Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
2001-06-25
2004-06-08
Le, Thien M. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
C235S375000, C235S379000
Reexamination Certificate
active
06745940
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a method for the secure handling of monetary or value units using prepaid data carriers.
BACKGROUND INFORMATION
Various approaches for operating electronic purses on smart cards have been in development and in service for some years. Besides smart card technology, they also include security electronics for cooperation among the smart card, the computer, and the communication system, as well as billing the transactions conducted using the chip card. A number of approaches have been introduced, both on the national and the international level. Electronic purses are in use in some countries, for example:
field trial, Eisenstadt, Austria, since December 1994
Avantcard—in/Finland
Danmond concept in Denmark
Mondex, in Swinton, England
in addition, an “intersect electronic purse” (interbranch electronic purse) is standardized under CIN TC224 WG10.
These systems may use the following methodology.
The first step is the loading of monetary value units into the chip card, the comparable amount that the card holder must provide in a cash or also cashless payment being stored in a so-called “pooling account” of the purse operator. If a card holder subsequently pays using his smart card, monetary value units are deducted from the electronic purse and transferred with the assistance of a security module to a terminal of the service provider. There, the received monetary value units are either accumulated into one amount and settled with the purse operator, or each individual payment operation is submitted to the purse operator for billing. Accumulated amounts or individual data records are either collected on a so-called dealer that the service provider must submit, or transferred on-line, using a suitably equipped terminal, to an accounting unit.
Electronic purse applications which are implemented on a microprocessor card are available. In microprocessor applications, the application is controlled by a chip card operating system, as defined, for example, by the prEN726-3 standard. This application may be distinguished by the storing of monetary amounts on the card, which are reduced by a set amount with every debit charge. Available microprocessor cards, unlike available memory cards, can verify whether the debiting system is authentic, and vice versa. This verification may not be possible using a memory chip card. Moreover, similar systems and methods appear to be discussed in U.S. Pat. No. 4,859,837, PCT Patent Publication No. WO 90/15382 and German Patent Publication No. 42 43 851. German Patent Publication No. 196 04 876 discusses a method for controlling transactions conducted in electronic purse systems.
U.S. Pat. No. 5,777,305 discusses a so-called “prepaid card”, i.e., a card provided with a credit balance and having a specific identifier, which, after being identified by a background system, is deactivated or activated. Following identification, the background system controls the communication and the further sequence of operations. In the process, the information from the prepaid card is read in via a customary terminal. The billing of accounts also takes place under the control of the background system. The value stored on the card is reduced at the time of use, depending on the service.
U.S. Pat. No. 4,825,050 discusses a data protection system, which employs cryptographic techniques for financial transactions.
European Patent Publication No. 0 397 512 discusses a method for preventing unauthorized use of information stored on a card. In this context, the information to be protected is stored both in the card as well as in a background system and, if required, compared to one another. However, due to the time-consuming, repeated comparison operations, a method of this kind may not only be time consuming, but may also require substantial memory space.
U.S. Pat. No. 5,477,038 discusses a method for using prepaid cards. Besides the card identification number, in this case, the card employed also contains a bank identification number and an account number. These data are stored in a magnetic strip that is placed on the card. In spite of the different identification numbers provided, a method of this kind is not secure, since the numbers can be read out from the card for a targeted misuse.
U.S. Pat. No. 5,721,781 discusses an authentication system and method for smart card transactions. In this method, however, only the operation between the card and a terminal is described; the entire system does not have any background system. The three-tiered authentication discussed here may be very complicated, time-consuming, and may require considerable outlay for memory, which is why it may not be suited for large transaction systems having sizable data-processing systems. European Patent Publication No. 0 654 919 discusses authenticating one system part by another system part of an information transfer system in accordance with the challenge and response principle. In this authentication method, a restriction inhibiting computational operations is initially set up in a portable data carrier arrangement, and this can only be canceled by altering an error counter reading. Once the error counter reading has been altered incrementally, and the restriction has been canceled, random data are transmitted as challenge data from the terminal to the portable data carrier arrangement. From the challenge data, authentication parameters are calculated in each case, using at least one algorithm and secret key data, both in the terminal and in the portable data carrier arrangement. The terminal transmits its authentication parameters as a response to the portable data transmission arrangement, where they are compared to the authentication parameters calculated there. If they correspond, the value memory can be reloaded and/or the error counter reset.
International Patent Publication No. WO 98/52163 discusses a method and a circuit arrangement for securely transporting data on an IC card. The data include, for example, application programs, at least one portion of the data being encrypted and a so-called public cipher key being used.
The mostly widely disseminated cards may be phone cards. Phone cards are memory chip cards having an identification region and at least one counter area. Moreover, a service designated as virtual calling card (VCC) has been introduced in the U.S. It allows the customer to place a phone call from any telephone by specifying an access identifier in conjunction with a PIN (personal identification number). These so-called calling card systems may be based on a central control unit having a suitable database and, accordingly, a central computer. Charges are billed, in this context, to an account allocated to the customer. A service of this kind may be becoming increasingly important in Europe. Thus, for example, the February 1995 issue, pp. 44 and 45, of “Deutsche Telekom AG—Vision” describes the T-Card used for the connect service of Deutsche Telekom.
This article further discusses that the spectrum of services extends from phone cards to credit cards. For example, paragraph 4.1.2.1., starting on page 61 of the book “Chipkarten als Werkzeug” (“Chip Cards as Tools”) by Beutelsberger, Kersten and Pfau, discusses how memory chip cards are authenticated by employing available challenge-response methods. With the aid of a terminal or card reader, these chip cards are able to identify the cards and check them for plausibility. An authentication is undertaken in a security module built into the terminal.
German Patent Publication No. 196 04 349 discusses a method for verifying memory chip cards which appears to enable a two-tiered or multi-tiered authentication to be performed with the assistance of cryptographic functions and a terminal.
It is believed that the drawback of the methods and systems discussed herein lies in that the particular value, i.e., the value units, is/are stored on the data carrier, for example of the smart card or of the microprocessor card. The terminals recognize the value stored on the data carrier and red
Korst Uwe K. H.
Wanko Clemens
Deutsche Telekom AG
Le Thien M.
Nowlin April
LandOfFree
Method for the secure handling of monetary or value units... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for the secure handling of monetary or value units..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for the secure handling of monetary or value units... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3360786