The present invention concerns a method for spreading parameters in offline chip-card terminals as well as corresponding chip-card terminals and user chip-cards.
Chip-card terminals are used more and more often as identification means for different systems and as portable data storage means with data processing abilities. Among others, it is known that chip-cards can be used as electronic money wallet enabling payment at different points of sale. Conceivable applications for chip-cards as electronic money wallets comprise, among others, food retail stores, department stores, utilization of parking space, public transportation means, personal transportation means (taxis), service stations, hotels and restaurants, canteens and refectories, automatic vending machines for drinks and food, road tolls, sale of admission tickets, access control devices, public telecommunication services, internet, online services, pay-TV, etc. Furthermore, it is also known that chip-cards can be used purely as user identification means, for example in mobile radio telephones (SIM cards) or as admission tickets.
These different implementation sites use chip-card terminals that power the user chip-cards and can establish a data technological connection with the card, for example in order to read the identification in the card or to transfer electronic money. Such terminals can either be connected to existing systems (for example check-out systems) or be used as xe2x80x98stand alonexe2x80x99 apparatus.
In order to verify the users"" identity, the user is often required to enter a secret, for example a PIN or biometric parameters. In order to verify this, terminals are often connected online with a center, for example over a private or public telecommunication network. This online connection is also used to transfer electronic money units and to update time-limited terminal parameters (i.e. valid for at least a certain period of time), for example to spread as fast as possible lists of blocked cards in the terminals.
However, such a permanent connection between terminal and center is costly. If the user chip-card is also to be used for paying small amounts, for example at a kiosk, for bus tickets, etc., the price for the connection can in certain cases constitute a substantial part of the transaction value. Furthermore, the connection of a terminal with a telecommunication network is often technically impracticable or attainable only with much effort, for example if the terminal must be installed far from any available telephone point of connection.
In order to avoid these connection costs, so-called offline terminals have also been developed that work self-sufficiently without being connected with a superordinate center. Typical offline chip-card terminals are for example used in businesses when the average amounts paid is approximately on the same order as the connection costs.
Furthermore, so-called hybrid terminals are also known that are connected with a telecommunication network only intermittently (on and off), for example once a day, to send all the day""s transactions to the center in one go.
One problem with offline and hybrid terminals is the updating of time-limited parameters. Each terminal usually uses a series of parameters that are not durable and not linked to a specific transaction, and that occasionally have to be updated (for example several times a week). Such parameters comprise, among others, lists of blocked user chip-cards (for example chip-cards that are not valid, no longer valid or fraudulently used) as well as scales of transaction charges.
In the case of chip-card terminals that are also used for money transactions with money cards, these parameters also comprise the lists of performed transactions that have to be transmitted to the center, as well as the content of the electronic money accounts that is to be transferred.
Such parameters are usually updated manually, in that an employee checks all terminals and copies the time-limited parameters from or into a portable device that is then connected with the center. In the case of a portable chip-card terminal, the latter can also be brought itself to a point of connection of the center, as described in WO9517738. This manual updating operation is however tedious, in particular because many widely spread terminals must be inspected.
Furthermore, the chip-card terminals must comprise input means (for example a keyboard, an interface to the updating device, possibly a display) that are operated by the employee in order to update the parameters. Such input means increase the cost of the terminal and require a larger housing.
It is an aim of the invention to propose a new method with which said parameters can be updated with less effort.
According to the present invention, these aims are achieved in particular through the characteristics of the independent claims. Further advantageous embodiments are moreover described in the dependent claims and in the description.
In particular, these aims are achieved by a method in which time-limited parameters are updated in offline chip-card terminals with the user chip-cards used in the chip-card terminals.
In particular, the time-limited parameters, for example lists of blocked user chip-cards, scales of charges, etc. are copied in user chip-cards, preferably ciphered and/or in a secure memory area of the user chip-card inaccessible to the chip-card""s user, and are spread through these user chip-cards from terminal to terminal.
This method is adapted in particular to systems in which the same user chip-cards are used both in offline as well as in online chip-card terminals. This is in particular the case of hybrid systems in which not all terminals are connected online, but also to systems that are used for different applications, for example for SIM cards, which can also be used as value cards for offline terminals.
An advantage of the present invention is that each user chip-card contains in particular parameters relating to other user chip-cards, for example lists of other blocked user chip-cards. The card owner is not in a position to modify the parameters and will anyway have no reasons to attempt to falsify the card and modify the parameters of other cards.
Another advantage is that no additional chip-cards are necessary in order to update said time-limited parameters in offline terminals. Only the user chip-cards, which are also used for transactions with online and/or offline terminals, are needed. The operation is totally transparent for the user and he is not required to carry out other steps or actions than for normal transactions with the terminals.