[go: up one dir, main page]

EP0909432B1 - Portable device for performing secure internal and smart card transactions, and method therefor - Google Patents

Portable device for performing secure internal and smart card transactions, and method therefor Download PDF

Info

Publication number
EP0909432B1
EP0909432B1 EP96934890A EP96934890A EP0909432B1 EP 0909432 B1 EP0909432 B1 EP 0909432B1 EP 96934890 A EP96934890 A EP 96934890A EP 96934890 A EP96934890 A EP 96934890A EP 0909432 B1 EP0909432 B1 EP 0909432B1
Authority
EP
European Patent Office
Prior art keywords
transaction
chip card
card
dialogue
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP96934890A
Other languages
German (de)
French (fr)
Other versions
EP0909432A1 (en
Inventor
Hervé CUNIN
Eric Le Balzac Bâtiment A 2ème étage LAFFONT
Wilfrid Oddou
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemplus SA
Original Assignee
Gemplus SCA
Gemplus Card International SA
Gemplus SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus SCA, Gemplus Card International SA, Gemplus SA filed Critical Gemplus SCA
Publication of EP0909432A1 publication Critical patent/EP0909432A1/en
Application granted granted Critical
Publication of EP0909432B1 publication Critical patent/EP0909432B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Definitions

  • the field of the invention is that of contactless electronic transactions, particularly in the field of electronic payment. More precisely, the invention relates to an improvement of the devices making it possible to carry out such transactions:
  • a major disadvantage of the cards currently used is that they must be introduced in the terminals provided for this purpose, in order to read the information they contain. This operation is restrictive, and sometimes not easy, for the user, and causes a deterioration of the contact elements of the card, because of the friction successive.
  • US-A-4277837 discloses a portable device for conducting transactions secure with transaction terminals (POS, bank terminal): it has resources of communication with micro-circuit cards and means of communication without contact.
  • EP-A-0565469 discloses a contactless data exchange system between a terminal and a modular portable set.
  • the portable set consists of two separate mating elements: a transmitting / receiving device and a portable object.
  • the sending / receiving device is devoid of microprocessor and the portable object hosts the management means including the transmission / reception protocol of said set portable.
  • the object of the invention is in particular to overcome these drawbacks of the state of the technical.
  • an object of the invention is to provide a device for contactless transactions that can be introduced without imposing the deletion systematic maps already implemented for the same application.
  • Another object of the invention is to provide a technique for achieving simple terminals, providing only one type of means of dialogue with the transaction objects.
  • An object of the invention is also to provide such a device, which is simple and user friendly, and that offers many facilities, such as the consultation or configuration.
  • Yet another object of the invention is to allow greater ease the use of micro-circuits of known types, both for payment only for reloading operations.
  • the invention also aims to provide a transaction device without contact whose update (configuration, maintenance, 7) is easy and does not require important specific means, particularly within the scheme, both for reasons of congestion than of cost of return.
  • a portable device intended to carry out secure transactions with transaction terminals, comprising first means enabling the realization of a secure transaction, from transaction resources stored in a memory, and contactless communication means with said transaction terminals, characterized in that it comprises means for dialogue with a micro-circuit card, which comprises second means for performing a secure transaction, and selection means between said first secure transaction means and said second secure transaction means, so that a transaction can be performed either by said portable device or by a valid micro-circuit card presented to the dialogue means, and secondly that said communication means without contact are arranged for, in both cases of transaction, ensure the exchange of data with said transaction terminals.
  • Transaction means in this application any transaction requiring an exchange of information between the device or the card and a terminal. In the context of payment systems, these may include payments (similar to checks), reloads (withdrawals of checks and / or coins) or deposits ( checks and / or money).
  • the invention thus relates to a completely new product, which makes it possible to use in the same way contactless transaction devices and micro-circuit cards already developed.
  • the use of the cards is greatly improved, since they acquire the quality of contactless devices, and the diffusion of devices is facilitated, since they allow the use of pre-existing maps and the realization of terminals comprising only contactless communication means.
  • the non-contact device is not the replacement of the micro-circuit card, but an element cooperating with it in order to provide it with the quality of contactless communication.
  • the device and the card retain their independence in the implementation of the transaction. All operations Securing is done by the element in charge of the transaction.
  • the card is not a simple memory supplying the device, but an element able to perform all transaction operations.
  • said first means of secure transaction and / or said second secure transaction means the issue of electronic checks bearing an amount transmitted by a terminal of transaction, and authenticated by an encrypted signature using a key algorithm public, said checks being stored in a blank form in a memory rewritable.
  • the micro-circuit card can be a bank credit card, which allows to group the benefits pre-payment systems (in the device) and credit systems (in the card).
  • the device of the invention comprises means of reloading the transaction resources of said device, by a communication without contact with a charging terminal.
  • the device may comprise means for transferring transaction resources of said device to one of said microcircuit cards and / or one of said micro-circuit cards to said device. This allows in particular reload a card by contactless communication, via the memory of the device.
  • said means of dialogue can receive a configuration and / or maintenance control comprising means for distinguishing it from one of said micro-circuit boards, and authorizing the configuration and / or maintenance of said device from a terminal of control, through said contactless communication means.
  • said dialogue means can receive a configuration and / or maintenance element comprising means for the distinguish one of said micro-circuit cards, and ensuring the configuration and / or the maintenance of said device.
  • the element introduced into the dialogue means is no longer a simple keyer, but a smart element, able to support the configuration or maintenance of the device.
  • control element or said configuration element and / or maintenance delivers a voltage higher than the electrical voltage of operation of said device, and for erasing and reprogramming the content reprogrammable memory.
  • said contactless communication means are means of communication by infrared.
  • said communication contactless is a communication of the master-slave type, the transaction terminal playing the role of the master and said device playing the role of the slave.
  • said means of dialogue with a micro-circuit board operate at a transmission frequency predetermined rating, and include means for detecting transmission, leading to the transition to a fallback transmission frequency corresponding to half of said nominal transmission frequency.
  • the fallback frequency may be, in particular, the standardized frequency of 3.5 MHz, the nominal frequency then being 7 MHz.
  • the device comprises a multiplexer associating with a single port access to a control microprocessor is said means of dialogue with a micro-circuit board, means of internal security of a transaction.
  • said multiplexer connects systematically said means for dialogue with a micro-circuit card when the presence of a valid card is detected.
  • the invention also relates to a method for implementing the device portable described above.
  • CAFE European project Esprit number 7023
  • FIG. 1 schematically illustrates the structure of the device according to the invention, as well as the elements to which it can be connected, or with which it can communicate.
  • the device 11 thus comprises a microprocessor 111, capable of doing so function, from the information (program, configuration ...) contained in a reprogrammable memory 112. It still includes means 113 to ensure Securing the issuance of a check (coding of cryptographic signatures based on on public key algorithms, PIN verification, security module in the form of "plug-in” ...) taking into account information (number of checks and amount) contained in a transaction resource memory 114, and means 115 contactless communication, for example by infrared, with a terminal of These means 115 may, for example, implement the IRDA standard. ("InfraRed Data Association"), at 38400 bauds.
  • the device 11 has means 116 for dialogue with one or several micro-circuit cards 13, for example according to the ISO 7816-3 standard.
  • the means of dialogue 11 6 operate at a predetermined nominal transmission frequency (for example 7 MHz), which can be reduced to a fallback transmission frequency corresponding to the half (ie the normalized 3.5 MHz frequency) if there are problems in the exchange of data is detected.
  • a predetermined nominal transmission frequency for example 7 MHz
  • the cards 13 include complete means for performing a transaction (independently of the device 11) such as similar security means 131 means 113, a resource memory 132 and a microprocessor 133.
  • the device 11 comprises a multiplexer 117, or any other means for make a selection (this can for example also be carried out directly by the microprocessor 111).
  • the multiplexer 117 makes it possible to choose between the means for perform a transaction of the device or those of a card. In both cases, the communication is provided by the infrared communication means 115, under the control of the microprocessor 111.
  • the security of the transaction is fully supported by the element (card 13 or device 11) which ensures the transaction. So when it comes to the card, the device works so transparent, only to allow contactless communication.
  • the device 11 comprises means 118 for detecting the presence of a card in the means of dialogue 116, and to check its validity. In one embodiment of the invention, these means act directly on the multiplexer 117 for select the card as soon as a valid card is present.
  • a transaction may include the issue of a check or a check reloading of resource memories. This last operation is carried out preferentially systematically in the memory 114 of the device. It is then possible to transfer this memory 114 to the memory 132 of the card. Other types of transfer are of course possible, depending on the applications.
  • the invention furthermore provides an advantageous technique for the maintenance or configuration (that is, operations that can only be performed by authorized persons) of the device 11.
  • the authorized person has a keying device 14, which has the same format, as well as the same electrical contacts, as a card 12, so that it can be inserted into the dialogue means 116.
  • This key 14 comprises means 141 which allows the device 11 to detect that it is a access request for maintenance and not a conventional card.
  • This means 141 is by example a mechanical and / or electrical keying.
  • the polarizer 14 moreover advantageously comprises a feed 142 in a voltage (for example 12 V) for erasing the contents of the memory of programming 112, in order to reprogram it.
  • This erase voltage 142 is greater than the operating voltage of the device (for example 5 V).
  • the microprocessor 111 can communicate with a maintenance terminal 15. Preferably, this communication is carried out according to the same protocol (infra-red) than a transaction communication.
  • the polarizer 14 may comprise directly intelligence (microprocessor and memory), or be a micro-circuit board specific, allowing maintenance or configuration.
  • FIG. 2 is a more detailed block diagram of an embodiment of the device 11.
  • a low-power microprocessor 21 for example of the MCU 8051 type (registered trademark), manages the operation of the device, depending on the information stored in the program memory 22 and the data memory 23 (which are accessible during the maintenance and configuration operations indicated above).
  • the microprocessor 21 manages on the one hand the relations with the means of communication 25, comprising the infrared interface 251, and on the other hand the interface man / machine 26, which includes a keyboard 261 (with 14 keys for example) and a screen 262 (for example 2 lines of 16 characters, liquid crystal).
  • This man / machine interface 26 makes it possible to provide numerous services user-friendly, such as consultation (visualization of the balance of the device and card), configuration and customization of the device, ...
  • a non-volatile memory 24 stores the data corresponding to the resources transaction (number of checks, amount available, maximum amount allowed, blank checks, ).
  • Securing a transaction when it is performed by the device, is provided preferentially by a cryptographic coprocessor 271 connected to the microprocessor 21 and by a security module 272.
  • This security module has essentially to protect the interests of the bank. It is therefore a module monitoring (still called “observe"), configured in a particular mode and inaccessible to users, which maintains a secure image of the content of the resource memory (also called “purse”). Any operation carried out on the Resource memory systematically affects this monitoring module. Note that the card also includes such a security system.
  • the microprocessor 21 When the transaction is performed by a card, the microprocessor 21 is connected to the interface 28 with the card. In order to use only one access bus to microprocessor 2 1, a multiplexer 29 associated with this bus is the interface 28, if a card is present, the security module 272.
  • Figure 3 shows an example of operation of the system described above.
  • the possible operations are of course different according to the fashion.
  • Any operation in connected mode begins, of course, by the institution. a connection between a terminal and the portable device.
  • the communication to be established is bi-directional, but the procedure 31 is preferentially unsymmetrical. It's about of a master-slave procedure, the terminal playing the role of the master.
  • the exchange of messages can begin, and the two-way communication remain active until the slave device is switched off or communication area, or until the exchange of data is normally by the terminal-master.
  • the device when turned on, the device performs systematically a connection test, to determine whether or not it is in a communication area. He then repeats this test regularly.
  • connection Once the connection is established, at least three types of operations are possible (32): payment, reloading and maintenance.
  • the first two, called transactions, are carried out by the carrier of the device.
  • the third is reserved for authorized persons.
  • the recharging 38 is performed between the terminal and the resource memory of the device, following a procedure similar to that described above for payment. It is possible to recharge in blank checks and in financial amount (s), possibly in several currencies.
  • the device verifies (311) the presence of the polarizer. If the keying is present, a dialogue can be established with a configuration terminal, via infrared communication means.
  • the protocol of communication allows direct access to most of the components forming the device, for configuration or miantenance operations.
  • the query 310 makes it possible, for example, to consult the balance of the account (or accounts, when multiple accounts in multiple currencies are managed) on the card and / or on the device, as well as view the list of the last transactions made and memorized, or exchange rates:
  • the transfer of resources can be done (314) of the card to the device 315 (for example when one wants to get rid of the remaining of a card), or from the device to card 316 (for example when one comes from recharge the device). It is also possible to make transfers of credited checks of a chosen amount, from a card to a device and vice versa (in particular in order to effect a transaction between two persons, one being of the device and the other of the card).

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Description

Le domaine de l'invention est celui des transactions électroniques sans contact, notamment dans le domaine du paiement électronique. Plus précisément, l'invention concerne une amélioration des dispositifs permettant d'effectuer de telles transactions:The field of the invention is that of contactless electronic transactions, particularly in the field of electronic payment. More precisely, the invention relates to an improvement of the devices making it possible to carry out such transactions:

Le-paiement dit électronique est une technique bien connue. Son aspect le plus commun est celui des cartes à micro-circuits, qui sont désormais très répandues. On peut distinguer deux grands types de cartes : les cartes de crédit, qui correspondent essentiellement à une authentification du porteur, autorisant un débit sur un compte bancaire, et les cartes prépayées, qui portent un montant débité au fur et à mesure des opérations. Ces dernières cartes sont avantageusement rechargeables.Electronic payment is a well-known technique. Its most common is micro-circuit cards, which are now widespread. We can distinguish two major types of cards: credit cards, which correspond basically a carrier authentication, allowing a debit on an account prepaid cards, which carry an amount debited as and when operations. These last cards are advantageously rechargeable.

Un inconvénient majeur des cartes utilisées actuellement est qu'elle doivent être introduites dans des terminaux prévus à cet effet, afin de lire les informations qu'elles contiennent. Cette opération est contraignante, et parfois peu aisée, pour l'utilisateur, et entraíne une détérioration des éléments de contact de la carte, du fait des frottements successifs.A major disadvantage of the cards currently used is that they must be introduced in the terminals provided for this purpose, in order to read the information they contain. This operation is restrictive, and sometimes not easy, for the user, and causes a deterioration of the contact elements of the card, because of the friction successive.

Afin de pallier cet inconvénient, on a imaginé des dispositifs similaires aux cartes à micro-circuits classiques, mais capables de dialoguer à distance (sans contact) avec des terminaux.In order to overcome this drawback, devices similar to the cards have been devised. conventional micro-circuits, but able to communicate remotely (without contact) with terminals.

Toutefois, ces dispositifs sans contact ne sont pas encore disponibles sur le marché, alors que de nombreux types de cartes sont utilisés depuis longtemps. La diffusion de tels dispositifs s'avère donc difficile, car ils doivent cohabiter avec les cartes déjà distribuées. Cela pose des problèmes d'une part pour l'usager, qui doit connaítre les deux procédures d'utilisation, et d'autre part pour les terminaux, qui doivent être équipés de lecteurs de cartes et de moyens de communication sans contact.However, these contactless devices are not yet available on the market, while many types of cards have been used for a long time. The diffusion of such devices proves difficult, because they must cohabit with the cards already distributed. This poses problems on the one hand for the user, who must know the two procedures of use, and secondly for the terminals, which must be equipped card readers and contactless communication means.

Le document US-A-4277837 décrit un dispositif portatif destiné à effectuer des transactions sécurisées avec des terminaux de transaction (POS, bank terminal): il possède des moyens de communication avec des cartes à micro-circuits et des moyens de communication sans contact.US-A-4277837 discloses a portable device for conducting transactions secure with transaction terminals (POS, bank terminal): it has resources of communication with micro-circuit cards and means of communication without contact.

Le document EP-A-0565469 décrit un système d'échange de données sans contact entre un terminal et un ensemble portatif modulaire. L'ensemble portatif est constitué de deux éléments séparés accouplables : un dispositif d'émission/réception et un objet portatif. Le dispositif d'émission/réception est dépourvu de microprocesseur et l'objet portatif héberge les moyens de gestion notamment le protocole d'émission/réception dudit ensemble portatif.EP-A-0565469 discloses a contactless data exchange system between a terminal and a modular portable set. The portable set consists of two separate mating elements: a transmitting / receiving device and a portable object. The sending / receiving device is devoid of microprocessor and the portable object hosts the management means including the transmission / reception protocol of said set portable.

Aucun des deux documents précédents n'expose cependant comment un dispositif peut permettre des transactions basées sur des terminaux sans contact simples mais compatibles avec les cartes existantes.None of the two previous documents, however, discuss how a device can enable transactions based on simple but compatible contactless terminals with existing cards.

L'invention a notamment pour objectif de pallier ces inconvénients de l'état de la technique.The object of the invention is in particular to overcome these drawbacks of the state of the technical.

Plus précisément, un objectif de l'invention est de fournir un dispositif de transactions sans contact qui puisse être introduit sans imposer la suppression systématique des cartes déjà mises en oeuvre pour la même application.More specifically, an object of the invention is to provide a device for contactless transactions that can be introduced without imposing the deletion systematic maps already implemented for the same application.

Un autre objectif de l'invention est de fournir une technique permettant de réaliser des terminaux simples, ne prévoyant qu'un seul type de moyens de dialogue avec les objets de transaction.Another object of the invention is to provide a technique for achieving simple terminals, providing only one type of means of dialogue with the transaction objects.

Un objectif de l'invention est également de fournir un tel dispositif, qui soit simple et convivial d'utilisation, et qui offre de nombreuses facilités, telles que la consultation ou la configuration.An object of the invention is also to provide such a device, which is simple and user friendly, and that offers many facilities, such as the consultation or configuration.

Encore un autre objectif de l'invention est de permettre une plus grande facilité d'utilisation des canes à micro-circuits de types connus, tant pour les opérations de paiement que pour les opérations de rechargement.Yet another object of the invention is to allow greater ease the use of micro-circuits of known types, both for payment only for reloading operations.

L'invention a également pour objectif de fournir un dispositif de transaction sans contact dont la mise à jour (configuration, maintenance, ... ) soit aisée et ne nécessite pas de moyens spécifiques importants, notamment à l'intérieur du dispositif, tant pour des raisons d'encombrement que de coût de revient.The invention also aims to provide a transaction device without contact whose update (configuration, maintenance, ...) is easy and does not require important specific means, particularly within the scheme, both for reasons of congestion than of cost of return.

Ces objectifs, ainsi que d'autres qui apparaítront par la suite, sont atteints selon l'invention à l'aide d'un dispositif portatif destiné à effectuer des transactions sécurisées avec des terminaux de transaction, comprenant des premiers moyens permettant la réalisation d'une transaction sécurisée, à partir de ressources de transaction stockées dans une mémoire, et des moyens de communication sans contact avec lesdits terminaux de transaction,
caractérisé d'une part en ce qu'il comprend des moyens de dialogue avec une carte à micro-circuits, qui comprend des seconds moyens permettant la réalisation d'une transaction sécurisée, et des moyens de sélection entre lesdits premiers moyens de transaction sécurisée et lesdits seconds moyens de transaction sécurisée, de façon qu'une transaction puisse être réalisée soit par ledit dispositif portatif, soit par une carte à micro-circuits valide présentée aux moyens de dialogue, et d'autre part en ce que lesdits moyens de communication sans contact sont agencés pour, dans les deux cas de transaction, assurer l'échange de données avec lesdits terminaux de transaction.These objectives, as well as others which will appear subsequently, are achieved according to the invention by means of a portable device intended to carry out secure transactions with transaction terminals, comprising first means enabling the realization of a secure transaction, from transaction resources stored in a memory, and contactless communication means with said transaction terminals,
characterized in that it comprises means for dialogue with a micro-circuit card, which comprises second means for performing a secure transaction, and selection means between said first secure transaction means and said second secure transaction means, so that a transaction can be performed either by said portable device or by a valid micro-circuit card presented to the dialogue means, and secondly that said communication means without contact are arranged for, in both cases of transaction, ensure the exchange of data with said transaction terminals.

Par transaction, on entend dans la présente demande toute opération nécessitant un échange d'information entre le dispositif ou la carte et un terminal. Dans le cadre des systèmes de paiement, il peut notamment s'agir de paiements (similaires à l'émission de chèques), de rechargements (retraits de chèques et/ou en monnaie) ou de dépôts (de chèques et/ou de monnaie)."Transaction" means in this application any transaction requiring an exchange of information between the device or the card and a terminal. In the context of payment systems, these may include payments (similar to checks), reloads (withdrawals of checks and / or coins) or deposits ( checks and / or money).

L'invention concerne donc un produit totalement nouveau, qui permet d'utiliser de la même façon les dispositifs de transaction sans contact et les cartes à micro-circuits déjà développées. Ainsi, l'utilisation des cartes est grandement améliorée, puisqu'elles acquièrent la qualité des dispositifs sans contact, et la diffusion des dispositifs est facilitée, puisqu'ils permettent l'utilisation des cartes pré-existantes et la réalisation de terminaux ne comprenant que des moyens de communication sans contact.The invention thus relates to a completely new product, which makes it possible to use in the same way contactless transaction devices and micro-circuit cards already developed. Thus, the use of the cards is greatly improved, since they acquire the quality of contactless devices, and the diffusion of devices is facilitated, since they allow the use of pre-existing maps and the realization of terminals comprising only contactless communication means.

Cette technique n'est nullement évidente pour l'homme du métier, car elle réunit deux types d'objet qu'il a l'habitude de considérer comme indépendants et concurrents. Selon l'invention, le dispositif sans contact n'est pas le remplaçant de la carte à micro-circuits, mais un élément coopérant avec celle-ci, afin de lui fournir la qualité de communication sans contact.This technique is not obvious to the person skilled in the art because it combines two types of object that it usually considers as independent and competing. According to the invention, the non-contact device is not the replacement of the micro-circuit card, but an element cooperating with it in order to provide it with the quality of contactless communication.

L'utilisation des mêmes moyens de communication permet bien sûr un gain appréciable.The use of the same means of communication allows of course a gain appreciable.

Il est à noter que selon l'invention, le dispositif et la carte conservent leur indépendance, en matière de mise en oeuvre de la transaction. Toutes les opérations de sécurisation sont effectuées par l'élément en charge de la transaction. En d'autres termes, la carte n'est pas une simple mémoire venant alimenter le dispositif, mais un élément capable d'effectuer toutes les opérations de transaction.It should be noted that according to the invention, the device and the card retain their independence in the implementation of the transaction. All operations Securing is done by the element in charge of the transaction. In other words, the card is not a simple memory supplying the device, but an element able to perform all transaction operations.

Ainsi, la mise en oeuvre du dispositif selon l'invention prévoit deux modes de fonctionnement :

  • un mode direct, dans lequel la transaction est gérée par ledit dispositif portatif ; et
  • un mode transparent, dans lequel la transaction est gérée par une carte à micro-circuits couplée opérationnellement audit dispositif,
une communication sans contact avec lesdits terminaux de transaction étant mise en oeuvre de façon identique dans les deux modes.Thus, the implementation of the device according to the invention provides two modes of operation:
  • a direct mode, in which the transaction is managed by said portable device; and
  • a transparent mode, in which the transaction is managed by a microcircuit card operatively coupled to said device,
contactless communication with said transaction terminals being implemented identically in both modes.

Selon un mode réalisation préférentiel de l'invention, lesdits premiers moyens de transaction sécurisée et/ou lesdits seconds moyens de transaction sécurisée assurent l'émission de chèques électroniques portant un montant transmis par un terminal de transaction, et authentifiés par une signature cryptée à l'aide d'un algorithme à clé publique, lesdits chèques étant stockés sous forme vierge dans une mémoire réinscriptible.According to a preferred embodiment of the invention, said first means of secure transaction and / or said second secure transaction means the issue of electronic checks bearing an amount transmitted by a terminal of transaction, and authenticated by an encrypted signature using a key algorithm public, said checks being stored in a blank form in a memory rewritable.

D'autres techniques sont bien sûr envisageables. Notamment, la carte à micro-circuits peut être une carte de crédit bancaire, ce qui permet de regrouper les avantages des systèmes à pré-paiement (dans le dispositif) et des systèmes à crédit (dans la carte).Other techniques are of course conceivable. In particular, the micro-circuit card can be a bank credit card, which allows to group the benefits pre-payment systems (in the device) and credit systems (in the card).

De façon avantageuse, le dispositif de l'invention comprend des moyens de rechargement en ressources de transaction dudit dispositif, par une communication sans contact avec un terminal de rechargement.Advantageously, the device of the invention comprises means of reloading the transaction resources of said device, by a communication without contact with a charging terminal.

Dans ce cas notamment, le dispositif peut comprendre des moyens de transfert de ressources de transaction dudit dispositif vers une desdites cartes à microcircuits et/ou d'une desdites cartes à micro-circuits vers ledit dispositif. Cela permet en particulier de recharger une carte par une communication sans contact, par l'intermédiaire de la mémoire du dispositif.In this case in particular, the device may comprise means for transferring transaction resources of said device to one of said microcircuit cards and / or one of said micro-circuit cards to said device. This allows in particular reload a card by contactless communication, via the memory of the device.

Selon un mode de réalisation préférentiel de l'invention, lesdits moyens de dialogue peuvent recevoir un élément de contrôle de configuration et/ou de maintenance comprenant des moyens pour le distinguer d'une desdites cartes à micro-circuits, et autorisant la configuration et/ou la maintenance dudit dispositif à partir d'un terminal de contrôle, par l'intermédiaire desdits moyens de communication sans contact.According to a preferred embodiment of the invention, said means of dialogue can receive a configuration and / or maintenance control comprising means for distinguishing it from one of said micro-circuit boards, and authorizing the configuration and / or maintenance of said device from a terminal of control, through said contactless communication means.

Ainsi, la réalisation technique du dispositif est simplifiée. En effet, tous les échanges de données utilisent les mêmes moyens de communication. La sécurité est cependant assurée par la présence d'un élément détrompeur : il n'est pas possible qu'une fausse manoeuvre (ou une manoeuvre frauduleuse) affecte la configuration du dispositif. Ce détrompeur étant reçu par les moyens de dialogue avec la carte, on réduit à nouveau la complexité de fabrication, et donc le coût de revient et l'encombrement du dispositif.Thus, the technical realization of the device is simplified. Indeed, all Data exchanges use the same means of communication. Security is provided by the presence of a keying element: it is not possible that false maneuver (or a fraudulent maneuver) affects the configuration of the device. This key being received by the means of dialogue with the card, it reduces again the complexity of manufacture, and therefore the cost and the size of the device.

Selon un autre mode de réalisation, lesdits moyens de dialogue peuvent recevoir un élément de configuration et/ou de maintenance comprenant des moyens pour le distinguer d'une desdites cartes à micro-circuits, et assurant la configuration et/ou la maintenance dudit dispositif. According to another embodiment, said dialogue means can receive a configuration and / or maintenance element comprising means for the distinguish one of said micro-circuit cards, and ensuring the configuration and / or the maintenance of said device.

En d'autres termes, l'élément introduit dans les moyens de dialogue n'est plus un simple détrompeur, mais un élément intelligent, capable de prendre en charge la configuration ou la maintenance du dispositif.In other words, the element introduced into the dialogue means is no longer a simple keyer, but a smart element, able to support the configuration or maintenance of the device.

De façon avantageuse, ledit élément de contrôle ou ledit élément de configuration et/ou de maintenance délivre une tension électrique supérieure à la tension électrique de fonctionnement dudit dispositif, et permettant d'effacer et de reprogrammer le contenu d'une mémoire reprogrammable.Advantageously, said control element or said configuration element and / or maintenance delivers a voltage higher than the electrical voltage of operation of said device, and for erasing and reprogramming the content reprogrammable memory.

Préférentiellement, lesdits moyens de communication sans contact sont des moyens de communication par infrarouge. De façon avantageuse, ladite communication sans contact est une communication du type maítre-esclave, le terminal de transaction jouant le rôle du maítre et ledit dispositif jouant le rôle de l'esclave.Preferably, said contactless communication means are means of communication by infrared. Advantageously, said communication contactless is a communication of the master-slave type, the transaction terminal playing the role of the master and said device playing the role of the slave.

Selon un mode de réalisation avantageux de l'invention, lesdits moyens de dialogue avec une carte à micro-circuits fonctionnent à une fréquence de transmission nominale prédéterminée, et comprennent des moyens de détection de défauts de transmission, entraínant le passage à une fréquence de transmission de repli correspondant à la moitié de ladite fréquence de transmission nominale.According to an advantageous embodiment of the invention, said means of dialogue with a micro-circuit board operate at a transmission frequency predetermined rating, and include means for detecting transmission, leading to the transition to a fallback transmission frequency corresponding to half of said nominal transmission frequency.

La fréquence de repli peut notamment être la fréquence normalisée 3,5 MHz, la fréquence nominale étant alors 7 MHz.The fallback frequency may be, in particular, the standardized frequency of 3.5 MHz, the nominal frequency then being 7 MHz.

Dans un mode de réalisation particulier de l'invention, le dispositif comprend un multiplexeur associant à un port unique d'accès à un microprocesseur de contrôle soit lesdits moyens de dialogue avec une carte à micro-circuits, soit des moyens de sécurisation interne d'une transaction.In a particular embodiment of the invention, the device comprises a multiplexer associating with a single port access to a control microprocessor is said means of dialogue with a micro-circuit board, means of internal security of a transaction.

Selon un mode de mise en oeuvre, on prévoit que ledit multiplexeur connecte systématiquement lesdits moyens de dialogue avec une carte à micro-circuits lorsque la présence d'une carte valide est détectée.According to one mode of implementation, it is expected that said multiplexer connects systematically said means for dialogue with a micro-circuit card when the presence of a valid card is detected.

L'invention concerne également un procédé de mise en oeuvre du dispositif portatif décrit ci-dessus.The invention also relates to a method for implementing the device portable described above.

Ce procédé peut notamment mettre en oeuvre au moins une des opérations consistant à :

  • assurer l'émission de chèques électroniques portant un montant transmis par un terminal de transaction ;
  • sécuriser un chèque par la transmission d'une signature cryptographique ;
  • gérer au moins deux soldes correspondant à des devises différentes, de façon à permettre le paiement dans plusieurs devises et/ou à transcrire des montants transmis-dans plusieurs devises ;
  • assurer le dépôt et/ou le retrait d'un montant sur un compte ;
  • valider l'utilisateur du dispositif et/ou de la carte à l'aide d'un code confidentiel ;
  • recharger en chèques vierges et/ou en un montant financier ledit dispositif ;
  • transférer des chèques (vierges ou crédités) et/ou un montant financier dudit dispositif vers une desdites cartes à micro-circuits et/ou d'une desdites cartes à micro-circuits vers ledit dispositif ;
  • consulter un solde (montants et chèques) du dispositif et/ou de la carte, une liste des dernières transactions et/ou des taux de change ;
  • configurer et personnaliser le fonctionnement du dispositif.
This method may especially implement at least one of the following operations:
  • ensure the issuance of electronic checks bearing an amount transmitted by a transaction terminal;
  • secure a check by transmitting a cryptographic signature;
  • manage at least two balances corresponding to different currencies, so as to allow payment in several currencies and / or to transcribe transferred amounts in several currencies;
  • ensure the deposit and / or withdrawal of an amount on an account;
  • validate the user of the device and / or the card using a confidential code;
  • recharge in blank checks and / or in a financial amount said device;
  • transfer checks (blank or credited) and / or a financial amount of said device to one of said micro-circuit cards and / or one of said micro-circuit cards to said device;
  • consult a balance (amounts and checks) of the device and / or the card, a list of the latest transactions and / or exchange rates;
  • configure and customize the operation of the device.

D'autres caractéristiques et avantages de l'invention apparaítront à la lecture de la description suivante d'un mode de réalisation préférentiel de l'invention, donné à titre de simple exemple illustratif et non limitatif, et des dessins annexés, parmi lesquels :

  • la figure 1 est un schéma synoptique simplifié illustrant le principe général de l'invention ;
  • la figure 2 illustre de façon plus détaillée un mode de réalisation particulier du dispositif de la figure 1 ;
  • la figure 3 est un organigramme présentant un mode de mise en oeuvre du système de la figure 1.
Other features and advantages of the invention will appear on reading the following description of a preferred embodiment of the invention, given by way of a simple illustrative and nonlimiting example, and the appended drawings, among which:
  • Figure 1 is a simplified block diagram illustrating the general principle of the invention;
  • Figure 2 illustrates in more detail a particular embodiment of the device of Figure 1;
  • FIG. 3 is a flow diagram showing an embodiment of the system of FIG. 1.

Le mode de réalisation décrit ci-dessous est notamment destiné à être mis en oeuvre dans le cadre du projet européen Esprit numéro 7023 dénommé "CAFE". Il a notamment pour objectif de fournir un système de transaction sans contact à base de chèques électroniques cryptés.The embodiment described below is in particular intended to be implemented in the framework of the European project Esprit number 7023 called "CAFE". He has in particular to provide a contactless transaction system based on encrypted electronic checks.

La figure 1 illustre de façon simplifiée la structure du dispositif selon l'invention, ainsi que les éléments auxquels il peut être raccordés, ou avec lesquels il peut communiquer. FIG. 1 schematically illustrates the structure of the device according to the invention, as well as the elements to which it can be connected, or with which it can communicate.

Le dispositif 11 comprend donc un microprocesseur 111, capable de le faire fonctionner, à partir des informations (programme, configuration ...) contenues dans une mémoire reprogrammable 112. Il comprend encore des moyens 113 permettant d'assurer la sécurisation de l'émission d'un chèque (codage de signatures cryptographiques basés sur des algorithmes à clés publiques, vérification de code confidentiel, module de sécurité sous la forme de "plug-in" ... ) en tenant compte des informations (nombre de chèques et montant) contenues dans une mémoire de ressources de transaction 114, et des moyens 115 de communication sans contact, par exemple par infrarouge, avec un terminal de transactions 12. Ces moyens 115 peuvent par exemple mettre en oeuvre la norme IRDA ("InfraRed Data Association"), à 38400 bauds.The device 11 thus comprises a microprocessor 111, capable of doing so function, from the information (program, configuration ...) contained in a reprogrammable memory 112. It still includes means 113 to ensure Securing the issuance of a check (coding of cryptographic signatures based on on public key algorithms, PIN verification, security module in the form of "plug-in" ...) taking into account information (number of checks and amount) contained in a transaction resource memory 114, and means 115 contactless communication, for example by infrared, with a terminal of These means 115 may, for example, implement the IRDA standard. ("InfraRed Data Association"), at 38400 bauds.

Par ailleurs, le dispositif 11 possède des moyens 116 de dialogue avec une ou plusieurs cartes à micro-circuits 13, par exemple selon la norme ISO 7816-3.Moreover, the device 11 has means 116 for dialogue with one or several micro-circuit cards 13, for example according to the ISO 7816-3 standard.

Selon un mode de réalisation particulier de l'invention, les moyens de dialogue 11 6 fonctionnent à une fréquence de transmission nominale prédéterminée (par exemple 7 MHz), qui peut être ramenée à une fréquence de transmission de repli correspondant à la moitié (soit la fréquence normalisée 3,5 MHz) si des problèmes dans les échanges de données sont détectés.According to a particular embodiment of the invention, the means of dialogue 11 6 operate at a predetermined nominal transmission frequency (for example 7 MHz), which can be reduced to a fallback transmission frequency corresponding to the half (ie the normalized 3.5 MHz frequency) if there are problems in the exchange of data is detected.

Les cartes 13 comprennent des moyens complets pour effectuer une transaction (indépendamment du dispositif 11) tels que des moyens de sécurisation 131 similaires aux moyens 113, une mémoire de ressources 132 et un microprocesseur 133.The cards 13 include complete means for performing a transaction (independently of the device 11) such as similar security means 131 means 113, a resource memory 132 and a microprocessor 133.

Le dispositif 11 comporte un multiplexeur 117, ou tout autre moyen pour effectuer une sélection (celle-ci peut par exemple également être réalisée directement par le micro-processeur 111). Le multiplexeur 117 permet de choisir entre les moyens pour effectuer une transaction du dispositif ou ceux d'une carte. Dans les deux cas, la communication est assurée par les moyens de communication par infrarouge 115, sous le contrôle du micro-processeur 111. En revanche, la sécurisation de la transaction est intégralement prise en charge par l'élément (carte 13 ou dispositif 11) qui assure la transaction. Ainsi, lorsqu'il s'agit de la carte, le dispositif fonctionne de façon transparente, uniquement pour permettre une communication sans contact.The device 11 comprises a multiplexer 117, or any other means for make a selection (this can for example also be carried out directly by the microprocessor 111). The multiplexer 117 makes it possible to choose between the means for perform a transaction of the device or those of a card. In both cases, the communication is provided by the infrared communication means 115, under the control of the microprocessor 111. On the other hand, the security of the transaction is fully supported by the element (card 13 or device 11) which ensures the transaction. So when it comes to the card, the device works so transparent, only to allow contactless communication.

Le dispositif 11 comprend des moyens 118 pour détecter la présence d'une carte dans les moyens de dialogue 116, et pour vérifier sa validité. Dans un mode de réalisation particulier de l'invention, ces moyens agissent directement sur le multiplexeur 117 pour sélectionner la carte dès qu'une carte valide est présente.The device 11 comprises means 118 for detecting the presence of a card in the means of dialogue 116, and to check its validity. In one embodiment of the invention, these means act directly on the multiplexer 117 for select the card as soon as a valid card is present.

Une transaction peut notamment consister en l'émission d'un chèque ou en un rechargement des mémoires de ressource. Cette dernière opération s'effectue préférentiellement systématiquement dans la mémoire 114 du dispositif. Il est ensuite possible d'effectuer un transfert de cette mémoire 114 vers la mémoire 132 de la carte. D'autres types de transfert sont bien sûr possibles, en fonction des applications.A transaction may include the issue of a check or a check reloading of resource memories. This last operation is carried out preferentially systematically in the memory 114 of the device. It is then possible to transfer this memory 114 to the memory 132 of the card. Other types of transfer are of course possible, depending on the applications.

L'invention prévoit par ailleurs une technique avantageuse pour la maintenance ou la configuration (c'est-à-dire les opérations qui ne peuvent être effectuées que par des personnes habilitées) du dispositif 11. La personne habilitée dispose d'un détrompeur 14, qui présente le même format, ainsi que les mêmes contacts électriques, qu'une carte 12, de façon à pouvoir être inséré dans les moyens de dialogue 116. Ce détrompeur 14 comprend un moyen 141 qui permet au dispositif 11 de détecter qu'il s'agit d'une demande d'accès pour maintenance et non d'une carte classique. Ce moyen 141 est par exemple un détrompeur mécanique et/ou électrique.The invention furthermore provides an advantageous technique for the maintenance or configuration (that is, operations that can only be performed by authorized persons) of the device 11. The authorized person has a keying device 14, which has the same format, as well as the same electrical contacts, as a card 12, so that it can be inserted into the dialogue means 116. This key 14 comprises means 141 which allows the device 11 to detect that it is a access request for maintenance and not a conventional card. This means 141 is by example a mechanical and / or electrical keying.

Le détrompeur 14 comprend de plus avantageusement une alimentation 142 en une tension (par exemple 12 V) permettant d'effacer le contenu de la mémoire de programmation 112, afin de la reprogrammer. Cette tension d'effacement 142 est supérieure à la tension de fonctionnement du dispositif (par exemple 5 V).The polarizer 14 moreover advantageously comprises a feed 142 in a voltage (for example 12 V) for erasing the contents of the memory of programming 112, in order to reprogram it. This erase voltage 142 is greater than the operating voltage of the device (for example 5 V).

Lorsque le détrompeur 14 est présent dans le dispositif 11, le microprocesseur 111 peut entrer en communication avec un terminal de maintenance 15. Préférentiellement, cette communication s'effectue selon le même protocole (infra-rouge) qu'une communication de transaction.When the polarizer 14 is present in the device 11, the microprocessor 111 can communicate with a maintenance terminal 15. Preferably, this communication is carried out according to the same protocol (infra-red) than a transaction communication.

Selon un autre mode de réalisation, le détrompeur 14 peut comprendre directement l'intelligence (microprocesseur et mémoire), ou être une carte à micro-circuits spécifique, permettant la maintenance ou la configuration.According to another embodiment, the polarizer 14 may comprise directly intelligence (microprocessor and memory), or be a micro-circuit board specific, allowing maintenance or configuration.

La figure 2 est un schéma synoptique plus détaillé d'un mode de réalisation du dispositif 11.FIG. 2 is a more detailed block diagram of an embodiment of the device 11.

Un microprocesseur 21 à faible consommation, par exemple du type MCU 8051 (marque déposée), gère le fonctionnement du dispositif, en fonction des informations stockées dans la mémoire 22 de programme et dans la mémoire 23 de données (qui sont accessibles lors des opérations de maintenance et de configuration indiquées ci-dessus).A low-power microprocessor 21, for example of the MCU 8051 type (registered trademark), manages the operation of the device, depending on the information stored in the program memory 22 and the data memory 23 (which are accessible during the maintenance and configuration operations indicated above).

Le microprocesseur 21 gère d'une part les relations avec les -moyens de communication 25, comprenant l'interface infrarouge 251, et d'autre part l'interface homme/machine 26, qui comprend un clavier 261 (à 14 touches par exemple) et un écran 262 (par exemple de 2 lignes de 16 caractères, à cristaux liquides).The microprocessor 21 manages on the one hand the relations with the means of communication 25, comprising the infrared interface 251, and on the other hand the interface man / machine 26, which includes a keyboard 261 (with 14 keys for example) and a screen 262 (for example 2 lines of 16 characters, liquid crystal).

Cette interface homme/machine 26 permet de fournir de nombreux services nouveaux à l'utilisateur, tels que la consultation (visualisation du solde du dispositif et de la carte), la configuration et la personnalisation du dispositif,...This man / machine interface 26 makes it possible to provide numerous services user-friendly, such as consultation (visualization of the balance of the device and card), configuration and customization of the device, ...

Une mémoire non-volatile 24 conserve les données correspondant aux ressources de transaction (nombre de chèques, montant disponible, montant maximum autorisé, chèques vierges,...).A non-volatile memory 24 stores the data corresponding to the resources transaction (number of checks, amount available, maximum amount allowed, blank checks, ...).

La sécurisation 27 d'une transaction, lorsqu'elle est effectuée par le dispositif, est assurée préférentiellement par un coprocesseur cryptographique 271 relié au microprocesseur 21 et par un module de sécurité 272. Ce module de sécurité a essentiellement pour but de protéger les intérêts de la banque. Il s'agit donc d'un module de surveillance (appelé encore "observer"), configuré dans un mode particulier et inaccessible pour les utilisateurs, qui conserve une image sécurisée du contenu de la mémoire de ressource (appelée également "purse"). Toute opération effectuée sur la mémoire de ressource affecte systématiquement ce module de surveillance. Il est à noter que la carte comprend également un tel système de sécurisation.Securing a transaction, when it is performed by the device, is provided preferentially by a cryptographic coprocessor 271 connected to the microprocessor 21 and by a security module 272. This security module has essentially to protect the interests of the bank. It is therefore a module monitoring (still called "observe"), configured in a particular mode and inaccessible to users, which maintains a secure image of the content of the resource memory (also called "purse"). Any operation carried out on the Resource memory systematically affects this monitoring module. Note that the card also includes such a security system.

Lorsque la transaction est effectuée par une carte, le microprocesseur 21 est relié à l'interface 28 avec la carte. De façon à n'utiliser qu'un seul bus d'accès au microprocesseur 2 1, un multiplexeur 29 associe à ce bus soit l'interface 28, si une carte est présente, soit le module de sécurité 272.When the transaction is performed by a card, the microprocessor 21 is connected to the interface 28 with the card. In order to use only one access bus to microprocessor 2 1, a multiplexer 29 associated with this bus is the interface 28, if a card is present, the security module 272.

La figure 3 présente un exemple de fonctionnement du système décrit ci-dessus. On distingue deux modes de fonctionnement (30) : le mode connecté, lorsque le dispositif coopère par infrarouge avec un terminal, et le mode non-connecté, lorsqu'il fonctionne de façon autonome. Les opérations possibles sont bien sûr différentes selon le mode.Figure 3 shows an example of operation of the system described above. There are two modes of operation (30): the connected mode, when the device cooperates by infrared with a terminal, and the unconnected mode, when operates autonomously. The possible operations are of course different according to the fashion.

Toute opération en mode connecté commence, bien sûr, par l'établissement 31 d'une connexion entre un terminal et le dispositif portatif. La communication à établir est bi-directionnelle, mais la procédure 31 est préférentiellement non symétrique. Il s'agit d'une procédure maítre-esclave, le terminal jouant le rôle du maítre.Any operation in connected mode begins, of course, by the institution. a connection between a terminal and the portable device. The communication to be established is bi-directional, but the procedure 31 is preferentially unsymmetrical. It's about of a master-slave procedure, the terminal playing the role of the master.

Cette procédure peut par exemple être la suivante :

  • le maítre (terminal) boucle sur l'émission d'un même paquet de données prédéfini dans la zone de communication avec les dispositifs ;
  • l'esclave (dispositif) a deux possibilités :
    • s'il est en fonction en dehors d'une zone de communication : il est en mode non connecté ;
    • s'il est mis en fonction ou introduit en fonction dans une zone de communication, il reste en fonction et émet une réponse par son interface de communication, de façon à établir la connexion avec le maítre (mode connecté).
This procedure can for example be the following:
  • the master (terminal) loops on the transmission of the same predefined data packet in the communication zone with the devices;
  • the slave (device) has two possibilities:
    • if it is in operation outside a communication zone: it is in non-connected mode;
    • if it is activated or placed in function in a communication zone, it remains in function and sends a response via its communication interface, so as to establish the connection with the master (connected mode).

Dans ce dernier cas, l'échange de messages peut débuter, et la communication bi-directionnelle reste activée jusqu'à ce que le dispositif-esclave soit éteint ou sorti de la zone de communication, ou jusqu'à ce que l'échange de données soit normalement arrêté par le terminal-maítre.In the latter case, the exchange of messages can begin, and the two-way communication remain active until the slave device is switched off or communication area, or until the exchange of data is normally by the terminal-master.

Dans la pratique, lorsqu'on le met sous tension, le dispositif effectue systématiquement un test de connexion, pour déterminer s'il se trouve ou non dans une zone de communication. Il répète ensuite régulièrement ce test.In practice, when turned on, the device performs systematically a connection test, to determine whether or not it is in a communication area. He then repeats this test regularly.

Une fois la connexion établie, au moins trois types d'opérations sont possibles (32) : le paiement, le rechargement et la maintenance. Les deux premières, appelées transactions, sont effectuées par le porteur du dispositif. La troisième est réservée à des personnes habilitées.Once the connection is established, at least three types of operations are possible (32): payment, reloading and maintenance. The first two, called transactions, are carried out by the carrier of the device. The third is reserved for authorized persons.

En ce qui concerne le paiement, il a été choisi d'utiliser prioritairement la carte, lorsque cela est possible. On vérifie donc la présence 33 d'une carte, puis la validité 34 de celle-ci. En cas de réponses favorables, un paiement par carte 35 est effectué. Dans le cas contraire, on réalise un paiement par le dispositif 36. Regarding the payment, it was chosen to use the card first, where possible. We check the presence of a map, then the validity of it. In case of favorable responses, a payment by card 35 is made. In the case otherwise, payment is made by the device 36.

Plusieurs techniques sont possibles pour assurer le paiement 35, 36. Elles peuvent être identiques ou différentes selon que l'on utilise la carte ou le dispositif. Le déroulement peut par exemple être le suivant :

  • le terminal communique au dispositif le montant à payer, éventuellement dans plusieurs devises ;
  • le dispositif affiche ces données pour que l'utilisateur connaisse la somme à payer, dans plusieurs devises possibles, et les vérifie ;
  • l'utilisateur accepte (dans une devise choisie) ou refuse la transaction grâce au clavier du dispositif. En cas de refus, la procédure est terminée (37) ;
  • en cas d'acceptation, le terminal vérifie dans sa mémoire de ressources les autorisations accordées à l'utilisateur (montant maximum ou autorisation de paiement par exemple). Si l'un des éléments manque, la procédure est terminée (37) ;
  • sinon, un chèque est émis par le dispositif, avec sécurisation des données qu'il contient, à l'aide d'une signature cryptographique ;
  • le terminal vérifie la validité du chèque qu'il a reçu, par exemple en contrôlant à partir d'une clé publique sa signature cryptographique, puis accepte la transaction, si le chèque est validé. Sinon, la transaction est annulée.
Several techniques are possible to ensure payment 35, 36. They can be identical or different depending on whether the card or the device is used. The sequence can for example be the following:
  • the terminal communicates to the device the amount to be paid, possibly in several currencies;
  • the device displays these data so that the user knows the amount to be paid, in several possible currencies, and verifies them;
  • the user accepts (in a chosen currency) or refuses the transaction thanks to the keyboard of the device. In case of refusal, the procedure is completed (37);
  • if accepted, the terminal verifies in its resource memory the permissions granted to the user (maximum amount or authorization of payment for example). If one of the elements is missing, the procedure is complete (37);
  • otherwise, a check is issued by the device, with securing of the data it contains, using a cryptographic signature;
  • the terminal verifies the validity of the check it has received, for example by checking from a public key its cryptographic signature, then accepts the transaction, if the check is validated. Otherwise, the transaction is canceled.

Le rechargement 38 s'effectue entre le terminal et la mémoire de ressources du dispositif, selon une procédure similaire à celle décrite ci-dessus pour le paiement. Il est possible de recharger en chèques vierges et en montant(s) financier(s), éventuellement dans plusieurs devises.The recharging 38 is performed between the terminal and the resource memory of the device, following a procedure similar to that described above for payment. It is possible to recharge in blank checks and in financial amount (s), possibly in several currencies.

La maintenance et la configuration 312 n'étant permises qu'aux personnes habilitées, le dispositif vérifie (311) la présence du détrompeur. Si le détrompeur est présent, un dialogue peut être établi avec un terminal de configuration, par l'intermédiaire des moyens de communication infrarouge. Avantageusement, le protocole de communication permet d'accéder directement à la plupart des composants formant le dispositif, pour des opérations de configuration ou de miantenance.Maintenance and configuration 312 being permitted only to persons enabled, the device verifies (311) the presence of the polarizer. If the keying is present, a dialogue can be established with a configuration terminal, via infrared communication means. Advantageously, the protocol of communication allows direct access to most of the components forming the device, for configuration or miantenance operations.

En mode non connecté, trois grands types d'opérations 39 sont également possibles : l'interrogation, le transfert de ressources et la configuration. In unconnected mode, three major types of operations 39 are also possible: query, resource transfer, and configuration.

L'interrogation 310 permet par exemple de consulter le solde du compte (ou des comptes, lorsque plusieurs comptes dans plusieurs devises sont gérés) sur la carte et/ou sur le dispositif, ainsi que de visualiser la liste des dernières transactions effectuées et mémorisées, ou les taux de change:The query 310 makes it possible, for example, to consult the balance of the account (or accounts, when multiple accounts in multiple currencies are managed) on the card and / or on the device, as well as view the list of the last transactions made and memorized, or exchange rates:

La configuration 313 permet de personnaliser le dispositif et la carte, notamment en :

  • changeant le code confidentiel du dispositif ou de la carte ;
  • choisissant la-langue d'utilisation du dispositif ;
  • choisissant la monnaie utilisée pour les transactions.
The configuration 313 makes it possible to personalize the device and the card, in particular by:
  • changing the confidential code of the device or the card;
  • choosing the language of use of the device;
  • choosing the currency used for the transactions.

Enfin, le transfert de ressources (chèques vierges et/ou montants) peut se faire (314) de la carte vers le dispositif 315 (par exemple lorsqu'on veut se débarrasser du reliquat d' une carte), ou du dispositif vers la carte 316 (par exemple lorsque l'on vient de recharger 38 le dispositif). Il est également envisageable d'effectuer des transferts de chèques crédités d'un montant choisi, d'une carte vers un dispositif et vice-versa (notamment de façon à effectuer une transaction entre deux personnes, l'une étant titulaire du dispositif et l'autre de la carte).Finally, the transfer of resources (blank checks and / or amounts) can be done (314) of the card to the device 315 (for example when one wants to get rid of the remaining of a card), or from the device to card 316 (for example when one comes from recharge the device). It is also possible to make transfers of credited checks of a chosen amount, from a card to a device and vice versa (in particular in order to effect a transaction between two persons, one being of the device and the other of the card).

Claims (14)

  1. A portable device (11) designed for conducting secure transactions with transaction terminals (12), comprising a first set of means (111, 113; 21, 271, 272) that allow a secure transaction to be conducted using transaction resources stored in a memory (114; 24) and means (115; 25) for contactless communication with the said transaction terminals (12),
       characterised, on the one hand in that it comprises means (116; 28) for dialogue with a chip card (13), which comprises a second set of means (131, 133) that allow a secure transaction to be conducted, and means (117; 29) for switching between the said first secure transaction means and the second secure transaction means, so that a transaction can be conducted either by the said portable device (11) or by a valid chip card (14) presented to the dialogue means and, on the other hand, in that the said contactless communication means (115; 25) are arranged such as to provide an exchange of data with the said transaction terminals (12) in both transaction cases.
  2. A device according to claim 1, characterised in that the switching means (117; 29) make it possible to issue electronic cheques bearing an amount transmitted by a transaction terminal (12) and authenticated by a signature encrypted using a public-key algorithm, either by the said device (11) or by a chip card (14), and in that the said checks are stored in blank form in a rewriteable memory (24).
  3. A device according to either of the claims 1 or 2, characterised in that it comprises means for recharging the said device with transaction resources, by means of contactless communication with a recharging terminal.
  4. A device according to any one of the claims from 1 to 3, characterised in that it comprises means for transferring transaction resources from the said device to a chip card and/or from a chip card to the said device.
  5. A device according to any one of the claims from 1 to 4, characterised in that the said dialogue means can receive an element (14) for configuration and/or maintenance control comprising means (141) for telling it apart from a standard chip card.
  6. A device according to claim 5, characterised in that the presence of an element (14) in the said dialogue means allows the said device (11) to establish communication with a control terminal (15) via the said contactless communication means (115) in order to perform configuration and/or maintenance operations on the said device.
  7. A device according to either of the claims 5 or 6, characterised in that it contains a reprogrammable memory and in that it is able to receive a voltage that is higher than the operating voltage of the said element (14) which makes it possible to delete and reprogram the contents of the said reprogrammable memory.
  8. A device according to any one of the claims from 1 to 7, characterised in that the said contactless communication means are infrared bi-directional communication means (251).
  9. A device according to any one of the claims from 1 to 8, characterised in that the said means (116; 28) for dialogue with a chip card operate at a predetermined nominal transmission frequency, and in that they comprise means for detecting transmission faults, which switch the means to a fold-back transmission frequency equal to half the nominal transmission frequency.
  10. A device according to any one of the claims from 1 to 9, characterised in that it comprises a multiplexer (29) associating either the said means (28) for dialogue with a chip card or the means (272) for internally securing a transaction to the single access port of a microprocessor (21).
  11. A device according to claim 10, characterised in that the said multiplexer (29) systematically connects the said means (28) for dialogue with a chip card whenever the presence of a valid card is detected.
  12. A method for implementing a portable device designed for conducting secure transactions with transaction terminals, characterised in that it provides two operating modes:
    a direct mode, in which the transaction is managed by the said portable device;
    a transparent mode, in which the transaction is managed by a chip card operationally coupled to the said device,
       contactless communication with the said transaction terminals being implemented identically in both modes.
  13. A method according to claim 12, characterised in that the said contactless communication is infrared communication of the master-slave type, the transaction terminal playing the part of the master and the said device playing the part of the slave.
  14. A method according to either claim 12 or 13, characterised in that the said transactions comprise at least one of the operations consisting of the following:
    providing the issue of electronic cheques bearing an amount transmitted by a transaction terminal;
    securing a cheque by transmitting a cryptographic signature;
    managing at least two balances in different currencies, in order to enable payment in several currencies and/or transcribing the transmitted amounts into several currencies;
    providing deposits and/or withdrawals of amounts from an account;
    validating the user of the device and/or of the card using a confidential code;
    recharging the said device with blank cheques and/or sums of cash;
    transferring cheques, blank or credited, and/or sums of cash from the said device to a chip card and/or from a chip card to the said device;
    consulting a balance, cash and cheques, of the device and/or of the card, a list of recent transactions and/or exchange rates;
    configuring and personalising the operation of the said device.
EP96934890A 1995-10-11 1996-10-11 Portable device for performing secure internal and smart card transactions, and method therefor Expired - Lifetime EP0909432B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9512183A FR2739952B1 (en) 1995-10-11 1995-10-11 PORTABLE DEVICE FOR PERFORMING SECURE INTERNAL AND MICRO-CIRCUIT CARD TRANSACTIONS, AND IMPLEMENTING METHOD THEREOF
FR9512183 1995-10-11
PCT/FR1996/001583 WO1997014121A1 (en) 1995-10-11 1996-10-11 Portable device for performing secure internal and smart card transactions, and method therefor

Publications (2)

Publication Number Publication Date
EP0909432A1 EP0909432A1 (en) 1999-04-21
EP0909432B1 true EP0909432B1 (en) 2005-12-28

Family

ID=9483617

Family Applications (1)

Application Number Title Priority Date Filing Date
EP96934890A Expired - Lifetime EP0909432B1 (en) 1995-10-11 1996-10-11 Portable device for performing secure internal and smart card transactions, and method therefor

Country Status (6)

Country Link
EP (1) EP0909432B1 (en)
AU (1) AU7303896A (en)
CA (1) CA2249461A1 (en)
DE (1) DE69635674T2 (en)
FR (1) FR2739952B1 (en)
WO (1) WO1997014121A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110889693A (en) * 2019-11-22 2020-03-17 支付宝(杭州)信息技术有限公司 Payment method, device and system

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998012674A2 (en) * 1996-09-20 1998-03-26 Wave Holdings Limited Pocket value terminal
FR2763409A1 (en) * 1997-05-15 1998-11-20 De La Perriere Eric Brac SYSTEM FOR TRANSMITTING DATA OUTSIDE THE NETWORK OUTSIDE A NETWORK
US6041314A (en) * 1997-12-22 2000-03-21 Davis; Walter Lee Multiple account portable wireless financial messaging unit
KR100382181B1 (en) * 1997-12-22 2003-05-09 모토로라 인코포레이티드 Single account portable wireless financial messaging unit
SE514433C2 (en) * 1998-05-08 2001-02-26 Ericsson Telefon Ab L M Method and device in a wireless communication system
EP1122697A1 (en) * 2000-02-04 2001-08-08 Wincor Nixdorf GmbH & Co KG Terminal selection when using mobile input device
FR2834156B1 (en) * 2001-12-20 2004-03-05 Gemplus Card Int METHOD FOR ACCESSING A SERVICE BY RADIO FREQUENCY ASSOCIATED WITH A PORTABLE ELECTRONIC CHIP OBJECT

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4277837A (en) * 1977-12-30 1981-07-07 International Business Machines Corporation Personal portable terminal for financial transactions
US4575621A (en) * 1984-03-07 1986-03-11 Corpra Research, Inc. Portable electronic transaction device and system therefor
FR2636153B2 (en) * 1988-06-08 1992-10-09 Parienti Raoul MEMORY BI-MODULE CHIP CARD AND REMOTE USE DEVICE
FR2637710A1 (en) * 1988-10-07 1990-04-13 B Et Dev Method and device for high-security multifunction electronic control comprising a microchip card
FR2689997B1 (en) * 1992-04-08 1997-06-13 Innovatron Sa CONTACTLESS DATA EXCHANGE SYSTEM BETWEEN A TERMINAL AND A MODULAR PORTABLE ASSEMBLY.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110889693A (en) * 2019-11-22 2020-03-17 支付宝(杭州)信息技术有限公司 Payment method, device and system

Also Published As

Publication number Publication date
CA2249461A1 (en) 1997-04-17
FR2739952A1 (en) 1997-04-18
FR2739952B1 (en) 1998-01-23
EP0909432A1 (en) 1999-04-21
DE69635674D1 (en) 2006-02-02
AU7303896A (en) 1997-04-30
WO1997014121A1 (en) 1997-04-17
DE69635674T2 (en) 2006-07-20

Similar Documents

Publication Publication Date Title
EP0527203B1 (en) Process and device for effecting a transaction between a first and at least one second data medium and medium used for this purpose
EP2370940B1 (en) Tragbarer Gegenstand mit Display und Anwendung zum Durchführen von elektronischen Transaktionen
WO2002013151A1 (en) Electronic payment device using a consumer apparatus and a trader apparatus communicating through wireless link
WO2002001521A1 (en) Transaction system with portable personal device for transaction identification and control
EP0909432B1 (en) Portable device for performing secure internal and smart card transactions, and method therefor
WO2003007201A2 (en) Electronic cash system for an electronic wallet
EP3692488A1 (en) Method and system for carrying out a payment transaction on a bank terminal using an electronic device
WO2008065271A2 (en) Method and system for withdrawing money using a mobile telephone
EP1354288B1 (en) Method using electronic banking cards for making secure transactions
WO2006117351A2 (en) Mobile terminal for secure electronic transactions and secure electronic transaction system
WO2009077380A1 (en) Method for communicating from a transaction terminal with a server, and corresponding electronic terminal, server and system
EP1673742B1 (en) Secure smart card system for use as electronic wallet
WO1998006070A1 (en) System for managing the transfer of units of value in a chip card game system
EP1048011A1 (en) Method for carrying out financial transactions, system therefor and electronic purse
FR2805065A1 (en) Portable viewer type reader for integrated circuit card has card receiver and means to establish communication including exchange of identification codes with fixed terminal by inductive coupling
EP2306414A1 (en) Communication method between a reader and two chip cards
EP3564914A1 (en) Method and system for performing a secure data exchange
FR2957178A3 (en) Method for carrying out secured payments from user to seller of commercial site for online commercial transaction application, involves carrying out payments from user to seller using key via network, where key is coded using biometric data
FR2582830A1 (en) Device making it possible to determine a relationship between a referenced document and an individual
OA17811A (en) Intelligent virtual integration support card with multiple electronic and magnetic cards.
EP1649430A2 (en) Method for operating private payment means and device for operating private payment means and uses thereof
FR2786900A1 (en) Method of using a multi-purpose credit card
WO2015083093A1 (en) Smart card support for virtual integration of multiple electronic and magnetic cards
FR2888361A1 (en) SYSTEM FOR PROVIDING A SERVICE PROVIDER, ORGANIZING AN EVENT OR A MANIFESTATION, MANAGING AND SECURING THE ACCESS OF PERSONS AND PROPERTY AND THE PAYMENT OF GOODS AND SERVICES
FR2815803A1 (en) SERVICE ACCESS SYSTEM

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19981005

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20010309

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE FR GB

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REF Corresponds to:

Ref document number: 69635674

Country of ref document: DE

Date of ref document: 20060202

Kind code of ref document: P

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20060208

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20060929

REG Reference to a national code

Ref country code: FR

Ref legal event code: TP

Ref country code: FR

Ref legal event code: CD

REG Reference to a national code

Ref country code: GB

Ref legal event code: S117

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 26 APRIL 2010

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

Free format text: REGISTERED BETWEEN 20110616 AND 20110622

REG Reference to a national code

Ref country code: DE

Ref legal event code: R082

Ref document number: 69635674

Country of ref document: DE

Representative=s name: HOFFMANN - EITLE, DE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R082

Ref document number: 69635674

Country of ref document: DE

Representative=s name: HOFFMANN - EITLE PATENT- UND RECHTSANWAELTE PA, DE

Effective date: 20120404

Ref country code: DE

Ref legal event code: R082

Ref document number: 69635674

Country of ref document: DE

Representative=s name: HOFFMANN - EITLE, DE

Effective date: 20120404

Ref country code: DE

Ref legal event code: R081

Ref document number: 69635674

Country of ref document: DE

Owner name: GEMALTO SA, FR

Free format text: FORMER OWNER: GEMPLUS, GEMENOS, FR

Effective date: 20120404

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20140924

Year of fee payment: 19

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20140924

Year of fee payment: 19

Ref country code: FR

Payment date: 20141021

Year of fee payment: 19

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 69635674

Country of ref document: DE

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20151011

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20151011

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160503

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20160630

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20151102