The invention refers to the protection of transaction data for cash-free payment transfers by means of chip cards, from the data's creation in the payment terminal to its processing.
Modern types of cash-free payment transfers are carried out using chip cards. In particular, these are electronic stocks, credit cards and debit cards.
Several different payment transfer applications can exist on a chip card, for example electronic stocks and credit cards.
The chip card is initialized before issue to the customer, i.e. application data and cryptographic keys for securing the transaction are stored on the chip card which allow the chip card to be used within the framework of certain applications. On being issued with the card, the customer is informed of the application for which the chip card can be used.
If a customer wishes to pay for goods at a dealer using his/her stock chip card, then this transaction can be carried out at a payment terminal. The chip card is inserted into a chip card reader arranged in the payment terminal. Using the chip card reader, data can be read from the chip card or data can be written to the chip card. With electronic stock applications, the credit stored on the chip card is reduced by the amount which is to be paid to the dealer for the goods.
To carry out the described payment procedure, the payment terminal has the following components in particular: a chip card reader, a keyboard for entering data, a network and software for controlling the corresponding transactions, a display unit to display instructions to the customer, a security module, and a communication connection to the host system, especially if credit/debit cards are supported.
In general, at each payment transfer, transaction data on the individual payment procedure is created as well as cumulative data which is brought up to date on the transactions which have occurred since the last data exchange with the clearing office.
Amongst other things, the transaction data contains:
The identification of the customer's chip card PA1 The amount, the currency and the bank PA1 The identification of the dealer and the payment terminal and PA1 cryptographic security (signature advisable) of the transaction data is advisable with the transaction key of the chip card. PA1 The total amounts of the transactions PA1 The number of transactions PA1 The identification of the dealer and the payment terminal and PA1 cryptographic security (signature is advisable) of the cumulative data is advisable using the key allocated to the dealer or the payment terminal in the security module. PA1 Header data, which contains the last cumulative data as well as data specific to the payment terminal and PA1 the transaction data of each transaction, if a certain minimum standard of security is required. PA1 a) Insertion of a stock-exchange chip card (4) in a read and/or write device (5), PA1 b) Initiation of a transaction for payment of a certain amount using the stock-exchange card (4) PA1 c) Creation of the corresponding transaction data (10) for that payment procedure, for each payment procedure PA1 d) Creation of the corresponding cumulative data (81) for each payment procedure, where the cumulative data includes the transaction data since the last data exchange with the settlement position (11) and PA1 e) Creation of a cumulative signature (82) on each supplement to the cumulative data (81), where the new cumulative signature SSi (82) is formed from the initial value of the previous cumulative signature SSi-1 (82). PA1 the identification of the stock-exchange chip card of the customer PA1 the debit amount, the currency, the bank PA1 the identification of the dealer and the payment terminal. PA1 the cumulative amount of the transactions PA1 the number of transactions PA1 the identification of the payment terminal PA1 f) Reading out the cumulative data SD (81) and cumulative signatures SS (82) from the security module (8) PA1 g) Creation of a transaction file (12) with the following data: PA1 h) Transfer of transaction file (12) to the settlement position (11) PA1 i) Creation of a cumulative signature SS (82) after step e) of the procedure from the transaction data TDi (10) using the key and the allocated initial value PA1 j) Comparison of the cumulative signature SS (82) created after step i) with the cumulative signatures (82) sent from the security module (8)
The transaction data is created in a cryptographically secure protocol between the chip card and the security module, using the individual transaction key on the chip card and in the security module. The transaction data is secured using the individual transaction key which is allocated to the chip card.
The transaction data is stored in the payment terminal up until the data exchange with the clearing office.
The cumulative data is held in the security module and is read out on exchanging the data with the clearing office.
Cumulative data includes, for example:
On exchanging data with the clearing office, a transaction file is transmitted to the clearing office from the payment. The transaction file consists of
The transaction data is individually secured using transaction keys. The transaction key is located on the individual chip card. Transaction keys can be stolen and transaction data can be copied from other payment terminals. Therefore, whilst the transaction data is being stored in the payment terminal and during its transfer to the clearing office, transaction data can be used fraudulently to the benefit/deficit of individual card owners.