WO2015176772A1 - Procédé de traitement d'une transaction - Google Patents

Procédé de traitement d'une transaction Download PDF

Info

Publication number
WO2015176772A1
WO2015176772A1 PCT/EP2014/060668 EP2014060668W WO2015176772A1 WO 2015176772 A1 WO2015176772 A1 WO 2015176772A1 EP 2014060668 W EP2014060668 W EP 2014060668W WO 2015176772 A1 WO2015176772 A1 WO 2015176772A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
server
session
user
user device
Prior art date
Application number
PCT/EP2014/060668
Other languages
German (de)
English (en)
Inventor
Markus Lobmaier
Original Assignee
Kwallet Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kwallet Gmbh filed Critical Kwallet Gmbh
Priority to PCT/EP2014/060668 priority Critical patent/WO2015176772A1/fr
Publication of WO2015176772A1 publication Critical patent/WO2015176772A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/202Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/387Payment using discounts or coupons
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/0893Details of the card reader the card reader reading the card in a contactless manner

Definitions

  • the invention relates to a method for processing a transaction.
  • N FC Near Field Communication
  • Cash register device is identified to perform a transaction.
  • N FC Network-Fidelity
  • the object of the invention has been found to provide an improved method, so that the problems discussed above are avoided.
  • This task is performed by a transaction procedure according to
  • the subject of the invention is therefore a method comprising the following method steps, namely generating a session on a server for processing a transaction, wherein the session next to the server, a user device and a transaction device, which is designed to detect the transaction is able to participate in processing the transaction, and wherein the session is initiated by one of the devices, and automatically detecting the falling below a distance limit between the two devices to establish a contactless communication link between them and allowing the other device to join the session using the connection, and joining said other device to the session, and executing the transaction using the server when an execution confirmation is received from the user device participating in the session.
  • the user device can generally be a mobile, especially programmable user device, such. B. be a smartphone on the z.
  • a user application running e.g. is personalized to a user of the user device and serves to process a transaction.
  • the user device may also act as a computer, such as a computer.
  • a laptop or a tablet English tablet “tablet”, US engl. Tablet “notepad”
  • tablet computer be realized.
  • the transaction device may be configured as well as the user device and another application, for. B. run a cash register application, so that the transaction device forms a cash register device.
  • Transaction device can also be a permanently installed terminal, such.
  • the transaction device is designed to record a transaction.
  • the transaction can also z.
  • the invention has the advantage that all disadvantages of N FC technology are avoided, because the devices involved their
  • the user device or the user application has dual functionality, namely a start or trigger function (in the context of a first "TAP" of a user) for starting a processing of the transaction from the user's perspective on the other hand, a confirmation function (as part of a second "TAP" of a user) to confirm the
  • Transaction amounts means of payment and / or payment options, etc.
  • the actual storage of those data or parameters required to execute the transaction may take place on the server in a secure environment.
  • the server thus has in the system the importance of the secure storage and management location of transaction-sensitive data (e.g.
  • the user device In order to start the process of processing a transaction with the help of the user device, the user device is brought close to the transaction device by a user and automatically detects that a distance limit value has been undershot between the devices, followed by a contactless communication link between The two devices are made to both devices participate in the same session on
  • Enable server The automatic determination of the local proximity of the two devices to each other not only brings the technical advantage that a clear assignment of the two devices used in the transaction for use can be made. Rather, there is the important psychological but also safety-related aspect that a user of the user device by a corresponding movement (first "TAP") for establishing the adjacent positioning of the two devices, ie, for example, a movement of the user device out to the transactional device, his
  • Consent to involve the user device in processing a transaction.
  • a session in the present context is a data structure for temporary, logical connection of the user device, the transaction device, the server, as well as transaction-relevant data to the transaction upon receipt of the execution confirmation (caused by the second "TAP"). perform.
  • all three parties can exchange data with each other.
  • the bones may communicate with the server using a secure Hypertext Transfer Protocol (HTTPS).
  • HTTPS Hypertext Transfer Protocol
  • the data to be communicated can additionally be encrypted.
  • the session is initiated by one of the devices on the server.
  • the contactless communication between the devices serves to allow the other device to join the session.
  • the non-contact connection between the devices serves to instruct the other device to match its status with that of the server.
  • one device triggers the other device to retrieve new data regarding the transaction from the server or to change the status on the server by transferring data.
  • the contactless communication between the devices so there is no exchange of data that would authorize the individual device to actually execute the transaction alone. The same applies to the data exchange between the devices and the server.
  • the server Only when the server receives all the data necessary for executing the transaction when receiving the execution confirmation data at the server can the transaction actually be executed. Depending on the implementation, the server can finally execute the transaction or forward it to a transaction execution server for execution.
  • the recognition of the undershooting of the distance limit value as well as the establishment of the connection between the devices can take place before or after the generation of the session.
  • the server and the two devices or the applications running on them each have a key pair (consisting of a private and public key) to sign and / or encrypt data to be delivered, messages or information and in which the identity of the communication partner sending the data, etc., to the receiving communication partner.
  • the devices or the applications running on them are known or registered with the server.
  • the server knows the public keys of the devices or the applications running on them.
  • Timestamps ensure that individual procedures in the procedure can not last longer than permitted. With the help of the time stamp, it is possible to ascertain that time periods which have been defined as permissible have been exceeded, and consequently that the method is terminated for reasons of expiry and / or safety considerations.
  • This identifier is generated by the server for the relevant period of time and can avoid unnecessary communication effort between potential communication participants. This identifier can be used when communicating with each other or with the device Server to be checked.
  • the automatic determination of the distance between the devices can, for. B. done in an optical manner, wherein z. B. a built-in one of the bone camera is used.
  • the camera can capture an image (such as a QR code) displayed on the other device's display.
  • an image that is mounted on the housing of the other device can be detected and thus the distance can be determined.
  • the detection of the undershooting of the distance limit value is carried out with the aid of a measurement of a signal strength or a signal level of a received radio signal.
  • It is preferably a radio signal in accordance with the Bluetooth standard, particularly preferably according to the Bluetooth Low Energy specification, which is transmitted by means of communication means of a first type (Bluetooth communication means) from one of the devices, preferably from the transaction device the other device, preferably the user device is received.
  • a first type Bluetooth communication means
  • Signal level compared to a threshold value and, if the signal strength or the signal level exceeds the threshold, falls below the threshold
  • the advantage of using Bluetooth technology is that technology is used in the
  • the device has a standard with respect to the wireless communication properties Bluetooth communication level, which can be controlled via an operating system interface, or via which the status of the communication level and the communication parameters can be queried.
  • the signal strength is represented by a Received Signal Strength Indicator (RSSI).
  • RSSI Received Signal Strength Indicator
  • the RSSI forms an indicator for the reception field strength. Since the RSSI usually has no specified unit, the value of the RSSI must be interpreted in accordance with the manufacturer's data sheet, with usually a higher RSSI value indicating a higher receive field strength. The value of the RSSI thus serves as a measure for the distance. Consequently, a specific value of the RSSI is used, which is used as the distance limit value.
  • transaction data are recorded with the aid of a transaction
  • This measure constitutes another safety criterion. Concretely, for example, with the help of the
  • Motion sensor of the user device the deceleration of the user device when approaching the transaction device (represented by the
  • Movement data of the motion sensor are measured.
  • a radio signal is thus generated by the transaction device and the user device, the presence of a radio signal field strength of this radio signal above a certain value during a time window of z. B. 0.8 seconds and simultaneously detects the deceleration.
  • the user device determines the execution of the start or trigger function (first "TA P" of the user) and can communicate this state (eg with the aid of Bluetooth low-energy) to the transaction device and, if necessary, over another
  • the two devices establish a communicative connection with one another after detection of the undershooting of the distance limit value.
  • connection setup device identifications but also offered device services can be queried or exchanged and subsequently used.
  • the generation of the session can then basically be initiated by each of the two devices. According to a preferred embodiment
  • the communication means of the third type can be replaced by any Internet-enabled communication means, such. Wired or wireless
  • the communication means of the second type are advantageously for Internet-based communication in a radio network, such. WLAN, etc., or a mobile network, e.g. UMTS, GSM, LTE, etc. trained.
  • a radio network such. WLAN, etc.
  • a mobile network e.g. UMTS, GSM, LTE, etc. trained.
  • the device initiating the session preferably receives the transaction device in a communication with the aid of
  • Communication means of the third type from the server, a session identifier and communicates this session identifier to the other device, preferably the user device in a communication by means of the communication means of the first type.
  • the session identifier can have a unique session number and also a timestamp for defining the creation time of the session or else a device signature of the device applying the session.
  • the other device in particular the user device, communicates with the aid of
  • Joining the session may depend on the validity of the aforementioned device signature.
  • Communication means of the second type are preferably designed to communicate in a mobile radio network for mobile data transmission of a mobile radio network operator.
  • the transaction device is configured to capture the transaction.
  • the transaction device deposited in one
  • Communication with the server using the third-type communication means the detected transaction on the server, preferably associated with the session, especially preferred as part of the session. This avoids unauthorized interventions and possible manipulation of the transaction.
  • the transaction can be stored on the server in the form of transaction data in a database.
  • the user device At the time the transaction is deposited on the server, the user device has no information regarding the details of the transaction. Prior to this, only the establishment of the connection with the transaction device took place in order to allow the joining of both devices to said session, to which the transaction is now assigned. To notify the user device of the existence of the deposited transaction, the transactional device initiates a query of the transaction from the server in communication using the first type of communication with the user device at the user device.
  • the server communicates a representation of the transaction to the user equipment in communication using the second type communication means, and then waits for receipt of the execution confirmation from the user equipment using the second type communication means , This has the advantage of not having the data relevant to the execution of the transaction, such as
  • Access data for a user account means of payment or
  • Payment options or references to it, or access to a loyalty program or parameters of the loyalty program, etc. are made available to the user device, but all these data in the secure server remain protected, thus manipulation of the session or the associated data mentioned is excluded. Rather, the user device is only told what the user device and the user need to know to confirm or reject the transaction. For example, one is enough
  • Discount options are provided by the server for delivery to the user device for the information of the user.
  • the execution confirmation may be sent to the user device in a variety of ways, e.g. B. by movement of the user device or by receiving an acoustic signal caused by the user or by a detection of the touch of the user device or one of its components (eg button, screen) are initiated by the user. It has proved particularly advantageous for the user device to have the execution confirmation as a result of detection of a predefined one
  • Interaction caused by a user is generated and sent out. This corresponds to detecting the confirmation function (second "TAP" of a user).
  • the execution confirmation is represented by digital data using the communication means of the second type to the server
  • the session identifier e.g. the session identifier, the signed tip and TAN information, and the signed billing information.
  • Execution confirmation the transaction is executed directly on the server or on a communicatively connected to the server transaction execution server.
  • PCI Payment Card Industry
  • Transaction device accessible thus exists in the form of a database that allows the server or transactional device to automatically activate or involve the correct loyalty program for the transaction.
  • server-side implementation e.g. one
  • a registered user can benefit from the loyalty program if he wishes to execute a transaction on a transaction device of the relevant trading company or service provider. In the case of the availability of the loyalty program on the transactional device that does
  • the parameters of the loyalty program are discount coupons which are processed in their digital representation in accordance with the preceding discussions.
  • the final status of the execution of the transaction is communicated from the server to the user device and / or to the transaction device.
  • individual means of communication are used.
  • User device executed a personalized application for a particular user, which is used for interaction with the user, the transaction device and the server and is designed to uniquely identify to the server, and thus an automatic selection of parameters relating to the transaction, such , B. which applies to the user or
  • the transaction is a payment transaction.
  • the aforementioned communication means of the three types are realized at or in connection with the appropriate devices (user device, transaction device, server) and ensure that different communication methods or channels are used in the communication between the respective devices, whereby a fraudulent motivated manipulation of the communication between the devices is reliably avoided. Only if the communication according to the three
  • the condition must be met that the transaction device confirms that exactly this transaction is to take place, signed and deposited on the server, the server has checked this and in turn signed to the user device has communicated and the user device or the application running there released this and in turn signed to the server has communicated. Only the realization of this condition allows the server to execute the transaction.
  • the execution of the transaction (preferably only) can be triggered exactly at the time when the condition comes about.
  • the server can thus be used to prepare the execution of the transaction as part of the session.
  • Executable transaction must be pending only for a minimum amount of time (a few milliseconds) and consequently a fraudulent motivated manipulation of a pending and already released transaction with very high
  • a reference to an information required to execute the transaction preferably stored on a transaction execution server, is made up of a first part reference and a second part Reference in server composed. Dividing the link into two and adding it to the actual usable reference only at the end of the processing of the transaction adds to the security of the procedure.
  • the first partial reference was made by the server and the second partial reference by a user device
  • the encrypted symmetric key is transmitted from the server to the application during the processing of the transaction, the application decrypts the symmetric key and passes the decrypted symmetric key to the server and the server decrypts the second partial reference with the symmetric key.
  • the second partial reference is therefore only after the
  • a partial reference was first encrypted by the server a first time, then was transmitted from the server to the user device, the user device was encrypted a second time and then from the User device was transmitted to the server and stored there in double-encrypted form.
  • the security measures discussed ensure that a transaction is not triggered by either the user device (or the application running on that user device), the server, or the transactional device (or the application running on the transactional device) alone can.
  • the safety-related behavior used is similar to that of a bank safe deposit box. In the present case, each of the devices involved (user and transaction device, server) must have its own
  • FIGURES SHORT DESCRIPTION
  • FIG. 1 is a block diagram of a transaction system according to the invention
  • Fig. 2 a sequence diagram visualizing the method according to the invention
  • Fig. 3 in a manner analogous to FIG. 2 shows another embodiment of the
  • FIG. 1 shows a transaction system 1 for executing a payment transaction, which has as a user device a mobile telephone 2, as a transaction device an electronic point-of-sale terminal 3 and a server 4.
  • the mobile telephone 2 has communication means of a first type 7 for communicating according to the specification "Bluetooth Low Energy" and
  • Communication means of a second type 8 for Internet-based, radio-based communication according to a mobile radio standard eg GPRS, GSM, UMTS, etc.
  • a mobile radio standard eg GPRS, GSM, UMTS, etc.
  • the point-of-sale terminal 3 is operated by a trading company and is designed to record a payment transaction, which can take place automatically or manually. In doing so, goods and associated prices are registered and a total price to be paid is determined.
  • the POS terminal 3 has communication means of the first type 7 and Third-type communication means 9 for Internet-based,
  • wired communication eg LAN
  • This may have advantages, but the third type 9 communication means may also have one
  • the point-of-sale terminal 3 is connected to a data processing system 10 of the trading company for the purpose of carrying out administrative processes, e.g. Inventory, Ein u. Sales, accounting, etc. connected, which also has communication means of the third type 9 and to implement the said processes a first
  • Processing stage 11 has.
  • the server 4 is from a service company
  • Payment method is used to process a transaction recorded by the terminal 3, taking into account a user as well as
  • Mobile phones 2 are provided. During installation on the mobile telephone 2, the application 5 and the user authorized to use the application 5 are registered on the server 4, so that the user can be clearly identified via the application 5 installed on the mobile telephone 2.
  • Server 4 also offers payment options for each user (account information, available credit cards, etc.) or references thereto, as well as the loyalty programs of various retailers available to the user.
  • the server 4 has a second processing stage 12 for the stated purposes.
  • the server 4 also comprises third-type communication means 9 and a connection (eg via the Internet) to second-type communication means 8, which are in the form of mobile-communication devices 13 of a
  • Mobile network operator e.g., AI, 3, Telering, etc.
  • FIG. 1 also shows a transaction execution server 14, which likewise has communication means of the third type 9 and a third processing stage 15 for carrying out payment transactions for a user.
  • the transaction execution server 14 is operated by a payment service provider.
  • the three processing stages 11, 12 and 15 have in non-exhaustive list z.
  • the communication means of the first, second and third types 7 - 9 are abbreviated to Comtypl 7, Komype 2 8 and Komtyp3 9.
  • FIG. 1 also shows the movement of the mobile telephone 2 starting from a first position 16 towards a second position 17 and away from the second position 17 towards a third position 18.
  • the course of movement follows the two arrows 19 and 20.
  • Starting position (position 16) and end position (position 18) may be different or identical.
  • the respective movement patterns between the starting and ending positions can be identical or
  • Button 22 is pressed, the deposited on the server 4 from the point of sale terminal 3 transaction executed, wherein subsequently using the in the figure 2
  • the POS terminal 3 checks by means of Komtypl 7 in a first step 101 whether it receives a radio signal according to Bluetooth Low Energy. Since the application 5 has already been started on the mobile telephone 2 and the mobile telephone 2 generates such a radio signal with the aid of its shortcut 7, such a radio signal is received and evaluated at the POS terminal 2 and a data record is created for identification at the POS terminal. The mobile phone 2 is at this time still at the first position 16, from which it is now moved in the direction of the second position 17 (see Figure 1).
  • a second step 102 the POS terminal 3 automatically checks whether the mobile telephone 2 has been introduced into a range within the distance limit value R (for example along the arrow 19 shown in FIG. 1), that is to say the distance limit value R has fallen below has been. This is done by measuring the signal level of the received radio signal and comparing the averaged over a time window of, for example, 0.8 seconds measured value with a predefined threshold value. As soon as the
  • a connection is established between the devices 2 and 3 in steps 103 to 109, in which services are polled by the mobile telephone 2, characteristics of the services are determined, and finally a connected status is established.
  • a session is generated on the server, in which both the mobile phone 2 and the POS terminal 3 are involved.
  • a session is generated on the server, in which both the mobile phone 2 and the POS terminal 3 are involved.
  • Point-of-sale terminal 3 generated random number together with a unique one
  • Identification of the point-of-sale terminal 3 communicates with the mobile phone 2 with the help of Komtypl 7.
  • the receipt is confirmed in an eleventh step 111 using the Komtypl 7.
  • a request to create a session is sent from the mobile phone 2 by means of the type 2 com 8 to the server 4, where the session is established. From the server 4 is in a
  • a signature of the session formed from identification of the POS terminal 3, the random number, a session identifier and a
  • a request to join this session is sent from the mobile phone 2 to the POS terminal 3.
  • the received request is first checked at the POS terminal 3, whether in fact the receiving POS terminal 3 is addressed. For this purpose, the request is evaluated in terms of the identifier of the POS terminal 3 and the random number. As far as this test is completed positively, the POS terminal 3 communicates by means of Komtyp3 9 in one
  • the server 4 confirms in a sixteenth step 116 by means of the Komptyp3 9 the POS terminal 3 to join the session.
  • the POS terminal 3 queries in a seventeenth step 117 using the Komtyp3 9 from the server 4 from the permitted discounts for the recorded payment transaction.
  • the server 4 takes into account the identity of the user uniquely determined according to the installed application.
  • the server 4 also uses the unique identifier of the point-of-sale terminal to take into account the clearly defined trading company and can thus select the loyalty program permitted for the transaction and check in the data of the loyalty program whether the user has received a rebate (eg in digital form Discount coupons) of the total price determined in the course of recording the transaction.
  • a rebate eg in digital form Discount coupons
  • the discount communicated from the server 4 to the point-of-sale terminal 3 in an eighteenth step 118 by means of the type 3 is taken into account at the point-of-sale terminal 3 and the total amount to be paid reduced by the discount is calculated and in a nineteenth step 119 by means of the type 3 9 of the Point-of-sale terminal 3 communicates to the server 4, where the transaction is deposited in the form of a payment order marked with a payment identifier associated with the session. The identification of the affected user is guaranteed via the session. From the server 4 is in a
  • the twentieth step 120 a confirmation of the stored payment order with payment ID using the Komtyp3 9 is transmitted to the POS terminal 3.
  • a twenty-second step 122 under Knowledge of the session identifier of the mobile phone 2 with the help of Komtyp2 8 sends a query of a payment order to the server 4.
  • a twenty-third step 123 is then from the server 4 only for the user of the mobile phone 2 for deciding essential information of the payment order such.
  • the mobile telephone 2 shown in FIG. 1 can still be located within the distance limit R or already outside again.
  • an indication of the information essential for the user to decide takes place analogously to that shown at the third position 18.
  • Point 3 terminal after which the transaction is canceled, which in Fig. 2 is not shown. However, if the user touches the first button 22, the process illustrated in FIG. 2 is continued.
  • an execution confirmation is generated in a twenty-fourth step 124 by means of the Komype2 8 and communicated to the server 4.
  • the transaction is executed by contacting the server 4 with the transaction execution server 14 and receiving the final status of execution of the transaction from the transaction execution server 14.
  • this status is transmitted to the mobile telephone 2 with the aid of the type 2 com.
  • a representation of this execution confirmation is sent to the point-of-sale terminal 3 by means of the commytpl 7. The representation of the execution confirmation only shows the terminal 3 the consent to execute the
  • the execution confirmation as such relates to the session identifier and the payment identifier and is thus uniquely assignable to the server.
  • this status is queried by the server 4 with the aid of the comtype 3 9 and in a twenty-ninth step 129 by means of the comptype 9 9 to the point-of-sale terminal 3 communicates. Both devices 2 and 3 and the server 4 then terminate the session.
  • Transaction execution server 14 was added to the sequence diagram at its right edge.
  • Starting point of the discussion is that with the help of the cash terminal 3 a total for a payment transaction was determined.
  • the application 5 As soon as the application 5 is started on the mobile phone, it checks whether it has already received one from the server 4 for the relevant day
  • the "DailyToken" is a unique for each day generated by the server 4, unique and originally only the server
  • a further step 203 the creation of a session for processing a payment transaction is initiated and created on the server 4.
  • the server 4 transmits the for the newly created session unique session identifier and the "DailyToken" to the POS terminal.
  • ailyToken is checked again and, as far as the "DailyToken" received by the point-of-sale terminal 3 is deemed valid, in a further step 209 with the aid of the session identifier known from the mobile telephone 2
  • Application 5 completed the session on the server 4 and confirmed in a further step 210 by the server 4 joining. From this point on, the server 4, the point-of-sale terminal 3 and the mobile telephone 2 or its application 5 are logically connected by means of the session and can exchange coded information with one another.
  • accession to the session is communicated by the application 5 to the point-of-sale terminal 3.
  • a payment order is set up, which is assigned to the session.
  • the payment order is signed by the cash terminal 3 on server 4 deposited.
  • the server 4 confirms in a further step 213 the establishment of the payment order and a TAN code (eg a three-digit numerical code), ie a one-time password, to the
  • Point of sale terminal 3 communicates and visualized there in a further step 214 by means of its ischemititt the user of the mobile phone 2.
  • Point-of-sale terminal 3 requests application 5 in a further step 215 to check the existence of a payment order on server 4 for the known session.
  • the application 5 in a further step 216 now requests from the server 4 the payment order pending for the session. Subsequently, the server 4 generates billing information in a further step 217 and supplements the billing information by the billing information in a further step 218. The server 4 then transmits the billing information in a form signed by it in a further step 219 to the application 5. The billing information is thus in the server 5 tested and signed form in the application 5 before. There, the amount to be paid (for example EURO 37.50) is visualized by means of the screen 6 to the user of the mobile telephone 2.
  • EURO 37.50 the amount to be paid
  • step 219 the TAN code is also transmitted to the application and visualized with the aid of the screen 6. So he does not have to be typed explicitly, which is a relief for the
  • the user when paying relatively low amounts.
  • the user before confirming the transaction, can compare the TAN code displayed on the mobile telephone 2 with that TAN code displayed on the POS terminal 3 and make his confirmation dependent on the identity of the two displayed TAN codes.
  • Mobile phones 2 and the TAN code is only displayed on the cash terminal 3, where it is read by the user for security reasons and manually enter on the mobile phone 2.
  • Tip amount and / or after entering the TAN code which is determined by the application 5 in a further step 220.
  • step 221 the fact of the user's consent as such is communicated from the mobile phone 2 to the point-of-sale terminal 3 without any further data.
  • step 222 information previously received from the application 5 (in particular the session identifier) is transmitted in form signed by it to the server 4 as an execution confirmation.
  • the signature of the payment order is checked at the server 4 in a further step 223, the payment order is supplemented, for example, with information about the tip, the status of the payment order is set to accepted, and an ALIAS (a reference to a payment method)
  • an ALIAS prefix (first partial reference), formed by z.
  • first partial reference Eg the first m digits of the ALIAS
  • second part reference formed by z.
  • the n digits of the ALIAS following the m digits are joined together.
  • the generation of the ALIAS prefix and the ALIAS suffix was carried out in accordance with a procedure preceding this transaction procedure in the context of the creation of a new payment method (payment card). This was a selection of a z.
  • the server 4 generated the ALIAS prefix, which is a
  • Payment card is assigned in the application 5, and the application 5 generates the ALIAS suffix for this payment card.
  • the server 4 received from the application 5 the ALIS suffix.
  • the server 4 encrypted the ALIAS suffix with a self-generated symmetric key and then placed the ALIAS suffix in its database.
  • the symmetric key was with an asymmetric key
  • the encrypted symmetric key is transmitted from the server 4 to the application 5 in step 219, the application 5 decrypts the symmetric key and passes in step 222 the decrypted symmetric key to the server 4.
  • the server 4 the entire ALIAS now the server 4 decrypts the ALIAS suffix with the symmetric key, assembles ALIAS prefix and ALIAS suffix, and thus can use the ALIAS.
  • the server 4 contacts the transaction execution server 14 with the various payment-relevant data in a further step 224 and makes all necessary Data, in particular also the ALIAS, which identifies a payment card, handed over to him.
  • the confirmation of the execution of the payment is communicated in a further step 227 from the server 4 to the application 5, where the execution of the transaction is visualized by means of the screen 6 for the user.
  • the application requests in a communication in a further step 228 the POS terminal 3, its status to
  • the POS terminal 3 queries the status of the session identifier from the server 4 in a further step 229.
  • the advantage is ensured that payment of an amount can not be triggered either by the mobile telephone on which the application 5 is running, by the server 4 or by the POS terminal 3 alone.
  • Button 22 (ok) by a user) has enabled and signed the transmission of the execution acknowledgment, can accurately for exactly that amount at that exact time for the parameters set by the POS terminal 3 and server 4 and acknowledged by the application Once the secure payment is triggered (resp. transferred to the analogy of the locker the locker will be opened).

Abstract

L'invention concerne un procédé qui comprend les étapes suivantes : création d'une session sur un serveur afin de traiter une transaction, un appareil d'utilisateur ainsi qu'un appareil de transaction adapté pour saisir la transaction pouvant participer à la session, en plus du serveur, pour le traitement de la transaction, la session étant lancée par l'un des appareils ; détection automatique du passage en-dessous d'une distance limite entre les deux appareils afin d'établir entre eux une liaison de communication sans contact et permettre l'inclusion de l'autre appareil dans la session par le biais de ladite liaison ; inclusion dudit autre appareil dans la session ; et exécution de la transaction à l'aide du serveur lorsqu'une confirmation d'exécution est reçue de l'appareil d'utilisateur participant à la session.
PCT/EP2014/060668 2014-05-23 2014-05-23 Procédé de traitement d'une transaction WO2015176772A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/060668 WO2015176772A1 (fr) 2014-05-23 2014-05-23 Procédé de traitement d'une transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/060668 WO2015176772A1 (fr) 2014-05-23 2014-05-23 Procédé de traitement d'une transaction

Publications (1)

Publication Number Publication Date
WO2015176772A1 true WO2015176772A1 (fr) 2015-11-26

Family

ID=50943281

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/060668 WO2015176772A1 (fr) 2014-05-23 2014-05-23 Procédé de traitement d'une transaction

Country Status (1)

Country Link
WO (1) WO2015176772A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT521646A1 (de) * 2018-08-24 2020-03-15 Res Industrial Systems Engineering Rise Forschungs Entwicklungs Und Grossprojektberatung Gmbh System zum Verarbeiten von Anfragen mobiler Geräte
US20200320520A1 (en) * 2014-07-16 2020-10-08 Mastercard International Incorporated Systems and Methods for Monitoring Performance of Payment Networks Through Distributed Computing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070259690A1 (en) * 2006-04-14 2007-11-08 Qualcomm Incorporated Distance-based presence management
EP2611123A1 (fr) * 2011-12-29 2013-07-03 Research In Motion Limited Dispositif de communication mobile fournissant des fonctions de sécurité de communications de champ proche et procédés correspondants
WO2013134769A1 (fr) 2012-03-09 2013-09-12 Mastercard International Incorporated Systèmes, procédés et supports pouvant être lus par ordinateur permettant de réaliser une transaction électronique par le biais d'un système de serveur principal
EP2701107A1 (fr) * 2012-08-24 2014-02-26 Samsung Electronics Co., Ltd Appareil et procédé de fourniture d'informations d'interaction en utilisant l'image sur l'affichage d'un dispositif

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070259690A1 (en) * 2006-04-14 2007-11-08 Qualcomm Incorporated Distance-based presence management
EP2611123A1 (fr) * 2011-12-29 2013-07-03 Research In Motion Limited Dispositif de communication mobile fournissant des fonctions de sécurité de communications de champ proche et procédés correspondants
WO2013134769A1 (fr) 2012-03-09 2013-09-12 Mastercard International Incorporated Systèmes, procédés et supports pouvant être lus par ordinateur permettant de réaliser une transaction électronique par le biais d'un système de serveur principal
EP2701107A1 (fr) * 2012-08-24 2014-02-26 Samsung Electronics Co., Ltd Appareil et procédé de fourniture d'informations d'interaction en utilisant l'image sur l'affichage d'un dispositif

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200320520A1 (en) * 2014-07-16 2020-10-08 Mastercard International Incorporated Systems and Methods for Monitoring Performance of Payment Networks Through Distributed Computing
AT521646A1 (de) * 2018-08-24 2020-03-15 Res Industrial Systems Engineering Rise Forschungs Entwicklungs Und Grossprojektberatung Gmbh System zum Verarbeiten von Anfragen mobiler Geräte

Similar Documents

Publication Publication Date Title
DE102008035391A1 (de) Verfahren zur Authentifizierung
DE102009016532A1 (de) Verfahren zur Durchführung einer Applikation mit Hilfe eines tragbaren Datenträgers
WO2013056783A1 (fr) Terminal mobile, terminal de transactions et procédé de réalisation d'une transaction à partir d'un terminal de transactions en utilisant un terminal mobile
EP2393032A1 (fr) Procédé de sortie d'une application à l'aide d'un support de données portatif
EP1869630A1 (fr) Procede de confirmation d'une demande de prestation de service
DE102011075257B4 (de) Beantwortung von Anfragen mittels des Kommunikationsendgeräts eines Nutzers
EP3246865A1 (fr) Procédé et système de transmission de données de transaction par l'intermédiaire d'un réseau de données public
WO2005031667A1 (fr) Procede pour effectuer une transaction electronique
EP3428866A2 (fr) Dispositif de transmission et de traitement de données et procédé de transmission et de traitement de données destinés au paiement d'une marchandise ou d'un service
WO2015176772A1 (fr) Procédé de traitement d'une transaction
WO2013011043A1 (fr) Système mobile pour transactions financières
WO2016074789A1 (fr) Procédé de vérification de la validité d'un ticket ; dispositif mobile
CN107944850A (zh) 定期账户转存方法以及装置
DE102009056116B4 (de) Verfahren und Einrichtung zur Autorisierung einer Transaktion
DE102007024144B3 (de) Verfahren und Anordnung zur schnellen Kurzanmeldung eines Benutzers an einem Diensleistungsportal mittels einer mobilen Kommunikationseinrichtung
DE102008045119A1 (de) Verfahren zur Durchführung eines Bezahlvorgangs
DE102012003859A1 (de) Verfahren und System zum Durchführen eines Bezahlvorgangs
DE102013006549A1 (de) Verfahren und System zum bargeldlosen Bezahlen oder Geldabheben mit einem mobilen Kundenterminal
DE102014017710A1 (de) Erstellen einer Rechnung aus einem statischen und einen dynamischen Teil eines Transaktionsdatensatzes
DE102013000967B4 (de) Verfahren zur Autorisierung einer elektronischen Transaktion
DE102005045887A1 (de) Entsperren von Mobilfunkkarten
DE102012005952A1 (de) Verfahren zur evidenzbasierten Absicherung mobiler Zahlungstransaktionen
WO2004070492A2 (fr) Controle de transactions effectuees au moyen de cartes de credit
WO2013189522A1 (fr) Procédé pour la gestion d'un coupon électronique
EP3435697B1 (fr) Procédé d'authentification d'un utilisateur contre un fournisseur de services et système d'authentification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14730447

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14730447

Country of ref document: EP

Kind code of ref document: A1