WO2002005225A1 - Verfahren zur initialisierung von mobilen datenträgern - Google Patents
Verfahren zur initialisierung von mobilen datenträgern Download PDFInfo
- Publication number
- WO2002005225A1 WO2002005225A1 PCT/CH2001/000433 CH0100433W WO0205225A1 WO 2002005225 A1 WO2002005225 A1 WO 2002005225A1 CH 0100433 W CH0100433 W CH 0100433W WO 0205225 A1 WO0205225 A1 WO 0205225A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authorization
- data
- initialization
- network
- read
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
Definitions
- the invention relates to a method for initializing mobile data carriers with assigned decentralized read and write stations within the framework of an authorization system according to the preamble of claim 1.
- Mobile data carriers for example contactless or contact-based identification media, chip cards or prepaid cards etc.
- Initialization is to enable this access or the exercise of applications the data carrier and the associated read and write stations are necessary in the context of an authorization system with corresponding initialization information.
- This initialization can refer to application-specific data (e.g. booking, a monetary value on the data carrier) and system-specific data (e.g. card issuer number, data organization for multi-applications, access rules on data carriers, etc.).
- This initialization data or applications can also be initialized and changed gradually, step by step and at different times.
- BESTATIGUNGSKOPIE This initialization is a safety-critical and very time-consuming process, which is also restricted to a certain location and can only take place at locations in a secure environment.
- An example of this is described in WO 97/34265.
- This describes a system with non-contact passive electronic data carriers as identification media IM with assigned read and write stations WR as part of an authorization system A, the data carriers being able to contain several independent applications. Here every identification medium and every application must be initialized according to the rules of the hierarchical authorization system.
- special programming write and read stations as well as special authorization media in a secure environment are required and all decentralized read and write stations can also be baptized or initialized with a special authorization medium in order to be able to start their functions.
- the initialization is therefore very complex and restricted and the initialization and administration of the authorization media is also security-critical and complex.
- a completely different type of data transmission over a network is known in contact card systems, where the entire organization and all authorizations have to start from a single system center.
- contact card systems where the entire organization and all authorizations have to start from a single system center.
- a method for electronic personalization and initialization of chip cards from a central chip card administration system is known. These initializations take place via a communication channel to a chip card control system or reader, which physically contacts the chip card and forwards the data directly to the chip card.
- the following problem cannot be solved even with such systems.
- This object is achieved according to the invention by a method for initializing mobile data carriers according to claim 1 and a system according to claim 28.
- the initialization via a network with secure communication and with authorizations by means of authorization at remote authorization instances in a secure environment, the mentioned further application and Possible uses of such systems with mobile data carriers and decentralized read and write stations have been significantly expanded.
- FIG. 1 is a diagram of an inventive method for
- Fig. 3 shows the inventive method for initializing
- FIG. 11 schematically shows the organization in an authorization system with several authorization or organizational levels, several
- 1 to 3 illustrate the method according to the invention for the initialization of mobile data carriers IM at assigned decentralized read and write stations WR within the framework of an authorization system A which defines hierarchical rules valid for the whole system of read and write stations, data carriers, authorization instances and authorization means , as described for example on a system with contactless identification media in WO 97/34265.
- this known system serves only as a possible application example of the invention.
- the method according to the invention is illustrated in FIG. 3:
- the initialization data DI contain authorization information AI, which are entered into the authorization instance by the authorization means AM and initialization information II, which are also entered into the authorization instance HA or retrieved from it.
- the mobile data carriers IM are initialized accordingly with the initialization data DI and thus transferred into initialized data carriers IMj, or the decentralized read and write station WR is initialized with the initialization data DI and converted into an initialized write and reading station transferred: WRk.
- 1 and 2 illustrated the secure communication over a network N up to the decentralized read and write stations A-WR in an unsecured environment and.
- the initialization takes place via a secure private network Np, which ensures the secure environment right up to the read and write stations.
- Np secure private network
- 2 shows an example of the initialization according to the invention via an open network No with encryption and double-sided security gates G1 and G2 in order to ensure the necessary secure communication via the open network.
- the decentralized read and write stations WR and A-WR which are normally located in an unsecured environment, are integrated into the secure environment of the authorization authority HA for the initializations and thus the initialization takes place in a secure environment g instead.
- applications with the identification media IM at the write and read stations WR can again be carried out in an unsecured environment as before.
- the secure environment g via the network therefore only has to be established temporarily for the initialization.
- FIG. 4 possible execution of authorization instances HA and authorization means AM are first illustrated.
- the authorization system A is rather determined by compliance with hierarchical authorization rules, these authorization rules being implanted and stored in various locally distributed authorization instances HAi, for example on a chip or as a program.
- these authorization rules or the authorization means AM form one locally distributed "virtual authorization system center" ⁇ . Belonging to system A for all writing and reading stations and all identification media is ensured by basic system preparation or basic initialization.
- an authorization corresponding to the organizational level with the authorization information A-I is required.
- this authorization information A-I corresponding to the authorization system A is transmitted to the authorization instance HA.
- the authorization instances HA can, according to FIG. 4, e.g. consist of a host computer H with the corresponding authorization rules of the system A or from a remote authorization read and write station R-A-WR.
- the authorization means AM can consist, for example, of an authorization identification medium AM-IM, which contains the authorization information A-I, or of authorization data AM-I, e.g. can be called up or executed as software (program) in a host H.
- the handling (holder) of the authorization medium is carried out in accordance with the security requirements.
- security is guaranteed by identification of the user, e.g. using a PIN code or biometric data or using an assigned special identification medium (ID-AM).
- the authorization information A-I (j) relates to the authorization for the initialization j of a data carrier IM.
- Appi applications are entered, generated or created in the authorization authority HA accessed and initialized as described via the network and the decentralized authorized read and write station A-WR in the data carrier IM: IMj (with Appi).
- the authorization information A-I (k) is entered, generated or called up by the authorization means AM of the authorization instance HA.
- the initialization information I-I (k) is also entered into the authorization instance.
- the authorization information A-I (k) is first transmitted from the authorization instance HA to the writing and reading station WR, after which the initialization information I-I (k) is then transmitted.
- the write and read station WR can also be initialized by means of corresponding initialization data I-I (k), with which, for example, additional functions can be introduced in the read and write station.
- FIG. 6 shows the transfer or initialization of a decentralized write and read station WR into an authorized write and read station A-WR in order to be able to carry out initializations of mobile data carriers IM.
- the writing and reading station WR must first be initialized with the authorization function FA.
- the authorization information AI-FA must be entered by an authorization means AM into the authorization instance HA, whereupon the initialization or the transfer of the decentralized read and write station WR into an authorized write and read station A-WR with authorization function FA is carried out. Subsequently, the initialization of applications as before (FIG.
- This authorization function FA does not have to be permanently activated, it can also be deleted again, or interrupted with the network connection or deleted after a certain time or a certain number of initializations, as a result of which the authorized writing and reading station A-WR returns to an ordinary one decentralized writing and reading station WR is returned.
- 4-6 show further possible functions which can be initialized or executed via the network N.
- Status information S-I about events at the authorized or at the decentralized read and write stations A-WR, WR and or at the mobile data carriers IM can be reported via the network to corresponding authorization instances and used there, for example, for usage and license billing. Examples will be explained later.
- Secured communication of the initialization data DI via the network is very important, so that the security of the entire system with the mobile Data carriers are not affected by data transmission over the network.
- any network can be used to transfer the initialization data (such as LAN, WAN, Internet, intranet and extranet, etc.).
- the initialization according to the invention can also take place via a virtual private network, i.e. a private data network that uses public telecommunications networks, e.g. as a company network, whereby encryption and tunneling mechanisms ensure that only authorized users have access, e.g. over the Internet IP (Internet protocol), VPM (Virtual Private Networks).
- a virtual private network i.e. a private data network that uses public telecommunications networks, e.g. as a company network, whereby encryption and tunneling mechanisms ensure that only authorized users have access, e.g. over the Internet IP (Internet protocol), VPM (Virtual Private Networks).
- the level of security of this communication is guaranteed in accordance with the importance of the initialization or the initialization data.
- a security that corresponds to the importance of the applications or the initialization quantities must be both external and internal Security can be granted.
- the external security regarding the network should not be less than the desired internal security.
- Different levels of importance or authorization can be, for example: Loading an additional application such as a loyalty bonus on a customer card of a supermarket only requires a relatively low level of security, since the potential damage from unauthorized actions is low.
- access authorization for usage levels of the highest level of secrecy in an IT data system or the initialization of completely new data carriers and, above all, the posting of money amounts require a high security level.
- FIG. 7 now illustrates an example with several authorization instances HAI, HA2, HA3, each with the corresponding authorization means AMI, AM2, AM3 within the framework of the authorization system A, which their own independent applications Appi, App2, App3 with their initialization data DU, DI2, DI3 Send networks N1, N2, N3 to corresponding assigned authorized read and write stations A-WR, in which the mobile data carriers IM are initialized accordingly.
- the networks can be different, for example N1 an open network and N2 a private network, or two or more authorization instances can use the same network, but with their own security rules.
- the read and write stations must correspond to the authorization instance, i.e.
- the read station A-WR2 is only accessible to the authorization instance HA3, ie assigned to it with corresponding applications App3, while the write and read station A-WR1 in this example all three authorization instances HAI, HA2, HA3 with their corresponding applications Appi, App2, App3 is assigned and accessible.
- 8-11 illustrate further examples of initialization sets over several networks or over several network levels (also in the same network) with several authorization instances HA and authorization means AM as well as with several or different authorization levels OLi.
- FIG. 8 shows an example with several authorization instances HAI, HA2 with authorization means AMI, AM2 and with different applications Appi, App2.
- the corresponding initialization data DU, DI2 are transmitted over the same network in one stage to the decentralized authorized read and write stations A-WR for the initialization of both applications Appi, App2 in the data carriers IMj. This can be done independently of the authorization level OLi (also for different OLi of the authorization instances HAi, the authorization means AMi, the applications Appi).
- FIG. 9 shows, analogously to FIG. 8, a plurality of authorization instances HA and authorization means AM for applications Appi, but the initialization takes place via a number of network stages N1, N2 to the authorized read and write stations A-WR.
- the network stages Nl and N2 can be formed in the same or in different networks.
- the application Appi with I-Il of the authorization instance HAI goes here via the network level N1 to the authorization instance HA2 and continues unchanged via the network level N2 to the authorized read and write station.
- the application App2 on the authorization instance HA2 is only routed via network level N2. This is also independent of the OLi authorization level.
- FIG. 10 shows a further example similar to FIG. 9 with several authorization instances, applications and network stages, two applications here on different different authorization levels are shown, such as the Appi application on OLn and the App2 application on OLn + 1.
- This example shows on the application Appi of the authorization instance HAI that this can also be supplemented in the authorization instance HA2 in I-I1 +, so that the corresponding application in the data carrier IMj corresponds to this application Appl +.
- a writing and reading station can also be used e.g. 4 in the authorized writing and reading station A-WR, initialization information is changed or supplemented in I-I +.
- the top organizational level OL0 corresponds to the level at which all read and write stations and all data media IM are initialized (e.g. via the system data field CDF) in the sense of belonging to the authorization system A by various authorization bodies HAiO or authorization authorities HAiO.l assigned to them.
- the system's authorization rules ensure the independence and mutual non-interference of the independent applications Appi, App2, App3 of the corresponding independent users at organizational level OLI.
- authorization instances HA with the corresponding authorization means AM can also be formed at these levels from OL2 and between the Various, locally distributed authorization instances HA can be used to implement corresponding network connections and initializations via network levels, in accordance with the rules explained.
- Authorization system A ensures that the applications of the various authorization instances are independent of one another and cannot be influenced by one another.
- An example with several independent applications in one data carrier is further illustrated in FIG. 13.
- contactless and passive identification media or data carriers can be used, which can also communicate with a read and write station at a distance, e.g. at entry gates.
- different types of initialization can be carried out via networks with different hierarchical levels in the authorization system A and correspondingly different security requirements.
- 12 shows an example of a high hierarchical level and security requirements, in which an empty mobile data medium prepared in accordance with the system is reinitialized with applications.
- This data carrier IM is prepared by system data of the authorization system A in a system data field CDF, which defines and ensures membership in system A, but which does not yet contain any applications in an application data field ADF prepared for this purpose.
- the reinitialization DI with the initialization information II from applications app in this application data field ADF represents a first upper initialization level.
- 13 illustrates the initialization of additional new applications, here, for example, the App3 application, with initialization data DI3 of an authorization instance HA3.
- FIG. 13 shows the initialization of an application extension App2.2 of an authorization instance HA2 in addition to the existing application App2 by means of corresponding initialization data DI2.2.
- This is illustrated in the following example of a mountain restaurant for the data carrier of FIG. 13 with a data organization in a data carrier IM with several independent applications Appi, App2, A ⁇ p3 and with a fixed data part CDF corresponding to the authorization system A.
- the Appi application is e.g.
- an authorized writing and reading station the ski card publisher as Appi application
- the same guest could use his ski card in the evening in the valley below another independent application App3, e.g. Access to sports facilities, reinitialize with initialization data DI3 of the authorization authority HA3, if this has not yet been set up on its data carrier.
- App3 e.g. Access to sports facilities
- Fig. 12 shows a further embodiment variant of a mobile data carrier
- Application microprocessor AppuP has, which application program data contains II-Cod. With such data carriers with integrated intelligence, combined applications can be realized, some of them in writing and Reading station WR and partially contained in the data carrier IM and they allow the handling of user authorizations ai (FIG. 14).
- the initialization according to the invention via a suitable secured network can enable completely new applications and business models, e.g. Initialization-bound business models by using status information S-I, e.g .:
- License billing for newly initialized data carriers and newly initialized applications With each initialization of a new data carrier or a new application in a data carrier IM, a corresponding agreed license fee is charged via the network to the authorization authority HA.
- License billing for each use If an application is used from a data carrier at a read and write station, a license fee can be charged by the authorization authority HA (e.g. a host H) for this use. This can either be invoiced on an ongoing basis if the writing and reading station WR remains connected online to the authorization authority HA via the network, or the connection via the network can take place periodically. The usage data S-I can then be stored in the writing and reading station WR and periodically exchanged and billed with the authorization authority HA.
- the authorization authority HA e.g. a host H
- the initialization according to the invention via the network and the communication associated therewith can, depending on the application, both with a permanent one
- Network connection or only periodically.
- time-limited applications can be renewed again and again by means of appropriate periodic initializations (eg monthly).
- initialization sets 14 illustrates various variants of possible initialization sets via a network, the initialization sets also containing initialization communication, or user communication and / or identification communication between authorization authority HA, authorized writing and reading station A-WR and identification medium or data carrier IM.
- An initialization can originate from the authorization authority HA or it can also be requested from the writing and reading station A-WR or from the owner of the data carrier IM.
- user authorization i.e.
- the consent of the owner 12 of the writing and reading station or of the owner 13 of the data carrier is necessary, which can be, for example, personal data of the owner 12 of the writing and reading station (aw) or personal data (ai) of the owner 13 of the data carrier such as PIN as authorization means -Codes, biometric data etc.
- PIN personal data of the owner 12 of the writing and reading station
- Ai personal data of the owner 13 of the data carrier
- PIN personal data of the owner 12 of the writing and reading station
- biometric data biometric data
- a user authorization ai for initialization can be carried out by the owner 13 of the data carrier
- authorization can also be carried out for initialization by means of an additional identification authorization means ID-AM.
- ID-AM an additional identification authorization means
- One example is the loading of money cards at a writing and reading station as a card reader.
- the holder of a money card as a data carrier with his authorization, ie user authorization ai can also load money via a PC and the Internet.
- the method according to the invention can also be used to carry out multi-stage initializations via networks, e.g. in several hierarchical steps according to the authorization system A.
- the owner of the authorization system A is a manufacturer HAO with headquarters and headquarters in Europe, where blank cards or data carriers IM are produced, which for example, the system organization with the data field CDF.
- These blank cards are distributed through a network of subsidiaries HA0.1 as country representatives, e.g. in the USA, where a further basic initialization of the cards can also be carried out from the manufacturer's head office HAO as the highest authority.
- the subsidiary HA0.1 sells these cards with independent applications to independent users who represent the authorization bodies HAI, HA2, HA3 and whose cards are distinguished by a user code that can be initialized via the network at the subsidiary HA0.1 by the central office HAO if the daughter HA0.1 is not authorized to do so.
- HAO and HA0.1 are at OLO level. This results in the following initialization levels
- HAO -> HA0.1 -> HAI At a next hierarchy level, these cards IM are then initialized by the authorization instances HAI, HA2, HA3 (ie the independent users) with their desired applications Appi, App2, App3 via further organizational levels and at decentralized authorized read and write stations A-WR.
- Initialization and authorization rules and hierarchical gradations of system A ensure that the holder HAO of authorization system A can keep control over the system compatibility of the cards and at the same time for an independent user HAI, HA2 etc. that he has control over cards with his Keeps applications within the scope of its powers from the assigned organizational level (e.g. OLI). This results in further initialization levels, e.g.
- the independent users HAI, HA2, HA3 etc. with the independent applications are also at the organizational level OLI.
- Gl G2 security gates for secure communication via the network g secure environment u unsecured environment IM mobile data carrier, identification medium
- WRk initialized WR j refers to IM k refers to WR
- AM authorization means AM-IM authorization identification media
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR0106966-7A BR0106966A (pt) | 2000-07-11 | 2001-07-10 | Processo para a inicialização de portadoras de dados móveis |
EP01944863A EP1218862A1 (de) | 2000-07-11 | 2001-07-10 | Verfahren zur initialisierung von mobilen datenträgern |
CA2384498A CA2384498C (en) | 2000-07-11 | 2001-07-10 | Method for the initialisation of mobile data carriers |
AU67256/01A AU6725601A (en) | 2000-07-11 | 2001-07-10 | Method for the initialisation of mobile data supports |
JP2002508755A JP2004503031A (ja) | 2000-07-11 | 2001-07-10 | 移動データ記憶媒体の初期化のための方法 |
US10/070,786 US7631187B2 (en) | 2000-07-11 | 2001-07-10 | Method for the initialisation of mobile data supports |
MXPA02002602A MXPA02002602A (es) | 2000-07-11 | 2001-07-10 | Metodo para la inicializacion de portadores de datos moviles. |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH1365/00 | 2000-07-11 | ||
CH13652000 | 2000-07-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002005225A1 true WO2002005225A1 (de) | 2002-01-17 |
Family
ID=4565418
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CH2001/000433 WO2002005225A1 (de) | 2000-07-11 | 2001-07-10 | Verfahren zur initialisierung von mobilen datenträgern |
Country Status (10)
Country | Link |
---|---|
US (1) | US7631187B2 (de) |
EP (1) | EP1218862A1 (de) |
JP (1) | JP2004503031A (de) |
CN (1) | CN1193321C (de) |
AU (1) | AU6725601A (de) |
BR (1) | BR0106966A (de) |
CA (1) | CA2384498C (de) |
MX (1) | MXPA02002602A (de) |
WO (1) | WO2002005225A1 (de) |
ZA (1) | ZA200201905B (de) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1338996A1 (de) * | 2002-02-22 | 2003-08-27 | BetaResearch Gesellschaft für Entwicklung und Vermarktung digitaler Infrastrukturen mbH | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
DE102006027200A1 (de) * | 2006-06-12 | 2007-12-27 | Giesecke & Devrient Gmbh | Datenträger und Verfahren zur kontaktlosen Kommunikation zwischen dem Datenträger und einem Lesegerät |
WO2010018000A1 (en) | 2008-08-15 | 2010-02-18 | Legic Identsystems Ag | Authorization system with a card and a reader |
US9784255B2 (en) | 2013-07-19 | 2017-10-10 | Fluid Management Operations Llc | Tri-chamber nutating pump |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005003938A1 (en) * | 2003-07-04 | 2005-01-13 | Nokia Corporation | Key storage administration |
FR2879867A1 (fr) * | 2004-12-22 | 2006-06-23 | Gemplus Sa | Systeme d'allocation de carte a puce a un operateur de reseau |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5534857A (en) * | 1991-11-12 | 1996-07-09 | Security Domain Pty. Ltd. | Method and system for secure, decentralized personalization of smart cards |
WO1997034265A1 (de) | 1996-03-11 | 1997-09-18 | Kaba Schliesssysteme Ag | Identifikationsmedium mit passivem elektronischem datenträger |
WO1998009257A1 (en) * | 1996-08-30 | 1998-03-05 | Gemplus S.C.A. | A system and method for loading applications onto a smart card |
WO1998043212A1 (en) * | 1997-03-24 | 1998-10-01 | Visa International Service Association | A system and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card |
WO1998052163A2 (en) * | 1997-05-15 | 1998-11-19 | Mondex International Limited | Ic card transportation key set |
DE19720431A1 (de) | 1997-05-15 | 1998-11-19 | Beta Research Ges Fuer Entwick | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
WO1998052160A2 (en) * | 1997-05-15 | 1998-11-19 | Mondex International Limited | System and method for flexibly loading an ic card |
EP0949595A2 (de) * | 1998-03-30 | 1999-10-13 | Citicorp Development Center, Inc. | Verfahren und System zum Verwalten von Anwendungen für eine multifunktionelle Chipkarte |
US6014748A (en) * | 1996-04-15 | 2000-01-11 | Ubiq Incorporated | System and apparatus for smart card personalization |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US582876A (en) * | 1897-05-18 | Berger | ||
FR2536928B1 (fr) | 1982-11-30 | 1989-10-06 | France Etat | Systeme pour chiffrer et dechiffrer des informations, du type utilisant un systeme de dechiffrement a cle publique |
DE3736258A1 (de) * | 1987-10-27 | 1989-05-11 | Mannesmann Kienzle Gmbh | Datenkartenanordnung |
US5623547A (en) | 1990-04-12 | 1997-04-22 | Jonhig Limited | Value transfer system |
US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
US5396558A (en) * | 1992-09-18 | 1995-03-07 | Nippon Telegraph And Telephone Corporation | Method and apparatus for settlement of accounts by IC cards |
DE4317380C1 (de) * | 1993-05-25 | 1994-08-18 | Siemens Ag | Verfahren zur Authentifikation zwischen zwei elektronischen Einrichtungen |
FR2725537B1 (fr) | 1994-10-11 | 1996-11-22 | Bull Cp8 | Procede de chargement d'une zone memoire protegee d'un dispositif de traitement de l'information et dispositif associe |
DE19517818C2 (de) * | 1995-05-18 | 1997-12-18 | Angewandte Digital Elektronik | Verfahren zur Ausgabe von individuellen Chipkarten an eine Mehrzahl von einzelnen Chipkartennutzer unter Verwendung einer neutralen Chipkartenausgabestation |
CA2186415A1 (en) * | 1995-10-10 | 1997-04-11 | David Michael Claus | Secure money transfer techniques using smart cards |
NL1001761C2 (nl) * | 1995-11-28 | 1997-05-30 | Ronald Barend Van Santbrink | Stelsel voor contactloze data-uitwisseling tussen een lees- en schrijf- eenheid en één of meer informatiedragers. |
US6317832B1 (en) * | 1997-02-21 | 2001-11-13 | Mondex International Limited | Secure multiple application card system and process |
DE19708189C2 (de) * | 1997-02-28 | 2000-02-17 | Deutsche Telekom Mobil | Zu einem öffentlichen Mobilkommunikationssystem kompatibles nicht öffentliches Schnurlos-Kommunikationssystem |
DE19710249C2 (de) * | 1997-03-12 | 2002-03-28 | Siemens Nixdorf Inf Syst | Netzwerkunterstütztes Chipkarten-Transaktionsverfahren und Anordnung zur Abwicklung von Transaktionen |
US6092202A (en) * | 1998-05-22 | 2000-07-18 | N*Able Technologies, Inc. | Method and system for secure transactions in a computer system |
US6871278B1 (en) * | 2000-07-06 | 2005-03-22 | Lasercard Corporation | Secure transactions with passive storage media |
JP2002070375A (ja) * | 2000-09-05 | 2002-03-08 | Fujitsu Ltd | 電子鍵および電子鍵システム |
DE10259384B3 (de) * | 2002-12-18 | 2004-05-13 | Siemens Ag | Vorrichtung zur Ermittlung des Energiezustandes eines Energiespeichers eines mobilen Datenträgers |
DE102006008248A1 (de) * | 2006-02-22 | 2007-08-23 | Giesecke & Devrient Gmbh | Betriebssystem für eine Chipkarte mit einem Multi-Tasking Kernel |
-
2001
- 2001-07-10 BR BR0106966-7A patent/BR0106966A/pt not_active Application Discontinuation
- 2001-07-10 EP EP01944863A patent/EP1218862A1/de not_active Ceased
- 2001-07-10 CA CA2384498A patent/CA2384498C/en not_active Expired - Lifetime
- 2001-07-10 AU AU67256/01A patent/AU6725601A/en not_active Abandoned
- 2001-07-10 WO PCT/CH2001/000433 patent/WO2002005225A1/de active Application Filing
- 2001-07-10 US US10/070,786 patent/US7631187B2/en not_active Expired - Fee Related
- 2001-07-10 JP JP2002508755A patent/JP2004503031A/ja active Pending
- 2001-07-10 CN CNB018027369A patent/CN1193321C/zh not_active Expired - Fee Related
- 2001-07-10 MX MXPA02002602A patent/MXPA02002602A/es unknown
-
2002
- 2002-03-07 ZA ZA200201905A patent/ZA200201905B/en unknown
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5534857A (en) * | 1991-11-12 | 1996-07-09 | Security Domain Pty. Ltd. | Method and system for secure, decentralized personalization of smart cards |
WO1997034265A1 (de) | 1996-03-11 | 1997-09-18 | Kaba Schliesssysteme Ag | Identifikationsmedium mit passivem elektronischem datenträger |
US6014748A (en) * | 1996-04-15 | 2000-01-11 | Ubiq Incorporated | System and apparatus for smart card personalization |
WO1998009257A1 (en) * | 1996-08-30 | 1998-03-05 | Gemplus S.C.A. | A system and method for loading applications onto a smart card |
WO1998043212A1 (en) * | 1997-03-24 | 1998-10-01 | Visa International Service Association | A system and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card |
WO1998052163A2 (en) * | 1997-05-15 | 1998-11-19 | Mondex International Limited | Ic card transportation key set |
DE19720431A1 (de) | 1997-05-15 | 1998-11-19 | Beta Research Ges Fuer Entwick | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
WO1998052160A2 (en) * | 1997-05-15 | 1998-11-19 | Mondex International Limited | System and method for flexibly loading an ic card |
EP0949595A2 (de) * | 1998-03-30 | 1999-10-13 | Citicorp Development Center, Inc. | Verfahren und System zum Verwalten von Anwendungen für eine multifunktionelle Chipkarte |
Non-Patent Citations (1)
Title |
---|
See also references of EP1218862A1 |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1338996A1 (de) * | 2002-02-22 | 2003-08-27 | BetaResearch Gesellschaft für Entwicklung und Vermarktung digitaler Infrastrukturen mbH | Vorrichtung und Verfahren zur Personalisierung von Chipkarten |
DE102006027200A1 (de) * | 2006-06-12 | 2007-12-27 | Giesecke & Devrient Gmbh | Datenträger und Verfahren zur kontaktlosen Kommunikation zwischen dem Datenträger und einem Lesegerät |
WO2010018000A1 (en) | 2008-08-15 | 2010-02-18 | Legic Identsystems Ag | Authorization system with a card and a reader |
JP2012500424A (ja) * | 2008-08-15 | 2012-01-05 | レジック・アイデントシステムズ・アクチェンゲゼルシャフト | カード及び読取装置を有する承認システム |
US8740066B2 (en) | 2008-08-15 | 2014-06-03 | Legic Identsystems Ag | Authorization system with a card and a reader |
US9784255B2 (en) | 2013-07-19 | 2017-10-10 | Fluid Management Operations Llc | Tri-chamber nutating pump |
Also Published As
Publication number | Publication date |
---|---|
CN1193321C (zh) | 2005-03-16 |
CA2384498A1 (en) | 2002-01-17 |
EP1218862A1 (de) | 2002-07-03 |
CA2384498C (en) | 2012-02-14 |
US7631187B2 (en) | 2009-12-08 |
MXPA02002602A (es) | 2003-06-30 |
CN1393006A (zh) | 2003-01-22 |
BR0106966A (pt) | 2002-05-14 |
AU6725601A (en) | 2002-01-21 |
ZA200201905B (en) | 2003-03-07 |
US20030033527A1 (en) | 2003-02-13 |
JP2004503031A (ja) | 2004-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0306892B1 (de) | Schaltungsanordnung mit einer zumindest einen Teil der Anordnung enthaltenden Karte für Geschäfts-, Identifizierungs-und/oder Betätigungszwecke | |
DE69814406T2 (de) | Tragbare elektronische vorrichtung für systeme zur gesicherten kommunikation und verfahren zur initialisierung der parameter | |
DE69925810T2 (de) | Verfahren und vorrichtung für eine reisebezogene multifunktionelle chipkarte | |
DE69824437T2 (de) | Personalisieren von chipkarten | |
DE69927643T2 (de) | Informationsverarbeitung und Datenspeicherung | |
DE60132953T2 (de) | Datenspeicher und Datenspeicherverfahren, Datenverarbeitungsvorrichtung und Datenverfahren und zugehöriges Programm | |
EP2626824A1 (de) | Management durch ein mobiles Endgerät bereitgestellter virtueller Brieftaschen | |
DE10296888T5 (de) | System und Verfahren zur sicheren Eingabe und Authentifikation von verbraucherzentrierter Information | |
CH705774B1 (de) | Verfahren, System und Karte zur Authentifizierung eines Benutzers durch eine Anwendung. | |
DE19718115A1 (de) | Chipkarte und Verfahren zur Verwendung der Chipkarte | |
DE4230866B4 (de) | Datenaustauschsystem | |
WO2002005225A1 (de) | Verfahren zur initialisierung von mobilen datenträgern | |
DE19938695A1 (de) | Verfahren und Vorrichtung zur elektronischen Abwicklung von bargeldlosen Zahlungen mittels Sicherheitsmodulen | |
DE10297517T5 (de) | Automatisiertes digitales Rechte-Management und Zahlungssystem mit eingebettetem Inhalt | |
DE4441038A1 (de) | Verfahren zum Erwerb und Speichern von Berechtigungen mit Hilfe von Chipkarten | |
WO2000039758A1 (de) | Verfahren für die sichere handhabung von geld- oder werteeinheiten mit vorausbezahlten datenträgern | |
WO1998028718A2 (de) | Chipkarte und verfahren zur verwendung der chipkarte | |
DE19705620C2 (de) | Anordnung und Verfahren zur dezentralen Chipkartenidentifikation | |
WO1992004694A1 (de) | Verfahren und vorrichtung zur gesicherten datenfernübermittlung | |
DE60027605T2 (de) | System zum verteilen von fahrkarten über eine vielzahl von betreibern | |
WO1998039745A2 (de) | Tragbarer datenträger und verfahren zu dessen kryptographisch gesicherten benutzung mit austauschbaren kryptographischen schlüsseln | |
DE10151200A1 (de) | System, Verfahren und Computerprogramm-Produkt zur Erzeugung und/oder Verwendung einer mobilen Digitalkarte | |
DE60213375T2 (de) | Kontaktloses elektronisches Identifizierungssystem | |
WO1998045818A2 (de) | Verfahren zur nutzung von speichereinheiten von chipkarten | |
DE19616943C2 (de) | Adapter-Vorrichtung zum Manipulieren eines Speicherbausteins einer Chipkarte und einen Anbieterterminal zum Erwerb von Waren und/oder Dienstleistungen mittels einer Chipkarte |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU BR CA CN IL IN JP MX SG US ZA |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 67256/01 Country of ref document: AU |
|
REEP | Request for entry into the european phase |
Ref document number: 2001944863 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001944863 Country of ref document: EP Ref document number: IN/PCT/2002/317/KOL Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002/01905 Country of ref document: ZA Ref document number: 200201905 Country of ref document: ZA |
|
ENP | Entry into the national phase |
Ref document number: 2002 508755 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2384498 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2002/002602 Country of ref document: MX |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 018027369 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2001944863 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10070786 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref country code: RU Ref document number: RU A |