Network-supported chip card transaction method
First Claim
Patent Images
1. A method for executing transactions that are protected by a chip card, comprising the steps of:
- connecting one chip card of a plurality of possible types of chip cards to a terminal;
determining a code for a transaction procedure according to which the transaction is to be carried out, the code being determined by an operating program in the terminal after the one chip card is connected to the terminal;
determining a network address of a corresponding transactor of a plurality of transactors from the code of the transaction procedure, said corresponding transactor corresponding to said one chip card;
setting up a connection from said terminal to the corresponding transactor through a data network by the operating program, said connection being protected by cryptographic methods; and
subsequently implementing the transaction by bi-directional communication between the chip card and the corresponding transactor;
connecting said corresponding transactor to a host;
providing a security module in said corresponding transactor; and
providing a secure transaction between said corresponding transactor and said host using said security module.
3 Assignments
0 Petitions
Accused Products
Abstract
Terminals for the handling of payments are connectable to a plurality of transactors with transmission procedures that are protected against manipulation via an open data network, whereby the transactor is determined from the type of transaction. Chip cards, or smart cards, are used at the terminals for the transactions.
49 Citations
23 Claims
-
1. A method for executing transactions that are protected by a chip card, comprising the steps of:
-
connecting one chip card of a plurality of possible types of chip cards to a terminal;
determining a code for a transaction procedure according to which the transaction is to be carried out, the code being determined by an operating program in the terminal after the one chip card is connected to the terminal;
determining a network address of a corresponding transactor of a plurality of transactors from the code of the transaction procedure, said corresponding transactor corresponding to said one chip card;
setting up a connection from said terminal to the corresponding transactor through a data network by the operating program, said connection being protected by cryptographic methods; and
subsequently implementing the transaction by bi-directional communication between the chip card and the corresponding transactor;
connecting said corresponding transactor to a host;
providing a security module in said corresponding transactor; and
providing a secure transaction between said corresponding transactor and said host using said security module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
using input and output units connected to the terminal for the corresponding transactor of said plurality of transactors due to the data connection between the terminal and the transactor.
-
-
3. A method according to claim 2, further comprising the steps of:
-
prompting the user to input a secret character string by the operating program of the terminal prompts;
checking the secret character against a reference value; and
transmitting only a result of the checking step to the corresponding transactor of said plurality of transactors via the connection protected by cryptographic methods.
-
-
4. A method according to claim 1, further comprising the steps of:
using protected keys of at least one directly connected security module both for protection of the connection with the terminal as well as for protection of the transactions with the chip card by the corresponding transactor of said plurality of transactors.
-
5. A method according to claim 4, wherein the terminal employs protected keys of a directly connected security module for protection of the connection with the corresponding transactor of said plurality of transactors.
-
6. A method according to claim 5, further comprising the step of:
using an application of the chip card and a key stored protected in the chip card employed for protection of the connection between said terminal and said corresponding transactor of said plurality of transactors.
-
7. A method according to claim 5, further comprising the step of:
transmitting a key from the corresponding transactor of said plurality of transactors into the directly connected security module with the connection, said key serving for the protected execution of at least a part of a transaction with the chip card.
-
8. A method according to claim 7, further comprising:
-
depositing the keys in the terminal in a buffer memory, and using the keys deposited in the buffer memory instead of a renewed transmission of the keys.
-
-
9. A method according to claim 8, further comprising the steps of:
-
checking whether a key in the buffer memory is current by an inquiry at the corresponding transactor of said plurality of transactors before a use of the key in the buffer memory, and transmitting a current version of the key if warranted.
-
-
10. A method according to claim 1, further comprising the step of:
using a TCP/IP protocol for the connection of the terminal and the corresponding transactor of said plurality of transactors.
-
11. A method according to claim 10, wherein said TCP/IP protocol is the protocol SSL.
-
12. A method according to claim 1, wherein said corresponding transactor is allocated to said terminal, and further comprising the step of:
inquiring at said corresponding transactor of said plurality of transactors for determining a network address of a further transactor which is suitable for the transaction procedure.
-
13. A method according to claim 1, further comprising the step of:
using said code of the transaction procedure as part of a symbolic network address that is resolved by servers belonging to the network for determination of network addresses of a further transactor of said plurality of transactors suitable for the transaction procedure.
-
14. A method according to claim 1, further comprising the steps of:
-
transmitting a program module with the connection from the corresponding transactor of said plurality of transactors to the terminal; and
executing the program module at the terminal.
-
-
15. A method according to claim 14, further comprising:
-
depositing the program modules in the terminal in a buffer memory, and using the program modules deposited in the buffer memory instead of a renewed transmission of the program modules.
-
-
16. A method according to claim 15, further comprising the steps of:
-
checking whether a program module in the buffer memory is current by an inquiry at the corresponding transactor of said plurality of transactors before a use of the program module in the buffer memory, and transmitting a current version of the program module if warranted.
-
-
17. A method for executing transactions that are protected by a chip card connectable to a terminal that is connected to a data network, comprising the steps of:
-
determining a code for a transaction procedure according to which the transaction is to be carried out, the code being determined by an operating program in the terminal after the chip card is connected to the terminal;
determining a network address of a transactor from the code of the transaction procedure, setting up a connection to the transactor by the operating program, said connection being protected by cryptographic methods;
subsequently implementing the transaction by communication between the chip card and the transactor;
transmitting a program module with the connection from the transactor to the terminal; and
executing the program module at the terminal;
depositing the program modules in the terminal in a buffer memory;
using the program modules deposited in the buffer memory instead of a renewed transmission of the program modules;
checking whether a program module in the buffer memory is current by an inquiry at the transactor before a use of the program module in the buffer memory;
transmitting a current version of the program module if warranted; and
using a protocol selected from the group of protocols consisting of HTTP and HTTPS for the step of checking whether the program module is current.
-
-
18. A method for executing transactions that are protected by a chip card connectable to a terminal that is connected to a data network, comprising the steps of:
-
determining a code for a transaction procedure according to which the transaction is to be carried out, the code being determined by an operating program in the terminal after the chip card is connected to the terminal;
determining a network address of a transactor from the code of the transaction procedure, setting up a connection to the transactor by the operating program, said connection being protected by cryptographic methods;
subsequently implementing the transaction by communication between the chip card and the transactor;
using protected keys of at least one directly connected security module both for protection of the connection with the terminal as well as for protection of the transactions with the chip card by the transactor;
wherein the terminal employs protected keys of a directly connected security module for protection of the connection with the transactor;
transmitting a key from the transactor into the directly connected security module with the connection, said key serving for the protected execution of at least a part of a transaction with the chip card;
depositing the keys in the terminal in a buffer memory;
using the keys deposited in the buffer memory instead of a renewed transmission of the keys;
checking whether a key in the buffer memory is current by an inquiry at the transactor before a use of the key in the buffer memory;
transmitting a current version of the key if warranted; and
using a protocol selected from the group of protocols consisting of HTTP and HTTPS for the step of checking whether the key is current.
-
-
19. An arrangement for execution of transactions that are protected by a chip card connectable to a terminal that is connected to a data network having a means for address formation, comprising:
-
a terminal including a means for determining a code for a transaction method to be employed with a connection of the chip card to the terminal, said terminal receiving at least one chip card of a plurality of types of chip cards;
a plurality of transactors reachable via the data network being addressed from the code based of the means for address formation, said plurality of transactors including a corresponding transactor corresponding to a transaction type of said one chip card;
a connection means in said terminal for setting up a connection to the corresponding transactor;
devices with which the connection between the terminal and the corresponding transactor can be secured against manipulations being in the terminal and the corresponding transactor; and
devices in the corresponding transactor that allow transactions including bi-directional communications with the chip card to be executed secured upon mediation of the terminal. - View Dependent Claims (20, 21, 22, 23)
output devices in the terminal that can be used by the corresponding transactor of said plurality of transactors over the network during execution of the transaction.
-
-
21. Arrangement according to claim 19, further comprising:
at least one means in the corresponding transactor for secure storing of cryptographic keys as well as for the protection of the connection to an operating program of the terminal as well as for the protection of the transaction with the chip card.
-
22. An arrangement according to claim 21, further comprising:
a means in the terminal for secure storing of keys for protection of the connection with the corresponding transactor of said plurality of transactors.
-
23. An arrangement according to claim 22, further comprising:
a means in the one chip card for generating a session key in the terminal for protection of the connection between the terminal and the corresponding transactor of said plurality of transactors.
Specification