The invention relates to a method for debiting an electronic payment means, such as an electronic payment card provided with an integrated circuit ("chip card"). In particular, though not exclusively, the invention relates to a method for protectedly debiting prepaid electronic payment cards ("prepaid cards") as these are applied, e.g., for telephone booths. In the present text, the term payment means will be used irrespective of the form or the type of the specific payment means. A payment means may therefore be formed by, e.g., a chargeable payment card or a non-card-shaped electronic payment means.
In recent years, electronic payment means are being applied ever more frequently, not only for paying for the use of public telephone sets, but also for many other payment purposes. Since such a payment means generally comprises a (credit) balance which represents a monetary value, it is necessary to have the exchange of data between such a payment means and a payment station (such as a telephone set designed for electronic payment or an electronic cash register) run according to a protected method (payment protocol). Here, it should be ensured, e.g., that an amount (monetary value or number of calculation units) debited to the payment means correspond to an amount (monetary value or calculation units) credited elsewhere: the amount paid by a customer should correspond to the amount to be received by a supplier. The credited amount may be stored, e.g., in a protected module present in the payment station.
Prior Art payment methods, as disclosed in e.g. European Patent Application EP 0,637,004 comprise: a first step, in which the balance of the payment means is retrieved by the payment station; a second step, in which the balance of the payment means is lowered (debiting the payment means); and a third step, in which the balance of the payment means is retrieved again. From the difference between the balances of the first and third steps the debited amount, and therewith the amount to be credited in the payment station, may be determined. The second step may be repeated several times, possibly in combination with the third step.
The above-mentioned European Patent Application EP 0,637,004 corresponds with U.S. patent application Ser. No. 08/703,824, filed Aug. 27, 1996, entitled "Method and Apparatus for Recording Usage Data of Card Operated Devices", which U.S. patent application is herewith incorporated by reference in this text.
In order to prevent fraud, in such a method the first step makes use of a random number which is generated by the payment station and transferred to the payment means, e.g., as part of a code with which the balance is retrieved. On the basis of said random number, the payment means as a first response generates an authentication code which may comprise an (e.g., cryptographic) processed form of, inter alia, the random number and the balance. By using a different random number for each transaction, it is prevented that a transaction may be imitated through replay. In addition, in the third step use is made of a second random number, which is also generated by the payment station and transferred to the payment means. On the basis of the second random number, the payment means as a second response generates a second, new authentication code which may comprise a processed form of, inter alia, the second random number and the new balance. On the basis of the difference of the two balances transferred, the payment station (or a protected module of the payment station, as the case may be) may determine with which amount the balance of the payment station should be credited.
The known method is basically very resistant to fraud as long as a payment means communicates with one payment station (or protected module). The drawback of the known method, however, lies in the fact that the first and second authentication codes are independent. If a second or third payment station (or protected module) communicates with the payment means, it is possible, due to said independence, to separate the first step from the second and third steps. As a result, an apparently complete transaction may be achieved without the payment means in question being debited by the same amount as the amount by which the payment stations (or protected modules) in their entirety are credited. It will be understood that such is undesirable.
U.S. Pat. No. 5,495,098 and corresponding European Patent Application EP 0,621,570 disclose a method in which the identity of the security module of the payment station is used to ensure that a data exchange takes place between the card and one terminal only. The protection of the data exchange between the security module, the station and the card is relatively complicated and requires extensive cryptographic calculations.
Other Prior Art methods are disclosed in e.g. European Patent Applications EP 0,223,213 and EP 0,570,924, but these documents do not offer a solution to the above-mentioned problems.