[go: up one dir, main page]

EP2545534A1 - A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus - Google Patents

A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus

Info

Publication number
EP2545534A1
EP2545534A1 EP11753691A EP11753691A EP2545534A1 EP 2545534 A1 EP2545534 A1 EP 2545534A1 EP 11753691 A EP11753691 A EP 11753691A EP 11753691 A EP11753691 A EP 11753691A EP 2545534 A1 EP2545534 A1 EP 2545534A1
Authority
EP
European Patent Office
Prior art keywords
transaction
input device
electronic input
message
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP11753691A
Other languages
German (de)
French (fr)
Other versions
EP2545534A4 (en
Inventor
Hans Schröder
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Retail Innovation HTT AB
Original Assignee
Retail Innovation HTT AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Retail Innovation HTT AB filed Critical Retail Innovation HTT AB
Publication of EP2545534A1 publication Critical patent/EP2545534A1/en
Publication of EP2545534A4 publication Critical patent/EP2545534A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/202Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated

Definitions

  • the present invention relates generally to a transaction managing system, an apparatus for managing transactions and to a method for use in such an apparatus. More particularly, the present invention relates to a transaction managing system comprising an apparatus for managing transactions, the apparatus being adapted to interwork between a transaction register, an electronic input device and a transaction manager.
  • a cash register comprises means for calculating a sum of the price of purchased items, also known as a transaction amount, and means for calculating a difference between an amount paid in and the transaction amount.
  • the cash register is normally connected to a receipt printer, and it has a function to deliver information to the receipt writer such that the latter can write a receipt, and it has an order function that activates the receipt writer.
  • the cash register usually comprises a data processing unit that can, for example, calculate the transaction amount and the difference between the amount paid in and the transaction amount.
  • Such an electronic input device is a credit card payment terminal or a Personal Identification Number pad (PINpad) which are electronic input devices used in a debit or smart-card based transaction to input and encrypt a cardholder's PIN.
  • PINpad Personal Identification Number pad
  • PINpads are normally used with integrated point of sale devices in which an Electronic Cash register (ECR) machine is responsible for taking a sale amount and initiating/handling a transaction.
  • ECR Electronic Cash register
  • the PINpad is required so that a customer can use his card (in the case of chip cards) and enter a PIN securely and whereby the card number and the PIN is encrypted before it is sent upstream to a transaction manager of a trusted authority or a bank.
  • the PIN is only transferred from the PINpad to the chip (within the PINpad itself) and it is verified by the chip card. In this case the PIN does not need to be sent to the bank or card scheme for verification (this is known as Offline PIN verification').
  • PINpads are normally equipped with hardware and software security features to ensure that injected security keys and the PIN are erased if someone tries to tamper with the device.
  • the PIN-code is encrypted immediately on entry and an encrypted ⁇ -block is created. This encrypted ⁇ -block is erased as soon as it has been sent from the PINpad to the interworking device and/or the chip card.
  • PINs are encrypted using a variety of encryption schemes, the most common being triple DES.
  • Triple DES is the common name for Triple Data Encryption Algorithm (TDEA) block cipher defined by several standards. It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
  • Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.
  • PCI DSS PCI Data Security Standard
  • the PCI DSS is a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
  • the PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
  • Fig. 1 discloses a prior art known transaction system 1 which comprises an electronic input device 10 (EID) in connection with a Transaction Manager 40, located at a Trusted Authority 30 (TA), via a network 20, e.g. Internet, ISDN, a wireless network, phone line etc.
  • the TA is normally a bank or a credit company.
  • the EID in this illustration is a PINpad and is considered to be a stand-alone input device. This means that the PINpad does not interwork with a cash register at all.
  • the PINpad will be separately used and an amount is entered on the PINpad by the staff working in the store, which to be confirmed/verified by the customer.
  • the PINpad encrypts the inputted customer data and sends them to the TM 40 as a transaction request.
  • the TM 40 decrypts the transaction requests and performs the transaction. Then the TM 40 sends a transaction response confirming or declining the transaction.
  • the PINpad may further be connected to a printer (not shown in figure) for printing out a receipt. This receipt is then normally stapled together with the receipt from the cash register.
  • the transaction system mentioned above has the disadvantage that it depends on the accuracy of the staff. It is also time consuming since the staff has to do several operations each time a credit card is to be used for payment. Also it is not convenient to have to staple two receipts together each time a transaction is performed through the use of the PINpad.
  • Fig. 2 discloses a prior art known transaction system 2 which comprises an electronic input device 10 (PINpad) in connection with a cash register 50 and a TM 40, located at a Trusted Authority 30 (TA), via a network 20, e.g. Internet, ISDN, a wireless network, phone line etc.
  • PINpad electronic input device 10
  • TM 40 located at a Trusted Authority 30
  • the PINpad in this illustration is considered to be interworking between the cash register 50 and the TM 40.
  • the cash register is normally an updated ECR or a PC comprising a cash register program.
  • a payment amount typed on the cash register is forwarded as transaction data to the PINpad 10.
  • a customer then enters his PIN-code on the PINpad together with the information read from the customer card, which is normally used to confirm the payment.
  • the PIN and the transaction data are then encrypted and sent to the TM 40, which decrypts that information and performs the transaction that is if the customer fulfills certain requirements (account status etc).
  • the TM 40 then returns an encrypted transaction response to the PINpad 10 which is decrypted and forwarded to the cash register 50.
  • the cash register 50 then prints out a receipt either itself or by use of a printer (Not shown in the figure).
  • each cash register 50 must be updated in place with new program in order to make it possible to cooperate with the PINpad.
  • ECR electronic-reliable and low-latency digital signal processor
  • PC electronic-reliable and low-latency digital signal processor
  • Each cash register program vendor must also therefore have their cash register program certified to make it possible to cooperate with a specific electronic input device type, such as the PINpad, different PINpad versions or a credit card payment terminal.
  • Patent publication SE528368 (WO2006/083219), belonging to the same applicant, illustrates a transaction system 3 for registration control, which is illustrated by Fig. 3.
  • the transaction system 3 comprises a control unit 60, connected to at least one cash register 50 and at least one receipt writer 70.
  • the control unit 60 uses encryption algorithms to generate a unique code based on transaction data received from the cash register 50, which unique code is sent to the receipt writer 70 to be printed onto the receipt.
  • the authenticity of all receipts that are generated by the system can in this way be subsequently checked.
  • the control unit 60 may further be connected to a Supervisory Authority 80 (SA) via an external network 20 such as the unique code and the transaction data may be sent to the SA for further registration and storage.
  • SA Supervisory Authority 80
  • An object of exemplary embodiments of the present invention is thus to provide a simplified solution for managing and controlling transactions wherein the solution is independent of a used transaction register program or a type of a transaction register.
  • the transaction register is any kind of register able to register transactions, such as a cash register.
  • an apparatus for managing transactions comprising: a receiver circuit adapted to receive transaction data from a transaction register; an information extracting circuit adapted to extract a transaction amount from the received transaction data; a first transceiver circuit adapted to send the extracted transaction amount to an electronic input device and to receive a transaction request from the electronic input device, the transaction request comprising encrypted end-user specific information inputted by the end-user; a second transceiver circuit adapted to forward the transaction request to a transaction manager and to receive an encrypted transaction response from the transaction manager; a decryption circuit adapted to decrypt the received encrypted transaction response; and an output circuit adapted to output a message using information in the transaction response.
  • a transaction managing system comprising an apparatus for managing transactions which is adapted to interworking between a transaction register, an electronic input device, and a transaction manager and a printer.
  • a transaction managing apparatus for use in a transaction managing apparatus, the transaction managing apparatus being adapted to interwork between a transaction register, an electronic input device and a transaction manager, the method comprising; receiving transaction data from the transaction register; extracting a transaction amount from the received transaction data; sending the extracted transaction amount to the electronic input device; receiving a transaction request from the electronic input device, the transaction request comprising encrypted end-user specific information inputted by the end-user; sending the transaction request to the transaction manager; receiving an encrypted transaction response from the transaction manager; decrypting the encrypted transaction response received from the transaction manager; and outputting a message using information in the transaction response.
  • An advantage of the exemplary embodiments of the present invention is that the encryption/decryption centralized by the use of one single apparatus that is able to interwork between all other devices in a system.
  • Figure 1 is a block diagram illustrating a network for performing transactions according to prior art.
  • Figure 2 is a block diagram illustrating another network for performing transactions according to prior art
  • Figure 3 is a block diagram illustrating a control system for checking the transactions carried out by a transaction register, according to prior art.
  • Figures 4 is a block diagram illustrating a system with an apparatus for managing transactions according to an exemplary embodiment of the present invention.
  • Figure 5 is a block diagram illustrating an apparatus for managing transaction according to an exemplary embodiment of the present invention.
  • Figure 6 is a block diagram illustrating apparatus for managing transaction according to an alternative exemplary embodiment of the present invention.
  • Figure 7 is a flowchart of a method for use in an apparatus for managing transactions according to an exemplary embodiment of the present invention.
  • Figure 8 is another flowchart of a method for use in an apparatus for managing transactions according to an exemplary embodiment of the present invention.
  • FIG. 4 is a block diagram illustrating a system with an apparatus for managing transactions according to an exemplary embodiment of the present invention.
  • the system is a transaction managing system 100 comprising an apparatus 160 for managing transactions which is adapted to interworking between a transaction register 150, an electronic input device 110, a transaction manager 140 and a printer 170.
  • a transaction amount i.e. a total amount to be paid
  • the transaction data normally comprising the purchased articles and the transaction amount is then sent to the apparatus which receives (S210) the transaction data and uses the transaction data to extract (S220) the transaction amount, among other information, reference to Fig. 7.
  • the apparatus is also capable of generating/extracting (S221) a unique code from the transaction data, see Fig. 8.
  • the unique code is an encrypted string that can be used when decrypted to identify the purchased items and the transaction amount.
  • a number of known description algorithms may be used to encrypt the unique code, such as RSA, Blowfish, Twofish etc.
  • the apparatus which may be PCI DSS certified, continues then by sending (S230) the extracted transaction amount to the electronic input device (110); receiving (S240) a transaction request from the electronic input device (110), the transaction request comprising encrypted end-user specific information inputted by the end-user and transaction amount; sending (S250) the transaction request to the transaction manager (140); receiving (S260) an encrypted transaction response from the transaction manager (140); decrypting (S270) the encrypted transaction response received from the transaction manager; and outputting (S280) an output message using and/or based on information in the transaction response.
  • the encryption and decryption is done using triple-DES and/or according to the PCI DSS requirements.
  • the apparatus may further comprise a step of determining (S271) if the transaction response comprises one or more of the following: an acknowledgement of payment, a non- acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the output message, see Fig. 8.
  • the decrypted transaction response may either form a basis for a decision on how and/or in what form to output the output message or which information to output on e.g. a receipt or a display.
  • Fig. 5 is a block diagram illustrating such an apparatus 160 for managing transaction according to an exemplary embodiment of the present invention.
  • the apparatus 160 comprises a receiver circuit 161 adapted to receive transaction data from a transaction register and use that information by an extracting circuit 162 to extract a transaction amount from the received transaction data.
  • the transaction data may comprise other information than the transaction amount, such as purchase items.
  • the extracting circuit 162 may also use the transaction data to generate a unique code.
  • the unique code may further be used to validate/authenticate a receipt or to use when controlling and supervising a transaction register 150.
  • the unique code may be separately used for determining the authenticity of the receipt or may be sent to a Supervisory Authority 180.
  • the SA can, through a network, verify very easily the authenticity of a receipt by feeding the unique code that is on the receipt into a computer system of the SA, and decrypt the unique code thereby revealing the transaction data.
  • the apparatus 160 also comprises a first transceiver circuit 163 adapted to send the extracted transaction amount to an electronic input device 110, such as a PINpad, and to receive a transaction request from the electronic input device 110 (EID) in response.
  • EID 110 being an externally located EID, or an integral part of the apparatus 160, se Fig. 6.
  • the transaction request comprises encrypted end-user specific information inputted by the end- user.
  • the transaction request may also comprise encrypted or un-encrypted transaction data as well as other information, such as the unique code or purchased items.
  • the end-user specific information inputted by the end-user may also be a card number, a personal identification number and/or a one-time code generated for one-time use only.
  • a second transceiver circuit 164 is comprised in the apparatus 160 and which is adapted to forward the transaction request to a transaction manager 140, which usually is located at a Trusted Authority 130 (TA), and to receive an encrypted transaction response from the transaction manager 140.
  • the transaction response may comprise one or more of the following: an acknowledgement of payment, a non- acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the message.
  • the apparatus also comprises a decryption circuit 165 adapted to decrypt the received encrypted transaction response and output a message based-on/using information in the transaction response.
  • the message is outputted by aid of an output circuit 166.
  • the output circuit 166 is adapted to output the message via the EID 110, and/or via a printer 170 in connection with the apparatus 160, when the transaction response comprises a non- acknowledgment of payment, on a display, a receipt or via an alarm function thereof. Also, both the printer 170 and the EID 1 10 may be used to output the message when the transaction response is determined to comprise an acknowledgment of payment.
  • the message may include other information such as: the unique code, purchased items, a date, the TM identity, the transaction amount, a masked end-user credit card number i.e. a coded credit card number (typically printed as for example XXXXXXXXXXXXXXX 465), a transaction/cash register number, and other information similar to the decrypted transaction response.
  • the apparatus 160 may further be in connection with a Supervisory Authority 180 (SA) which is able to receive transaction data and the unique code for each payment from the apparatus via a network 120.
  • SA Supervisory Authority 180
  • the network may be an internet connection, a wireless connection or any other suitable known network for message communication. All the messages sent over the network are encrypted before sending and decrypted at the SA and/or TA, using triple DES and/or public key/private key algorithms.
  • the SA decrypts and stores the received messages for information control.
  • the TA decrypts each request and encrypts each response before sending them back in a secured way, over the network, back to the apparatus, the TA normally using triple-DES for encryption.
  • the apparatus 160 which in this case is PCI DSS certified and/or is using triple DES encryption/decryption, decrypts the transaction responses by the aid of the decrypting circuit. Then the apparatus determines by reading information in the responses how to proceed. This way the apparatus functions as an interworking unit between all other devices, i.e. the EID, the printer, the transaction register, the TM, the TA, and the TM.
  • the apparatus disclosed in the exemplary embodiments of the present invention may be purchased by a vendor or to a store and easily installed.
  • the apparatus is then either connected to an EID or includes itself the EID. Since the apparatus acts independent of the type of transaction register it is connected to, vendors need not to update their local transaction register with new programs or exchange them to new ones.
  • the apparatus also functioning as a certified sealed box guaranties the security of the information stored and processed within it. All information is stored in encrypted form.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

The present invention relates generally to a transaction managing system, an apparatus for managing transactions and to a method for use in such an apparatus. More particularly, the present invention relates to an apparatus (160) for managing transactions, the apparatus being adapted to interwork between a transaction register (150), an electronic input device (110) and a transaction manager (140).

Description

A TRANSACTION MANAGING SYSTEM, AN APPARATUS FOR MANAGING TRANSACTIONS AND A
METHOD FOR USE IN SUCH AN APPARATUS
TECHNICAL FIELD The present invention relates generally to a transaction managing system, an apparatus for managing transactions and to a method for use in such an apparatus. More particularly, the present invention relates to a transaction managing system comprising an apparatus for managing transactions, the apparatus being adapted to interwork between a transaction register, an electronic input device and a transaction manager. BACKGROUND
The use of cash registers to input prices of the goods that a customer purchases is known within the retail industry, as is their use to input the amount that the customer has paid. According to the prior art, a cash register comprises means for calculating a sum of the price of purchased items, also known as a transaction amount, and means for calculating a difference between an amount paid in and the transaction amount. The cash register is normally connected to a receipt printer, and it has a function to deliver information to the receipt writer such that the latter can write a receipt, and it has an order function that activates the receipt writer. Furthermore, the cash register usually comprises a data processing unit that can, for example, calculate the transaction amount and the difference between the amount paid in and the transaction amount.
There are various means that can be used in order to effect payments, such as debit or credit cards. Credit cards are known to be a flexible way of performing payments. Also, the connection of electronic input devices to a cash register is known. Many vendors need to be able to offer their customers, i.e. end-users, the possibility of using their credit cards for payment. Such an electronic input device is a credit card payment terminal or a Personal Identification Number pad (PINpad) which are electronic input devices used in a debit or smart-card based transaction to input and encrypt a cardholder's PIN.
PINpads are normally used with integrated point of sale devices in which an Electronic Cash register (ECR) machine is responsible for taking a sale amount and initiating/handling a transaction. The PINpad is required so that a customer can use his card (in the case of chip cards) and enter a PIN securely and whereby the card number and the PIN is encrypted before it is sent upstream to a transaction manager of a trusted authority or a bank. In some cases, with chip cards, the PIN is only transferred from the PINpad to the chip (within the PINpad itself) and it is verified by the chip card. In this case the PIN does not need to be sent to the bank or card scheme for verification (this is known as Offline PIN verification').
PINpads are normally equipped with hardware and software security features to ensure that injected security keys and the PIN are erased if someone tries to tamper with the device. The PIN-code is encrypted immediately on entry and an encrypted ΡΓΝ-block is created. This encrypted ΡΓΝ-block is erased as soon as it has been sent from the PINpad to the interworking device and/or the chip card. PINs are encrypted using a variety of encryption schemes, the most common being triple DES. Triple DES is the common name for Triple Data Encryption Algorithm (TDEA) block cipher defined by several standards. It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.
PINpads must be approved to the standards required by the Payment Card Industry (PCI) in order to ensure that they provide adequate security at the point of PIN entry and for the ΡΓΝ encryption process. One can say that the PINpad must follow the PCI Data Security Standard (PCI DSS). The PCI DSS, is a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Fig. 1 discloses a prior art known transaction system 1 which comprises an electronic input device 10 (EID) in connection with a Transaction Manager 40, located at a Trusted Authority 30 (TA), via a network 20, e.g. Internet, ISDN, a wireless network, phone line etc. The TA is normally a bank or a credit company. The EID in this illustration is a PINpad and is considered to be a stand-alone input device. This means that the PINpad does not interwork with a cash register at all. When a payment is to be confirmed/verified by a customer the PINpad will be separately used and an amount is entered on the PINpad by the staff working in the store, which to be confirmed/verified by the customer. The PINpad encrypts the inputted customer data and sends them to the TM 40 as a transaction request. The TM 40 decrypts the transaction requests and performs the transaction. Then the TM 40 sends a transaction response confirming or declining the transaction. The PINpad may further be connected to a printer (not shown in figure) for printing out a receipt. This receipt is then normally stapled together with the receipt from the cash register.
The transaction system mentioned above has the disadvantage that it depends on the accuracy of the staff. It is also time consuming since the staff has to do several operations each time a credit card is to be used for payment. Also it is not convenient to have to staple two receipts together each time a transaction is performed through the use of the PINpad.
Fig. 2 discloses a prior art known transaction system 2 which comprises an electronic input device 10 (PINpad) in connection with a cash register 50 and a TM 40, located at a Trusted Authority 30 (TA), via a network 20, e.g. Internet, ISDN, a wireless network, phone line etc. The PINpad in this illustration is considered to be interworking between the cash register 50 and the TM 40. The cash register is normally an updated ECR or a PC comprising a cash register program. In this illustration a payment amount typed on the cash register is forwarded as transaction data to the PINpad 10. A customer then enters his PIN-code on the PINpad together with the information read from the customer card, which is normally used to confirm the payment. The PIN and the transaction data are then encrypted and sent to the TM 40, which decrypts that information and performs the transaction that is if the customer fulfills certain requirements (account status etc). The TM 40 then returns an encrypted transaction response to the PINpad 10 which is decrypted and forwarded to the cash register 50. The cash register 50 then prints out a receipt either itself or by use of a printer (Not shown in the figure).
According to the system described above each cash register 50 must be updated in place with new program in order to make it possible to cooperate with the PINpad. Note, that not all traditional ECR:s include an updatable program processing unit part and many ECR:s are very difficult to reprogram. This means new investments are needed in buying new cash registers and further on updating them to cooperate with the PINpad. Cash register programs for PC:s need also to be updated. Each cash register program vendor must also therefore have their cash register program certified to make it possible to cooperate with a specific electronic input device type, such as the PINpad, different PINpad versions or a credit card payment terminal.
During the last few years new requirements and directions from governments has arisen concerning the possibility of checking sales and transactions carried on a cash register. New control means/units need also to be incorporated into the transaction systems comprising cash registers in enabling the control of registration of sales and transactions carried out. Patent publication SE528368 (WO2006/083219), belonging to the same applicant, illustrates a transaction system 3 for registration control, which is illustrated by Fig. 3. The transaction system 3 comprises a control unit 60, connected to at least one cash register 50 and at least one receipt writer 70. The control unit 60 uses encryption algorithms to generate a unique code based on transaction data received from the cash register 50, which unique code is sent to the receipt writer 70 to be printed onto the receipt. The authenticity of all receipts that are generated by the system can in this way be subsequently checked. The control unit 60 may further be connected to a Supervisory Authority 80 (SA) via an external network 20 such as the unique code and the transaction data may be sent to the SA for further registration and storage. There is up to today no known solution of how to integrate the control unit functionality with a cash register and an electronic input device in a simply way.
SUMMARY
An object of exemplary embodiments of the present invention is thus to provide a simplified solution for managing and controlling transactions wherein the solution is independent of a used transaction register program or a type of a transaction register. The transaction register is any kind of register able to register transactions, such as a cash register.
According to an aspect of exemplary embodiments of the present invention, there is provided an apparatus for managing transactions wherein the apparatus comprises: a receiver circuit adapted to receive transaction data from a transaction register; an information extracting circuit adapted to extract a transaction amount from the received transaction data; a first transceiver circuit adapted to send the extracted transaction amount to an electronic input device and to receive a transaction request from the electronic input device, the transaction request comprising encrypted end-user specific information inputted by the end-user; a second transceiver circuit adapted to forward the transaction request to a transaction manager and to receive an encrypted transaction response from the transaction manager; a decryption circuit adapted to decrypt the received encrypted transaction response; and an output circuit adapted to output a message using information in the transaction response.
According to another aspect of exemplary embodiments of the present invention, there is provided a transaction managing system comprising an apparatus for managing transactions which is adapted to interworking between a transaction register, an electronic input device, and a transaction manager and a printer.
According to another aspect of exemplary embodiments of the present invention, there is provided method for use in a transaction managing apparatus, the transaction managing apparatus being adapted to interwork between a transaction register, an electronic input device and a transaction manager, the method comprising; receiving transaction data from the transaction register; extracting a transaction amount from the received transaction data; sending the extracted transaction amount to the electronic input device; receiving a transaction request from the electronic input device, the transaction request comprising encrypted end-user specific information inputted by the end-user; sending the transaction request to the transaction manager; receiving an encrypted transaction response from the transaction manager; decrypting the encrypted transaction response received from the transaction manager; and outputting a message using information in the transaction response.
An advantage of the exemplary embodiments of the present invention is that the encryption/decryption centralized by the use of one single apparatus that is able to interwork between all other devices in a system.
Another advantage of the exemplary embodiments of the present invention is that the overall cost for performing an update of a transaction system with an electronic input device is reduced, especially in the case when a vendor need to update with receipt control functionality as well. Another advantage of the exemplary embodiments of the present invention is that the overall cost for performing an update of a transaction system with an electronic input device and registration control functionality a control is reduced and which is easy to update and exchange when malfunctioning. Yet another advantage of the exemplary embodiments of the present invention is that the invention works independently of the transaction register program.
Still other advantages, objects and features of the embodiments of the present invention will become apparent from the following detailed description in conjunction with the accompanying drawings, attention to be called to the fact, however, that the following drawings are illustrative only, and that various modifications and changes may be made in the specific embodiments illustrated as described within the scope of the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram illustrating a network for performing transactions according to prior art.
Figure 2 is a block diagram illustrating another network for performing transactions according to prior art
Figure 3 is a block diagram illustrating a control system for checking the transactions carried out by a transaction register, according to prior art.
Figures 4 is a block diagram illustrating a system with an apparatus for managing transactions according to an exemplary embodiment of the present invention.
Figure 5 is a block diagram illustrating an apparatus for managing transaction according to an exemplary embodiment of the present invention.
Figure 6 is a block diagram illustrating apparatus for managing transaction according to an alternative exemplary embodiment of the present invention.
Figure 7 is a flowchart of a method for use in an apparatus for managing transactions according to an exemplary embodiment of the present invention.
Figure 8 is another flowchart of a method for use in an apparatus for managing transactions according to an exemplary embodiment of the present invention. DETAILED DESCRIPTION
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular architectures, scenarios, techniques, etc. in order to provide thorough understanding of the present invention. However, it will be apparent from the following that the present invention and its embodiments may be practiced in other embodiments that depart from these specific details. The exemplary embodiments of the present invention are described herein by way of reference to particular example scenarios. In particular the invention is described in a non-limiting general context in relation to a transaction register. Note that the present invention is applicable to function in combination with any type of cash registers hereinafter during the description denoted as a transaction register. Such transaction registers include among others traditional ECR:s with very limited programming capabilities, ECR:s with programming capabilities, PC-based transaction registers, server-based cash-registers. Note also that the exemplary embodiments of the present invention are not either restricted to that the electronic input device being a PINpad or a credit card payment terminal.
Following will be described exemplary embodiments of the present invention disclosing a transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus, and wherein the embodiments are independent of transaction register programs and which enable centralized certification.
FIG. 4 is a block diagram illustrating a system with an apparatus for managing transactions according to an exemplary embodiment of the present invention. According to this illustration, the system is a transaction managing system 100 comprising an apparatus 160 for managing transactions which is adapted to interworking between a transaction register 150, an electronic input device 110, a transaction manager 140 and a printer 170.
Normally, when a cashier working is a store enters a transaction amount, i.e. a total amount to be paid, on the transaction register 150, the transmission of transaction data is then initiated, normally by the cashier pressing on enter key. The transaction data normally comprising the purchased articles and the transaction amount is then sent to the apparatus which receives (S210) the transaction data and uses the transaction data to extract (S220) the transaction amount, among other information, reference to Fig. 7. Note that the apparatus is also capable of generating/extracting (S221) a unique code from the transaction data, see Fig. 8. The unique code is an encrypted string that can be used when decrypted to identify the purchased items and the transaction amount. A number of known description algorithms may be used to encrypt the unique code, such as RSA, Blowfish, Twofish etc.
The apparatus, which may be PCI DSS certified, continues then by sending (S230) the extracted transaction amount to the electronic input device (110); receiving (S240) a transaction request from the electronic input device (110), the transaction request comprising encrypted end-user specific information inputted by the end-user and transaction amount; sending (S250) the transaction request to the transaction manager (140); receiving (S260) an encrypted transaction response from the transaction manager (140); decrypting (S270) the encrypted transaction response received from the transaction manager; and outputting (S280) an output message using and/or based on information in the transaction response. Typically the encryption and decryption is done using triple-DES and/or according to the PCI DSS requirements. Note however that other known encryption and decryption algorithms may be used, such as any kind of public key/private key algorithms. This way most of the encryption and decryptions may be performed by the apparatus which also may be sealed as a black box. Only the apparatus needs to cope with all other certified devices and authorities. Thus the certifying procedure is simplified to only one apparatus which might as well be used for control of the authentication of receipts and transaction registers.
Note that the apparatus may further comprise a step of determining (S271) if the transaction response comprises one or more of the following: an acknowledgement of payment, a non- acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the output message, see Fig. 8. The decrypted transaction response may either form a basis for a decision on how and/or in what form to output the output message or which information to output on e.g. a receipt or a display.
Fig. 5 is a block diagram illustrating such an apparatus 160 for managing transaction according to an exemplary embodiment of the present invention. The apparatus 160 comprises a receiver circuit 161 adapted to receive transaction data from a transaction register and use that information by an extracting circuit 162 to extract a transaction amount from the received transaction data. The transaction data may comprise other information than the transaction amount, such as purchase items. The extracting circuit 162 may also use the transaction data to generate a unique code. The unique code may further be used to validate/authenticate a receipt or to use when controlling and supervising a transaction register 150. The unique code may be separately used for determining the authenticity of the receipt or may be sent to a Supervisory Authority 180. Thus the SA can, through a network, verify very easily the authenticity of a receipt by feeding the unique code that is on the receipt into a computer system of the SA, and decrypt the unique code thereby revealing the transaction data.
Back to Fig. 5, the apparatus 160 also comprises a first transceiver circuit 163 adapted to send the extracted transaction amount to an electronic input device 110, such as a PINpad, and to receive a transaction request from the electronic input device 110 (EID) in response. The EID 110 being an externally located EID, or an integral part of the apparatus 160, se Fig. 6. The transaction request comprises encrypted end-user specific information inputted by the end- user. The transaction request may also comprise encrypted or un-encrypted transaction data as well as other information, such as the unique code or purchased items. The end-user specific information inputted by the end-user may also be a card number, a personal identification number and/or a one-time code generated for one-time use only.
Continuing with the description of the figure, a second transceiver circuit 164 is comprised in the apparatus 160 and which is adapted to forward the transaction request to a transaction manager 140, which usually is located at a Trusted Authority 130 (TA), and to receive an encrypted transaction response from the transaction manager 140. The transaction response may comprise one or more of the following: an acknowledgement of payment, a non- acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the message.
The apparatus also comprises a decryption circuit 165 adapted to decrypt the received encrypted transaction response and output a message based-on/using information in the transaction response. The message is outputted by aid of an output circuit 166. The output circuit 166 is adapted to output the message via the EID 110, and/or via a printer 170 in connection with the apparatus 160, when the transaction response comprises a non- acknowledgment of payment, on a display, a receipt or via an alarm function thereof. Also, both the printer 170 and the EID 1 10 may be used to output the message when the transaction response is determined to comprise an acknowledgment of payment. The message may include other information such as: the unique code, purchased items, a date, the TM identity, the transaction amount, a masked end-user credit card number i.e. a coded credit card number (typically printed as for example XXXXXXXXXXXXXXXX 465), a transaction/cash register number, and other information similar to the decrypted transaction response.
The apparatus 160 may further be in connection with a Supervisory Authority 180 (SA) which is able to receive transaction data and the unique code for each payment from the apparatus via a network 120. The network may be an internet connection, a wireless connection or any other suitable known network for message communication. All the messages sent over the network are encrypted before sending and decrypted at the SA and/or TA, using triple DES and/or public key/private key algorithms. The SA decrypts and stores the received messages for information control. The TA decrypts each request and encrypts each response before sending them back in a secured way, over the network, back to the apparatus, the TA normally using triple-DES for encryption. The apparatus 160 which in this case is PCI DSS certified and/or is using triple DES encryption/decryption, decrypts the transaction responses by the aid of the decrypting circuit. Then the apparatus determines by reading information in the responses how to proceed. This way the apparatus functions as an interworking unit between all other devices, i.e. the EID, the printer, the transaction register, the TM, the TA, and the TM.
Consequently, the apparatus disclosed in the exemplary embodiments of the present invention may be purchased by a vendor or to a store and easily installed. The apparatus is then either connected to an EID or includes itself the EID. Since the apparatus acts independent of the type of transaction register it is connected to, vendors need not to update their local transaction register with new programs or exchange them to new ones. The apparatus also functioning as a certified sealed box guaranties the security of the information stored and processed within it. All information is stored in encrypted form.
While the invention has been described in terms of several preferred embodiments, it is contemplated that alternatives, modifications, permutations and equivalents thereof will become apparent upon reading of the specifications and upon study of the drawings. It is therefore intended that the following appended claims include such alternatives, modifications, permutations and equivalents as fall within the scope of the present invention.

Claims

An apparatus (160) for managing transactions, wherein the apparatus (160) comprises:
- a receiver circuit (161) adapted to receive transaction data from a transaction register (150);
- an information extracting circuit (162) adapted to extract a transaction amount from the received transaction data;
- a first transceiver circuit (163) adapted to send the extracted transaction amount to an electronic input device (110) and to receive a transaction request from the electronic input device (110), the transaction request comprising encrypted end-user specific information inputted by the end-user;
- a second transceiver circuit (164) adapted to forward the transaction request to a transaction manager (140) and to receive an encrypted transaction response from the transaction manager (140);
- a decryption circuit (165) adapted to decrypt the received encrypted transaction response; and
- an output circuit (166) adapted to output a message using information in the transaction response.
The apparatus (160) of claim 1, wherein the apparatus (160) is being adapted to interwork between a transaction register (150), an electronic input device (110) and a transaction manager (140).
The apparatus (160) according to claim 1, wherein the apparatus is adapted to comprise the electronic input device (110) as an integral part.
The apparatus (160) according to claim 1 or claim 2, wherein the transaction response comprises one or more of the following: an acknowledgement of payment, a non- acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the message.
5. The apparatus (160) according to any preceding claim, wherein the output circuit (166) is adapted to output the message via the electronic input device (110), when the transaction response comprises a non-acknowledgment of payment, on a display or via an alarm function thereof.
6. The apparatus (160) according to any of claims 1 to 4, wherein the output circuit (166) is further adapted to be in connection with a printer (170) and wherein the message is outputted via the printer (170).
7. The apparatus (160) according to any of claims 1 to 4, wherein the output circuit (166) is further adapted to be in connection with a printer (170) and wherein the message is outputted via the printer (170), when the transaction response comprises an acknowledgment of payment, as a receipt.
8. The apparatus (160) according to claim 1, wherein the message is outputted as a receipt, via the electronic input device and/or via a printer (170), and wherein the message comprises a unique code generated by the information extracting circuit (162) using the received transaction data.
9. The apparatus (160) according to claim 8, wherein the unique code is to be separately used for determining the authenticity of the receipt.
10. The apparatus (160) according to any preceding claim, wherein the electronic input device (110) is a PINpad.
11. The apparatus (160) according to any preceding claim, wherein the transaction request comprises encrypted end-user specific information inputted by the end-user and encrypted transaction amount.
12. The apparatus (160) according to any preceding claim, wherein the end-user specific information inputted by the end-user is a card number, a personal identification number and/or a one-time code generated for one-time use only.
13. The apparatus (160) according to any preceding claim, wherein the apparatus is being Payment Card Industry Data Security Standard, PCI DSS, standardized and/or capable of using a triple Data Encryption Standard ciphering algorithm.
A transaction managing system (100) comprising an apparatus (60) for managing transactions which is adapted to interworking between a transaction register (150), an electronic input device (1 10), a transaction manager (140) and a printer, and wherein the apparatus is the apparatus disclosed in any of the claims 1-13.
A method for use in a transaction managing apparatus (160), the transaction managing apparatus (160) being adapted to interwork between a transaction register (150), an electronic input device (110) and a transaction manager (140), the method comprising;
- receiving (S210) transaction data from the transaction register (150);
- extracting (S220) a transaction amount from the received transaction data;
- sending (S230) the extracted transaction amount to the electronic input device (110);
- receiving (S240) a transaction request from the electronic input device (110), the transaction request comprising encrypted end-user specific information inputted by the end-user;
- sending (S250) the transaction request to the transaction manager (140);
- receiving (S260) an encrypted transaction response from the transaction manager (140);
- decrypting (S270) the encrypted transaction response received from the transaction manager; and
- outputting (S280) a message using information in the transaction response.
The method according to claim 15, wherein herein the decrypting (S270) of the transaction response comprises the step of determining (S271) if the transaction response comprises one or more of the following: an acknowledgement of payment, a non-acknowledgment of payment, a digital signature, a date, and transaction manager related information, which is/are to be used when outputting the output message.
The method according to claim 15 or claim 16, wherein the outputting (S280) comprises outputting the output message via the electronic input device (110), when the transaction response is determined (S271) to comprises a non-acknowledgment, on a display or via an alarm function thereof.
18. The method according to claim 15 or 16, wherein the outputting (S280) comprises outputting the message via a printer (170) which is in connection with the apparatus (160).
19. The method according to any of claims 15 to 16, wherein the outputting (S280) comprises outputting the message, via the electronic input device (110) and/or via a printer (170), being in connection with the apparatus (160), when the transaction response is determined (271) to comprise an acknowledgment, as a receipt.
20. The method according to any of claims 15 to 19, wherein the extracting (S220) further comprises a step of generating (S221) a unique code from the received transaction data.
21. The method according the any of claims 15 to 20, wherein the method is capable of using Payment Card Industry Data Security Standardized, PCI DSS, communication and/or capable of using a triple Data Encryption Standard ciphering algorithm.
EP11753691.2A 2010-03-12 2011-03-09 A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus Withdrawn EP2545534A4 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1050229A SE535446C2 (en) 2010-03-12 2010-03-12 A transaction management system, a transaction management device and a method of use in such a device
PCT/SE2011/050258 WO2011112143A1 (en) 2010-03-12 2011-03-09 A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus

Publications (2)

Publication Number Publication Date
EP2545534A1 true EP2545534A1 (en) 2013-01-16
EP2545534A4 EP2545534A4 (en) 2015-08-12

Family

ID=44563729

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11753691.2A Withdrawn EP2545534A4 (en) 2010-03-12 2011-03-09 A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus

Country Status (3)

Country Link
EP (1) EP2545534A4 (en)
SE (1) SE535446C2 (en)
WO (1) WO2011112143A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017072647A1 (en) * 2015-10-27 2017-05-04 Fox Glacier Asset Management Llc Mobile payment system
EP3562090B1 (en) * 2018-04-25 2020-07-01 Siemens Aktiengesellschaft Data processing device for processing a radio signal

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2297414A (en) * 1995-01-25 1996-07-31 Ravell Holdings Pte Ltd Point of sale system
US7181416B2 (en) * 2000-06-08 2007-02-20 Blackstone Corporation Multi-function transaction processing system
JP4604525B2 (en) * 2004-03-17 2011-01-05 セイコーエプソン株式会社 Network system, program, and printing apparatus control method
SE528368C2 (en) * 2005-02-02 2006-10-31 Axtronic Ab Registration control system and procedure
EP1927946A1 (en) * 2006-11-30 2008-06-04 Teraoka Seiko Co., Ltd. Product sales processing system
US20100299265A1 (en) * 2007-04-17 2010-11-25 Hypercom Corporation Methods and systems for security authentication and key exchange
RS51461B (en) * 2007-05-30 2011-04-30 Milan Prokin Device and method for turnover control
US20100049658A1 (en) * 2008-08-22 2010-02-25 Javier Sanchez Secure electronic transaction system

Also Published As

Publication number Publication date
WO2011112143A1 (en) 2011-09-15
SE1050229A1 (en) 2011-09-13
SE535446C2 (en) 2012-08-14
EP2545534A4 (en) 2015-08-12

Similar Documents

Publication Publication Date Title
US10185956B2 (en) Secure payment card transactions
US11068883B2 (en) Apparatus and methods for secure element transactions and management of assets
US6990471B1 (en) Method and apparatus for secure electronic commerce
US10135614B2 (en) Integrated contactless MPOS implementation
US9065643B2 (en) System and method for account identifier obfuscation
US7841523B2 (en) Secure payment card transactions
US7770789B2 (en) Secure payment card transactions
JP5512637B2 (en) Secure payment system
US10733598B2 (en) Systems for storing cardholder data and processing transactions
CN108702294A (en) Authentication system and method using location matching
WO2008144555A1 (en) Secure payment card transactions
US20130066786A1 (en) Method and system for providing an internet based transaction
WO2011112143A1 (en) A transaction managing system, an apparatus for managing transactions and a method for use in such an apparatus
KR101044677B1 (en) Encryption payment system and method
AU2021329996A1 (en) Electronic payments systems, methods and apparatus
WO2022224780A1 (en) Information processing device, information processing system, and method, and program
WO2012060774A1 (en) Transaction managing system which handles dynamic receipt messages
JP2019029680A (en) Processor, individual information protection system, token creation method, and token creation program

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20120910

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: SCHROEDER, HANS

DAX Request for extension of the european patent (deleted)
RA4 Supplementary search report drawn up and despatched (corrected)

Effective date: 20150714

RIC1 Information provided on ipc code assigned before grant

Ipc: G06Q 20/00 20120101ALI20150708BHEP

Ipc: G07F 7/10 20060101ALI20150708BHEP

Ipc: G07G 1/12 20060101AFI20150708BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160211