CN101313329A - Device, system and method for reducing an interaction time for a contactless transaction - Google Patents

Device, system and method for reducing an interaction time for a contactless transaction Download PDF

Info

Publication number
CN101313329A
CN101313329A CNA2006800433088A CN200680043308A CN101313329A CN 101313329 A CN101313329 A CN 101313329A CN A2006800433088 A CNA2006800433088 A CN A2006800433088A CN 200680043308 A CN200680043308 A CN 200680043308A CN 101313329 A CN101313329 A CN 101313329A
Authority
CN
China
Prior art keywords
card
transaction
reader
contactless
accordance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006800433088A
Other languages
Chinese (zh)
Other versions
CN101313329B (en
Inventor
T·希尔
J·S·萨霍塔
C·阿布耶
K·沃格纳
A·奥奇埃诺
C·奥本兰德
威廉·智渊·陈
C·A·格兰登宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority claimed from PCT/US2006/038047 external-priority patent/WO2007038743A2/en
Publication of CN101313329A publication Critical patent/CN101313329A/en
Application granted granted Critical
Publication of CN101313329B publication Critical patent/CN101313329B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method. The method comprises, at a reader, performing at least one transaction-based risk management process prior to energizing a contactless interface, initiating communication with a card utilized for the contactless transaction, receiving information associated with the card, and terminating communication with the card prior to authorizing the contactless transaction.

Description

Reduce the equipment of the mutual time of contactless transaction, system and method
Relevant the quoting of intersection application
The application requires the U.S. Provisional Patent Application No.60/721 of proposition on September 28th, 2005, the U.S. Provisional Patent Application No.60/807 that on July 19th, 454 and 2006 proposed, 775 right of priority.
Technical field
The application discloses a kind of equipment that relates to the mutual time that reduces contactless transaction, system and method.
Background technology
In recent years, contactless and wireless communication technology has become more general.In payment industry, contactless payment has the many advantages that are better than traditional magnetic stripe technology and contact chip payment protocols.For example, known traditional contact Payment Card operation is quite slow, and magnetic stripe card is safety inadequately.These technology also all need must be by the slot in the terminal reading device of businessman's maintenance.
Contactless payment does not need to insert the slot of Payment Card.The consumer keeps the control to Payment Card, only Payment Card is placed near the terminal reading device when needing.The traditional specifications that payment industry is adopted with regard to the contact chip payment generally requires the consumer near a period of time of different time and/or lasting prolongation is placed on Payment Card the terminal reading device, so that finish transaction.Because businessman and consumer wish that exchange hour is short, therefore the contactless transaction of carrying out according to traditional specifications can not satisfy market demands.
Businessman and consumer also require contactless transaction safer.Although the contactless magnetic stripe card of up-to-date distribution can be more safer than traditional magnetic stripe card, but this contactless magnetic stripe card generally just designs for online transaction.For the non-contact on-line transaction of carrying out according to traditional specifications, be subject to be commonly referred to all kinds of online " go-between " that hide attack (sleeve attack), Trojan horse attack etc. and attack influence.
In a kind of hiding attack, device intercepts is from the data of the wireless transmission of card reader of the contactless card usefulness of confession.Equipment changes this data, subsequently the data of change is passed to this card.The change data that transmitted by equipment are received in clamping, rather than receive the data that card reader transmits.Card is with the data of aftertreatment change, and a message relevant with the change data is passed to card reader.Card reader is subsequently according to the information in the message that is present in the card transmission, and approval is concluded the business.In another kind hide to be attacked, device intercepts was from the data of the wireless transmission of card used for card reader.Equipment changes this data, subsequently the data of change is passed to card reader.Card reader receives the change data that transmitted by equipment, rather than the data of receiving card transmission.Card reader is with the data of aftertreatment change, and according to the information in the change data that are present in the equipment transmission, approval is concluded the business.In the hiding attack of other type, by not giving card or card reader the data forwarding of intercepting, equipment can cause the refusal of serving.
In a kind of Trojan horse attack, before information is sent to card reader, embed the Malware change valid data in the card.Card reader is finally concluded the business according to the data approval of change.In another kind of Trojan horse attack, the Malware that embeds in the card changed valid data before licensing process.Card reader is finally concluded the business according to the data approval of change.
For the off-line trading of appointment, " go-between " attacks the amount of money can be used to reduce finally by the transaction of card and reader identification.For example, for relating to the given offline of buying commodity from businessman, card reader can wireless transmission be scheduled to give the data of blocking, and the price of described data indication transaction equals.But, before card is received data, the described data of device intercepts, and change this data, the price of the data indication transaction of consequently changing is Deng Yu $1 only.In case card is received the data of change subsequently, and a message relevant with the change data passes to card reader, and card reader is just ratified the only transaction of Deng Yu $1 subsequently.When receiving described approval, under the situation of the dealing money Deng Yu $15 that believes approval, businessman's goods in transit.Difference between the dealing money of the real trade amount of money and minimizing can influence the amount of money that businessman finally receives from card sending mechanism.
Summary of the invention
In one aspect, the application discloses a kind of reader.According to each embodiment, described reader comprises contactless interface and transaction modules.Transaction modules and contactless interface couple, and are configured and are arranged to the mutual time less than 1/2 second between card and the reader and handle contactless transaction.
On the other hand, the present invention discloses a kind of card.According to each embodiment, described card comprises structure and is arranged to the transaction modules of carrying out radio communication that described card is configured and is arranged to according to chip mode and the work of magnetic stripe data pattern.
On the other hand, the present invention discloses a kind of system, and according to each embodiment, described system comprises reader and card.Reader comprises contactless interface and transaction modules.Card is configured and is arranged to by contactless interface and reader communication.Transaction modules and contactless interface couple, and are configured and are arranged to the mutual time less than 1/2 second between card and the reader and handle contactless transaction.
On the other hand, the application discloses a kind of mutual time method that reduces contactless transaction.According to each embodiment, described method comprises: at described reader, before making contactless interface energising, carry out at least a risk-management processes based on transaction, beginning is communicated by letter with the card that is used for contactless transaction, receive the information relevant, before the approval contactless transaction, stop and communicating by letter of blocking with card.
On the other hand, the application discloses a kind of method that prevents the man-in-the-middle attack of contactless transaction.According to each embodiment, described method comprises the reception dynamic signature, and described dynamic signature comprises application transaction counter, the unpredictable numeral of terminal, dealing money, transaction currency code and the unpredictable numeral of card.Described method also comprises the unpredictable numeral of receiving card, and unpredictable numeral recomputates dynamic signature and dynamic signature is identified if utilization blocks, so the approved offline contactless transaction.
Various aspects of the present invention can be realized by computing equipment and/or the computer program that is kept on the computer-readable medium.Computer-readable medium can comprise disk, equipment and/or transmitting signal.
Description of drawings
Below in conjunction with accompanying drawing, illustrate each embodiment of the present invention.
Each embodiment of the reader of the mutual time of Fig. 1 graphic extension minimizing contactless transaction;
Each embodiment of the system of the mutual time of Fig. 2 graphic extension minimizing contactless transaction;
Fig. 3 graphic extension reduces each embodiment of the mutual time method of contactless transaction;
Fig. 4 is the simplified flow chart of each embodiment of pro forma transaction treatment step of the method for graphic extension Fig. 3;
Fig. 5 is the simplified flow chart of each embodiment of application choice step of the method for graphic extension Fig. 3;
Fig. 6 is the simplified flow chart of each embodiment of authorisation step of the method for graphic extension Fig. 3;
Fig. 7 graphic extension is used to reduce each embodiment of the mutual time method of second contactless transaction.
Embodiment
Understand that at least some accompanying drawings of the present invention and explanation are simplified, so that concentrate on the key element relevant with being expressly understood the present invention, simultaneously for the sake of clarity, eliminated those of ordinary skill in the art and will appreciate that other key element that also can constitute a part of the present invention.But,, and, therefore omit explanation here to this key element because they not necessarily help to understand better the present invention owing to such key element is well known in the art.
Fig. 1 graphic extension is used to reduce each embodiment of reader 10 of the mutual time of contactless transaction.Reader 10 can be the equipment that is configured and is arranged to by any type of contactless interface and another devices communicating.According to each embodiment, reader 10 can be the business equipment that is integrated in the point of sale device, perhaps separate with point of sale device, but the business equipment of communicating by letter with point of sale device.Term used herein " mutual time " refers to the mutual time between reader 10 and another equipment, does not comprise for mandate and reaching the standard grade, and perhaps reader confirms that static state or dynamic signature are so that carry out the required time of offline data authentication.Reader 10 can with require exchange hour than the exchange hour relevant with traditional payment arrangement faster the existing payment system infrastructure in market use together.According to each embodiment, reader 10 can be used to the mutual time is reduced to approximately less than 500 milliseconds.
Reader 10 comprises contactless interface 12 and the transaction modules 14 that couples with contactless interface.Transaction modules 14 is configured and is arranged to the exchange hour less than 1/2 second between reader 10 and another equipment handles contactless transaction.Transaction modules 14 also can be configured and be arranged to carries out static data authentication and/or dynamic data authentication, following described in more detail.According to each embodiment, reader 10 also comprises the security module 16 that couples with transaction modules 14.Security module 16 is configured and is arranged to prevention " go-between " attack to contactless transaction.
Module 14,16 is available hardware or software realization all.According to each embodiment, by utilizing any suitable computerese (for example, C, C++, Delphi, Java, JavaScript, Perl, Visual Basic, VBScript etc.), module 14,16 can be realized as application software, computer program or the like, and can forever or temporarily be included in can be to the machine of any type of equipment transmission instruction, assembly, physics or virtual unit, storage medium is perhaps in the transmitting signal.Software code can a series of instruction or the form of order be stored on the computer-readable medium so that when processor reads described medium, carry out function described herein.Term used herein " computer-readable medium " comprises magnetic and optical memory, such as disk, and read-only optical disc, compact disc rocordable, CD drive and hard disk drive.Computer-readable medium also comprises can be physics, virtual, permanent, interim, semipermanent and/or half temporary storing device.Computer-readable medium also can comprise one or more transmitting signals, and such transmitting signal can transmit on one or more carrier waves, perhaps can not transmit on one or more carrier waves.Although module 14 and 16 is expressed as two standalone modules in Fig. 1, but those skilled in the art will recognize that the function of module 14 and 16 can be incorporated in the single module.
Fig. 2 graphic extension is used to reduce each embodiment of system 20 of the exchange hour of contactless transaction.System 20 comprises reader 10 and card 22.Term used herein " card " refers to the equipment of any type that can communicate by letter with reader 10 by contactless interface 12.According to each embodiment, card 22 can be a smart card, mobile phone, personal digital assistant or the like.Card 22 is configured with being arranged to by contactless interface 12 communicates by letter with reader 10.According to each embodiment, card 22 comprises transaction modules 24, and transaction modules 24 is configured and is arranged to reader 10 and cooperates, to finish contactless transaction.Card 22 also can comprise security module 26, and security module 26 is configured and is arranged to reader 10 and cooperates, and attacks to stop " go-between " to contactless transaction.Module 24,26 can be similar to the module 14,16 of reader 10.According to each embodiment, card 22 can be the bimodulus card, and described bimodulus card can be configured and be arranged to according to chip mode, perhaps works according to magnetic stripe data pattern (utilizing Track 2 equivalent datas).The mode of operations that card 22 utilizes can be determined according to the ability of reader 10 by card 22.
System 20 also can comprise the network 28 that couples with reader 20 and card sending mechanism (issuer) 30.Network 28 can be the network of any adequate types as known in the art, can couple according to any suitable mode known in the art and reader 28, can couple according to any suitable mode known in the art and card sending mechanism 30.Network 28 can comprise the transmission system of any kind, includes, but is not limited to LAN (Local Area Network) (for example, Ethernet), wide area network (for example the Internet and/or WWW), telephone network (for example, simulation, numeral, wired, wireless, PSTN, ISDN, GSM, GPRS and/or xDSL), the packet switching network, radio net, TV network, cable system, satellite network, and/or be configured to transmit any other wired or wireless communication networks of data.Network 28 can comprise a plurality of parts that are configured to guide and/or transmit data, such as intermediate node, and acting server, router, switch and adapter.
Fig. 3 graphic extension is used to reduce each embodiment of the mutual time method 40 of contactless transaction.Method 40 can be realized by the system 20 of Fig. 2.Method 40 comprises general step: pro forma transaction handles 42, finds to handle 4, and application choice 46 is used processing 48 and Trading Authorization 50.
For the card 22 that makes given transaction and the mutual time between the reader are reduced to minimum, before card 22 was presented in request, reader 10 was carried out pro forma transaction treatment steps 42.In pro forma transaction treatment step 42, reader 10 is carried out some risk-management processes based on transaction.For example, according to each embodiment, reader 10 can obtain dealing money, and compares dealing money and trading limit, exempts to authorize limit (floor limit), holder's verification mechanism limit or the like.In case pro forma transaction treatment step 42 is finished, reader 10 can point out the holder to present card 22.Handle according to pro forma transaction, reader 10 can require transaction to be terminated online treatment or processed offline.The simplified flow chart of each embodiment of graphic extension pro forma transaction treatment step 42 is shown among Fig. 4.
Be to find treatment step 44 after the pro forma transaction treatment step 42.Presented in case block 22, and within the scope of reader 10, reader 10 makes contactless interface 12 energisings, and during finding treatment step 44, communicate by letter with card 22 foundation by contactless interface 12.If reader 10 detects a plurality of contactless cards 22 in its scope, reader 10 can be pointed out this situation to the holder so, and requires only to present a card 22 for this transaction.In addition, according to merchant command or after predetermined timeout period, reader 10 can abnormal end be concluded the business during finding treatment step 44, and makes contactless interface 12 outages.
Find that after the treatment step 44 be application choice step 46.In application choice step 46, reader 10 transmits first command messages (for example, SELECT PPSE) to card 22.First command messages can be used as to be supported blocking 22, and the application identifier of application that can be by contactless interface 12 visits, the request of the tabulation of applying label and application priority indicator.Respond first command messages, card 22 is set up such tabulation, and reader 10 is passed in this tabulation.According to each embodiment, can in passing to the document control information (FCI) of reader 10, provide this tabulation.The tabulations that reader 10 utilizes card 22 to transmit subsequently are established as the tabulation of the common application of reader 10 and card 22.After setting up total tabulation of using, reader 10 transmits second command messages (for example, SELECT AID) to card 22.Second command messages can be used as and utilizes the application-specific come from the shared list of application, implements the request of transaction.According to each embodiment, described application-specific can be the total application with limit priority by the card 22 previous application priority indicator indications that transmit.Respond second command messages, card 22 transmits the ability that provides with reader 10 to reader 10, and the request of the relevant various details of the transaction specific (special) requirements of reader 10.According to each embodiment, available and reader 10 relevant list of terminal data objects (for example PDOL) provide the details of being asked.If list of terminal data objects comprises special data element (for example, terminal transaction qualifier (qualifier)), handle so to enter and use treatment step 48.Otherwise reader 10 can stop transaction, perhaps attempts to handle transaction by another interface.The simplified flow chart of each embodiment of graphic extension application choice step 46 is shown among Fig. 5.
In using treatment step 48, the response card to the ability of reader 10, and the request of the relevant various details of the transaction specific (special) requirements of reader 10, reader 10 transmits the 3rd command messages (for example, GPO) to card 22.The 3rd command messages is so constructed, so that can utilize it to replace desired three sepaerate orders of standard in the past.Finish the number of required order of contactless transaction and response by minimizing, the required mutual time is further minimized between card 22 and the reader 10.The 3rd command messages can comprise the value of many data elements of card 22 requests.The type of transaction that each data element values indication reader 10 is supported, off-line and/or online treatment are supported or required to reader 10 whether, and which holder's verification mechanism reader 10 supports or requires, or the like.Data element can comprise the terminal transaction qualifier, dealing money, the unpredictable numeral of terminal, transaction currency code and block 22 any other data of being asked in its response to second command messages.
According to the type of transaction that reader 10 is supported, card 22 is carried out the many risk-management processes related with specific type of transaction subsequently.According to each embodiment, risk-management processes can comprise checks that internal card indicator is in order to avoid transaction risk (tearing), compare the value of application currency code and the value of transaction currency code, the number and the preset limit that compare the Personal Identification Number clauses and subclauses, determine whether to require holder's verification mechanism, relatively dealing money and the low value limit (low value limit) relevant with card 22, relatively dealing money and the accumulation transaction total charges relevant, the value of comparison chain transaction counter and values of chain transaction limit or the like with card 22.Carry out the risk-management processes of quoting constantly by in transaction this, with to carry out risk-management processes according to traditional specifications in the moment after a while opposite, the mutual time between card 22 and the reader 10 is further minimized.According to risk-management processes, card 22 can ask to stop transaction, online treatment transaction, perhaps processed offline.
After finishing risk-management processes, block the 22 suitable responses of setting up, and reader 10 is passed in this response the 3rd command messages.Be included in this response information can with card 22 be requirement transaction by online approval, approved offline still is terminated and changes.For example, when card 22 requires transaction by online approval, described response can comprise the application transaction counter (ATC) of the number of the transaction that indicating card is handled, by the card 22 utilize application transaction counter and be included in the 3rd command messages terminal data (for example, unpredictable numeral of terminal and dealing money) applied cryptography that produces, the application interaction feature (AIP) (applicationinterchange profile) of risk management function is supported in indication, issuer application data, Track 2 equivalent datas, and various other data element.
When card 22 requires transaction by approved offline, can comprise the application transaction counter (ATC) of the number of the handled transaction of indicating card to the response of the 3rd command messages.Described response can comprise that also card 22 utilizes application transaction counter, is included in the terminal data (for example, the unpredictable numeral of terminal, dealing money, and transaction currency) in the 3rd command messages, and blocks the dynamic signature that unpredictable numeral produces.Described response comprises that also card 22 utilizes application transaction counter and is included in the applied cryptography that the terminal data (for example, unpredictable numeral of terminal and dealing money) in the 3rd command messages produces.In addition, described response can comprise the application file steady arm (AFL) of indicating with the position of using relevant file and record, and application interaction feature (AIP), issuer application data and various other data element of risk management function supported in indication.According to each embodiment, before computing application password and dynamic signature, card 22 can increase progressively application transaction counter.If the size of dynamic signature surpasses predetermined threshold, can respond the 4th command messages that the following describes so, in authorisation step 50, return dynamic signature.According to each embodiment, the applied cryptographies that card 22 produces comprise that the applied cryptography that utilized with former standard compares data element still less.By utilizing data element still less usually to produce applied cryptography, total processing time is reduced, and the mutual time between card 22 and the reader 10 is further minimized.
Using treatment step 48 is authorisation step 50 afterwards.After blocking 22 responses of receiving, when wanting online approval to conclude the business, can in the scope of reader 10, remove card 22 at reader 10 to the 3rd command messages.So, when request and carrying out online mandate, do not require that card 22 remains in the scope of reader 10.Because this that can be in transaction processing removes card 22 constantly, block 22 and reader 10 between further being minimized alternately.The online card sending mechanism 30 that offers of applied cryptography that reader 10 provides card 22 responses the 3rd command messages subsequently.According to the response of receiving from card sending mechanism 30 subsequently, reader approval or refusal transaction.
When transaction will be by approved offline, after blocking 22 responses of receiving the 3rd command messages, reader 10 transmitted the 4th command messagess (for example, READ RECORD) to card 22.Request to the record of indication in the application file steady arm (AFL) that provides at card 22 responses the 3rd command messages is provided the 4th command messages.Respond the 4th command messages, card 22 is passed to reader 10 to suitable record.When reader 10 is received the last item record, can in the scope of reader 10, remove card 22.So, when carrying out offline authorization, do not require that card 22 remains in the scope of reader 10.Because this that can be in transaction processing removes card 22 constantly, block 22 and reader 10 between further being minimized alternately.Reader 10 checks subsequently whether card 22 expires.If reader 10 determines that card 22 is not yet due, reader 10 carries out offline data authentication subsequently so.The type of performed offline data authentication, static data authentication (SDA) or dynamic data authentication (DDA) are definite according to the application interaction feature (AIP) that provides of card 22 responses the 3rd command messages.
For static data authentication, reader 10 attempts to confirm that card 22 responds the static signature that the 3rd command messages provides.Static data authentication relates to confirms the important use data, to guarantee that data are not by the change of rogue ground.If static signature is identified, conclude the business by approved offline so.Otherwise transaction can be by online transmission or termination.For dynamic data authentication, reader 10 attempts to confirm that card 22 responds the dynamic signature that the 3rd command messages provides.Dynamic data authentication relates to confirms the important use data, and guaranteeing data by the change of rogue ground, and to block 22 be real.According to each embodiment, dynamic signature is approved really and is comprised that application transaction counter (ATC) and the unpredictable numeral of terminal of utilizing card 22 responses the 3rd command messages to provide recomputate dynamic signature.According to other embodiment, dynamic signature is approved really and is comprised that the unpredictable numeral of card that utilization is received from clamping recomputates dynamic signature.If dynamic signature is identified, reader 10 produces clearing message so, and described clearing message comprises the password that card 22 responses the 3rd command messages provides, and other related data.Otherwise transaction can be by online transmission or termination.According to each embodiment, if dynamic signature is not identified, reader 10 can utilize before from blocking the online transmission transaction of 22 passwords that receive so.Thereby reader 10 can utilize offline cryptogram to produce an online request.The simplified flow chart of each embodiment of graphic extension authorisation step 50 is shown among Fig. 6.
As mentioned above, method 40 can be used to make the card 22 of contactless transaction and the mutual time between the reader 10 to reduce to minimum, with less than about 500 milliseconds.In order to prevent the offline sleeve attack to contactless transaction, each embodiment of method 40 can utilize a kind of dynamic data authentication of novelty.For off-line trading, card 22 can utilize application transaction counter (ATC) and block unpredictable numeral, and be included in the 3rd command messages (for example, GPO) the unpredictable numeral of the terminal in, dealing money and transaction currency code produce dynamic signature.Responding the 3rd command messages and dynamic signature subsequently issues the application file steady arm (AFL) of reader 10 together and points to the record that comprises RSA certificate and data relevant with dynamic data authentication.So in verification step 50, reader 10 can read the card sending mechanism certificate, contactless card certificate is with the data relevant with dynamic data authentication.According to each embodiment, reader 10 can utilize response the 4th command messages, from blocking 22 application transaction counter (ATC) that receive, block unpredictable numeral, the unpredictable numeral of terminal, dealing money and transaction currency code recomputate the dynamic signature for the usefulness of affirmation.Be subjected to hiding in the situation of attacking at contactless transaction, recomputate and can not mate before from blocking 22 dynamic signature that receive.For this situation, contactless transaction can be refused or stop to reader 10.
Fig. 7 graphic extension reduces each embodiment of the mutual time method 60 of second contactless transaction of generation after to the request of the online mandate of method 40.According to each embodiment, method 60 can comprise the part of method 40.Method 60 can be realized by the system 20 of Fig. 2.Method 60 can be used to make the card 22 of second contactless transaction and the mutual time between the reader 10 to reduce to minimum, less than about 500 milliseconds.According to each embodiment, method 60 comprises general step: second transaction request 62, application choice 4 is used processing 66 and trading approving 68.
Second contactless transaction is not financial transaction.Because second contactless transaction is included in second time that continued in the scope of reader 10 and presents card 22, so this processing can be called as card and returns processing.Before beginning this processing, in first of the explanation transaction, reader 10 and card 22 can point out mutually that all their support cards return processing in the above.For example, reader 10 and card 22 can point out in the application choice step 46 of first transaction that they return the support of processing to card.
After the online mandate of the step 50 of method 40 request, reader 10 or block 22 (passing through the holder) can be at the second transaction request step 62 request, second contactless transaction.According to each embodiment, when response comprises that when being passed to the message of card 22, reader 10 can be asked second contactless transaction in the second transaction request step 62 to the card sending mechanism of online authorization requests.Such message can be used to provide renewal or counter reset, perhaps block account to card 22.For example, in online authorization response, card sending mechanism 30 can comprise the script message that lasting second time of requirement is presented card 22 in this response.Like this, card sending mechanism 30 subsequently can the block account, replenishes the off-line consuming capacity, increases off-line consumption amount or the like, not have to ask to take such action even block 22.In order to point out the holder lasting second time to present card 22, reader 10 can show the message in the card processing time of pointing out that needs are other, the message that card is presented in request once more, or the like.
According to other embodiment, when card off-line consuming capacity step-down, card 22 can be asked second transaction, so that receive increment (reload).For example, when card off-line consuming capacity step-down, by the holder, card 22 can pass through the online mandate of request, and the current available consumption amount of money is provided, and request continues to pay dues.In order to guarantee that card 22 is the same card 22 of presenting for first transaction, can card authentication 22 in the second transaction request step 62.
After the second transaction request step 62 is application choice step 64.The application choice step 64 of method 60 is similar to the application choice step 46 of method 40 described above.In application choice step 64, reader 10 transmits command messages (for example, SELECT VSDCAID) to card 22.This command messages can be implemented the request of second transaction as utilizing the application-specific that comes from the reader 10 previous shared list of applications of setting up.Respond this command messages, card 22 transmits PDOL to reader 10.PDOL can be similar in the above the PDOL that sends reader 10 in the application choice step 46 of method 40 of explanation to.If PDOL comprises specific data element (for example, the terminal transaction qualifier), handle so to enter and use treatment step 66.
Use treatment step 66 after application choice step 64.Use the application treatment step 48 that treatment step 66 can be similar to method 40 described above, handle but difference is not relate to any financial transaction.In using treatment step 66, reader 10 transmits another command messages (for example, GPO) to card 22.When receiving this command messages, card 22 is set up appropriate responsive, and reader 10 is passed in this response.
Using treatment step 66 is trading approving step 68 afterwards.According to each embodiment, if card sending mechanism 30 decisions are rised in value and blocked 22 relevant off-line consuming capacities, card sending mechanism 30 can transmit response cryptogram so, and ratifies transaction or comprise script message by Message Authentication Code (MAC).Password or MAC only can be used for guaranteeing the card 22 relevant with card sending mechanism 30 upgraded counter reset or the like.
As mentioned above, method 60 can be used to change card risk parameter, card counters, card state or the like.For example, just change the card risk parameter, method 60 can be used to increase off-line consumption amount, increases single transaction limit, allows card to conclude the business with two kinds or more different currency, changes currency exchange rate of employing or the like.Just change card counters, method 60 can be used to make off-line to reset with the consumption amount of money, or the like.Just change the card state, the application that method 60 can be used to block or release is specific.Those skilled in the art will recognize that method 60 can be used to change other parameter, counter or the like.
Although for example understand several embodiments of the present invention here, but those skilled in the art will recognize that the various modifications that can realize to described embodiment, change and adaptation, and do not break away from the spirit and scope of the present invention that limit by accessory claim.For example, according to each embodiment, reader 10 described above, system 20 and/or method 40 can be modified, to stop the wireless handset to the wireless transmission of utilizing information, " hide and attack " of the similar type of USB swindle (fob) and miscellaneous equipment.In addition, each embodiment of method 60 can be used to handle and currency exchange, the transaction that loyalty plan etc. are relevant.

Claims (29)

1, a kind of reader comprises:
Contactless interface; With
Transaction modules, described transaction modules and contactless interface couple, and wherein transaction modules is configured and is arranged to the mutual time less than 1/2 second between card and the reader and handles contactless transaction.
2, according to the described reader of claim 1, wherein transaction modules is configured and is arranged to the execution static data authentication.
3, according to the described reader of claim 1, wherein transaction modules is configured and is arranged to the execution dynamic data authentication.
4, according to the described reader of claim 1, wherein reader also comprises the security module that couples with transaction modules, and wherein security module is configured and is arranged to the man-in-the-middle attack that prevents contactless transaction.
5, a kind of card comprises:
Transaction modules, described transaction modules are configured and are arranged to carries out radio communication, and wherein said card is configured and is arranged to according to chip mode and the work of magnetic stripe data pattern.
6, according to the described card of claim 5, wherein transaction modules also is configured and is arranged to reader and cooperates, so that to finish contactless transaction less than 1/2 second mutual time between card and the reader.
7, according to the described card of claim 6, wherein said card also comprises security module, and described security module is configured and is arranged to reader and cooperates, to prevent the man-in-the-middle attack to contactless transaction.
8, a kind of system comprises:
Reader, described reader comprises:
Contactless interface; With
The transaction modules that couples with contactless interface; With
Card, described card is configured and is arranged to by contactless interface and reader communication, and wherein said transaction modules was configured and is arranged to the mutual time less than 1/2 second between card and the reader handles contactless transaction.
9, according to the described system of claim 8, wherein reader also comprises the security module that couples with transaction modules, and wherein security module is configured and is arranged to the man-in-the-middle attack that prevents contactless transaction.
10, according to the described system of claim 8, wherein said card also comprises transaction modules, and this transaction modules is configured and is arranged to reader and cooperates, to carry out contactless transaction.
11, according to the described system of claim 10, wherein said card also comprises security module, and this security module is configured and is arranged to reader and cooperates, to prevent the man-in-the-middle attack to contactless transaction.
12, according to the described system of claim 8, also comprise the network that couples with reader.
13, according to the described system of claim 12, wherein network also couples with card sending mechanism.
14, a kind of mutual time method that reduces contactless transaction, described method comprises:
At reader,
Before making contactless interface energising, carry out at least one risk-management processes based on transaction;
Beginning is communicated by letter with the card that is used for contactless transaction;
Receive the information relevant with card; With
Before the approval contactless transaction, stop and communicating by letter of blocking.
15, in accordance with the method for claim 14, the wherein mutual time is between card and reader.
16, in accordance with the method for claim 14, wherein carry out at least one risk processing and comprise comparison dealing money and predetermined value based on transaction.
17, in accordance with the method for claim 14, wherein receive the information relevant and comprise the information of being correlated with that receives with at least one application of supporting by card with card.
18, in accordance with the method for claim 14, wherein receive the information relevant and comprise that reception is following one of at least with card:
Password; With
Dynamic signature.
19, in accordance with the method for claim 14, wherein stop being included in communicating by letter of card and carry out before the online mandate, what stop and block communicates by letter.
20, in accordance with the method for claim 14, wherein stop being included in communicating by letter of card and carry out before the offline authorization, what stop and block communicates by letter.
21, in accordance with the method for claim 14, also comprise to finish contactless transaction less than 1/2 second mutual time between card and the reader.
22, in accordance with the method for claim 19, also comprise:
Reception is to the request of second contactless transaction;
Rebulid and communicating by letter of blocking; With
To finish second contactless transaction less than 1/2 second mutual time between card and the reader.
23, in accordance with the method for claim 22, wherein receive request and comprise the request of reception non financial transaction.
24, in accordance with the method for claim 22, wherein finish second transaction and comprise the message that transmits at least one card risk parameter of change.
25, in accordance with the method for claim 22, wherein finish second transaction and comprise the message that transmits at least one card counters of change.
26, in accordance with the method for claim 22, wherein finish second transaction and comprise the message that transmits at least a card state of change.
27, a kind of method that prevents the man-in-the-middle attack of contactless transaction, described method comprises:
Receive dynamic signature, described dynamic signature comprises application transaction counter, the unpredictable numeral of terminal, dealing money, transaction currency code and the unpredictable numeral of card;
The unpredictable numeral of receiving card;
Utilize the unpredictable numeral of card to recomputate dynamic signature; With
If dynamic signature is identified, approved offline contactless transaction so.
28, in accordance with the method for claim 27, also comprise:
Receive password, described password comprises the unpredictable numeral of application transaction counter, dealing money and terminal; With
If dynamic signature is not identified, so should transaction by the password request online treatment.
29, in accordance with the method for claim 27, also comprise to finish contactless transaction less than 1/2 second mutual time between card and the reader.
CN200680043308.8A 2005-09-28 2006-09-28 Reduce equipment and the system of the interaction time of contactless transaction Active CN101313329B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US72145405P 2005-09-28 2005-09-28
US60/721,454 2005-09-28
US80777506P 2006-07-19 2006-07-19
US60/807,775 2006-07-19
PCT/US2006/038047 WO2007038743A2 (en) 2005-09-28 2006-09-28 Device, system and method for reducing an interaction time for a contactless transaction

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN201210233301.XA Division CN102968604B (en) 2005-09-28 2006-09-28 Reduce the equipment of the interaction time of contactless transaction, system and method
CN201610850482.9A Division CN106447310A (en) 2005-09-28 2006-09-28 Device, system and method for reducing an interaction time for a contactless transaction

Publications (2)

Publication Number Publication Date
CN101313329A true CN101313329A (en) 2008-11-26
CN101313329B CN101313329B (en) 2016-10-19

Family

ID=40101083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200680043308.8A Active CN101313329B (en) 2005-09-28 2006-09-28 Reduce equipment and the system of the interaction time of contactless transaction

Country Status (2)

Country Link
CN (1) CN101313329B (en)
ZA (1) ZA200803372B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413146A (en) * 2011-12-23 2012-04-11 杭州数盾信息技术有限公司 Client authorized logon method based on dynamic codes
CN102427459A (en) * 2011-12-23 2012-04-25 杭州数盾信息技术有限公司 Offline authorization method based on Usbkeys
CN102640176A (en) * 2009-04-24 2012-08-15 洛格摩提公司 Method and system of electronic payment transaction, in particular by using contactless payment means
US9613354B2 (en) 2005-09-28 2017-04-04 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220835A1 (en) * 2002-05-23 2003-11-27 Barnes Melvin L. System, method, and computer program product for providing location based services and mobile e-commerce
US20050203856A1 (en) * 2004-03-15 2005-09-15 David Russell Method & system for accelerating financial transactions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220835A1 (en) * 2002-05-23 2003-11-27 Barnes Melvin L. System, method, and computer program product for providing location based services and mobile e-commerce
US20050203856A1 (en) * 2004-03-15 2005-09-15 David Russell Method & system for accelerating financial transactions

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9613354B2 (en) 2005-09-28 2017-04-04 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
US10043177B2 (en) 2005-09-28 2018-08-07 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
CN102640176A (en) * 2009-04-24 2012-08-15 洛格摩提公司 Method and system of electronic payment transaction, in particular by using contactless payment means
CN102640176B (en) * 2009-04-24 2016-03-02 Smk公司 Especially the method and system of the electric payment transaction of contactless payment device is utilized
CN102413146A (en) * 2011-12-23 2012-04-11 杭州数盾信息技术有限公司 Client authorized logon method based on dynamic codes
CN102427459A (en) * 2011-12-23 2012-04-25 杭州数盾信息技术有限公司 Offline authorization method based on Usbkeys
CN102413146B (en) * 2011-12-23 2014-02-19 杭州数盾信息技术有限公司 Client authorized logon method based on dynamic codes
CN102427459B (en) * 2011-12-23 2014-03-05 杭州数盾信息技术有限公司 Offline authorization method based on Usbkeys

Also Published As

Publication number Publication date
ZA200803372B (en) 2009-09-30
CN101313329B (en) 2016-10-19

Similar Documents

Publication Publication Date Title
CN102968604A (en) Device, system and method for reducing an interaction time for a contactless transaction
CN101836216B (en) Methods, systems and computer program products for interacting with ISO 14443-4 and mifare tm applications on the same wireless smart device during a common transaction
US9984360B2 (en) Processing payment transactions without a secure element
CN104504565A (en) Mobile payment system and method based on bank virtual card number
CN103413244A (en) Mobile security financial terminal and financial transaction method
CN103400461A (en) POS (point-of-sale) machine, card service realization system and method
CN101872454A (en) Sales terminal transaction processing method, equipment and mobile terminal transaction processing method
CN101313329A (en) Device, system and method for reducing an interaction time for a contactless transaction
CN103295345A (en) POS machine system and POS machine server
CN1845183B (en) Intelligent key apparatus with debit/credit function
CN1845184B (en) Intelligent key apparatus with electronic purse function
CN101197030A (en) System and method for improving account information safety of virtual access trade
KR101170055B1 (en) Method and system for electronic banking using token
CN203689574U (en) Mobile safety financial terminal
KR102664041B1 (en) Api based payment system
KR20180043594A (en) Remote substitute payment system
MX2008004209A (en) Device, system and method for reducing an interaction time for a contactless transaction
CN103839323A (en) Intelligent card, verification data output method, operation request response method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant