Improved integrity of a payment system for paying for services or goods, for example, telephone facilities, through use of electronic payment cards. In any session to increase a card balance, a "flag" is placed ("1") on the payment card which indicates that the session must not be interrupted. After completion, the flag is removed again ("0"). A session to pay for the product or the service or to increase the balance can only be established if the flag is absent ("0") indicating that the last session to increase the balance was correctly completed. If, on the other hand, the flag is still "1" at the start of a session, a correction routine is first performed in which the previous session to increase the balance is then correctly concluded to prevent the flag being removed by fraud, the flag can only be removed by a central system (PSTN/ABS) through issurance of an authorized instruction.
|
6. A method for use in a payment system having a terminal and a payment card, wherein the payment card communicatively interacts with the terminal so as to effectuate a transaction therethrough, the method comprising the steps of:
changing, in conjunction with a balance process which increases a balance stored in the payment card, a symbol stored in the card from a first symbol value to a second symbol value at the beginning of said balance process; changing said symbol stored in said payment card from said second symbol value into said first symbol value at the end of said balance process, said method also comprising the following steps of during a further process with the payment card: detecting, at a beginning of said further process, if said first or said second symbol value is stored in the payment card; if said second symbol is stored, changing said second symbol to has said first symbol and performing said process to increase the stored balance value, continuing with said further process; and if said first symbol is stored has said second symbol value, indicating that a previous execution of said balance process was interrupted prior to completion and starting a terminating process to change said second symbol value into said first symbol value, wherein the method also comprises the steps of: storing information regarding the balance process during the execution of the balance process in an administration system; completing or repeating the previous execution of the balance process during said terminating process in said further process on the basis of said information still present in the administration system; and continuing said further process after said terminating process.
1. A payment system comprising: a terminal; arranged to communicate with a payment card for communicatively interacting with the terminal so as to effectuate a transaction therethrough;
means, operative in conjunction with a balance process which increases a balance stored in the payment card, for to carry out the following tasks: changing a symbol stored in the payment card from a first symbol value to a second symbol, wherein value at the beginning of said balance process; changing said symbol stored in said payment card from said second symbol value into said first symbol value at the end of said balance process; said changing means also being arranged to carry out the following tasks during a further process with the payment card: detects detecting, at a beginning of said further process, if said first or said second symbol value is stored in the payment card; if said second symbol is stored, changes said second symbol to said first symbol and performs said process to increase the stored balance; and has said first symbol value, continuing with said further process; if said first symbol is stored, indicates has a second value, indicating that a previous execution of said balance process was interrupted prior to completion and completes or repeats starting a terminating process to change said second symbol value into said first symbol value; wherein the system also comprises an administration system and the system is arranged to: store information regard the balance process during the execution of the balance process in said administration system; complete or repeat the previous execution of the balance process during said terminating process in said further process on the basis of said information still present in the administration system; and continue said further process after said terminating process.
2. The payment system in
3. The payment system in
4. The payment system in
5. The payment system in
7. The method in
8. The method in
9. The method in
10. The method in
|
|||||||||||||||||
a e.g., a public switched telephone network (PSTN) to which a telephone terminal is connected. Payment of telephone costs occurs by periodically reducing a balance stored in an electronic payment card. The balance stored in the card can be increased by inserting the card into the terminal. Connection is made to an "Accounting & Billing" system (ABS) connected to the PSTN in a menu-controlled dialog with the terminal (via the keyboard and display window of the terminal). After a balance desired by the user has been entered (for which the user receives an invoice from the ABS), the payment card can be used to start a telephone session with the PSTN, the costs of which are paid by periodically debiting the balance. The payment card contains, inter alia, an electrically erasable programmable read only memory (EEPROM).
The diagram of FIG. 2 diagrammatically shows a protocol which occurs after a user has inserted his payment card into the terminal.
After the card has been inserted into the terminal and the identity has been established and authorized (like further protocol details, this is not indicated in the figures), the "flag" of the payment card is read. (lines 1-7) This normally has (in this example) the value "0": "flag down". If the flag is down, a telephone connection set-up can be started, which is illustrated in FIG. 3. In place thereof, an action can also be started to increase the card balance, see FIG. 4. If the flag has the value "1" ("flag up"), something is not in order and an error routine is first processed; this is shown in FIG. 5. (lines 8-14)
FIG. 3 shows a protocol for set-up and payment of a telephone call through of the card balance. In this process, the initial balance is first investigated to determine whether it is sufficient (lines 20-24); thereafter the connection is set up and periodically an amount P is deducted from the card balance. As soon as the balance is insufficient, the connection is interrupted. (lines 25-29)
FIG. 4 shows a protocol for increasing the card balance. The first action is to raise the flag ("1"). (lines 31-33) This indicates that a "RAISE CREDIT" operation is in progress; only at the end of the latter is the flag lowered ("0"). The amount by which the balance has to be increased is entered via a keyboard of the terminal (the same one as that through which telephone connections can be dialled). After the value of the flag has been read for the purpose of security (it should now be "1"), the card balance is read. (lines 34-39) Connection is also made to ABS (via the telephone network). The card balance and the amount with which the card balance has to be replenished is now transmitted by the terminal to the ABS and registered at the credit and amount registration system (CAR). The terminal then instructs the payment card to increase the balance by the amount (lines 40-43); the card transmits the new balance to the ABS via the terminal. The amount entered is compared in the ABS with the difference between the new and the old card balance and, in the event of agreement, an invoice is prepared for the user. (lines 44-45) The registration of the old card balance in the ABS and the amount entered by the user are then erased. Finally, the flag on the payment card is lowered again. The instruction to do this is received from the ABS using "message authentication" by means of a cryptographic "message authentication code" (MAC). This is checked in the payment card, after which the flag is set by means of a MODIFY instruction to "0". (lines 46-47) The payment card is programmed in such a way that the MODIFY instruction can be carried out only together with a correct MAC. Use of MACs is generally known, inter alia from "Electronic banking using smartcards", SMART CARD '90, Int. Exh. and Conf. PLF Commun., vol. 2, 1990, pages M1-8, or from the book entitled "Security for Communication Networks" by Davis and Price.
FIG. 5 shows a protocol which is processed if, after the payment card has been inserted, it is found that the flag is raised. This indicates that an earlier action to increase the card balance has not been correctly terminated. The incorrectly processed previous action is now correctly terminated by the protocol shown in FIG. 5.
First of all (through lines 50-51), it is determined whether the registration (made during the previous action) of the old card balance and the amount by which the balance had to be increased (CAR) still exist in the ABS. If this information was erased in the previous action, then the only action which has to be carried out is to reset the flag. It may be assumed that only the resetting of the card flag has been omitted in the incorrectly concluded action (lines 52-53).
If the CAR still exists (lines 54-55), it is determined whether the registered card balance is or is not equal to the present card balance (line 56).
If the present card balance is greater than the registered card balance in the CAR, it may be assumed that during the previous session the card balance has, in fact, been increased but that no account thereof has been prepared. In that case, the account is now updated, the CAR is erased and the flag is reset (lines 57-59).
If the present card balance is equal to the card balance registered in the CAR, the previous attempt to increase the balance is now processed, namely on the basis of the amount, known from the CAR, by which the balance had to be increased. The card balance is now increased, the account is prepared, the CAR is erased and the flag is reset (lines 60-66). After an incorrect session to increase the card balance was signalled by detection of the flag and the error was then corrected, the planned session for which the choice was already made (see FIG. 2, lines 12-14) can be started after all (line 67).
| Patent | Priority | Assignee | Title |
| 10878404, | Jun 29 2010 | FEITIAN TECHNOLOGIES CO , LTD | Method for operating an e-purse |
| 6832718, | Dec 23 1999 | BANKS AND ACQUIRERS INTERNATIONAL HOLDING | Smart card payment terminal |
| 6853983, | Dec 02 1996 | R CLEWITS BEHEER B V | System and method for the selective activation of one or several software and/or hardware functions of a programmable device |
| 7711639, | Jan 12 2005 | Visa International | Pre-funding system and method |
| 7822679, | Oct 29 2001 | Visa International Service Association | Method and system for conducting a commercial transaction between a buyer and a seller |
| 8036985, | Jan 12 2005 | Visa International Service Association | Pre-funding system and method |
| 8566231, | Jun 17 2004 | Visa International Service Association | Method and system for providing buyer bank payable discounting aggregation services |
| 8571977, | Jun 17 2004 | Visa International Service Association | Method and system for providing seller bank receivable discounting aggregation services |
| 8571978, | Jun 17 2004 | Visa International Service Association | Method and system for providing assurance and financing services |
| 8606697, | Jun 17 2004 | Visa International Service Association | Method and system for providing buyer bank payable discounting services |
| Patent | Priority | Assignee | Title |
| 4845351, | Sep 30 1985 | Casio Computer Co., Ltd. | IC card |
| 4877945, | Nov 10 1986 | Hitachi, Ltd. | IC card having a function to exclude erroneous recording |
| 5155342, | Jul 13 1989 | Brother Kogyo Kabushiki Kaisha | Prepaid card processing device |
| 5175416, | May 17 1991 | Funds transfer system | |
| 5401950, | Jun 15 1988 | Omron Tateisi Electronics Co. | IC card having improved security checking function |
| 5504701, | Sep 30 1993 | Toppan Printing Co., Ltd. | Memory card |
| DE4230866, | |||
| EP563997, | |||
| FR2689662, | |||
| NL9200857, | |||
| WO8902140, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Aug 15 1995 | FEIKEN, ALBERTUS | KONINKLIJKE PTT NEDERLAND N V | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 010209 | /0351 | |
| Jun 03 1999 | Koninklijke PTT Nederland N.V. | (assignment on the face of the patent) | / |
| Date | Maintenance Fee Events |
| Dec 08 2008 | REM: Maintenance Fee Reminder Mailed. |
| Jun 03 2009 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
| Date | Maintenance Schedule |
| Feb 27 2004 | 4 years fee payment window open |
| Aug 27 2004 | 6 months grace period start (w surcharge) |
| Feb 27 2005 | patent expiry (for year 4) |
| Feb 27 2007 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Feb 27 2008 | 8 years fee payment window open |
| Aug 27 2008 | 6 months grace period start (w surcharge) |
| Feb 27 2009 | patent expiry (for year 8) |
| Feb 27 2011 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Feb 27 2012 | 12 years fee payment window open |
| Aug 27 2012 | 6 months grace period start (w surcharge) |
| Feb 27 2013 | patent expiry (for year 12) |
| Feb 27 2015 | 2 years to revive unintentionally abandoned end. (for year 12) |