WO2019185791A1 - Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction - Google Patents

Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction Download PDF

Info

Publication number
WO2019185791A1
WO2019185791A1 PCT/EP2019/057852 EP2019057852W WO2019185791A1 WO 2019185791 A1 WO2019185791 A1 WO 2019185791A1 EP 2019057852 W EP2019057852 W EP 2019057852W WO 2019185791 A1 WO2019185791 A1 WO 2019185791A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
terminal
token
identification
money
Prior art date
Application number
PCT/EP2019/057852
Other languages
German (de)
English (en)
Inventor
Stephan WULLSCHLEGER
Dominik GRUNTZ
Markus Knecht
Original Assignee
Pbv Kaufmann Systeme Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pbv Kaufmann Systeme Gmbh filed Critical Pbv Kaufmann Systeme Gmbh
Priority to EP19713052.9A priority Critical patent/EP3776424A1/fr
Publication of WO2019185791A1 publication Critical patent/WO2019185791A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0658Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed locally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/105Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems involving programming of a portable memory device, e.g. IC cards, "electronic purses"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/18Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3678Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes e-cash details, e.g. blinded, divisible or detecting double spending

Definitions

  • the present invention relates to a system for securely storing, sharing and transmitting electronic values to a mobile device, in particular to an insecure mobile device (2) without a suitable security element, to the electronic value, to a method of secure storage, sharing and transmitting electronic values, as well as their use.
  • Electronic money also known as e-money, as well as all forms of other electronic values, ie e-values, such as vouchers of all kinds, vouchers, tickets such as event tickets and / or tickets for public transport, are becoming increasingly popular, because in most cases they offer significant added value compared to their traditional, non-electronic manifestations.
  • Paperless, electronic tickets for holidays and events, for example, can be sent to customers very cheaply and immediately.
  • Paperless vouchers - stored on a mobile device such as a smartphone, for example - are not lost because the mobile device - and thus also the voucher - is lost. typically always carries with you.
  • Entrances, accesses or authorizations, as well as multi-trip tickets in public transport can be electronically produced, stored and processed much more reliably and reliably than, for example, conventional punch or punch cards.
  • cashless payment of goods becomes ever more important.
  • the cashless payment against cash has great advantages.
  • the costs of managing cash such as staff costs, transport costs, insurance costs and maintenance costs, are eliminated for the trade.
  • no change is necessary in the payment process, since always the exact amount is deducted from the card.
  • a debit card payment can be paid at a payment terminal by the debit card assigned giro account with a financial institution, the corresponding amount of money is debited directly and credited to the giro account of the seller.
  • the debit card is tied directly to a specific Giro account and the payment terminal must be connected during the payment process with a payment service provider, ie Payment Service Provider, PSP, ie online. Accordingly, no money is stored on the debit card, but the card is only for the identification of the user. Offline payments can not be made.
  • PSP Payment Service Provider
  • the payment terminal must be connected to the payment service provider during the payment process, ie be online. Credit card payments can only be made offline off-line and only if they are available from both the bank and the vendor, ie provider resp. Seller, to be accepted. Thus, an offline payment is temporary, but not yet binding. A definitive payment with final and thus binding settlement can only take place if the payment has been checked online by one or more servers and / or people. In order to compensate for an associated increased risk of default, the transaction fees are correspondingly larger for credit card payments.
  • Cashless payment via debit cards and credit cards have prevailed in many areas of life and are almost indispensable. So it is not surprising that there are several different approaches to bringing debit card and credit card payment methods to the mobile phone in the recent past. Because the mobile phone is usually at hand and is rarely lost. And in case of loss, it can usually be located quickly or blocked remotely. Also, the access to your own mobile phone is protected, for example, by a secret access code. In addition, no money is stored on the mobile phone, which ensures a certain security against counterfeiting and misuse. Because this is ensured especially in debit card and credit card payment methods by a central server of money and credit institutions.
  • each of these products forms its own specific currency, which can also change the exchange rate to local currencies.
  • the exchange rate can fluctuate greatly within a short time. Since, as a rule, both the seller and the buyer want payment security and do not want to speculate on currency, such products are unsuitable for paying small amounts.
  • no offline payments in particular no transfer of e-money with final settlement without connection to the Internet at the time of payment, take place.
  • an Internet connection is recommended or even essential at the time of the payment, verification and / or debit procedure and is increasingly required by the operators.
  • verification and / or debit If there is no Internet connection available - for example in a mobile phone breakdown or in the event of a sudden failure of the Internet - the payment, checking and / or debiting procedure can not be carried out in extreme cases.
  • an e-value in the form of a monetary value, and thus money, electronically stored on a portable medium, such as a smart card one speaks of electronic money, also called e-money.
  • an e-money card also called a prepaid card, prepaid card or prepaid card
  • an amount of money is stored electronically directly on the card.
  • the corresponding amount is then deducted directly from this card.
  • the user can then debit money from such a credit card so long to make purchases until the amount of money is used up. Since in payments with a prepaid card the creditworthiness of the buyer, ie the user of the prepaid card is given, there are no or very low transaction fees, which is usually advantageous for both the buyer and the seller.
  • prepaid cards can also be used to pay for payment terminals that are offline at the time of the payment process. not connected to the Internet or a central server.
  • the vending machines and their payment terminals are very rarely equipped with Internet connectivity.
  • payment systems based on e-money resp. Prepaid cards or prepaid cards compared to payment systems based on debit cards and in particular credit cards comparatively cheap for the seller, because at every payment process with debit card and credit card incur negligible fees. Not to Underestimate the cost of infrastructure needed for debit and credit cards and their maintenance, further increasing fees.
  • prepaid cards include a security element.
  • Such cards are also called smart cards. They are relatively expensive and are usually issued by a trusted entity, such as a trusted partner of a financial institution. To further increase the security of such prepaid cards they are often only for a limited time and are usually limited to certain outlets. For an operator of outlets with prepaid cards, the prepaid cards are also relatively complex to manage. Also, the user can not easily query the current balance on a prepaid card. In addition, he often has different prepaid cards, which is perceived as confusing and disadvantageous.
  • identification card for example a personal ID card or physical asset such as an admission ticket
  • a mobile phone-based e-value card such as a prepaid card
  • identification card for example a personal ID card or physical asset such as an admission ticket
  • it is central, that paid with her, a person expelled or can be entered, if at the time of payment, identification resp. Entry process, the mobile phone has no Internet connection, i. that can also be paid, identified or entered offline with the mobile phone-based prepaid card.
  • Table A Storage and transfer of values using the example of money and e-money. Listed are known electronic means of payment and object of the invention in terms of the manner of money transfer, storage of e-money and offline payment options. All known means of payment are widely used and widely accepted by banks, banks and users. The same applies to other e-values such as material assets and identifications.
  • E-banking is understood in a broader sense, ie in addition to online banking systems for recording transfers between bank accounts and software tools for the management of proprietary network money credit and the like are included.
  • E-money includes all electronic money and monetary units such as tickets.
  • K *> K stands for Account ⁇ account, i. from account to account.
  • a money transfer during a payment transaction from account to account means that the money is transferred from one account of one financial institution to another account of the same or another financial institution, the money also being able to be transferred via intermediate accounts.
  • a security element SE of type 1 allows safe storage of
  • Keys and data such as a PIN code and card details, ie to the means of payment, as well as the execution of crypto algorithms in a safe environment (see table D). This is essential for the core task of debit card, getting cash at an ATM.
  • a known cryptocurrency is Bitcoin.
  • a prepaid card means a smartcard on which e-money or other e-values can be stored.
  • GK ⁇ T stands for transfer between prepaid card and terminal and G ⁇ T stands for transfer between device and terminal. The money transfer to the prepaid card resp. on the device is not listed.
  • a type 2 SE safety element In addition to the functionality of a Type 1 SE, a type 2 SE safety element also allows saving of electronic money or other E values (see Table D).
  • Temporary means that a payment can be made offline temporarily, but this is not yet binding. A final and thus binding settlement can only take place if the payment has been checked online by one or more servers and / or people.
  • a security element SE is not necessary.
  • a security element SE type 1 can be used.
  • the E value stored on the mobile phone must have a very high protection against forgery and fraud. Nevertheless, the mobile phone should not have to fulfill specific security requirements, ie storing and transmitting E values should also be possible with so-called non-secure devices.
  • the query / transfer process must be able to be processed quickly, ie have a short transaction duration, so that the system is accepted by its users.
  • the transmission of e-values should be final in all cases, so that no participant in the transmission process ever has to pay in advance or wait for a subsequent transfer confirmation.
  • the system should prevent the value slip, ie the erroneous loss or double crediting of values or value shares.
  • At least one mobile device (2) selected from the group consisting of a mobile phone, smartphone, tablet, notebook, laptop, smart wearables, smart card (6), USB stick, SD memory card, embedded device, memory IC and another , especially for the system (1) provided mobile device, wherein on at least one E value (4) is stored in the device (2), the E value (4) representing an identification, a tangible value or electronic money, ie electronic money,
  • control body (7) being a network
  • Security element SE which is installed directly in the device (2) or in a plurality of devices (2 "), represents a trusted user of the device (2) or the plurality of devices (2"), or a server,
  • the E value (4) is present as an E value (4 *), wherein the E value (4 *) at least one load token TL (41) and after a first query / transfer process and at least one of the load Token TL comprises different donation token TS (42), and / or
  • the terminal (5) comprises at least one security element SEALS-SE (3), wherein the security element SEALS-SE (3) for the retention, division as well as the interrogation or transmission of E values (4, 4 *) with mandatory conclusion Also with a device (2) without security element SE and without Internet connection at the time of the query / transfer process is suitable, and
  • Terminal (5) and the device (2) are autonomous at the time of a binding completion request / transfer process and do not need to be connected to a control device (7) and thus can be offline,
  • the controlling body (7) is not a server.
  • E-value (4 **) is an electronic identification and represents an electronic asset and at least one load token TL (41) and after a first query / transfer process at least a donation token TS (42) different from the load token TL (41), wherein
  • the load token TL (41) is stored on the device (2) and comprises electronic data for the E value (4 **) stored on the device (2),
  • the donation token TS (42) is stored on the device (2) and / or terminal (5) and electronic information on the interrogation / transfer process of the stored on the device (2) E value (4 **) includes, and
  • a method for counterfeit-proof storage, sharing and querying or transmitting E-values (4, 4 *) with the inventive system (1) and / or inventive E-values (4 **), the method at least one of following steps a) to d) comprises:
  • an E-value polling / transmission process (4, 4 *, 4 **) with binding completion without Internet connection at the time of the polling / transmission process comprising a polling / transmission process of the E-value (4, 4 *, 4 **) on the device (2) through the terminal (5), from the device (2) to the terminal (5) or from the terminal (5) to the device (2), the terminal (5) at least a physical one Security element SEALS-SE (3), the device (2) and the terminal (5) communicate with each other and the interrogation / transmission process of the E value (4, 4 *, 4 **) of at least one donation token TS ( 42) is represented,
  • At least one control device (7) stores the telegrams received by the devices (2, 2 "), processes them, and forwards other messages via the devices (2, 2") to the terminal (5), and / or
  • the terminal (5) checks the correctness of at least the donation tokens TS (42) received from the devices (2, 2 ") using the security element SEALS-SE (3),
  • Also claimed is a method for the secure storage, sharing and interrogation or transmission of inventive E-values (4 **) with the device (2) at a terminal (5), wherein the E-value (4 **) at least one Load token TL (41) and after a first query / transfer process and at least one of the load token TL (41) different donation token TS (42), wherein
  • the load token TL (41) is stored on the device (2) and electronic information on the device (2) stored E value
  • the donation token TS (42) is stored on the device (2) and / or on the terminal (5) and comprises electronic data for the inquiry / transfer process of the E value (4 **), and
  • the current total value of the E value (4 **) stored on the device (2) by the sum of the load tokens TL (41) of the value less the sum the donation token TS (42) of the asset is represented.
  • inventive system (1) the inventive E value (4 **) and the inventive method for forgery-proof storage, sharing and querying or transmitting E-values (4, 4 *, 4 **) with the device (2) even if the device (2) and the terminal (5) during the query / transfer process have no contact with the control device (7) and are therefore offline, wherein, if the E value (4, 4 *) E-money represents, the control body (7) is not a server.
  • a physical security element SEALS-SE (3) at a terminal (5) for tamper-proof storage, sharing and querying or transmitting E-values (4, 4 *, 4 **) with the device (2) on a Terminal (5) using the inventive system (1) and the inventive method claimed, wherein the security element SEALS-SE (3) for the storage, retrieval and transmission of E values (4, 4 *, 4 **) with binding conclusion is also suitable with a device (2) without security element SE and without Internet connection at the time of the query / transfer process, whereby the query / transfer process can also take place when the device (2) and the terminal (5) during the query / transfer process no contact with other devices (2 ") and / or a control body (7) and thus are offline.
  • the inventive method and the inventive uses can surprisingly with an unsafe mobile device (2), such as
  • an unsafe mobile device (2) such as
  • a mobile phone without security element SE electronically not only online, but also offline, ie even in places that have no mobile and / or Internet connection at the time and / or place of payment, a transmission of an E value (4, 4 *, 4 **) or a part thereof.
  • the insecure mobile phone can be used as a device (2), for example, as a secure identification card, secure asset and / or as a secure credit card, with which also forgery can be identified, queried, canceled, deducted and / or paid for offline.
  • the E value (4 **) of the present invention and the E value (4 * ) preferably used in the system (1) according to the invention has a very high protection against forgery, abuse and transmission. Nevertheless, the query / transfer process of the E value (4, 4 *, 4 **) quickly - and preferably also contactless - are handled, even if relevant for a query / transfer process devices such as the device (2), ie For example, the mobile phone and the terminal (5), at the time and / or at the place of the query / transfer process are offline.
  • the terminal (5) is the point-of-sale (POS) at a cash register or vending machine and the interrogation / transfer process is typically the payment transaction with the e-money.
  • POS point-of-sale
  • Table B The table shows the transaction duration of query /
  • the transaction duration is the time until a payment transaction at the point of sale, e.g. at the terminal (5), temporary or binding, i. Finally, completed.
  • a security element SE of type 1 allows the storage of the cryptographic key and of data such as card details (see Table D).
  • a security element SE of type 2 In addition to storing the cryptographic key and data, a security element SE of type 2 also allows saving of e-values such as e-money (see Table D).
  • a security element SE of type 3 also allows, in addition to the capabilities of a SE of type 2, the storage of E-values such as E-money in a means of payment without SE, i. Device (2), and transferring E-values from a payment means without SE, i. Device (2), to a terminal, i. Terminal (5), wherein only the terminal (5) mandatory such a security element
  • a suitable safety element SE of type 3 is the safety element SEALS-SE (see table D).
  • E value (4, 4 *) in the form of electronic money according to the present invention can not only be present in any national currency, but E values (4, 4 *) can also be displayed simultaneously on the same device (2) stored in different national currencies, complementary currencies, and currency-free any application.
  • the system (1) according to the invention, the method according to the invention and the use according to the invention can also be expanded by a smartcard (6), whereby only this and not the device (2) itself has to be carried along.
  • E values (4, 4 *) may, for example, be paid to vending machines and / or in the canteen for users who are located within a company premises and during this time with one or more E values (4, 4 *), for example, as e-money and / or drinking or food vouchers want to be of great use.
  • the present invention also allows the E-value (4, 4 * , 4 ** ) stored on the device (2) to be viewed and / or managed on the display with input field of the device (2).
  • the system (1) of the present invention surprisingly integrates the advantages of, for example, the prepaid card in mobile phones, and thus in existing mobile devices (2).
  • the mobile device (2) does not need a security element SE in order to achieve a final settlement within a maximum of a few seconds during the interrogation / transmission process, such as, for example, during a payment process with e-money (4, 4 *).
  • E values (4, 4 *, 4 **) can be stored on the thus unsafe device (2) and a query / transmission process can be triggered at a terminal (5).
  • a query / Transfer process not only online, but also completed offline binding, ie the settlement is also carried out offline and thus without Internet connection concluding.
  • crypto currencies in contrast to credit cards offline, only a temporary settlement can be performed.
  • the transaction fees are correspondingly greater.
  • the transaction time ie the time until a payment process is completed, is typically more than 5 minutes for cryptocurrencies, and thus many times longer than in the present invention
  • Table C The following table shows the possibilities of E values in
  • the present invention known electronic means of payment in relation to the use of electronic money, security elements SE in the means of payment and in the terminal (5), as well as offline settlement, i. final settlement without internet offering, i. offline, faced.
  • offline settlement i. final settlement without internet offering, i. offline, faced.
  • the information also applies analogously for transmission types of other E values.
  • Temporary means that a payment can be made offline temporarily, but not yet binding. A final and thus binding settlement can only take place if the payment has been checked online by one or more servers and / or people. Cryptocurrencies behave similarly to credit cards in offline payment transactions.
  • the donation token TS (42) is not or not correctly stored on the terminal (5), this will be communicated to the same terminal (5) in a next interaction. Until further contact, the donation token TS (42) remains stored on the device (2, 2 ") and recognizable as an incomplete transfer and reserved for the terminal (5). If the terminal (5) receives a donation token (42) several times, it is still used only once.
  • Post-published WO-A-2018/114654 discloses a system (1) for secure payment with e-money (4) comprising at least one mobile device (2) with electronic money (4), at least one terminal (5) and mandatory at least a server (7).
  • E-money (4) can be safely stored and transferred with a device (2) without security element SE and without Internet connection at the time of payment with final settlement.
  • the terminal (5) and the device (2) at the time of a payment process for a final Settlement not be connected to the server (7) and thus can be offline.
  • US-A-2016224977 describes a method by which a first, in particular mobile, device is used to obtain a first token, wherein the first token is associated with a monetary amount and a start date with respect to the availability of the monetary amount.
  • the first device After the first token obtained by the first device, the first device generates a second token associated with the first token and the second token's creation date, wherein the first device is the second token and the second token's creation date to a second, particularly mobile, device provides.
  • the mobile devices are connected to a server of the service provider, which in turn is connected to a processing network.
  • the processing network is in communication with an authorization server which authorizes new tokens.
  • the tokens on the devices represent a kind of check, ie check, which can be passed as a whole or in part in the form of a second or further token to another device. Relevant information about each token is stored in a separate storage space, such as a vault, independent from the device, or entered in a central public registry. With the tokens, ie checks, payments can be made to a merchant's computer. For this, the mobile device can be offline.
  • a token does not include electronic money and also does not constitute a prepaid card, but a token in the form of a check mounts money stored on a central server such as the authorization server. If a token is transferred to a new device, this is also entered in the public register. Thus, a token entitles to demand money, but is not itself money.
  • the first and second tokens also do not differ in structure and purpose from the token, but merely contain other information.
  • Real offline payments without Internet connection can not be carried out, because at least the merchant computer must have an active connection with the processing network, since an external server validates a payment, ie carries out a final settlement.
  • External networks, servers and computers are essential for completing a payment and for final settlement of the payment.
  • the mobile device typically has a security element SE, but not the merchant computer.
  • the System (1) ie the system (1) according to the invention, the system (1) used according to the invention and the system (1) used in the method according to the invention, are particularly suitable for forgery-proof storage, parts and storage Querying or transmitting any electronic values (4), ie E-values (4).
  • the system (1) also includes storing, dividing and interrogating or transmitting the E value (4 * ) used according to the invention and / or the inventive E value (4 **).
  • the transmission of the E-value (4, 4 *, 4 **), or a part thereof, from the terminal (5) to the device (2) typically occurs when a tangible or electronic money is transferred to the device (2) For example, when a ticket is purchased or e-money is transferred to the device (2).
  • a copy of the E-value (4, 4 * , 4 ** ) or the part thereof is understood in particular to be a copy of the donation token TS (42), since the donation token (TS (42) on both the device (2 ) as well as being stored on the terminal (5), whereby the copy may be identical to the original or recognizable as such.
  • the system (1) according to the invention, the E value (4 **) according to the invention, the system (1) used in the method according to the invention and the use of the system (1) according to the invention comprise a large number of very different embodiments and fields of use Diversity were not expected.
  • the security against counterfeiting - especially the forgery-proofing of e-certificates - and the traceability of the history are important features of the system and are available at all times. Thanks to the slip-free offline Transferring e-values, even with mobile, non-secure devices with a short transaction time, can not be done twice or not at all.
  • the system (1) comprises at least
  • a mobile device (2) selected from the group consisting of a mobile phone, smartphone, tablet, notebook, laptop, smart wearables, smart card (6), USB stick, SD memory card, embedded device, memory IC and another, specifically for the system (1) provided mobile device, wherein on the device (2) at least one E value (4) is stored, wherein the E value (4) an identification, a tangible or electronic money, ie E-money, represents
  • control body (7) wherein the control body (7) a network, a security element SE which is installed directly in the device (2) or in a plurality of devices (2 "), a trusted
  • the E value (4) is present as E value (4 *), the E value (4 *) being at least one load token TL (41). and after a first query / transfer process also comprises at least one of the load token TL different donation token TS (42).
  • the E value (4 *) includes not only one type of token, but at least two types of tokens.
  • the terminal (5) comprises at least one security element SEALS-SE (3), wherein the security element SEALS-SE (3) for the storage, division and queries or transmission of E - Values (4, 4 *) with binding ie final, also with a device (2) without security element SE and without internet connection at the time of the polling / transmission process, the terminal (5) and the device (2) at the time of a polling / transmission
  • Transfer process for a mandatory completion of the query / transfer process must not be connected to the control body (7) and thus can be offline.
  • the E value (4) is present as E value (4 *), the E value (4 *) being at least one load token TL (41). and, at the latest after a first query / transfer process, also comprises at least one donation token TS (42) different from the load token TL (41).
  • the terminal (5) comprises at least one security element SEALS-SE (3), wherein the terminal (5) and the device (2) at the time of a query /
  • Transfer process for a mandatory completion of the query / transfer process must not be connected to the control body (7) and thus can be offline.
  • the controlling body (7) according to the invention does not include a server.
  • Secure devices (2) are devices (2) which contain a security element SE of type 2 or type 3 (see Table D), which is used for the secure storage, division and transmission of E values (4, 4 *, 4 **) and is therefore available for offline transmission of E-values (4, 4 *, 4 **) and released for use by third parties.
  • Insecure devices (2) accordingly have no suitable security element SE, resp. the existing suitable security element SE is not available for use.
  • the system (1) also includes a system in which essentially only mobile devices (2, 2 ") are used which have a security element SE for the secure storage and / or transmission of E values (4, 4") *, 4 **) and thus are considered as safe mobile devices, as long as in the system (1) also insecure mobile devices (2, 2 ") that no security element SE for the secure storage, division and transmission of e-values (4 , 4 *, 4 **), E-values (4, 4 *, 4 **) can be transmitted securely from a mobile device (2, 2 ") to a terminal (5)
  • the inventive system (1) is in transmitting the E value (4, 4 *) from the device (2) to the terminal (5) in all cases, especially if both the device (2) as well as the terminal (5) offline, an unconditional and binding, ie final, completion of the polling / transmission process. In the case of a payment transaction, this results in an electronic money transfer with unconditional settlement, hereinafter referred to as settlement, with final effect.
  • settlement an electronic money transfer with unconditional settlement, hereinafter referred to as settlement, with final effect.
  • the transferred E-value (4, 4 *) becomes the property of the owner of the mobile device (2) Owner resp. authorized user of the terminal (5). If the E value (4, 4 *, 4 **) represents an identification, electronic data are sent to the requested E value (4, 4 *, 4 **) as well as to the location, which is indicated by device (2) and the
  • Terminal (5) can be defined, the chronology and, if necessary, the timing of the query from the owner of the mobile device (2) conclusive and binding to the owner resp. authorized user of the terminal (5).
  • Both the transmitted E value (4, 4 *, 4 **) as well as the requested information on the E value (4, 4 *, 4 **) are unique, undistinguishable, verifiable and traceable.
  • the system (1) comprises secure payment with any e-money (4), including cryptocurrencies, e-money
  • e-money (4) are preferred in the form of local currencies.
  • e-money (4) in this embodiment comprises in particular the E value (4 *) according to the invention and used according to the invention in the form of e-money and e-money in the form of national currencies, which is stored for example on prepaid cards.
  • the system (1) in this embodiment does not include a server as the control organs (7)
  • the E value (4) used in the inventive system (1) is preferably the E value (4 ** ) according to the invention and / or the E value (4 *) used according to the invention.
  • the secure interrogation and / or transmission of at least one E value (4, 4 *, 4 **) in the system (1) according to the invention and with the methods according to the invention is preferably carried out without contact, ie. that a radio link between the device (2) and / or the smart card (6) with the terminal (5) is necessary.
  • the user first transfers a value via a terminal with the system (1) according to the invention
  • the user with the system (1) typically transfers money to the device (2) via a charging station or bank account, where it is stored as E value (4, 4 *) in the form of E-money (4, 4 *) is saved.
  • Paper money which is given for example in a charging station
  • book money which is transferred from a bank account to the device (2) is, respectively, by the operator of the charging station. from the financial institution, in which the bank account created, transferred to a pool account. Its equivalent is stored as e-money (4, 4 *) on the device (2) or the smart card (6). If necessary, electronic money (4, 4 * ) stored on the device (2) can also be transferred further to a smartcard (6).
  • the pool account typically has no knowledge of the e-money (4, 4 *) accounts on the individual devices (2, 2 ") and is not informed about the individual transfer transactions. Moreover, it has no significance for the implementation of a final settlement, ie a binding conclusion.
  • the book or paper money on the pool account belongs, for example, to the operator of the charging station or a financial institution, but not to the owner of the device (2) and thus the E value (4, 4 *).
  • the pool account is also not relevant to a payment process. If the E value (4, 4 *, 4 **) is not E-money, typically no pool account is needed.
  • the value of the purchased goods is the e-money (4) on the device (2) subtracted and the terminal (5) resp. the attached to the terminal (5) resp. connected cash register - and thus the seller - credited.
  • the information for this transfer ie the payment process, is transmitted to the control body (7), which can then cause the amount credited to the seller at the cash register to be transferred from the pool account, for example, as book money to the bank account of the seller.
  • the corresponding amount of e-money on the terminal (5) is subtracted, resp. destroyed, ie deleted.
  • the terminal (5) need not have a direct connection to the control body (7), in particular, the terminal (5) even at the time of a query / transfer process, regardless of whether it is connected to a cash register or not, not directly with the control body (7) be connected and thus can be offline.
  • the terminal (5) can communicate with the device (2), for example by means of a short-range radio connection such as NFC, and the device (2) can communicate with the control device (7) again by means of a data network connection, the information is transferred from the Terminal (5) via the device (2) to the control body (7) forwarded.
  • the information on the query / transfer process of the terminal (5) for example, by means of NFC to the device (2) are transmitted, but not necessarily from the device (2) to the control body (7) and not necessarily from the terminal (5) to the control body (7).
  • this information can be transmitted from the device (2) to the control device (7) at a later point in time, ie when the device (2) can re-establish a connection with the control device (7) and is therefore online.
  • the terminal (5) and the control unit (7) need not have either a direct or an indirect, for example via a device (2, 2 "), data network connection at the time and place of the payment transaction ,
  • the device (2) of the system (1) according to the invention and of the method according to the invention is a mobile device (2) with or without security element SE for the secure storage and / or transmission of E values.
  • the device (2) can be a safe or unsafe device (2).
  • the device (2) is a portable device that is functional even without a fixed connection to an installation.
  • the device (2) optionally comprises software, ie, for example, an app with which the stored on the device (2) E value (4, 4 *, 4 **) is managed.
  • Insecure devices (2), (2 ") are devices (2) which have no security element SE for safe storage and / or transmission of an E-value (4, 4 *, 4 **) and are released for use by third parties is, ie Insecure devices (2), (2 ") comprise no security element SE or only a security element SE of type 1, which only allows the storage of the cryptographic key and private data, such as credit card details, and to protect the stored money from theft , z. B. by means of a malicious software, can be used (see also Table D).
  • an insecure mobile device (2) is a mobile device in which E-values (4, 4 *, 4 **) and software are neither securely stored nor protected against unauthorized access because the insecure device (2) is not suitable and / or or available hardware.
  • Insecure devices (2), (2 ") according to the invention also apply mobile phones of the newer generation, in which a security element SE is installed, for example, to securely store credit card data.
  • security elements SE are usually security elements of type 1 and thus can not be used for secure cashless storage, sharing and querying or transmission of E-values (4, 4 *, 4 **).
  • the term device (2) also encompasses a device (2 ') which is extended by a security element SEALS-SE (3) and optionally by a software. By this extension, the device (2 ') forms a terminal (5). Thus, the device (2 ') is considered a safe device (2).
  • the plurality of devices (2 ") comprise a plurality of different devices (2) which typically belong to different users who do not need to be in contact with each other.
  • sharing and querying or transmitting E-values (4, 4 *, 4 **) communicates
  • short-range radio link also called short-range radio transceiver or near-field radio transceiver, such as RFID, NFC, Bluetooth, Bluetooth Low Energy (BLE) or WiFi
  • contact connection such as USB or Firewire
  • optical connection such as IR, IRDA or NIR
  • acoustic connection or v) data networks such as TCP / IP.
  • Suitable devices (2, 2 ', 2 ") are commercially available and known in the art.
  • the device (2) comprises at least
  • the device (2) is a mobile device provided specifically for the system (1), this embodiment represents the preferred embodiment of the device (2).
  • Suitable device components such as mobile transceivers and short-range radio transceivers for contacting the control organ (7) or the terminal (5) are known in the art and commercially available.
  • Security element SE a chip understood, which allows any operations, including cryptographic operations in a secure environment, and which includes a secure key and data storage.
  • the security element SE represents a security element SE of the type 1, 2 or 3 and is installed directly in the device (2) and / or a plurality of devices (2 ").
  • the security element SEALS-SE (3) used according to the invention is a security element SE of type 3 (see Table D) with specific cryptographic capabilities which locally enable a binding conclusion of a query / transfer process, for example a final settlement of a payment transaction, even if the Device (2) and the terminal (5) are offline.
  • the security element SEALS-SE (3) is suitable for storing and transmitting E-values (4, 4 *) with binding conclusion also with a device (2) without security element SE and without Internet connection at the time of the inquiry / transfer process.
  • the abbreviation SEALS-SE stands for Secure E-value Accounting & Local Settlement - Secure Element.
  • Table D Definition of security elements SE of type 1, type 2 and type
  • the safety element type 3 corresponds to the safety element SEALS-SE (3).
  • the term accounting refers to the management of identifications, pseudonyms and / or signatures, and the term settlement refers to a binding conclusion of a transmission process.
  • a security element SE of type 1 allows the secure storage of the cryptographic key and data, such as credit card details.
  • a security element SE of type 2 additionally allows the secure storage of E values (4).
  • a suitable security element SE is the security element SEALS-SE.
  • the security element type 3 allows the settlement of the request / transfer process, even if the device (2) and the terminal (5) are offline.
  • Safety elements SE of type 1, type 2 and type 3 are commercially available.
  • the security element SEALS-SE (3) hereinafter also referred to as security element (3), SEALS-SE (3) or security element SEALS-SE, is suitable both for secure storage, i. Storage of E-values (4, 4 *, 4 **) as well as for the safe interrogation and / or transmission of E-values (4,
  • the security element SEALS-SE (3) is particularly suitable for the safe storage of E values (4, 4 *, 4 **) on a device (2) and the secure transmission of E values (4, 4 *, 4 **), especially for offline Transfers of E-values (4, 4 *, 4 **) from a device (2) to a terminal (5) and / or from a smartcard (6) at a terminal (5). This payment process can usually be done without contact.
  • the security element SEALS-SE (3) of the system (1) according to the invention is also a registered and not forfeitable security element SE, which is qualified in such a way that, without the additional authorization by a superordinate control point - and thus offline - an e-value Transfer with binding conclusion, and thus, for example, an e-money payment process with unconditional settlement with a final effect, can be performed.
  • the security element SEALS-SE (3) is responsible for security-related tasks in query / transfer operations between device (2) and terminal (5) and between smart card (6) and terminal (5).
  • the safety element SEALS-SE (3) protects the E-value (4, 4 *, 4 **) against misuse, unwanted external influences and / or manipulation.
  • the security element SEALS-SE (3) can be based on a conventional security element SE, which, for example, is processed with special software into a SEALS-SE (3).
  • the person skilled in the art can produce such security elements SEALS-SE (3) for example by means of suitable software and distinguish them from other security elements.
  • the security element SEALS-SE (3) thus differs from a conventional, commercially available security element SE of type 1 or type 2 in such a way that the security element SEALS-SE (3) for the E value transmission is provided by one device (2). is designed for a terminal (5) and / or vice versa, whereby only the terminal (5) must be equipped with a corresponding SEALS SE and not the device (2), and the E value (4, 4 *, 4 * *) on the device (2) - without protection by a local security element SE - is stored in the conventional non-volatile data memory.
  • the security element SEALS-SE (3) in the terminal (5) In addition to the settlement, it also assumes the task of abuse and forgery testing.
  • the SEALS-SE (3) security element can detect and prevent a double use of the same E value (4) to a very high degree, eg due to a system backup.
  • the security element SEALS-SE (3) has much higher cryptographic properties than a conventional, commercially available security element SE of type 1 or type 2.
  • the security element SEALS-SE (3) represents a security element SE of type 3 and, in addition to storing data such as cryptographic keys, i. Key, and credit card details (type 1) and storing E-values (4, 4 *, 4 **) (type 2) additionally transferring E-values (4, 4 *, 4 **) between device (2) and terminal, ie Terminal (5).
  • the security element SEALS-SE (3) used according to the invention thus differs significantly from security elements SE, which are partly used in mobile phones of the latest generation (security elements of type 1). Because such, commercially available security elements SE are due to their nature, for example, due to the software contained in the security elements, not for secure offline transmission of E values (4, 4 *, 4 **).
  • the security-relevant tasks performed by the security element SEALS-SE (3) used according to the invention typically include the authentication of the device (2), possibly the substitution of the control device (7) in the terminal (5), for example by verification and / or signing of the donation and load -Tokens, as well as the detection of certain fraud attempts at the terminal, such as double or multiple payment with only one set off.
  • the security element SEALS-SE (3) can advantageously generate signatures and check the load tokens TL (41) and / or donate tokens TS (42) caches, generate new e-value tokens (41, 42), and prevent certain tampering and fraud attempts.
  • the security element SEALS-SE (3) also monitors which asset is transferred from the device (2) to the terminal (5).
  • the SEALS-SE (3) provides tools for telegram encryption.
  • the safety element SEALS-SE (3) can not obtain the E value (4, 4 *, 4 **) obtained by the device (2) in the terminal (5) without the participation of an E-value (4, 4 *, 4 * *) of a device (2, 2 ").
  • the security element SEALS-SE (3) arbitrates in the system (1), represents the interests of the system (1), provides protection against fraud, and protects the integrity of the system (1).
  • the safety element SEALS-SE (3) is used in each terminal (5).
  • the security element SEALS-SE (3) in the terminal (5) represents a physical security element and advantageously comprises a processor with cryptographic suitability.
  • terminal (5) is understood to mean any transfer station with which an E value (4, 4 *, 4 **), or a part thereof, of a Device (2, 2 ") queried, to which an E value (4, 4 *, 4 **), or a part thereof from a device (2, 2") and / or of which an E value (4 , 4 *, 4 **), or part of it, can be transferred to a device (2, 2 ").
  • the terminal (5) is a mobile or stationary terminal.
  • Non-limiting examples of mobile terminals include police terminals for ticket control, customs for personal, animal and / or property identification, veterinarians for the identification of pets and / or breeding animals, for the examination of the disease history of animals, for counting systems for later billing, measuring systems for later billing, water meters, electricity meters and validation terminals, for example for public transport inspectors.
  • Non-limiting examples of fixed terminals include terminals at passport controls at airports, passport checks in security areas and company premises, for tickets for debiting such as ticket at stops, ticket for cinema, theater, museums or opera, event ticket, point of sale (POS ) such as sales offices, and / or a terminal for road pricing.
  • the terminal (5) is typically an arbitrary point-of-sale (POS), in which with a device (2, 2 ") Payment process with e-money (4, 4 *, 4 **) can be performed.
  • POS point-of-sale
  • the terminal (5) is typically an identification device and / or an opening / closing system, for example in high-security systems such as nuclear power plants, airports, police and / or customs.
  • the terminal (5) is typically a debiting device. This allows the user, if the system allows it, to Devaluation within a defined time - for example, during a movie in the cinema - as often as possible in and out again.
  • the terminal (5) is typically an electronic ballot box, in which the e-voting Value (4, 4 *, 4 **) can be transmitted from the device (2), ie can be agreed and / or elected.
  • Such an electronic ballot box can be arranged, for example, in the election office and / or in publicly accessible locations, for example mailboxes.
  • the terminal (5) is typically the measuring device on-site, wherein the mobile device (2) may comprise the memory which records the measured data.
  • an interrogation / transmission process can be carried out on a terminal (5) with or without security element SEALS-SE.
  • the interrogation / transmission process with E value (4 **) is carried out at a terminal (5) with a security element SEALS-SE.
  • a secure interrogation / transmission process at a terminal (5) can take place offline and with binding completion, resp. final settlement.
  • the terminal (5) according to the invention comprises a safety element SEALS-SE. This can also be done with a device (2, 2 ") without security element a secure payment process at a terminal (5) offline and with mandatory conclusion, resp. final settlement.
  • the terminal (5) also called transmission terminal or transmission station (5), executes in the inventive system (1) the query / transfer process from the device (2) to the terminal (5), provided that the device (2) the terminal ( 5) gives his consent. Also, the terminal (5) executes the interrogation / transmission process from the terminal (5) to the device (2), provided the terminal (5) gives the device (2) its consent thereto.
  • Consent is given when both the device (2) and the terminal (5) believe that their counterpart is integrity, authenticity and cooperative.
  • the terminal fulfills the tasks of the transmission process, such as the transfer of an amount from the device to the terminal, start of the product output or service - possibly after creation and transmission of an acknowledgment to the device (2), and possibly scattering the receipts on a variety of devices (2 ") and for transmission to the control body (7). This scattering is preferably carried out until at terminal (5) at least one receipt confirmation has arrived from the control unit (7), which confirms receipt of the acknowledgment by the control unit (7).
  • the terminal (5) also stores completed polling / transmission operations for billing and control purposes, and optionally sends the stored polling / transmission operations as transaction telegrams via the device (2) and / or the plurality of devices (2 "). to the control body (7).
  • the term terminal (5) preferably comprises a processor, a memory and / or a software.
  • the terminal is preferably operated via a user interface and / or controlled via a machine interface.
  • the Terminal (5) is - if the E value (4, 4 *, 4 **) in the form of e-money (4 *, 4 *, 4 **) is present - typically also part of a cash register or connected to a cash register , Suitable terminals (5) are commercially available and known in the art.
  • the terminal (5) of the system (1) according to the invention and of the method according to the invention comprises at least one security element SEALS-SE (3).
  • the security element SEALS-SE (3) verifies, at the beginning of a polling / transmission process, whether the E value (4, 4 *, 4 **) stored on the device (2) is trustworthy and consistent, i. error-free, is and recognizes and prevents the locally recognizable fraud attempts. If the E value is present as an E value (4 *, 4 **), then at least the relevant signatures of the most recent load tokens TL (41) and / or donation tokens TS (42) are recalculated and after token duplicates, and thus double transfers, such as double payments, so-called "double-spends" sought.
  • the security element SEALS SE (3) in the terminal (5) After the query / transfer process at the terminal (5) typically confirmed the security element SEALS SE (3) in the terminal (5) the validity of the load token TL (41) and / or the donation token TS (42) with a signature ie it provides the token with a complicated, unambiguously related bit pattern whose originality and authenticity can be essentially recognized and validated by anyone, but which can only be created by the security element SEALS-SE (3) itself and the control body (7).
  • the storage medium is thereby the carrier of E-values, for example, in G-money to the means of payment with which at the terminal (5) query / transfer operations - and thus payment transactions, with e-money (4, 4 *, 4 **) can be performed.
  • All listed carriers of as E-values allow with the corresponding security element SE at the terminal (5), for example, the loading, ie posting, and the debiting of assets and electronic money (4, 4 *, 4 **) in offline query - / transmission times of less than 5 seconds and a final offline settlement.
  • the information applies analogously to other E values (4, 4 *, 4 **) and their query / transmission types.
  • the security element SE in the terminal (5) is a security element of type 1, which no e-value (4, 4 *, 4 **) and thus can not store e-money, no e-money from the prepaid card be moved to the terminal (5), ie it can only be carried out a devaluation of the prepaid card as a whole.
  • Table E clearly shows that in the payment means of the present invention, ie in the device (2), no security element SE must be present and still a final settlement of the payment process can be achieved.
  • the query / transmission time for an offline payment remains at most in the low second range. According to the invention, this is essentially achieved by equipping the terminal (5) with a security element SE of type 3, ie a security element SEALS-SE (3).
  • the security element SEALS-SE (3) used according to the invention and used according to the invention makes it possible in particular also with an insecure device (2) at a terminal (5) to use a high security standard by means of E values (4 .
  • the terminal (5) does not need to be connected to the control device (7) at the time of an interrogation / transmission process and may be offline, even permanently.
  • the terminal (5) is typically a point-of-sale, in particular a vending machine, ie a vending machine, such as a beverage, coffee, coin , Newspaper, stamp, snack, parking ticket and / or cigarette machine.
  • a vending machine ie a vending machine, such as a beverage, coffee, coin , Newspaper, stamp, snack, parking ticket and / or cigarette machine.
  • Suitable terminals (5) are known to the person skilled in the art.
  • the terminal (5) is preferably a machine control, a monitoring device, an operating terminal, a parking garage barrier, a door control Turnstile, an access barrier, a debiting station, a road-pricing system, a counting and / or measuring station and / or any other device which, on the basis of its task, performs a check, receipt, transfer and / or issue of Values (4, 4 *, 4 **).
  • the terminal (5) may be connected to a cash register or the terminal (5) may be integrated into a cash register. This is particularly advantageous if the E value (4, 4 *) E-money and / or the E value (4, 4 *, 4 **) represents a voucher and / or voucher. Neither the terminal (5) nor the cash register must be connected to a control device (7) at any time, not even during a query / transmission process. Thus, the terminal (5) - and the cash register, if available - at no time have a telephone and / or Internet connection and it can be permanently offline.
  • the terminal (5) comprises a short-range radio transceiver, a contact-type connection, an optical connection, an acoustic connection and / or a data network connection for the data transfer between the device (2) and the terminal (5).
  • the terminal (5) preferably comprises at least
  • a user interface in particular a touch display, and / or a machine interface, such as a USB port, a short-range radio transceiver, a contact-type connection, an optical connection, an acoustic connection and / or a data network connection for the data transfer between the device (2) and the terminal (5), as well as
  • the terminal (5) of the system (1) according to the invention is formed by a device (2 '), wherein the device (2') comprises a device (2) which surrounds a safety element SEALSSE (3). and possibly extended by software and / or hardware.
  • the security element SEALS-SE (3) can be permanently integrated in the device (2 ') and / or connected externally to the device (2').
  • This embodiment is particularly advantageous when a mobile multifunction terminal (5) is desired, which for example also has all the advantages of a device (2 ').
  • Such a mobile terminal (5) comprising a device (2 ') with security element SEALS-SE (3) can be extremely advantageous for cashless street and / or beach sales, for example.
  • the system (1) according to the invention can comprise as device (2) a smartcard (6).
  • the E value (4, 4 *, 4 **) can be any desired E value (4, 4 *, 4 **) according to the present invention.
  • the smart card (6) is typically a conventional, commercially available smart card, such as a prepaid card. It includes a security element SE of type 2 for the safe storage, division as well as retrieval and / or transmission of E-values (4, 4 *, 4 **) to the to ensure necessary security against counterfeiting and misuse. Suitable smart cards (6) are known to the person skilled in the art.
  • the smart card (6) is considered secure if it has a security element of type 2 or higher and is released for use by third parties.
  • E value (4) stands for electronically mapped values, i. E-values, in any form, especially in known forms. Such E-values (4) are typically cryptographically encrypted to protect them from unlawful steps such as copying and / or robbery.
  • the term E value (4 **) stands for the E value according to the invention as such and is suitable for tamper-proof storage, sharing and interrogation or transmission of E values, in particular using the system (1).
  • the E value (4 **) represents an electronic identification and / or an electronic asset and comprises at least one load token (41) and after a first query / transfer process also at least one of the load token TL different donation token (42).
  • the E value (4 **) is not e-money.
  • the E value (4 **) may also include additional tokens, with the additional tokens capturing and / or transmitting other aspects of a transmission.
  • the E value (4 **) - or parts thereof - are stored on the device (2), wherein the device (2) is identical to the device (2) used in the system (1) according to the invention.
  • E value (4 *) stands for the E value used according to the invention in system (1), comprising a load token (41) and after a first interrogation / transmission process also at least one of the load token TL different donation token (42).
  • the E value (4 *) includes the inventive E value (4 **) as well as E money, provided that this is a load token (41) and after a first payment process also at least one different from the load token TL Spend Token (42).
  • the E value (4 *) may also include additional tokens, where the further tokens may capture and / or convey other aspects of a transmission.
  • the E value (4, 4 * , 4 ** ) surprisingly has many different uses in electronic form with very high counterfeit security and traceability and can be used very universally.
  • the system (1) and the device (2) may have a specific E value (4, 4 *, 4 **) or a multiplicity of different E values (4, 4 *, 4 **).
  • the E value (4, 4 *, 4 **) is an identification, a material value or electronic money, ie e-money.
  • the identification of the E value (4, 4 *, 4 **) preferably represents a person identification, an animal identification or a fact identification
  • the person identification also called person information, preferably selected from the group consisting of one
  • the animal identification also called animal information, preferably selected from the group consisting of an identification of a
  • the item identification also referred to as factual information, preferably selected from the group consisting of an identification of a valuable item such as diamonds, jewelery, watches, vehicle, car, motor bike, bicycle, ship, yacht, boat, plane, light aircraft and security; such as - the material value preferably selected from the group consisting of a ticket for debiting, admission ticket, travel ticket, multiple ticket as a Mehrfahrticket public transport, an event ticket, vouchers and / or loyalty points, e-voting documents, voting documents, election documents, counting system for later settlement,
  • Measuring system for later billing, road pricing tag, water meter and electricity meter The value in kind typically represents the value of a thing or a service. Tickets for debiting may be partially or completely canceled before or after the provision of the service. E-values of counting and / or measuring systems for later offsetting, for example in the form of road pricing, a water and / or electricity meter are typically summed up at the beginning of the measured size and periodically charged to the user.
  • the E value (4, 4 *) can also be electronic money, i. E-money
  • the control device (7) is not a server, and preferably does not include a server.
  • the person information is typically stored on the insecure device (2), whereby the person advantageously additionally recognizes himself with a PIN code and / or body feature such as fingerprint and / or face recognition. This ensures complete traceability of the person, which is of particular interest in a high-security environment such as nuclear power plants.
  • the unambiguous assignment of the device (2) to the animal takes place, for example, with an implanted chip or, on the basis of clear characteristics such as diamonds, by means of exact 3-D data of the diamonds and / or X-ray scan.
  • the traceability of things can be tracked completely, which is particularly important in valuables of high importance.
  • This is of great interest for diamonds, for example.
  • the exact 3-D data of the diamond, the weight, the purity and the number of carats on the device (2) - for example, a smart card (6) - are stored and used as identification (with).
  • the identification is stored in the form of an E value (4 *, 4 **), these entries are included in the load token TL (41).
  • the diamond can be checked and identified by re-acquiring the 3-D data and querying the data stored on the device (2).
  • a donation token TS (42) is generated at each query to a terminal (5), which is preferably stored on the device (2) and the terminal (5).
  • information about the query for example, the location and / or the time of the query, in the load token TL (41) input.
  • the diamond's identification is then adjusted and changes noted or shared in the load token TL (41).
  • a donation token TS (42) is regenerated.
  • the original load token TL (41) becomes invalid, with each new split diamond having to be assigned a new identity and thus a new load token TL (41).
  • the original load token TL (41) can be found in the E value (4 *, 4 **) - for example in the new load token TL (41) - to seamlessly document the history of the diamond.
  • Electronic money (4, 4 * ), ie e-money (4, 4 * ), is a known, specific and preferred embodiment of E values (4, 4 *).
  • E-money (4, 4 *) is also known by the terms e-cash, computer money, digital money and cyber money.
  • e-money is a third, newer manifestation of money.
  • e-money (4, 4 *) is preferably used in the form of national currencies, which can be stored, for example, on prepaid cards.
  • the e-money (4, 4 *) can also be in the form of cryptocurrencies.
  • the E value (4, 4 *, 4 **) is stored in the memory of the mobile Device (2) stored.
  • the E value (4, 4 *, 4 **) - or part of it - is transferred from the device (2) to the terminal (5).
  • the owner of the E value (4, 4 *, 4 **) is also the owner of the mobile device (2) resp. of the terminal (5).
  • the E value (4, 4 *, 4 **) is stored on the device (2) and managed with software. If the E value comprises a load token TL (41) and a donation token TS (42) and thus represents an E value (4 *, 4 **), the term "on the device (2) stored E value "understood that at least the load token TL (41) and preferably also the donation token TS (42) is stored on the device (2).
  • the storage of the E value (4, 4 *, 4 **) on the device (2) is preferably carried out in a secure memory, for example, a so-called electronic purse, also e-wallet or e-purse, and is independent, whether the e-value (4, 4 *, 4 *) E-money (4, 4 *) is another object, such as a ticket, a counting and / or measuring station, or an identification. If the E value represents (4, 4 *) e-money (4, 4 *), the e-money can be stored in any currency. It is also possible to use e-money (4, 4 *) in to store different currencies and, where appropriate, to pay with the corresponding currency.
  • System (1) with the device (2), in particular electronic money (4 *) for secure cashless payment with an insecure device (2) to a terminal (5) comprises at least one load token TL (41) and after a first query / transfer process and at least one of the load token TL (41) different donation token TS (42).
  • the load token TL (41) differs from the donation token TS (42) not only in the content of the tokens but the type of information contained in the load token TL (41) differs from the information which are contained in the donation token TS (42), clearly.
  • the load token TL (41) of the E value (4 *, 4 **) is stored on the device (2) and contains electronic information on the E value (4 **).
  • the load token TL (41) preferably also contains information about the device (2), respectively. to the owner of the device (2) and to the creation of the E-value (4 *, 4 **) on the device (2).
  • the donation token TS (42) of the E-value (4 *, 4 **) is stored on the device (2) and / or terminal (5) and includes electronic information on the query / transfer process of the device (2 stored E value (4 **) and thus represents a query operation of the E value (4 **) on the device (2) by the terminal (5), a transfer process of the E value (4 **), or a Part of it, from the device (2) to the terminal (5), or a transfer process of the E value (4 **), or a part thereof, from the terminal (5) to the device (2).
  • a separate donation token TS (42) is created for each individual device (2) / terminal (5) combination.
  • the donation token TS (42) is supplemented by information for the renewed query / transfer process, or created a new donation token TS (42).
  • the E value (4 *, 4 **) represents a material value
  • the current total value of the material value of the E value stored on the device (2) (4 *, 4 **) is represented by the sum of the load tokens TL (41) of the tangible asset less the sum of the donation tokens TS (42) of the tangible asset.
  • the at least one load token TL (41) and optionally at least one donation token TS (42) preferably contain at least one piece of information which allows a chronological order. Such information may be, for example, a timestamp, a token index and / or a transaction counter.
  • the E value (4 *, 4 **) stored on the device (2) after transmission operations at a plurality of terminals (5) for each E value (4 *, 4 **) i) comprises at least a load token (41) and ii) for each terminal (5) another donation token (42) and thus a plurality of donation tokens (42).
  • the donation token TS (42) of the E value (4 *, 4 **) preferably used in the system (1) and / or the inventive E value (4 **) is replaced by a transfer token TT (421) and a termination token TR (422).
  • the transfer token TT (421) represents an amount, ie a value in the form of a value for a power, which is transferred from a device (2) to a terminal (5) and / or from a terminal (5) to a device (2 ) was transferred.
  • the scheduling token TR (422) represents a binding completed polling / transmission process, ie information on the information retrieved at the terminal (5), transferred assets or e-money, and / or services rendered. In this embodiment, the transmission of the E value to the receiver is disconnected from the binding conclusion. Surprisingly, this increases the Robustness against connection interruptions between terminal (5) and device (2) and the value slip, that is lost or double credit of one or more E values is impossible.
  • the term donation token TS (42) also includes the two terms transfer token TT (421) and termination token TR (422).
  • the at least one load token TL (41) of the E value (4 *, 4 **) is stored on the device (2) and all load tokens TL (41) of the E value (4 *, 4 ** ) on the device (2) together comprise the sum of the credits of the E value stored on the device (2) (4 *, 4 **) in the form of tangible or electronic money, and the electronic identity as such, supplemented by the sum of relevant information about each query operation.
  • the optionally at least one donation token TS (42) of the E value (4 * , 4 **) is stored on the device (2) and all donation tokens TS (42) of the E value (4 *, 4 * *) on the device (2) together comprise the sum of the payments of the value stored on the device (2) E value (4 *, 4 **) for a tangible asset or an identification.
  • a load token TL (41) comprises only the information about the E value (4 *, 4 **) as such, and a donation token TS (42 ) only information about a query and / or transmission, such as a payment or passing a person through an electronic person control.
  • the individual load tokens TL (41) and individual donation tokens TS (42) of the current and previous query / transfer processes are arranged in different chains, so-called chains, which serve different purposes: For example, a chain may comprise all load tokens TL (41) and donation tokens TS (42) from a single device (2), thus forming a so-called value chain CV of the device (2), whereby the credit of a device ( 2) can be displayed.
  • Another, second chain can, for example, from all donations
  • Token TS (42) from a single device (2) with a single, specific terminal (5) form a so-called transfer chain CT.
  • a transfer chain CT represents all the E values (4 *, 4 **) transmitted from the device (2) to the specific terminal (5).
  • Another, third chain for example, from all donation tokens TS (42) of all devices (2, 2 ") with a single terminal (5) form a so-called POS-chain CP.
  • POS chain CP represents all the relevant information requested by the terminal (5) for identification and at the time of polling, and / or all tangible and / or electronic money transferred to the terminal (5), for example all received by the terminal (5) E-money (4 * ).
  • load tokens TL (41) and / or donation tokens TS (42) also other appropriate chains can be formed.
  • a chain optionally includes at least one load token TL (41) and optionally at least one donation token TS (42).
  • the sum of all credits of the load tokens TL (41) minus the sum of all debits of the donation token TS (42), for example, all payments forms the - in the case of e-money monetary - nominal value of a chain.
  • the entire previous chain is appended in highly compressed form to the new load token TL (41) or new donation token TS (42).
  • the latest, and thus most recent, token (41, 42) also includes the history of all previous query / transfer operations as a so-called hash.
  • Such chains with compressed history are called hash chains or hash chains.
  • E value for each E-value (4, 4 *, 4 **) a separate, dedicated, i. Specially designed, E value
  • each E value (4 *, 4 **) comprises at least one load token TL (41) and, after a first query / transfer process, at least one donation token TS (42) different from the load token TL (41). , wherein in the order of all tokens of the respective E value (4 * , 4 ** ), the history of the query / transfer operations of the E value (4 * , 4 ** ) is mapped.
  • the load token TL (41) a electronic identity, also known as means of identification, includes personal information such as face recognition, fingerprint, date of birth, place of birth, gender, weight, passport number or details of the person's illness,
  • the load token TL (41) is an electronic identity including animal information such as the species, breed, sex, weight, animal identification, vaccination certificate or competition prize won,
  • the load token TL (41) is an electronic identity comprising owner information, acquisition,
  • Weight, shape, type, origin, modification or specific characterization of the item such as the specific X-ray diffraction of a diamond
  • the load token TL (41) includes electronic information on the tangible asset and its history, and / or if the E value (4 *) represents e-money, the load token TL (41) comprises at least the amount of credit of the e-money stored on the device (2).
  • the E value (4 *, 4 **) if the E value (4 *, 4 **)
  • a person identification represents, the donation token TS (42) an electronic identification and inquiry proof is comprehensive data for the person identification and inquiry of the same at
  • Terminal (5) and information on the time, place or by whom the request is made, and, if
  • the donation token TS (42) is an electronic identification and interrogation certificate including information on animal identification and query the same at the terminal (5) and information on the time, place or by whom the query is made,
  • the donation token TS (42) an electronic identification and inquiry proof is comprehensive information on identification and query the same at the terminal (5) and information on the time, place or by whom the query is made, and possibly other information,
  • the donation token TS (42) represents an electronic value of the asset, such as a specific service provision, for example a ticket for debiting; a value of specific, for example, accumulated, tangible assets such as used electricity or water used; and / or in e-voting, for example, a combination of personal identification and material value, i. e. the selected persons or the selected voting question; and or
  • the donation token TS (42) at least the value of the goods purchased during the payment process / sold goods and possibly further information on the payment process, in particular to the device involved in the payment process (2) and terminal (5), and thus represents a payment process with e-money (4 *) from the device (2) to the terminal (5), wherein the donation token TS (42) at least on the device (2) or
  • Terminal (5) is stored.
  • the load token TL (41) represents the electronic identity and the donation token TS (42) the proof of identification, whereby at each check on the terminal (5 ) of the proof a donation token TS (42) is generated and the means of verification, ie Terminal (5) passes.
  • the history of the checks possibly in a reduced form - transferred.
  • a donation token TS (42) is created, whereby the load token TL (41) and thus the identity is mutated. Any older copy of the identity can never be used again for identification, which is a multiplication, resp. Forgery of an identity impossible.
  • the proof of identification in the form of a donation token (42) in the terminal (5) indisputably proves that the identity was identified at the present terminal (5). It is unfeasible and can be copied as often as you like.
  • the load token TL (41) can display the electronic ticket with all the necessary ticket information.
  • the donation token TS (42) contains the value of a service provision, ie a validation, whereby at each validation a new donation token TS (42) is generated and transmitted to the terminal (5). In this case, advantageously, the history of cancellations - possibly in a reduced form - with transferred.
  • the load token TL (41) can provide the electronic counting and / or measuring system with all the necessary information for counting and / or measuring system.
  • the donation token TS (42) preferably includes the item or items to be accumulated, typically at each count resp. Measurement a new donation token TS (42) is generated and transmitted to the terminal (5).
  • the donation token TS (42) represents the monetary value of the item purchased / sold during the interrogation / transfer process, which is stored as E value (4 *, 4 **) is transmitted in the form of the donation token TS (42) from the device (2) to the terminal (5).
  • the monetary value represented in the donation token TS (42) is subtracted from the credit on the device (2) and simultaneously credited to the terminal (5), the credit on the device (2) being stored by the difference of all the devices stored on the device (2)
  • Load token TL (41) and donation token TS (42) is represented and the credit is represented in the terminal (5) by the newly created donation token TS (42).
  • the load token TL (41) essentially contains the information about the identification and, in the case of property and electronic money, a credit to the E value (4 *, 4 **) which is preferably stored on the device (2). and the history of the older load tokens TL (41) as a hash, ie in a highly compressed form.
  • a corresponding donation token TS (42) contains essentially only the information on the most recent query e- / transfer process between the device (2) and a specific terminal (5), as well as the history of the older donation token TS (42 ) as hash, ie in strongly compressed form.
  • the E value (4 *) and / or the inventive E value (4 **) preferably used according to the invention are based on a hash chain, wherein at least one hash chain is used comprising at least one load token TL (41) and optionally at least one donation token TS (42).
  • the E value (4 *) and / or the E value (4 ** ) preferably used according to the invention are based on at least two different hash chains.
  • a first hash chain comprises at least one load token TL (41), possibly the older load tokens (41) as history, and optionally at least one donation token (42).
  • a second hash chain comprises at least one donation token TS (42) of the first hash chain and possibly the older donation tokens (42) as a history.
  • the subdivision of the E value (4 *) preferably used in the system (1) according to the invention and in the E value (4 **) according to the invention and the E value used in the method according to the invention (4 *, 4 **) in at least two of one another different tokens (41, 42) surprisingly has a number of advantages.
  • different chains and hash chains can be created. This makes it possible to take inquiry / transfer operations with extremely high security requirements and without slippage offline, which is not possible with today's systems using mobile - typically unsafe - devices alone.
  • the number of hash-chain elements required for traceability, ie tokens (41, 42) is greatly reduced, allowing much faster processing.
  • saving, processing, and / or submitting can be done much faster with two independent types of hash chains than if all the information is on a single hash chain.
  • the query / transfer process is significantly accelerated and it takes less space.
  • the system (1) becomes much less susceptible to errors such as transmission errors, which in turn increases the security of the system (1).
  • a hash chain, with which the total value of the E value (4 *, 4 **) is represented can be safely stored on an insecure device, ie for example on the device (2), although the device (2) has no security element, which protects the E value (4 *, 4 **) from unwanted manipulation.
  • Hash-chain also in other chains resp. Hashchains are present.
  • a manipulation is usually detected already during the transmission attempt and at the latest on the server and immediately corrected, for example by additional load and / or by the device on which a manipulation has been detected in the system (1) is locked.
  • the control organ (7) of the system (1) constitutes a network, a security element SE which is installed directly in the device (2) or in a plurality of devices (2 "), a trusted user base of the device (2 or the plurality of devices (2 "), or a server.
  • the security element SE preferably provides a security element SE of the type 1, 2 and / or 3, which directly in a device (2) and / or a plurality of
  • control device (7) is a safety element SE, which is installed directly in the device (2) or in a plurality of devices (2 "), the device (2) or the multiplicity of devices (2") can function as the control device (7) exercise.
  • security element SE is a security element SEALS-SE (3) and integrated in the device (2), the device (2) represents a device (2 '), which can thus perform the function of the control element (7).
  • the device (2, 2 ') or the devices (2 ") it is helpful to store suitable software which is stored on the device (2, 2') or the devices (2") is used.
  • the network i) comprises a distributed or distributed network, for example a P2P network or a blockchain, wherein the device (2) and / or a part of the devices (2 ") Or all devices (2") can be involved, ii) a sneakernet, ie a snorkelling network in which the telegrams or telegrams arising during the interrogation / transmission process remain in the terminal (s) (5) until they are stored, collected and collected at the terminal (5) via a physical data carrier of an authorized carrier and / or with an answer Or iii) a central or hierarchical network, for example a central network with a terminal (5), a device (2), and / or a device (2 '), a computer wherein the central or hierarchical network, for example can be centralized on the Internet, in a cloud and / or within a company premises.
  • a distributed or distributed network for example a P2P network or a blockchain
  • the control body (7) comprises at least one - in the electronic sense - intelligent unit.
  • the controller (7) i) typically maintains the journal, thus surveying the polling / transmission processes, for example E-money sales and, where appropriate, compensation monitors and detects a possible abuse, ie it is responsible for the so-called fraud detection; ii) typically prevents possible abuse, ie makes so-called fraud prevention; iii) typically allows identity management and awards certificates of validity to the devices (2), which can also be outsourced; iv) typically assigns keys to the security element SEALS-SE (3) or possibly replaces old or corrupted keys in a security element SEALS-SE (3), whereby this task can also be outsourced; and / or v) typically creates new SEALS-SE for new terminals (5), ie does the SEALS-SE issuing, whereby this task can be outsourced if necessary.
  • the control element (7) carries out one, several or all of these functions, the fraud detection i) and / or the fraud prevention
  • the control body (s) (7) is not a server and preferably comprises no server.
  • the system (1) comprises at least one control device (7)
  • the control device (7) is not necessary for off-line, off-line transmission operations, i. it does not validate a query / transfer process and thus does not participate in the binding completion of the transfer.
  • the E value (4, 4 *) represents e-money (4, 4 *)
  • a payment process can also take place without validation by the control body (7).
  • the control body (7) does not participate in the final settlement of a payment transaction.
  • the controller (7) is responsible for monitoring and controlling the interrogation / transmission processes involved in the transmissions, inconsistencies, counterfeiting and misuse of e-values (4, 4 *, 4 **) in the system (1) and, if necessary, take corrective action. If necessary, the controlling body can also revoke the pseudonymity of a user and initiate legal recourse.
  • the control body (7) is a routing, protocol and monitoring body and is not responsible for the performance of individual online and / or offline query / transmission operations, nor is it responsible for the mandatory completion of the transmission operations. In other words: With the system (1), transmission processes can also be carried out offline and conclusively without the control organ (7).
  • the control organ (7) detects and / or prevents a possible misuse of the system (1), allows the holder of the terminal (5) and the operator of the system (1) access to a transaction journal and can notify the holder of the terminal (5). and quickly enable the operator of the system (1), for example, to correctly exchange e-money (4, 4 *) for book or paper money.
  • the control body (7) also receives, stores and processes the telegrams received by the devices (2, 2 "), such as donation telegrams, resp. Receipts, and sends even telegrams such as acknowledgments, alarm information, blocking messages, etc. to the devices (2, 2 ', 2 ") and the devices (2, 2") to the terminals (5). It can also generate E value (4, 4 *, 4 **) and, if applicable, associated signatures and / or certificates, issue validity certificates to the devices (2, 2 ', 2 "), administer the certificates on the devices (2, 2'). , 2 ") located safe purses such as purses and checks their consistency, the control body (7) initiates, if necessary, the settlement of a query / transfer process or a collection of transfer operations, for example, with money transfer to the bank account of the seller.
  • the control element (7) used in the system (1) can have a multiplicity of different forms. Suitable control organs (7) are commercially available and known to the skilled person.
  • the control element (7) can be, for example, at least one device (2, 2 '), a multiplicity of devices (2 "), at least one security element SE, in particular a security element SEALS-SE (3), at least one terminal (5) and / or constitute an independent control body (7), whereby the independent control body (7) may consist of at least one device and / or one network.
  • the term server is understood to mean a specific electronic component which comprises a server hardware, i. a host computer, server software with a variety of utilities for other server-independent components, and a dial-in node.
  • the server is in a selected location in the form of hardware or in the form of a central cloud computer. If the component is removed from the server software and / or the dial-in node, the system (1) can no longer function.
  • the terminal (5) is not a server.
  • controlling body (7) is understood to mean a trusted controlling organ, ie a trustworthy controlling body (7).
  • a trusted controlling body typically includes a whole catalog of measures that make it trustworthy, such as i) if the controlling body (7) is a server, the location and the physical security positive, as well as the existing firewalls; (ii) if the control body (7) is a decentralized network, the existing surveillance circuits and redundancy; and (iii) if the control body (7) is security element SE, typically type 1 or 2 in the equipment (2), the trustworthiness and quality of the security elements SE.
  • the system (1) can be confident that the operations of the control body (7) are correct and within the meaning of Systems (1) and that these operations are not manipulated, falsified or otherwise influenced by the influence of third parties to the detriment of the system (1).
  • the control organ (7) can also carry the identity management, ie the identity management, the user and / or devices, if this is necessary and this is not on a service provider outside the system (1), such as Google or Facebook, is outsourced.
  • the optional control organ may issue, i. Issuing and administration, the security elements SEALS-SE (3) and / or the key management, i. Key management, if they are necessary and this is not outsourced to a service provider outside the system (1), for example, a trust center.
  • the control device (7) is typically connected to the devices (2, 2 ") and / or the terminal or terminals (5) by means of an unsteady and highly asynchronous connection.
  • the control element (7) does not need to communicate directly with the terminal (s) (5), but only indirectly via the devices (2, 2 ").
  • the inventive method for counterfeit-proof storage, sharing and querying or transmitting E-values (4, 4 *, 4 **) with the inventive system (1) and / or with the inventive E-values (4 **) comprises at least one the following steps a) to d). If the method comprises two or more of the following steps, The steps can be carried out in any order and / or simultaneously. be combined. In this case, when the E-value (4, 4 *) represents e-money, is used as the control body (7) no server - and preferably no control body (7) comprising a server. Also, the inventive E value (4 ** ) is not e-money.
  • Step a) of the method according to the invention comprises the storage of at least one E value (4, 4 *, 4 **) on the device (2) and / or the terminal (5), the E value (4 *, 4 **) at least one load token TL (41) and after a first query / transfer process and at least one donation token TS (42).
  • This can u.a. for the load token TL (41) and for the donation token TS (42) different permissions are granted, whereby secure offline transfers can be performed.
  • Step b) of the inventive method comprises an inquiry / transfer process with E value (4, 4 *, 4 **) with unconditional, ie binding, completion without Internet connection at the time of the query / transfer process, comprising a query / transfer Transmission process, ie a transaction, the E value (4, 4 *, 4 **) on the device (2) through the terminal (5), from the device (2) to the terminal (5) or from the terminal (5 ) to the device (2), wherein the terminal (5) comprises at least one physical security element SEALS-SE (3), the device (2) and the terminal (5) communicate with each other, ie the device (2) and the terminal ( 5) have a permanent, time-limited standing bidirectional connection during the polling / transmission process.
  • the query / transmission process of the E value (4, 4 *, 4 **) is represented by at least one donation token TS (42).
  • the security element SEALS-SE (3) in the terminal (5) the E value (4, 4 * , 4 ** ), in particular the donation token TS (42), is signed by the device (2). This becomes an unconditional and binding
  • binding conclusion of a query / transfer transaction or “final settlement of a payment transaction”, according to the invention is understood to mean that the creditworthiness of the customer is given, the query / transfer process is legally binding and complete and thus a final effect aut Vietnamese.
  • Such a final settlement is in contrast to a temporary, ie not yet definitive, settlement, as is the case for example when paying without Internet connection by credit card.
  • Step c) of the method according to the invention comprises exchanging at least one telegram, i. a message, message resp. Information between terminal (5) and the control body (7) and / or between the control body (7) and terminal (5), wherein the exchange of the at least one telegram preferably via the device (2) and / or a plurality of devices ( 2 ") takes place.
  • exchange is understood according to the invention a transmission with acknowledgment.
  • the exchange of the at least one telegram between terminal (5) and device (2, 2 ") preferably takes place at the time of a query /
  • Transfer process instead of and the exchange between device (2, 2 ") and control body (7) can take place at another time.
  • the device (2) may be online or offline at the time of a polling / transmission process.
  • Step c) comprises various specific embodiments i) to iv), which may optionally also be carried out in combination with one another and are explained in more detail below.
  • the terminal (5) exchanges at least one telegram with the control device (7) via the device (2) the query / transfer process.
  • at least one telegram from the terminal (5) via the device (2) to the control body (7) is transmitted.
  • the control unit (7) then sends via the device (2) to the terminal (5) a telegram with the acknowledgment.
  • the terminal (5) confirms that the polling / transmission process has been completed correctly and that, for example, if the E value (4, 4 *) represents e-money, that corresponding amount of money is available to the seller's bank account is transferred. Accordingly, the query / transfer process can be compensated for example with step e) of the inventive method.
  • the terminal (5) transmits at least one telegram, preferably all telegrams generated during the payment process, the request / transfer - Operation to the device (2). Since the device (2) is offline, it can not forward the at least one telegram to the control body (7) and accordingly receive no telegram with an acknowledgment and transmit it back to the terminal (5). As long as now at the terminal (5) from the control body (7) no telegram with the acknowledgment for the Telegram received the current query / transfer process, transmits the terminal (5) in subsequent transfer operations to a variety of other devices (2 ") the at least one telegram.
  • the device (2) and each of the devices (2 ") then send the at least one telegram to the control device (7) at least once until the at least one telegram is transmitted to the control device (7) and the control device (7) via at least one Device (2, 2 ") transmits a telegram with the acknowledgment to the terminal (5).
  • This allows a simple way a query / transfer operation offline, without the device (2) and the terminal (5) at the time of query / transfer process must have an online connection with the control body (7).
  • the control device (7) can send pending telegrams, in particular pending telegrams relating to at least one interrogation / transmission process with the same device (2) and / or with another device (2 "), ie communicate with at least one of the plurality of devices (2 "), at least one terminal (5), to the device (2), which later transmits this to the terminal (5).
  • This procedure surprisingly allows in a simple way that a user with a device (2) at the terminal (5), even offline, only once can perform a transmission, respectively. the receipt must nevertheless be confirmed by the control body (7) opposite the terminal (5).
  • both the device (2) and the terminal (5) are offline at the time of the interrogation / transmission process is not uncommon even in heavily industrialized areas .
  • Non-limiting examples include vending machine sales in basements, events in recreational areas with mobile phone hangs and short-term inaccessibility of the Internet and / or server (7).
  • the device (2) and / or at least one of the plurality of devices (2 ") receives a telegram with the acknowledgment of receipt.
  • This telegram is forwarded to the terminal (5) upon receipt of the device or devices (2, 2 ").
  • the plurality of devices (2 ") which receive the at least one telegram from the terminal (5) and typically delayed to the control body (7) forward, be the same or different with the plurality of devices (2"), which by the control body (7) receive the telegram with the acknowledgment of receipt.
  • the query / transfer process at the terminal (5) by means of a smart card (6) the query / transfer process is offline because the smart card (6) can not communicate with the control body (7).
  • the terminal (5) transmits after completion of the query / transfer process with the smart card (6) at least one subsequent query / transfer process with at least one device (2, 2 ") at least one telegram of the query / transfer process with the smart card (6 ) to the at least one device (2, 2 "). This transmission to at least one device (2, 2 ") lasts until the terminal (5) has received a telegram from the control organ (7) with the acknowledgment of receipt.
  • the terminal (5) transmits to the device (2) not only the message of inquiry / Transfer process from the device (2) with the terminal (5), but also the telegram of the previous query / transfer process from the smart card (6) with the terminal (5).
  • the device (2) online transmitted - analogous to embodiment i) - the device (2) to the control body (7) not only the telegram of the query / transfer process from the device (2) with the terminal (5), but also the telegram of the previous query / transfer process with the smartcard (6).
  • the control unit (7) transmits to the device (2) both the telegram with the acknowledgment of the query / transmission process from the device (2) with the terminal (5), as well as the telegram with the acknowledgment of the query / transfer process from the smartcard (6) to the terminal (5).
  • the device (2) in turn transmits both telegrams to the terminal (5) to confirm both query / transfer operations. These operations take only a fraction of a second or at most a few seconds for good connections. However, if the device (2) is offline, analogously to embodiment (ii), the terminal (5) does not receive a telegram with an acknowledgment of receipt of the transmission processes during the subsequent interrogation / transmission process with the device (2).
  • the terminal (5) transmits to at least one other device, typically to a plurality of other devices (2 "), the telegram of the current query / transmission process from the device (2") to the terminal (5), as well as the telegrams the previous transmission processes from the smartcard (6) to the terminal (5), from the device (2) to the terminal and optionally from other devices (2 ") to the terminal (5).
  • the devices (2, 2 ") in turn transmit the telegrams to the control device (7) at least once.
  • the control unit (7) typically immediately acknowledges receipt of the telegram by the control organ (7) sending back a receipt confirmation to the respective device (2, 2 ").
  • the terminal (5) may receive a plurality of acknowledgments of receipt for the same polling / transmission process, with only the first receiving acknowledgment having meaning.
  • Step d) of the inventive method comprises the monitoring and detection of abuse in the system (1) with at least one E value (4, 4 *, 4 **), wherein
  • At least one control device (7) stores the telegrams received by the devices (2, 2 "), processes them, optionally blocks at least one device (2, 2") for the system (1), and transmits other telegrams via the devices (2, 2 ") to the terminal (5), and / or - the terminal (5) using the security element SEALS SE (3) at least the received from the devices (2, 2 ") donation token TS (42) checks for correctness, optionally at least one device (2, 2" ) for the system (1) blocks and / or rejects, and optionally by means of at least one telegram on the devices (2, 2 ") to the control body (7) forwards.
  • the server can block the device (2, 2") by sending corresponding telegrams to the devices (2, 2 "). 2 ") sends. These forward the telegrams to at least one, preferably to a plurality of, in particular to all, terminal (5) on.
  • the terminals (5) recognize a locked device (2).
  • the control body (7) analogous other telegrams with, for example, control information on the devices (2, 2 ") forward to the terminal (5). This further increases the safety standard of the system (1) and acts preventatively against abuse and forgery.
  • Step e) of the process according to the invention is optional and is typically followed by at least one of the abovementioned steps a) to d).
  • step e) represents a compensation or a return of the terminal (5) accumulated E value (4, 4 *, 4 **) in any preferred form outside the system (1).
  • E value E -Money - this includes a transfer of money to the bank account of the seller, and thus the conversion of e-money (4, 4 * , 4 ** ) into physical money includes.
  • the E value (4 **) comprises at least one load token TL (41) and after a first query / transfer process also at least one of the load token TL (41) different donation token TS (42), wherein
  • the load token TL (41) is stored on the device (2) and contains electronic information about the E value (4 **) stored on the device (2),
  • the donation token TS (42) is stored on the device (2) and / or on the terminal (5) and comprises electronic data for the inquiry / transfer process of the E value (4 **), and
  • the current total value of the E value (4 **) stored on the device (2) by the sum of the load tokens TL (41) of the value less the sum the donation token TS (42) of the asset is represented.
  • the inventive method is on the device (2) for each E value (4, 4 *, 4 **) at least one load token TL (41) and after a first query / transfer process and at least one of Load token TL (41) different donation token TS (42) stored, wherein the at least one load token TL (41) and the at least one donation token TS (42) chronologically with respect to the query / transfer operations of the respective E value (4 * , 4 ** ) are mapped and preferably linked together in the form of a hash chain.
  • the inventive system (1), the inventive E value (4 ** ), the inventive method for forgery-proof storage, sharing and querying or transmitting E values (4, 4 *) with the device (2) with the system ( 1) as well as E-values (4 **) with the device (2) at a terminal (5) can surprisingly be used extremely diverse become.
  • they are used in particular for the forgery-proof storage, sharing and querying or transmission of E-values (4, 4 *, 4 **) with the device (2), even if the device (2) and / or the terminal (5) during the query / transfer process have no contact with the control organ (7) and are therefore offline.
  • the control body (7) is not a server.
  • the control body does not include a server.
  • the E value (4, 4 *, 4 **) constitutes an identification, person identification, animal identification, item identification, a tangible value and / or the E value (4, 4 * ) electronic money, ie E-money, being preferred
  • the person identification is selected from the group consisting of a personal ID card, a passport, an identity card, an access card for an event, a security area, a
  • the animal identification is selected from the group consisting of identification of an animal, livestock, breeding animal, fattening animal, zoo animal, animal identification card and vaccination certificate;
  • the item identification is selected from the group consisting of identification of a valuable item such as diamonds, jewelery, watches, vehicle, car, motorbike, bicycle, ship, yacht, boat, plane, light aircraft and security; such as
  • the material value is selected from the group consisting of a ticket for debiting, admission ticket, travel ticket, multiple ticket,
  • the physical security element SEALS-SE (3) is used at a terminal (5) for forgery-proof storage, sharing and querying or transmission of E values (4, 4 *, 4 **) to the device (2) at a terminal (5) using the system (1) according to the invention and / or the method according to the invention, the security element SEALS-SE (3) for storing, querying and transmitting E values (4, 4 *, 4 ** ) with binding conclusion also with a device (2) without security element SE and without Internet connection at the time of inquiry / transfer process is suitable.
  • the query / transfer process can also take place if the device (2) and / or the terminal (5) during the query / transfer process no contact with other devices (2 ") and / or a control member (7) and thus are offline.
  • Fiq. 1 shows by way of example a control element 7, two different types of terminal 5, both of which have a security element SEALS-SE 3 for offline transmissions with at least one E value from a device 2 and / or a smart card (FIG. 6) and, for example, a vending machine resp. represent a terminal (5) at a cash register, as well as the devices (2), (2 ') and (2 ").
  • the devices (2, 2 ', 2 ") are with the Control device (7) preferably connected via a typically unsteady data network connection. The discontinuity of the data network connection is indicated by broken arrows.
  • the device (2) also representative of the plurality of devices (2 "), is connected to the terminals (5), for example via a short-range
  • Wireless connection such as NFC, wherein the device (2 '), which is extended by a security element SEALS SE (3), also a terminal (5).
  • Fiq. Figure 2 shows by way of example that a) a device (2) with the terminal (5) is offline, i. without connection with the control body (7), a query / transfer process with binding conclusion, resp. final Settlement, can handle. If the device (2) is online again later, i. Connected to the control body (7), b) the costs incurred for a possible buy-back of the terminal (5) cumulated
  • Value (4, 4 *, 4 **) information necessary to monitor the system i. for detecting possible irregularities such as manipulation or forgery of the E-value (4, 4 *, 4 **), in the form of at least one telegram to the control body (7).
  • FIG. 3 shows by way of example a) an offline inquiry / transmission process with a binding conclusion, resp. final settlement, at the terminal (5) with a smart card (6), which can not establish a connection with the control body (7) and thus is permanently offline, whereby for the query / transfer process with the smart card (6) no device (2) necessary is.
  • Fiq. 4 shows, by way of example, an offline inquiry / transmission process at the terminal (5) with a device (2) which a) is offline, since, for example, the terminal and the device (2) are located in a radio hole or in a basement without an Internet connection. Although neither the terminal (5) nor the device (2) are online, with the inventive system (1) a binding conclusion, resp. carried out a final settlement. At a next
  • Received telegrams (shown in square).
  • the control unit (7) preferably also sends this acknowledgment of receipt to other devices (2 ") which have not received any corresponding telegrams from the terminal (5) (shown approximately), since such a device (2") may sooner make contact with the device
  • Terminal (5) builds. As soon as d) a device (2, 2 ") with the Receipt confirmation of a receipt of a previous query / transfer operation with the terminal (5) makes contact, the acknowledgment of the server (7) is transmitted to the terminal (5) and the query / transfer process on the side of the terminal (5) marked as acknowledged.
  • FIG. 5 shows an exemplary E value (4, 4 *, 4 **) which is stored according to the invention and which is stored on a device (2) and at least one load token TL (41) and after a first interrogation / transmission process also at least a donation token TS (42) different from the load token TL, wherein under
  • the load token TL (41) is shown, which comprises at least one electronic indication such as identity or material value of the device (2) stored E value (4, 4 *, 4 **), or if the E Value (4 *) e-money, the load token TL (41) comprises at least the amount of a credit note of the e-money stored on the device (2),
  • the donation token TS (42) is generated by the device (2) and a copy of Donation token TS (42) to the terminal (5) transmitted.
  • the donation token TS (42) comprises at least the E value (4, 4 *, 4 **) of the information retrieved during the interrogation / transfer process, transferred property values or e-
  • the donation token (42) represents an inquiry / transfer operation with E value (4, 4 *, 4 **) from the device (2) to the terminal (5).
  • Terminal (5) provides a built-in connection with bidirectional Data exchange and is thus a physical connection with signal transmission.
  • the connection can be made for example by means of NFC.
  • the donation token TS (42) is stored at least on the device (2) and / or the terminal (5).
  • the material value on the device (2) stored E value (4, 4 *, 4 **) charged and the terminal (5) resp. its owner credited. Since the donation token TS (42) is stored both on the device (2) and on the terminal (5), a possible and erroneous value slip is excluded. As a result, the query / transfer process that has been carried out can also be easily tracked subsequently and a possible incorrect booking can be corrected.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un système (1) pour stocker, distribuer ainsi qu'interroger ou transmettre, de manière protégée contre des falsifications, des valeurs électroniques (4), comportant un appareil mobile (2) avec une valeur électronique (4), un terminal (5) et un organe de contrôle (7). La valeur électronique (4) représente une identification, une valeur réelle ou de l'argent électronique. La valeur électronique (4) est présente de préférence en tant que valeur électronique (4*) comportant un jeton de charge TL (41) et un jeton de dépense TS (42). En variante ou en supplément, le terminal (5) comporte un élément de sécurité SEALS-SE (3), l'élément de sécurité SEALS-SE (3) étant approprié pour la sauvegarde et la transmission de valeurs électroniques avec règlement de clôture contractuel, même avec un appareil (2) sans élément de sécurité SE et sans connexion à l'Internet au moment de l'opération de paiement. Lorsque la valeur électronique (4, 4*) représente de l'argent électronique, l'organe de contrôle (7) n'est pas un serveur. La présente invention revendique également une valeur électronique (4**) pour stocker, distribuer ainsi qu'interroger ou transmettre, de manière protégée contre des falsifications, des valeurs électroniques (4**), la valeur électronique (4**) ne représentant pas de l'argent électronique. La présente invention revendique également un procédé pour stocker, distribuer et transmettre de manière sécurisée des valeurs électroniques (4, 4*, 4**) avec l'appareil (2), ainsi que l'utilisation du système (1) et d'un élément de sécurité physique SEALS-SE (3) dans un terminal (5). Selon l'invention, le terminal (5) et l'appareil (2) ne doivent pas être reliés à l'organe de contrôle (7) au moment d'une opération de transmission pour un règlement de clôture contractuel et peuvent ainsi être hors ligne.
PCT/EP2019/057852 2018-03-29 2019-03-28 Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction WO2019185791A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP19713052.9A EP3776424A1 (fr) 2018-03-29 2019-03-28 Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP18165251 2018-03-29
EP18165251.2 2018-03-29

Publications (1)

Publication Number Publication Date
WO2019185791A1 true WO2019185791A1 (fr) 2019-10-03

Family

ID=61965689

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/057852 WO2019185791A1 (fr) 2018-03-29 2019-03-28 Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction

Country Status (2)

Country Link
EP (1) EP3776424A1 (fr)
WO (1) WO2019185791A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160224977A1 (en) 2015-01-30 2016-08-04 Yaasha Sabba Token check offline
WO2018114654A1 (fr) 2016-12-20 2018-06-28 Pbv Kaufmann Systeme Gmbh Système de paiement hors ligne en argent électronique avec un appareil mobile avec un temps de transaction et un règlement de clôture courts

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160224977A1 (en) 2015-01-30 2016-08-04 Yaasha Sabba Token check offline
WO2018114654A1 (fr) 2016-12-20 2018-06-28 Pbv Kaufmann Systeme Gmbh Système de paiement hors ligne en argent électronique avec un appareil mobile avec un temps de transaction et un règlement de clôture courts

Also Published As

Publication number Publication date
EP3776424A1 (fr) 2021-02-17

Similar Documents

Publication Publication Date Title
US20230214792A1 (en) Computer implemented systems and methods
EP3559883A1 (fr) Système de paiement hors ligne en argent électronique avec un appareil mobile avec un temps de transaction et un règlement de clôture courts
EP0992025B1 (fr) Procédé de transaction utilisant un élément d'identification portatif
DE60124893T2 (de) Sicherheitsmodul für ein Kontenverwaltungssystem
CN107636662A (zh) 网络内容认证
US20090012899A1 (en) Systems and methods for generating and managing a linked deposit-only account identifier
CN103714626A (zh) 多密码预警式可异卡控制银行卡
EP2633394A1 (fr) Procédé et système de gestion d'éléments numériques
CN101004810A (zh) 一种基于网络的电子票据方法及系统
DE102011100144A1 (de) Sicheres drahtloses Zahlungssystem und Verfahren zu dessen Anwendung
DE102017217342A1 (de) Verfahren zum Erzeugen einer digitalen Identität, digitale Identität, Verfahren zum Erstellen eines elektronischen Transaktionsdokuments und elektronisches Transaktionsdokument
DE102013212627B4 (de) Elektronisches Transaktionsverfahren und Computersystem
DE102013212646A1 (de) Elektronisches Transaktionsverfahren und Computersystem
WO2019185791A1 (fr) Système de stockage, de distribution et de transmission hors ligne de manière contractuelle et sans glissement de valeurs électroniques avec un appareil mobile avec un court temps de transaction
Bellamy Moving to e-government
JP5308613B2 (ja) 遊技媒体貸出装置、売上管理装置、コンピュータプログラム、売上管理システム
WO2022008319A1 (fr) Entité d'émission et procédé d'émission d'ensembles de données électroniques de pièces de monnaie, et système de paiement
DE102010036037A1 (de) Verfahren zur Durchführung bargeldioser Zahlungstransaktionen und Transaktionsystem zur Durchführung des Verfahrens
DE102018000228A1 (de) Automat für kryptographische Gutscheine
DE102006017911B4 (de) Elektronisches Bezahlsystem und Verfahren zum Ausführen eines Bezahlvorgangs
DE102013022436B3 (de) Elektronisches Transaktionsverfahren und Computersystem
DE102013022434B3 (de) Elektronisches Transaktionsverfahren und Computersystem
DE102013022433B3 (de) Elektronisches Transaktionsverfahren und Computersystem
US11941596B1 (en) Electronic banking facility
JP5352622B2 (ja) 売上管理装置、コンピュータプログラム及び売上管理システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19713052

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019713052

Country of ref document: EP

Effective date: 20201029