Method for carrying out a transaction between a portable data carrier and a terminal
First Claim
1. A method for carrying out a wireless electronic transaction between a portable data carrier associated with a mobile device and a terminal such that the portable data carrier prevents unauthorized acquisition of transaction data stored on the portable data carrier, the method comprising:
- within a wireless electronic transaction communication between the portable data carrier and the terminal, receiving from the terminal, by the portable data carrier, an information item about the terminal, wherein the information item comprising comprises a terminal identification;
the portable data carrier including an embedded controller and memory unit that are separate from processors and memory of the associated mobile device;
depositing, by a central server, a list that contains as entries a plurality of terminal identifications with one or several locational positions associated with the respective terminal identification, in the memory of portable data carrier;
determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by comparing the transferred terminal identification with the terminal identifications of the list;
determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems;
comparing, by the portable data carrier, the locational position of the terminal with the locational position of the portable data carrier to determine a deviation therebetween;
when the deviation does not exceed a predetermined threshold, causing, by the portable data carrier, automatic transmission of the transaction data to the terminal; and
when the deviation exceeds the predetermined threshold, preventing, by the portable data carrier, automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for carrying out a transaction between a portable data carrier, such as a chip card, and a terminal is described. An information item (TID) about the terminal is transferred to the portable data carrier upon the transmission of transaction data by a communication between the portable data carrier and the terminal. As a result, the portable data carrier obtains from the information item a locational position (ZID, WID, GID) of the terminal. Further, there is ascertained a locational position (OP) of the portable data carrier to which the portable data carrier has access. Finally, the portable data carrier compares the locational position (ZID, WID, GID) of the terminal with its locational position (OP), and initiates a measure for protecting the transaction in case a deviation between the two locational positions (ZID, WID, GID; OP) exceeds a predetermined threshold.
16 Citations
17 Claims
-
1. A method for carrying out a wireless electronic transaction between a portable data carrier associated with a mobile device and a terminal such that the portable data carrier prevents unauthorized acquisition of transaction data stored on the portable data carrier, the method comprising:
-
within a wireless electronic transaction communication between the portable data carrier and the terminal, receiving from the terminal, by the portable data carrier, an information item about the terminal, wherein the information item comprising comprises a terminal identification; the portable data carrier including an embedded controller and memory unit that are separate from processors and memory of the associated mobile device; depositing, by a central server, a list that contains as entries a plurality of terminal identifications with one or several locational positions associated with the respective terminal identification, in the memory of portable data carrier; determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by comparing the transferred terminal identification with the terminal identifications of the list; determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems; comparing, by the portable data carrier, the locational position of the terminal with the locational position of the portable data carrier to determine a deviation therebetween; when the deviation does not exceed a predetermined threshold, causing, by the portable data carrier, automatic transmission of the transaction data to the terminal; and when the deviation exceeds the predetermined threshold, preventing, by the portable data carrier, automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
-
-
11. A system configured to wirelessly communicate with a terminal, the system comprising:
-
a mobile device; and a portable data carrier positioned in or on the mobile device, wherein the mobile device includes a communication interface via which a wireless electronic communication is producible between the portable data carrier and the terminal, to receive from the terminal an information item about the terminal and to transmit to the terminal, transaction data stored on the portable data carrier, the portable data carrier including an embedded controller and secure memory unit that are separate from processors and memory of the mobile device, and wherein the portable data carrier is configured to perform a method for carrying out a wireless electronic transaction between the portable data carrier and the terminal, the method comprising; receiving an information item about the terminal over the wireless communication interface, the information item including a terminal identification; determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the information item, by obtaining a locational position associated with the received terminal identification from a list of terminal identifications and associated locational positions, the list being stored on the portable data carrier; determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems; determining a deviation between the locational position of the terminal and the locational position of the portable data carrier; when the deviation does not exceed the predetermined threshold, causing automatic transmission of the transaction data to the terminal over the communication interface; and when the deviation exceeds the predetermined threshold, preventing automatic transmission of the transaction data to the terminal so as to prevent unauthorized acquisition of the transaction data stored on the portable data carrier. - View Dependent Claims (13, 14)
-
-
15. A method for authenticating wireless electronic payment transactions from a portable data carrier to a remote terminal and selectively transferring payment transaction data from the portable data carrier to the remote terminal based thereon, the portable data carrier being positioned on or in a mobile device, the portable data carrier having stored thereon payment transaction data as well as a list containing as entries a plurality of terminal identifications each having one or more locational positions associated therewith, the portable data carrier including an embedded controller and secure memory unit that are separate from processors and memory of the mobile device, the method being performed by the portable data carrier and comprising:
-
wirelessly receiving from the remote terminal, via the mobile device, an identification of the remote terminal; obtaining from the list stored on the portable data carrier a locational position corresponding to the remote terminal identification; determining, by the embedded controller of the portable data carrier, a locational position of the portable data carrier, determining, by the embedded controller of the portable data carrier, a locational position of the terminal based on the received identification of the remote terminal, such that both the locational position of the terminal and the locational position of the portable data carrier are determined directly by the portable data carrier without transferring data to other computing systems; comparing the locational position of the remote terminal with the locational position of the portable data carrier to determine a deviation therebetween; and
automatically wirelessly transferring the payment transaction data to the remote terminal only when the deviation is less than or equal to a predetermined threshold so as to prevent unauthorized acquisition of payment transaction data stored on the portable data carrier, the wireless transfer being performed through the mobile device. - View Dependent Claims (16, 17)
-
Specification