WO2013075819A1 - Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal - Google Patents

Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal Download PDF

Info

Publication number
WO2013075819A1
WO2013075819A1 PCT/EP2012/004803 EP2012004803W WO2013075819A1 WO 2013075819 A1 WO2013075819 A1 WO 2013075819A1 EP 2012004803 W EP2012004803 W EP 2012004803W WO 2013075819 A1 WO2013075819 A1 WO 2013075819A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
data carrier
portable data
information
user
Prior art date
Application number
PCT/EP2012/004803
Other languages
German (de)
English (en)
Inventor
Dieter Weiss
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Priority to EP12794871.9A priority Critical patent/EP2783335A1/fr
Publication of WO2013075819A1 publication Critical patent/WO2013075819A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Definitions

  • the invention relates to a method for carrying out an electronic transaction between a mobile terminal and a terminal, and to a corresponding system and a portable data carrier which can be used to carry out the electronic transaction.
  • the mobile terminal As part of the implementation of electronic transactions between a mobile terminal and a terminal, it is usually required that corresponding information is confirmed by the user of the terminal.
  • the mobile terminal itself is used to display this information or to confirm it, i. the information is displayed on the display of the terminal and corresponding keys of the terminal are used to confirm the information. It proves to be disadvantageous that this process for the user is often uncomfortable, especially when the mobile terminal must be removed by the user only from a corresponding protective cover.
  • the use of the display and the keys of the terminal are safety-critical, because these components may not be able to be used. be manipulated by attackers.
  • the publication DE 102006 048 797 A1 describes a method for executing an application which can be used, for example, for a home banking application.
  • a portable data carrier in the form of a chip card is used, which transactional data, which originate from a browser and are to be forwarded to a server, first transmitted to a mobile phone.
  • the transaction data is displayed on the mobile phone and the user is requested to release the transaction data.
  • the document DE 103 16 771 AI discloses a self-adhesive security label for security or value documents, which comprises an integrated circuit and a transponder for contactless communication. For example, user-specific data can be stored in the integrated circuit.
  • the object of the invention is to make the execution of an electronic transaction between a mobile terminal and a terminal secure and comfortable for the user.
  • the method according to the invention serves to carry out an electronic transaction between a mobile terminal and a terminal.
  • the terminal represents a counterpart in the electronic transaction and is e.g. a publicly accessible terminal through which transactions can be processed.
  • the terminal provides, for example, a connection to a remote server, which offers so-called e-services. Under E-Services, all services and activities are grouped together as transactions Computers can be created and executed interactively and / or statically via electronic media.
  • server in this application is synonymous with the term application server.
  • One transaction is an information and education service, such as e-education, e-learning, e-teaching, e-pubhshing, e-book and e-catalog, to provide bespoke, trade and ordering services such as e-business, e-business Commerce, e-procurement, e-cash, e-shop, e-intermediary, e-auction, to provide cultural and administrative services such as e-culture, e-government or e-voting to improve marketing, product or service the customer relationship to electronic consulting such as E-Consult or E-Advising.
  • an information and education service such as e-education, e-learning, e-teaching, e-pubhshing, e-book and e-catalog
  • bespoke, trade and ordering services such as e-business, e-business Commerce, e-procurement, e-cash, e-shop, e-intermediary, e-auction
  • cultural and administrative services such as
  • information which is to be confirmed by a user in the context of the transaction is transmitted to the terminal by the terminal via a first contactless communication link. Subsequently, this information is transmitted from the terminal via a second contactless communication link to a portable data carrier attached to the mobile terminal comprising a display unit and an input unit operable by the user.
  • the portable data carrier can be attached directly and in particular also indirectly to the terminal.
  • the portable data carrier is provided on a protective cover attached to the terminal and preferably designed as a sticker (ie as a flat element), which is glued, for example, on the protective cover.
  • the data carrier is in particular mounted on the terminal or provided on the protective cover, that the display unit by the user from the outside is perceptible and the input unit by the user from the outside (eg via the protective cover) can be actuated.
  • the portable data carrier is in particular an RFID transponder. Conventionally, both the power supply of an RFID transponder in an RFID system and the data exchange between the
  • RFID transponders have an electronic circuit and, depending on the frequency range, an antenna coil (e.g., 13.56 MHz) or an electromagnetic antenna (e.g., 868 MHz). About the antenna, the field required for the operation of the transponder energy can be removed from the field and the data transmission can be performed. For this purpose, the terminal provides the corresponding energy. Alternatively, the power is provided by the terminal where the transaction is to be performed. Up to a certain distance between the terminal / terminal and the transponder, which is also referred to as the energy range, the transponder can draw just enough energy from the field of the terminal terminal to operate its own circuit.
  • an antenna coil e.g., 13.56 MHz
  • an electromagnetic antenna e.g. 868 MHz
  • Typical energy ranges of such systems are about 10 cm for ISO 14443 and up to 1 m for ISO 15693 compatible systems.
  • the range within which communication in the system is possible through data transmission can be increased by using active transponders, ie transponders with their own energy supply.
  • the power supply of the active transponder for example in the form of a battery or a charging capacitor, operates its electronic circuit.
  • Conventional transponders without their own power supply are referred to as passive transponders.
  • RFID systems for example for different types of coupling, as well as a load modulation using an auxiliary carrier in inductively coupled
  • RFID systems are described in Chapter 3.2 of the "RFID Handbook” by Klaus Finkenzeller.
  • the so-called Nah Near Field Communication technology is integrated in order to enable communication between the terminals or with the terminal.
  • the coupling of the devices / terminals takes place via coils, with the carrier frequency being 13.56 MHz, as in RFID systems.
  • the carrier frequency being 13.56 MHz, as in RFID systems.
  • the active mode two NFC units alternately generate their own RF field as signal carriers, switching back and forth between transmit and receive mode, as in a classic mobile radio system, both tuned to each other.
  • passive mode however, the two NFC units must agree on which unit acts as a reader and creates a field that can then influence the other unit by means of load modulation.
  • NFC end devices are very similar to those of contactless data carriers. NFC devices are therefore also able to communicate with contactless data carriers. To realize the communication, the operating modes “Card Emulation”, “Reader Emulation” and “Peer to Peer” (P2P) are possible.
  • the information to be confirmed is displayed on the display unit of the portable data carrier, whereupon the user can confirm the information via the input unit.
  • an acknowledgment signal is transmitted from the portable data carrier via the second contactless communication link to the terminal, whereupon confirmation data are transmitted from the terminal via the first contactless communication link to the terminal and thereby complete the transaction becomes.
  • the portable data carrier is preferably an RFID sticker which can be attached mechanically detachably to the terminal.
  • an adhesive layer on the disk ensures the appropriate liability between the device and the disk.
  • the data carrier is configured with security functionalities and designed, for example, as a smart card, chip card, token, mass storage card, multimedia card or electronic identity document.
  • the inventive method is characterized in that in the context of the confirmation of information, a separate, not belonging to the terminal portable data carrier with display unit and input unit is used.
  • a separate, not belonging to the terminal portable data carrier with display unit and input unit is used.
  • the user has access to the disk directly through his terminal.
  • he does not use the display unit or the keys of the terminal, but rather the display unit and the input unit of the data carrier.
  • This increases user comfort and security.
  • the portable data carrier is provided on the protective cover of the terminal, the acceptance of the use of the terminal in carrying out the transactions is increased because a user does not need to remove the protective cover from the terminal to confirm this information.
  • the first and / or the second communication link based on the now widespread near-field or NFC communication, with information over short ranges in the decimeter range are transmitted.
  • the input unit of the portable data carrier can be configured differently.
  • the input unit comprises a single, operable by the user key with which the corresponding information displayed on the display unit can be confirmed.
  • the input unit may also include a plurality of keys for entering more complex acknowledgments in the manner of a PIN.
  • the input unit can be configured as a gesture recognition means or as a biometric sensor for the recognition of biometric features and in particular as a fingerprint sensor.
  • the inventive method can be used to carry out any electronic transactions in which a confirmation by a user is required.
  • the method is used for carrying out a payment transaction, in the case of information which is to be confirmed by the user in the context of the electronic transaction, being an amount of money to be paid to the terminal.
  • the terminal communicates in a particularly preferred embodiment by means of a known security element (English: Secure Element) and / or a secure runtime environment, which are provided in the terminal, via the first and / or the second contactless Garurukationsuite.
  • the security element is then configured in particular as a hardware component and arranged as a fixed integrated component in the mobile terminal, where it can not be removed either in the form of the mobile device, for example as M2M module, co-processor or Trusted Base or as a removable module withrissafunktionaHtusch is connected to the mobile terminal, for example as a smart card, in particular a Subscriber Identification Module, SIM / USIM card short, smart card, mass memory card, USB token, multimedia card, Secure MicroSD card, mobile network token, eg a UMTS Surf stick.
  • the security element is designed as a software component as a trusted part of the operating system kernel of the mobile terminal or as a security software algorithm.
  • the known per se ARM TrustZone ® can be used as a secure runtime environment on the example which is also known operating system MobiCore ® running.
  • the security element signs the confirmation data to be transmitted via the first contactless communication link. In this way, it is possible to check at the terminal that the confirmation data actually comes from the terminal to which the information to be confirmed has previously been transmitted.
  • the security of the method is increased by providing both a secure runtime environment and a security element in the terminal, wherein the secure runtime environment supports the portable data carrier and the security device. element is driving.
  • the portable data carrier By controlling the portable data carrier through the secure runtime environment, a tamper-proof display of the information on the display unit of the data carrier is achieved.
  • the security element via the secure runtime environment, manipulation of the generation or processing of the confirmation data to be transmitted to the terminal can be avoided.
  • the confirmation signal is transmitted from the portable data carrier to the terminal in the form of a rolling code, wherein the rolling code for each newly transmitted acknowledgment signal changes and wherein the rolling code on a shared secret between portable data carrier and Terminal or between portable data carrier and another (external) unit.
  • the common secret used in the generation of the rolling code is determined by a manual, user-paired pairing between the terminal and the portable data carrier.
  • the pairing can be based on a barcode which is applied to the portable data carrier or its packaging and is read during the first use of the portable data carrier, for example via the terminal by means of a suitable reader.
  • the security element described above verifies the rolling code transmitted by the portable data carrier based on the shared secret and generates the confirmation signal upon successful verification. Preferably, it also signs the confirmation signal.
  • the secure runtime environment described above verifies the transmitted rolling code based on the shared secret and causes the security element to successfully generate the verification signal and possibly also to sign.
  • the shared secret may also be defined between the portable data carrier and another (external) device.
  • the terminal transmits the rolling code as confirmation data or together with the confirmation data on the first con murtikationsddle to the terminal, whereupon the terminal causes the verification of the rolling code and only upon successful verification, the electronic transaction is completed.
  • the terminal may represent the external unit.
  • the external unit may also be an external server of a background system to which the rolling code is forwarded by the terminal for verification.
  • the invention further relates to a system for performing an electronic transaction between a mobile terminal and a terminal.
  • the system includes the mobile terminal and the terminal as well as a portable data carrier.
  • the system is designed such that in its operation, the method according to the invention or one or more variants of the method according to the invention can be carried out.
  • the invention further relates to a portable data carrier for use in the method according to the invention or in one or more variants of the method according to the invention.
  • It comprises a display unit, a contactless communication interface, in particular for NFC communication, and a user-operable input unit, which are configured such that the portable data carrier, in operation, has information to be confirmed by the user about the contact Medunikationsssdinittstelle receives from the terminal and then displayed on the display unit, wherein the portable data carrier sends the acknowledgment signal via the contactless communication interface to the terminal after a subsequent confirmation of the information via the input unit.
  • the portable data carrier is preferably provided on a protective cover, which can be attached to the terminal. The attachment takes place in particular mechanically detachable, for example by means of an adhesive layer on the portable data carrier. In this sense, the invention also relates to a protective cover with the portable data carrier provided thereon.
  • the portable data carrier is arranged in communication range with the mobile phone and is used instead of the terminal for confirming the transaction.
  • the mobile phone performs the transaction without user interaction.
  • User interaction in the meaning of the invention means, on the one hand, that the user does not have to carry out an interaction on the mobile phone either when setting up or when carrying out the transaction.
  • the user does not have to remove the terminal from his storage, for example a pocket of the user. to perform the transaction as the acknowledgment is taken from the volume.
  • a mobile telephone 1 is used as the mobile terminal, which communicates wirelessly via an IS 1 C communication link K 1 with a payment terminal 2.
  • the BezaH Terrrtinal includes a schematically indicated kontaküose NFC interface or antenna 201, which communicates with a corresponding NFC interface or antenna 103 (also shown schematically) of the mobile phone 1.
  • the mobile telephone further comprises a display 101 and a per se known security element 102 (English: Secure Element), which is realized in the illustrated variant via the USIM / SIM card of the user.
  • a user wants to contactlessly pay a predetermined amount via his mobile phone 1.
  • the BezaW terminal 2 may be provided for the issue of public transport tickets, the payment of the ticket being made contactlessly via the correspondence link K1.
  • the amount to be paid to the User is displayed and confirmed by this.
  • a portable data carrier 3 in the form of a so-called sticker is used for this purpose.
  • This sticker is provided in a protective cover 4 into which the mobile telephone 1 is inserted.
  • the protective cover is indicated by a thicker edge around the mobile phone 1.
  • the sticker 3 comprises a separate display 301 as well as a button 302 and in turn an NFC interface or antenna 303, by means of which a Kornmunikation with the mobile phone via the antenna 103 based on the contactless Kornmunikationstier K2.
  • a barcode is attached to the sticker, which is indicated schematically by the reference numeral 304.
  • the sticker used in the embodiment described here is very simple and preferably does not have its own power supply, i. it is only operated by the field energy received via the NFC interface 303 in the context of contactless communication. Nevertheless, there may also be the possibility that a buffer memory or a battery may be provided in the sticker which, depending on the application, supplies the sticker additionally or completely with energy.
  • step Sl an information IN about the contactless Communication line Kl transmitted from the terminal 2.
  • This information contains the amount of money to be paid by the user.
  • step S2 After receiving the information IN in the mobile phone 1 or security element 102, this is - in contrast to known methods - not displayed on the display 101, but forwarded in step S2 via the contactless communication path K2 to the sticker 3. Since the sticker is provided in the protective cover 4 of the mobile phone, it is also ensured that it is in communication range with the mobile telephone 1.
  • the information IN received in the sticker is then displayed on the display 301 of the sticker.
  • the user can then read the amount without having to remove the protective cover 4 from the mobile phone 1. If the amount corresponds to the payment amount communicated to the user in the context of the transaction (eg via a display on the terminal), the user can now confirm the amount by pressing the key 302.
  • a corresponding acknowledgment signal BS is transmitted from the sticker 3 to the mobile telephone 1 in step S3 via the contactless communication link K2.
  • corresponding confirmation data BD are generated in step S4, which are provided with a signature SIG via the security element 102.
  • the confirmation data may possibly correspond to the confirmation signal.
  • the signed confirmation data are finally transmitted to the terminal 2 via the first contactless communication link K 1 in step S 5.
  • the received confirmation data inform the Terrninal that the payment process has been authorized by the user and that the transaction process is now complete.
  • the terminal can also check that the confirmation data actually originate from the mobile phone 1 of the user.
  • corresponding applications or applets that are integrated in the security element 102 of the terminal 1 are used to support electronic transactions.
  • the applet already supports the integration of the sticker 3 in the transaction in the security element.
  • the applet does not support the integration of the sticker.
  • a second sticker applet is installed on the terminal 1, which does not necessarily have to be stored on the security element 102.
  • This applet then takes over the communication between the security element or the terminal and the sticker.
  • the output of the payment applet on the terminal or on the mobile terminal intercepts and forwards the information relating to the amount to be paid to the sticker.
  • this applet receives the response from the sticker and generates a response that meets the requirements of the payment applet on the security element.
  • step S2 the information IN transmitted in step S2 is transmitted unencrypted with regard to the payment amount. This is not a problem, because if this amount were corrupted by an attacker, the wrong amount would be visible to the user on the display 301 of the sticker 3 and therefore not confirmed by the user.
  • step S2 it is also dispensed with transmitting further information, such as the identification of the terminal, together with the information IN.
  • further information such as the identification of the terminal
  • an attacker could readjust and send the acknowledgment signal BS sent on pressing the key 302 to the terminal 1, so that external transactions could be performed unnoticed.
  • corresponding safety mechanisms are provided, which should preferably be as simple as possible.
  • so-called rolling codes can be used, which are always generated in the manner of a one-time password only once upon actuation of the key 302 and thus change from actuation to actuation. That is, the sticker 3 sends after displaying the amount to be paid on the display 301 and after the corresponding confirmation of the user via the key 302 in each payment transaction another code back to the terminal 1. This requires that the terminal can verify the code appropriately as a confirmation signal.
  • this is achieved by a manual pairing (English: Pairing) between the terminal 1 and the sticker 3.
  • This pairing ensures that the device and the sticker share a common secret upon which the corresponding rolling code is based. An attacker is then no longer possible to pretend the output of a confirmation signal to the terminal.
  • the manual pairing between the terminal 1 and the sticker 3 can be made in various ways.
  • the barcode 304 printed on the sticker 3 is used, which can be one-dimensional or two-dimensional. If necessary, the barcode can also be applied to the packaging of the sticker, which then, after being unpacked, is placed on the protective cover of the mobile telephone, for example via a corresponding adhesive surface is attached.
  • the barcode contains the part of the secret that the terminal needs to verify the rouoding code.
  • the corresponding barcode is read via a reader of the terminal for commissioning the sticker and then used to personalize the payment applet on the security element or the separate sticker applet.
  • the manual pairing can possibly also be carried out in other ways, for example by entering a sequence of numbers using the keyboard of the terminal, similar to the pre-shared key in WLAN. The sequence of numbers can in turn be applied to the sticker or its packaging.
  • the sticker can be made more complex in order to further increase transaction security.
  • the input of a key combination in the manner of a PIN may be provided.
  • additional buttons are provided on the sticker.
  • the confirmation may be entered by means of a gesture of the user, e.g. can be detected by a strain gauge on the sticker.
  • a biometric sensor is used for this purpose. Only if a fingerprint detected via the sensor coincides with an imprint pattern deposited in the sticker is a corresponding confirmation signal BS emitted.
  • a trust zone known per se is provided on the microprocessor of the mobile terminal, within which the verification of the rolling codes takes place.
  • the trust zone represents a secure runtime environment and uses the known per se operating system MobiCore in a preferred embodiment.
  • the activation of the sticker 3 and the security element 102 is carried out exclusively via a TrustZone.
  • the sticker display 301 is a so-called. Secure display, which is protected against manipulation. As a result, the amount of payment displayed on the display is trusted.
  • the TrustZone also checks the receipt of a received acknowledgment signal and in particular a corresponding rolling code.
  • the TrustZone triggers the security element 102 to sign corresponding confirmation data. Possibly. It is also possible that the rolling code is checked by the security element. For example, the rolling code can be linked to the confirmed payment amount, creating a kind of TAN.
  • the correctness of the rolling codes is always checked by the terminal. If necessary, it is also possible for a remote, trustworthy server, for example the server of the payment system provider, to check the rolling codes.
  • the code is sent together with the confirmation data BD via the communication links Kl from the terminal 1 to the terminal 2.
  • the terminal then passes the code to the remote server, which checks it.
  • This variant of the invention has the advantage that a Trojan attack on the terminal has much less chance of success. This is due to the fact that the terminal is no longer personalized and a Trojan thus has no access to the common Has secret between sticker and server. Consequently, a Trojan can no longer trigger hidden transactions, since this always requires the generation of an appropriate acknowledgment signal, but for which the shared secret is needed.
  • the embodiments of the invention described above have a number of advantages.
  • the use of a terminal-mounted sticker with display and push-button ensures simple and convenient transaction processing with low additional costs. Since the sticker is preferably provided in the protective cover of the terminal, it is no longer necessary that the terminal must be removed from the protective envelope to complete the transactions, which increases the acceptance in the Durkri arrangement the transactions at the user. Furthermore, the risk is reduced that the terminal falls off during removal from the protective cover and thereby damaged or destroyed.
  • only minor modifications are required in comparison with conventional transactions carried out without the interposition of a sticker. In particular, only the software on the terminal needs to be adapted.
  • the inventive method can be easily integrated into existing payment systems.
  • the data carrier 3 is not necessarily mounted on the protective cover 4 of the mobile phone 1. Rather, the disk 3 can also serve as a low-cost terminal, which makes handling of the mobile phone 1 superfluous. In this case, the data carrier 3 would be in the form of an ID-1 chip card.
  • the described procedure of the transaction does not change. The customer / user just pulls the card out of his pocket and confirms the transaction. Since the communication range between disk 3 you terminal 1 as usual in RFID and NFC systems is up to 20cm, such a configuration is possible in principle. But more attractive for the user is a greater communication range for data transmission.
  • an RFID system for transmission in Ultra High Frequency, UHF short range used, so that a greater communication range for transmitting the data from the terminal 1 to the disk 3 is made possible.
  • the data carrier 1 has in particular a Energyversorugn 305 in the form of a battery.
  • the data is transferred from the terminal 1 to the data carrier 3 before pulling out the data carrier 3 from a pocket of the user. After insertion into the bag, the confirmation from the disk 3 is sent back to the terminal 1.
  • the data carrier 1 is a chip card, its enormous robustness against environmental influences can be used.

Abstract

L'invention concerne un procédé permettant l'exécution d'une transaction électronique entre un appareil terminal mobile (1) et un terminal (2). Selon le procédé de l'invention, une information (IN), qui doit être confirmée par un utilisateur dans le cadre de la transaction électronique, est transmise à l'appareil terminal (1) par le terminal (2) par l'intermédiaire d'une première voie de communication sans contact (K1). L'appareil terminal (1) transmet l'information (IN) par l'intermédiaire d'une deuxième voie de communication sans contact (K2) à un support de données portable (3), monté sur l'appareil terminal (1) et comportant une unité d'affichage (301) et une unité d'entrée (302) pouvant être actionnée par l'utilisateur. Cette information (IN) est affichée ensuite sur l'unité d'affichage (301) du support de données portable (3), à la suite de quoi l'utilisateur peut confirmer l'information (IN) par l'intermédiaire de l'unité d'entrée (302). Finalement dans le cas de la confirmation de l'information (IΝ) par l'intermédiaire de l'unité d'entrée (302), le support de données portable (3) transmet un signal de confirmation (BS) à l'appareil terminal (1) par l'intermédiaire de la deuxième voie de communication sans contact (K2), à la suite de quoi l'appareil terminal (2) transmet les données de confirmation (BD) au terminal (2) par l'intermédiaire de la première voie de communication sans contact (K1).
PCT/EP2012/004803 2011-11-25 2012-11-20 Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal WO2013075819A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP12794871.9A EP2783335A1 (fr) 2011-11-25 2012-11-20 Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102011119441.3 2011-11-25
DE201110119441 DE102011119441A1 (de) 2011-11-25 2011-11-25 Verfahren zur Durchführung einer elektronischen Transaktion zwischen einem mobilen Endgerät und einem Terminal

Publications (1)

Publication Number Publication Date
WO2013075819A1 true WO2013075819A1 (fr) 2013-05-30

Family

ID=47278753

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/004803 WO2013075819A1 (fr) 2011-11-25 2012-11-20 Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal

Country Status (3)

Country Link
EP (1) EP2783335A1 (fr)
DE (1) DE102011119441A1 (fr)
WO (1) WO2013075819A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110111481A (zh) * 2013-07-24 2019-08-09 捷德货币技术有限责任公司 用于有价文件处理的方法和装置

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014002602B4 (de) 2014-02-24 2021-10-21 Giesecke+Devrient Mobile Security Gmbh Verfahren zum Autorisieren einer Transaktion sowie Verwendung einer Uhr und eines Kassensystems in diesem Verfahren
DE202019104316U1 (de) * 2019-08-06 2020-04-01 Tiger Media Deutschland Gmbh Wiedergabevorrichtung, System und Datenserver
DE202019104321U1 (de) * 2019-08-06 2020-09-11 Tiger Media Deutschland Gmbh Verwaltungssystem für digitale Medien

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030146821A1 (en) * 2002-02-04 2003-08-07 Jan Brandt Electronic device with cover including a radio frequency indentification module
WO2003081934A1 (fr) * 2002-03-26 2003-10-02 Nokia Corporation Appareil, procede et systeme d'authentification
DE10316771A1 (de) 2003-04-10 2004-10-28 Giesecke & Devrient Gmbh Sicherheitslabel und Herstellungsverfahren für dasselbe
US20060074698A1 (en) * 2001-07-10 2006-04-06 American Express Travel Related Services Company, Inc. System and method for providing a rf payment solution to a mobile device
US20080051059A1 (en) * 2005-12-31 2008-02-28 Mobile Candy Dish, Inc. Method and system for adapting a wireless mobile communication device for wireless transactions
DE102006048797A1 (de) 2006-10-16 2008-04-17 Giesecke & Devrient Gmbh Verfahren zum Ausführen einer Applikation mit Hilfe eines tragbaren Datenträgers

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8103881B2 (en) * 2000-11-06 2012-01-24 Innovation Connection Corporation System, method and apparatus for electronic ticketing
EP1233570A1 (fr) * 2001-02-16 2002-08-21 TELEFONAKTIEBOLAGET L M ERICSSON (publ) Procédé et réseau pour établir une connexion de communication sans fils
KR20020078989A (ko) * 2001-04-12 2002-10-19 (주)엠커머스 휴대단말기를 이용한 신용카드 거래인증 시스템 및 그 방법
DE10245347A1 (de) * 2002-09-27 2004-04-08 Giesecke & Devrient Gmbh Digitale Datensignierung
DE102004044454A1 (de) * 2004-09-14 2006-03-30 Giesecke & Devrient Gmbh Tragbares Gerät zur Freischaltung eines Zugangs
TWM362470U (en) * 2007-07-20 2009-08-01 Wee Soon Leonard Huat Separated wireless identification device for handheld device
US8244211B2 (en) * 2008-02-07 2012-08-14 Inflexis Llc Mobile electronic security apparatus and method
US9324071B2 (en) * 2008-03-20 2016-04-26 Visa U.S.A. Inc. Powering financial transaction token with onboard power source
EP2187592A1 (fr) * 2008-11-13 2010-05-19 Vodafone Holding GmbH Dispositif de communication entre machines et carte intelligente à utiliser dans le dispositif
DE102009008854A1 (de) * 2009-02-13 2010-08-19 Giesecke & Devrient Gmbh Sicherung von Transaktionsdaten
EP2224375B1 (fr) * 2009-02-25 2018-11-14 Vodafone Holding GmbH Alimentation pour système incluant une carte à puce connectée à un dispositif hôte
DE102009016532A1 (de) * 2009-04-06 2010-10-07 Giesecke & Devrient Gmbh Verfahren zur Durchführung einer Applikation mit Hilfe eines tragbaren Datenträgers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060074698A1 (en) * 2001-07-10 2006-04-06 American Express Travel Related Services Company, Inc. System and method for providing a rf payment solution to a mobile device
US20030146821A1 (en) * 2002-02-04 2003-08-07 Jan Brandt Electronic device with cover including a radio frequency indentification module
WO2003081934A1 (fr) * 2002-03-26 2003-10-02 Nokia Corporation Appareil, procede et systeme d'authentification
DE10316771A1 (de) 2003-04-10 2004-10-28 Giesecke & Devrient Gmbh Sicherheitslabel und Herstellungsverfahren für dasselbe
US20080051059A1 (en) * 2005-12-31 2008-02-28 Mobile Candy Dish, Inc. Method and system for adapting a wireless mobile communication device for wireless transactions
DE102006048797A1 (de) 2006-10-16 2008-04-17 Giesecke & Devrient Gmbh Verfahren zum Ausführen einer Applikation mit Hilfe eines tragbaren Datenträgers

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Update: Mobile payment stickers", CARD TECHNOLOGY TODAY, ELSEVIER, vol. 21, no. 4, 1 April 2009 (2009-04-01), pages 4 - 5, XP026221527, ISSN: 0965-2590, [retrieved on 20090401], DOI: 10.1016/S0965-2590(09)70088-X *
See also references of EP2783335A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110111481A (zh) * 2013-07-24 2019-08-09 捷德货币技术有限责任公司 用于有价文件处理的方法和装置

Also Published As

Publication number Publication date
DE102011119441A1 (de) 2013-05-29
EP2783335A1 (fr) 2014-10-01

Similar Documents

Publication Publication Date Title
CN102648476B (zh) 放大射频信号
EP2982046B1 (fr) Dispositif pourvu de moyens de communication et d'un logement pour une carte à puce
WO2010032215A4 (fr) Système et procédé d’autorisation sans contact d’un paiement
DE102009006872A1 (de) Kontaktloses Chipmodul, kontaktlose Vorrichtung, kontaktloses System und Verfahren zur kontaktlosen Kommunikation
US20090100511A1 (en) Method and apparatus for use in personalizing identification token
WO2007073904A2 (fr) Procede d'autorisation d'acces a un service et appareil pour mettre en oeuvre ce procede
US20120088449A1 (en) Method and Apparatus for A Multi-band, Multi-mode Smartcard
DE102008023914A1 (de) Verfahren zur Authentifizierung eines RFID-Tags
DE102012108645A1 (de) Vorrichtung zur Absicherung elektronischer Transaktionen mit sicheren elektronischen Signaturen
WO2013056783A1 (fr) Terminal mobile, terminal de transactions et procédé de réalisation d'une transaction à partir d'un terminal de transactions en utilisant un terminal mobile
EP2783335A1 (fr) Procédé d'exécution d'une transaction électronique entre un appareil terminal mobile et un terminal
EP2770484B1 (fr) Appareil de lecture d'un document, procédé de lecture d'un objet de données et produit de programme informatique
KR100973553B1 (ko) 가맹점 결제단말의 결제전문 처리 방법 및 가맹점 결제단말
EP2041727B1 (fr) Procédés pour sélectionner et composter des billets électroniques au moyen d'un terminal électronique apte à la communication par champ proche
DE102018005038A1 (de) Smartcard als Sicherheitstoken
DE102010012565A1 (de) Übertragung von Daten an einen Fahrzeugschlüssel
WO2014114743A1 (fr) Procédé et dispositif pour empêcher des accès cachés, non autorisés, sans fil, à des données
DE102011089579A1 (de) Verfahren zur Durchführung authentifizierter Zahlungen
WO2014068136A1 (fr) Procédé de fonctionnement d'une unité électronique d'authentification
EP2070250B1 (fr) Procédé de personnalisation de documents, système cryptographique, système de personnalisation et document
DE102017128807A1 (de) Verfahren und Anordnung zum Auslösen einer elektronischen Zahlung
EP2234030B1 (fr) Carte à puce, système informatique, procédé d'activation d'une carte à puce et procédé de personnalisation d'une carte à puce
CN106022777A (zh) 一种密码处理方法
EP3486852A2 (fr) Procédé et dispositif de déclenchement d'un paiement électronique
DE102011112855A1 (de) Verfahren zur elektronischen Durchführung einer Zahlungstransaktion

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12794871

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2012794871

Country of ref document: EP