when using that card scheme, and which have been activated/de-actived in the terminal during the download process.
  • the terminal can ensure that it sends only tags that an acquirer can process but the same terminal can send a different set of tags if merchant changes to a different acquirer and retains the same equipment.
  • EME Enhanced message encryption
  • the POS terminal 3 can then initiate transactions 4 on the payment system 1 (step 24, Figure 2). This takes place by a merchant operating the POS terminal 3 to request an electronic transfer of funds, and the customer authorising that by using their card in the card reader and entering a PIN number. Once operated, the POS terminal sends a transaction message 4 (such as that shown in Figure 6) to the switch 8 that contains information to trigger/facilitate the transfer.
  • the message 4 is encrypted in a manner termed "enhanced message encryption" (EME).
  • EME enhanced message encryption
  • Messages are encrypted using standard financial encryption protocols allowing messages to be sent over any open network.
  • the present invention is faster to establish connections than other Internet based protocols and it also takes advantage of the secure master key loaded in each POS terminal 3 to enhance the encryption of the message to eliminate the risk of certain security attacks.
  • the use of a mutual authentication process and master key dispenses with the need for a SSL secure session between the POS terminal 3 and the switch 8. ' This speeds up communication, allowing for the use of enhanced message encryption.
  • the transaction message 4 transferred from the POS terminal 3 to the switch 8 has a structure comprising a number of fields. Each field specifies certain information that is transferred to facilitate the transaction. An example of a transaction message, the fields it contains, and the type of information in those fields is shown in Figure 6.
  • Figure 8 shows some other typical fields that could be used in the transaction message.
  • the fields comprise field 55, which is an integrated circuit card (ICC) data field.
  • ICC integrated circuit card
  • This field contains data relating to a number of EMV tags which specify operation functionality of the POS terminal 3 and the transaction message 4 as described above.
  • the tags for field 55 can be different for different POS terminals and types of POS terminals, and the tags used in any particular POS terminal might change over time after reconfiguration in response to system/protocol updates. The updating of the EMV tags is described above, in respect of Figures 5 and 6.
  • Figure 9 shows the actual structure of the message 90. All information is encrypted prior to sending the transaction message, except for fields used for routing the message through the network 5. It comprises a transport protocol data unit (TPDU) header 90a and routing fields 90b which form the header 91 A payload 90c is attached to the head comprising the message content. The header 91 remains unencrypted, but the message field 90c is encrypted using the transaction message session keys. This creates the encrypted transaction message 92.
  • TPDU transport protocol data unit
  • Figure 10 shows the encryption process. This is undertaken by a computer program embedded in or downloaded into the hardware or firmware of the POS terminal 3.
  • the EME process uses a separate data encryption (transaction) session key to take the transaction messages and then encrypt it (including all data fields) them using a standard 3DES process.
  • the resulting secure message can then be routed over any network.
  • the use of 3DES to secure all the message fields in the message as part of a standard message process is different to other encryption processes and different from a 'privacy key' approach that secures card data fields only.
  • Certain fields are not encrypted to assist with routing by third party nodes that will not be privy to the decryption keys. This allows for routing of the transaction messages over a range of network types, where security is uncertain or cannot be controlled by the payment system administrator.
  • the encryption process contains the following steps. First, the POS terminal 3 receives the transaction request and the transaction message 4 is generated for sending to the computer system, step 100. The encryption process is triggered. The software then fetches the encryption transaction session key from its memory, step 101. This has been downloaded from the computer system 2 on a previous occasion, during the periodic logon process. The POS terminal 3 then determines if the transaction session key is still valid, step 102. The key is specified as being valid for a number of transactions, or a certain time period as configured by die computer system 2 for the POS terminal 3. If the session key is not still valid, the POS terminal 3 obtains another session key from the computer system 2 (more particularly, the switch 8) in the normal manner, using the periodic logon process, step 103.
  • the POS terminal 3 After the POS terminal 3 has a valid session key, it encrypts the transaction message, step 104.
  • the message is encrypted under triple DES in ECB mode (as per AS 2805.5.4 - 2000 and AS2805.5.2).
  • the following (header) fields are not encrypted: a. Encryption indicator b. A copy of field 41, Card Acceptor Terminal ID c. A copy of field 42, Card Acceptor ID Code d. A copy of field 11 , STAN e.
  • the Message Type Once encrypted, the transaction message can be sent to the computer system 2 for facilitating the funds transfer, step 105.
  • the computer system 2 decrypts the message 4 usrng the private session key and the message 4 is processed as normal to effect funds transfer by the switch i
  • POS terminal 3 and transaction features described above can be combined to provide an improved payment system 1.
  • Private keys can be securely loaded remotely, EMV applications, public keys and tags can be remotely managed according to POS terminal requirements, and transaction messages are encrypted so they can be sent over any network.
  • the POS terminal is adapted to operate with all major card schemes and proprietary debit formats. In summary, the system operates in the following manner.
  • the POS terminal is preconfigured with the manufacturer key and serial number.
  • the POS terminal is plugged in at the merchant site.
  • the merchant can choose one or a number of communications methods such as dial-up, broadband, GPRS, CDMA, specialist IP service.
  • the private keys are download to the POS terminal
  • the POS terminal logs on to the network.
  • the POS terminal then downloads a. configuration records b. Application tables that determine how the POS terminal will behave for each card range and control: i.
  • the application display text ⁇ .
  • the EMV action codes for the POS terminal (in each mode) ⁇ i. Online PIN capability iv. Offline PIN capability v. Whether the PIN can be bypassed vi. Whether the cardholder verification can be disabled vii.
  • Card tables that determine i. Accounts available ii. Purchase amounts (in various modes) i ⁇ . Cash amounts iv. Checking parameters v. Offline behavior vi.
  • Public keys for supported EMV schemes 6. Downloaded are the requirements to change the secure session keys after a defined period or number of transactions (or both).
  • EMV support can be only switched on for relevant schemes (or turned off entirely), offline operational parameters can are determined (and can be turned off)
  • the merchant can then transact a. Both magnetic stripe and EMV operation can be supported b. EMV cards for the schemes the merchant belongs to are supported c.
  • the transaction can be on-line or offline d. Stored transaction are encrypted under a storage key e. Messages when sent are fully encrypted £ If transactions cannot be sent an temporary electronic offline function is available
  • the POS terminal can be centrally re-configured at any point to support a new bank acquirer, new card scheme or to amend the merchant's trading parameters.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé et un système pour transférer des fonds entre un commerçant et un acheteur. La transaction est initiée à l'aide d'un terminal POS (point of sale) (3). Un message de transaction chiffré est transmis entre le terminal POS (3) et un commutateur (8) qui assure le transfert de fonds. Le terminal POS (3) obtient une clé maîtresse d'un serveur web (7) pour chiffrer les échanges de clés suivants. Le terminal POS (3) reçoit également des données de configuration en provenance du commutateur (8) pour configurer le fonctionnement du terminal POS (3).
PCT/NZ2008/000322 2007-11-30 2008-11-28 Système de paiement et procédé de fonctionnement WO2009070041A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
NZ563922 2007-11-30
AU2007237260 2007-11-30
NZ563922A NZ563922A (en) 2007-11-30 2007-11-30 Payment system
AU2007237260A AU2007237260A1 (en) 2007-11-30 2007-11-30 Payment system and method of operation

Publications (2)

Publication Number Publication Date
WO2009070041A2 true WO2009070041A2 (fr) 2009-06-04
WO2009070041A3 WO2009070041A3 (fr) 2009-08-06

Family

ID=40679180

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NZ2008/000322 WO2009070041A2 (fr) 2007-11-30 2008-11-28 Système de paiement et procédé de fonctionnement

Country Status (1)

Country Link
WO (1) WO2009070041A2 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647274A (zh) * 2012-04-12 2012-08-22 福建联迪商用设备有限公司 Pos终端、终端接入前置、主密钥管理系统及其方法
CN103716155B (zh) * 2013-03-15 2016-08-17 福建联迪商用设备有限公司 一种自动化维修pos终端的方法及操作终端
WO2018103166A1 (fr) * 2016-12-07 2018-06-14 百富计算机技术(深圳)有限公司 Procédé et dispositif de téléchargement de clé de terminal pos
WO2018201140A1 (fr) 2017-04-28 2018-11-01 Aptos, Inc. Systèmes et procédés de synchronisation de données de point de vente
RU2683613C1 (ru) * 2018-03-30 2019-03-29 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Система управления сетью pos-терминалов
CN110430052A (zh) * 2019-08-05 2019-11-08 中国工商银行股份有限公司 一种pos密钥在线灌装的方法及装置
US10679212B2 (en) 2014-05-26 2020-06-09 The Toronto-Dominion Bank Post-manufacture configuration of pin-pad terminals
EP3699851A1 (fr) * 2019-02-19 2020-08-26 VR-Payment GmbH Dérivation de jeton au moyen d'une clé à usage unique liée à la transaction

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001033522A1 (fr) * 1999-11-05 2001-05-10 American Express Travel Related Services Company, Inc. Systemes et procedes permettant de faciliter des transactions commerciales entre des parties geographiquement eloignees
US20020046185A1 (en) * 2000-08-30 2002-04-18 Jean-Marc Villart System and method conducting POS transactions
WO2005115074A2 (fr) * 2004-05-25 2005-12-08 Alexandre Soares Pi Farias Systeme d'acces a un terminal de point de vente (pos), procede de telechargement et de mise a jour d'applications et procede permettant d'effectuer une operation electronique au moyen de ce systeme
US20060294378A1 (en) * 2005-06-23 2006-12-28 Lumsden Ian A Key loading systems and methods
US20070005685A1 (en) * 2002-09-16 2007-01-04 Wunchun Chau Browser-based payment system
US20070011066A1 (en) * 2005-07-08 2007-01-11 Microsoft Corporation Secure online transactions using a trusted digital identity

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001033522A1 (fr) * 1999-11-05 2001-05-10 American Express Travel Related Services Company, Inc. Systemes et procedes permettant de faciliter des transactions commerciales entre des parties geographiquement eloignees
US20020046185A1 (en) * 2000-08-30 2002-04-18 Jean-Marc Villart System and method conducting POS transactions
US20070005685A1 (en) * 2002-09-16 2007-01-04 Wunchun Chau Browser-based payment system
WO2005115074A2 (fr) * 2004-05-25 2005-12-08 Alexandre Soares Pi Farias Systeme d'acces a un terminal de point de vente (pos), procede de telechargement et de mise a jour d'applications et procede permettant d'effectuer une operation electronique au moyen de ce systeme
US20060294378A1 (en) * 2005-06-23 2006-12-28 Lumsden Ian A Key loading systems and methods
US20070011066A1 (en) * 2005-07-08 2007-01-11 Microsoft Corporation Secure online transactions using a trusted digital identity

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647274A (zh) * 2012-04-12 2012-08-22 福建联迪商用设备有限公司 Pos终端、终端接入前置、主密钥管理系统及其方法
CN103716155B (zh) * 2013-03-15 2016-08-17 福建联迪商用设备有限公司 一种自动化维修pos终端的方法及操作终端
US10679212B2 (en) 2014-05-26 2020-06-09 The Toronto-Dominion Bank Post-manufacture configuration of pin-pad terminals
WO2018103166A1 (fr) * 2016-12-07 2018-06-14 百富计算机技术(深圳)有限公司 Procédé et dispositif de téléchargement de clé de terminal pos
WO2018201140A1 (fr) 2017-04-28 2018-11-01 Aptos, Inc. Systèmes et procédés de synchronisation de données de point de vente
EP3616146A4 (fr) * 2017-04-28 2020-12-23 Aptos, LLC Systèmes et procédés de synchronisation de données de point de vente
RU2683613C1 (ru) * 2018-03-30 2019-03-29 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Система управления сетью pos-терминалов
WO2019190345A1 (fr) * 2018-03-30 2019-10-03 Публичное Акционерное Общество "Сбербанк России" Système de commande d'un réseau de terminaux de points de vente
EP3699851A1 (fr) * 2019-02-19 2020-08-26 VR-Payment GmbH Dérivation de jeton au moyen d'une clé à usage unique liée à la transaction
EP4053771A1 (fr) * 2019-02-19 2022-09-07 VR Payment GmbH Dérivation d'un jeton au moyen d'une clé à usage unique liée à la transaction
CN110430052A (zh) * 2019-08-05 2019-11-08 中国工商银行股份有限公司 一种pos密钥在线灌装的方法及装置

Also Published As

Publication number Publication date
WO2009070041A3 (fr) 2009-08-06

Similar Documents

Publication Publication Date Title
US20220366413A1 (en) Payment system
KR102416954B1 (ko) 선불, 직불 및 신용 카드 보안 코드 생성 시스템을 위한 방법
US7865431B2 (en) Private electronic value bank system
CA2676848C (fr) Procedes et systeme pour fournir des informations relatives a des transactions
US6286099B1 (en) Determining point of interaction device security properties and ensuring secure transactions in an open networking environment
WO2009070041A2 (fr) Système de paiement et procédé de fonctionnement
CN114175077A (zh) 数字交易处理单元的安全层级结构
AU2019355834B2 (en) Systems and methods for cryptographic authentication of contactless cards
US20130024383A1 (en) Mobile Device With Secure Element
JP2004524605A (ja) 認証システム
WO2006128215A1 (fr) Procede et systeme d'autorisation de transactions securisees
WO2012141588A1 (fr) Ensemble et procédé de gestion de transactions
NZ585446A (en) Payment system and method of operation by reconfiguring a POS terminal to use the EMV tags that provide the required operating configuration
NZ563922A (en) Payment system
KR100901297B1 (ko) 가상 가맹점 망 운용 시스템
AU2007237260A1 (en) Payment system and method of operation
KR100928412B1 (ko) 가상 가맹점 망을 이용한 결제처리 시스템
US12125027B2 (en) Systems and methods for performing transactions with contactless cards
KR101704505B1 (ko) 금융거래 제공 방법 및 시스템
KR101145832B1 (ko) 결제단말 및 결제단말의 가상 가맹점 망을 통한 카드 결제 방법
KR20090001982A (ko) 중계장치를 이용한 가상 가맹점 망 운용 방법 및 시스템과이를 위한 기록매체
KR20090016618A (ko) 가상 가맹점 망을 이용한 결제처리 방법 및 기록매체
KR20090016622A (ko) 중계장치를 이용한 가상 가맹점 망 운용 방법 및 기록매체

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08854399

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1011514.5

Country of ref document: GB

122 Ep: pct application non-entry in european phase

Ref document number: 08854399

Country of ref document: EP

Kind code of ref document: A2