WO2015176772A1

WO2015176772A1 - Method for processing a transaction

Info

Publication number: WO2015176772A1
Application number: PCT/EP2014/060668
Authority: WO
Inventors: Markus Lobmaier
Original assignee: Kwallet Gmbh
Priority date: 2014-05-23
Filing date: 2014-05-23
Publication date: 2015-11-26

Abstract

The invention relates to a method having the following method steps: creating a session on a server for processing a transaction, wherein, in addition to the server, a user device and a transaction device which is designed to record the transaction can participate in the session in order to process the transaction, and wherein the session is initiated by one of the devices, and automatic recognizing of the underrun of a distance threshold between the two devices in order to establish a non-contact communication connection between them and to enable the other device to join the session by means of the connection, and the joining of the session by said other device, and executing the transaction by means of the server if an execution confirmation is received by the user device participating in the session.

Description

TITLE

Method for processing a transaction

DESCRIPTION

TECH NICES FIELD

The invention relates to a method for processing a transaction.

BACKGROUND

From WO 2013/134769 AI a system is known in which a mobile phone by "Near Field Communication" (N FC) against a

Cash register device is identified to perform a transaction.

The basis for the N FC functionality is a special N FC chip which, in addition to other hardware components enabling different radio communications, must be integrated into the mobile phone, which adversely affects the price of the device. In addition, the use of N FC components in mobile devices has proven to be problematic because it usually involves storage of security-related data in the NFC system of the mobile device, causing data security concerns in the art.

The object of the invention has been found to provide an improved method, so that the problems discussed above are avoided.

SUMMARY OF THE INVENTION

This task is performed by a transaction procedure according to

Claim 1 solved.

The subject of the invention is therefore a method comprising the following method steps, namely generating a session on a server for processing a transaction, wherein the session next to the server, a user device and a transaction device, which is designed to detect the transaction is able to participate in processing the transaction, and wherein the session is initiated by one of the devices, and automatically detecting the falling below a distance limit between the two devices to establish a contactless communication link between them and allowing the other device to join the session using the connection, and joining said other device to the session, and executing the transaction using the server when an execution confirmation is received from the user device participating in the session.

The user device can generally be a mobile, especially programmable user device, such. B. be a smartphone on the z. For example, a user application running e.g. is personalized to a user of the user device and serves to process a transaction. However, the user device may also act as a computer, such as a computer. As a laptop or a tablet (English tablet "tablet", US engl. Tablet "notepad") or tablet computer be realized.

The transaction device may be configured as well as the user device and another application, for. B. run a cash register application, so that the transaction device forms a cash register device. The

Transaction device, however, can also be a permanently installed terminal, such. B. be a POS terminal. The transaction device is designed to record a transaction. Thus, e.g. to be paid for items to be paid and a total price to be paid to be displayed. However, the transaction can also z. B. a check-in process in an aircraft or access to a concert event.

The invention has the advantage that all disadvantages of N FC technology are avoided, because the devices involved their

To communicate with each other while avoiding NFC technology and its inherent problems.

In the context of the invention, the user device or the user application has dual functionality, namely a start or trigger function (in the context of a first "TAP" of a user) for starting a processing of the transaction from the user's perspective on the other hand, a confirmation function (as part of a second "TAP" of a user) to confirm the

Perform the transaction on the server or using the server. Both functionalities require a user interaction (first "TAP" or second "TAP") with the user device, so that a relatively high level of security is given because the user must actively declare his intention to execute the transaction using the user device in duplicate.

Unlike NFC technology, where transaction-sensitive data is stored in the NFC chip, the user application on

User device only a visualization of for the transaction absolutely

necessary information for the user ready, such. B.

Transaction amounts, means of payment and / or payment options, etc. The actual storage of those data or parameters required to execute the transaction may take place on the server in a secure environment. The server thus has in the system the importance of the secure storage and management location of transaction-sensitive data (e.g.

User account, possibly also payment options, loyalty programs, etc.), so these can not be spied on by a compromised user device (or even a compromised transaction device).

In order to start the process of processing a transaction with the help of the user device, the user device is brought close to the transaction device by a user and automatically detects that a distance limit value has been undershot between the devices, followed by a contactless communication link between The two devices are made to both devices participate in the same session on

Enable server. The automatic determination of the local proximity of the two devices to each other not only brings the technical advantage that a clear assignment of the two devices used in the transaction for use can be made. Rather, there is the important psychological but also safety-related aspect that a user of the user device by a corresponding movement (first "TAP") for establishing the adjacent positioning of the two devices, ie, for example, a movement of the user device out to the transactional device, his

Consent to involve the user device in processing a transaction.

A session in the present context is a data structure for temporary, logical connection of the user device, the transaction device, the server, as well as transaction-relevant data to the transaction upon receipt of the execution confirmation (caused by the second "TAP"). perform. As part of the session, all three parties can exchange data with each other. In particular, the bones may communicate with the server using a secure Hypertext Transfer Protocol (HTTPS). The data to be communicated can additionally be encrypted.

The session is initiated by one of the devices on the server. The contactless communication between the devices serves to allow the other device to join the session. Once the server and the two devices are logically connected using the session, the non-contact connection between the devices serves to instruct the other device to match its status with that of the server. With the aid of contactless communication, one device triggers the other device to retrieve new data regarding the transaction from the server or to change the status on the server by transferring data. In the contactless communication between the devices so there is no exchange of data that would authorize the individual device to actually execute the transaction alone. The same applies to the data exchange between the devices and the server. Again, no data is exchanged which, in the course of processing the transaction on the server before final release of execution of the transaction, would authorize the server or the respective device to execute the transaction alone. On the contrary, the interaction of the devices with the server ensures that a specific transaction is unequivocally meant and ultimately released for execution, and that

involved devices are authorized. Only when the server receives all the data necessary for executing the transaction when receiving the execution confirmation data at the server can the transaction actually be executed. Depending on the implementation, the server can finally execute the transaction or forward it to a transaction execution server for execution.

Only when the confirmation function of the user device (second "TAP") is executed, an execution confirmation is generated there and communicated to the server and with the help of the server the transaction is executed or forwarded for execution only the completion of the transaction is displayed

Overall procedure as a result of the following events: first

User interaction to start processing the transaction below Inclusion of the user device, second user interaction to approve the transaction and transaction completion. In the nomenclature of

Applicants, these events are referred to first as "TA P", second "TAP" and "DONE".

Further, particularly advantageous embodiments and

Further developments of the invention will become apparent from the dependent claims and the following description.

The recognition of the undershooting of the distance limit value as well as the establishment of the connection between the devices can take place before or after the generation of the session.

According to one aspect of the invention, the server and the two devices or the applications running on them each have a key pair (consisting of a private and public key) to sign and / or encrypt data to be delivered, messages or information and in which the identity of the communication partner sending the data, etc., to the receiving communication partner. The devices or the applications running on them are known or registered with the server. The server knows the public keys of the devices or the applications running on them.

According to another aspect of the invention, in the

Communication of the devices with each other or in the communication between the devices and the server timestamp occur. These

Timestamps ensure that individual procedures in the procedure can not last longer than permitted. With the help of the time stamp, it is possible to ascertain that time periods which have been defined as permissible have been exceeded, and consequently that the method is terminated for reasons of expiry and / or safety considerations.

In the communication of the devices can also be for a certain period, eg. This identifier is generated by the server for the relevant period of time and can avoid unnecessary communication effort between potential communication participants.This identifier can be used when communicating with each other or with the device Server to be checked. The automatic determination of the distance between the devices can, for. B. done in an optical manner, wherein z. B. a built-in one of the bone camera is used. For example, the camera can capture an image (such as a QR code) displayed on the other device's display. Also, an image that is mounted on the housing of the other device can be detected and thus the distance can be determined.

However, it has proved to be particularly advantageous if the detection of the undershooting of the distance limit value is carried out with the aid of a measurement of a signal strength or a signal level of a received radio signal. It is preferably a radio signal in accordance with the Bluetooth standard, particularly preferably according to the Bluetooth Low Energy specification, which is transmitted by means of communication means of a first type (Bluetooth communication means) from one of the devices, preferably from the transaction device the other device, preferably the user device is received. To determine whether the distance limit between the devices has been undershot, the measured signal strength or the

Signal level compared to a threshold value and, if the signal strength or the signal level exceeds the threshold, falls below the

Distance limit detected. The advantage of using Bluetooth technology is that technology is used in the

Essentially nationwide and de facto integrated as a standardized component in mobile devices. The device has a standard with respect to the wireless communication properties Bluetooth communication level, which can be controlled via an operating system interface, or via which the status of the communication level and the communication parameters can be queried.

Therefore, it has proved to be particularly advantageous that the signal strength is represented by a Received Signal Strength Indicator (RSSI). As soon as one of the devices receives a Bluetooth signal from another device, the RSSI communication level is provided. The RSSI forms an indicator for the reception field strength. Since the RSSI usually has no specified unit, the value of the RSSI must be interpreted in accordance with the manufacturer's data sheet, with usually a higher RSSI value indicating a higher receive field strength. The value of the RSSI thus serves as a measure for the distance. Consequently, a specific value of the RSSI is used, which is used as the distance limit value.

It may be advantageous that in assessing the determined signal strength or signal level over relatively short time windows, such as e.g. 0.2 to 1.5 seconds, averages and / or over or underrange are used to avoid misdiagnosis of the distance between the devices due to signal fluctuations.

Since the transaction is captured on the transaction device side, e.g. For example, if items to be paid for in the case of a payment transaction are recorded and their prices are added up, it has proven to be particularly advantageous that transaction data are recorded with the aid of a transaction

Motion sensor of one of the devices, in particular of the user device, which is approximated to the other device, in particular the transaction device, for verifying the validity of the detection of the falling below the

Distance limit can be used. This measure constitutes another safety criterion. Concretely, for example, with the help of the

Motion sensor of the user device, the deceleration of the user device when approaching the transaction device (represented by the

Movement data of the motion sensor) are measured. To detect the valid approach, a radio signal is thus generated by the transaction device and the user device, the presence of a radio signal field strength of this radio signal above a certain value during a time window of z. B. 0.8 seconds and simultaneously detects the deceleration. In this way, the user device determines the execution of the start or trigger function (first "TA P" of the user) and can communicate this state (eg with the aid of Bluetooth low-energy) to the transaction device and, if necessary, over another

Communicate communication method to the server.

According to a further aspect of the invention, the two devices establish a communicative connection with one another after detection of the undershooting of the distance limit value. In this connection setup device identifications but also offered device services can be queried or exchanged and subsequently used.

The generation of the session can then basically be initiated by each of the two devices. According to a preferred

Embodiment of the invention is the generation of a session with the help of Transaction device in communication using

Communication means of a third type, in particular one

Internet communication, with the server. It is particularly advantageous if the session is set up on the server only if it is initiated by a transaction device known to the server, which contributes significantly to security. This has the advantage that a fraudulent motivated

Manipulation or simulation of the transaction device with the aim of establishing a session on the server is avoided, which further complicates fraudulent activities carried out via the transaction device. The communication means of the third type can be replaced by any Internet-enabled communication means, such. Wired or wireless

Be realized communication means.

The communication means of the second type are advantageously for Internet-based communication in a radio network, such. WLAN, etc., or a mobile network, e.g. UMTS, GSM, LTE, etc. trained.

Advantageously, the device initiating the session preferably receives the transaction device in a communication with the aid of

Communication means of the third type, from the server, a session identifier and communicates this session identifier to the other device, preferably the user device in a communication by means of the communication means of the first type. The session identifier can have a unique session number and also a timestamp for defining the creation time of the session or else a device signature of the device applying the session.

According to another aspect of the invention, the other device, in particular the user device, communicates with the aid of

Communication means of the second type with the server, using the received session identifier of the session. Joining the session may depend on the validity of the aforementioned device signature. The

Communication means of the second type are preferably designed to communicate in a mobile radio network for mobile data transmission of a mobile radio network operator.

As discussed earlier, the transaction device is configured to capture the transaction. The transaction device deposited in one

Communication with the server using the third-type communication means the detected transaction on the server, preferably associated with the session, especially preferred as part of the session. This avoids unauthorized interventions and possible manipulation of the transaction. The transaction can be stored on the server in the form of transaction data in a database.

At the time the transaction is deposited on the server, the user device has no information regarding the details of the transaction. Prior to this, only the establishment of the connection with the transaction device took place in order to allow the joining of both devices to said session, to which the transaction is now assigned. To notify the user device of the existence of the deposited transaction, the transactional device initiates a query of the transaction from the server in communication using the first type of communication with the user device at the user device.

As a result of receiving the query, the server communicates a representation of the transaction to the user equipment in communication using the second type communication means, and then waits for receipt of the execution confirmation from the user equipment using the second type communication means , This has the advantage of not having the data relevant to the execution of the transaction, such as

Access data for a user account, means of payment or

Payment options or references to it, or access to a loyalty program or parameters of the loyalty program, etc. are made available to the user device, but all these data in the secure server remain protected, thus manipulation of the session or the associated data mentioned is excluded. Rather, the user device is only told what the user device and the user need to know to confirm or reject the transaction. For example, one is enough

Payment transaction already informing the user of the total price to make his decision. However, there can be more

Information, such as discounts already considered or the sum of the discount, or also newly added when the transaction is executed

Discount options are provided by the server for delivery to the user device for the information of the user.

The execution confirmation may be sent to the user device in a variety of ways, e.g. B. by movement of the user device or by receiving an acoustic signal caused by the user or by a detection of the touch of the user device or one of its components (eg button, screen) are initiated by the user. It has proved particularly advantageous for the user device to have the execution confirmation as a result of detection of a predefined one

Interaction caused by a user is generated and sent out. This corresponds to detecting the confirmation function (second "TAP" of a user). The execution confirmation is represented by digital data using the communication means of the second type to the server

communicated. It can e.g. the session identifier, the signed tip and TAN information, and the signed billing information.

It has proved to be particularly advantageous if the recognition of the predefined interaction in the user device with the aid of a

touch-sensitive screen and thus carried out detection of a stroking movement or touch movement performed with a finger of a

User or a designated item is detected in a limited portion of the screen area. Thus, de facto standardized input means of the user device for receiving the user's final declaration of intention to execute or reject the transaction can nowadays be used.

On the server side, as a result of receiving the

Execution confirmation, the transaction is executed directly on the server or on a communicatively connected to the server transaction execution server. Thus, for example, in the case of a credit card payment as a transaction from the server, a connection to a so-called "Payment Service Provider" or "Payment Network" set up where the user-specific payment is multi-certified (eg Payment Card Industry (PCI) certified) executed by and there the status of the execution of

Payment received at the server.

According to a further aspect of the invention, it is advantageous if, with the aid of the server or with the aid of the transaction device, parameters of a loyalty program are automatically taken into account before the transaction is executed for the transaction. Thus it is ensured that the

Interaction or confirmation effort by the user or by an operator who operates the transaction device is kept to a minimum, thus from the user's point of view as well as from the perspective of one Service provider as simple and barrier-free integration of a loyalty program is ensured in the transaction. Users and

In fact, operator personnel no longer need to set activities to involve the loyalty program in the transaction.

Since nowadays in everyday life a barely manageable variety of loyalty programs of different providers or service providers exist, it has proved to be particularly advantageous if the selection of the appropriate loyalty program by taking advantage of the knowledge of the user device or in connection with the application of the logged on user and / or an identifier of the transaction device is executed on the user device. On the server or the

Transaction device accessible thus exists in the form of a database that allows the server or transactional device to automatically activate or involve the correct loyalty program for the transaction. In the case of server-side implementation, e.g. one

Trading company the loyalty program data and the unique transaction device identifiers available to the operator of the server, so that one for a loyalty program in the

A registered user can benefit from the loyalty program if he wishes to execute a transaction on a transaction device of the relevant trading company or service provider. In the case of the availability of the loyalty program on the transactional device that does

Commercial companies themselves access the data of their own loyalty program for their assigned transaction devices.

According to a preferred embodiment of the invention, the parameters of the loyalty program are discount coupons which are processed in their digital representation in accordance with the preceding discussions.

Within the scope of the invention, it is advantageous if the final status of the execution of the transaction is communicated from the server to the user device and / or to the transaction device. In this case, individual means of communication (according to the second and the third type) are used. Thus, all involved devices (the user device and the

Transaction device), whether the transaction was successful or unsuccessful. In any case, we the Processing of the transaction on both the server and on the involved devices with the respective final status completed, thus

It is ensured that an unclear state of a long-term pending transaction can be avoided.

According to a further aspect of the invention is on the

User device executed a personalized application for a particular user, which is used for interaction with the user, the transaction device and the server and is designed to uniquely identify to the server, and thus an automatic selection of parameters relating to the transaction, such , B. which applies to the user or

available payment method, the payment service provider, the applicable loyalty program, etc.

It has proven to be particularly advantageous if the transaction is a payment transaction.

The aforementioned communication means of the three types are realized at or in connection with the appropriate devices (user device, transaction device, server) and ensure that different communication methods or channels are used in the communication between the respective devices, whereby a fraudulent motivated manipulation of the communication between the devices is reliably avoided. Only if the communication according to the three

Communication types between the devices, the involved devices can perform their activities for the final

Execution of the transaction are necessary.

For safety reasons, it has also proven to be advantageous if, to execute the transaction (for example, a secure payment transaction), the condition must be met that the transaction device confirms that exactly this transaction is to take place, signed and deposited on the server, the server has checked this and in turn signed to the user device has communicated and the user device or the application running there released this and in turn signed to the server has communicated. Only the realization of this condition allows the server to execute the transaction.

In order to further increase the security of the process or the system against fraudulent intervention from outside, it has proved to be prove particularly advantageous if the execution of the transaction (preferably only) can be triggered exactly at the time when the condition comes about. The server can thus be used to prepare the execution of the transaction as part of the session. Once the user device the

Execution confirmation sent to the server, the transaction is executed immediately. This brings with it the advantage that the actual

Executable transaction must be pending only for a minimum amount of time (a few milliseconds) and consequently a fraudulent motivated manipulation of a pending and already released transaction with very high

Probability is reliably avoided.

To further increase security is the execution of the

Transaction just once possible. If the transaction can be successfully completed, the process is completed as expected. Even if the transaction fails, the process is considered complete and the transaction is no longer available to the server for execution. Thus fraudulent interference with a pending transaction is reliably avoided.

According to a further aspect of the invention, as a result of receiving the execution confirmation with its help, a reference to an information required to execute the transaction, preferably stored on a transaction execution server, is made up of a first part reference and a second part Reference in server composed. Dividing the link into two and adding it to the actual usable reference only at the end of the processing of the transaction adds to the security of the procedure.

Most preferably, the first partial reference was made by the server and the second partial reference by a user device

Application generated. This has the advantage that the first partial reference and the second partial reference must under no circumstances be transmitted jointly between the user device and the server.

In particular, the measure that the server with a self-generated symmetric key the second part reference

encrypted and encrypted the symmetric key with an asymmetric key and also the second part reference assigned, increases security against attacks of third parties. In this context, it has proved to be particularly advantageous if only the application is capable of the symmetrical

Decrypt keys via the asymmetric encryption method, since the private key to the user device with the application

is stored.

In order to best ensure the security of the method against attacks from the outside, it is advantageous if the encrypted symmetric key is transmitted from the server to the application during the processing of the transaction, the application decrypts the symmetric key and passes the decrypted symmetric key to the server and the server decrypts the second partial reference with the symmetric key. The second partial reference is therefore only after the

User's consent to execute the transaction and can only then be combined with the first partial reference.

According to a further aspect of the invention, it is also advantageous if a partial reference was first encrypted by the server a first time, then was transmitted from the server to the user device, the user device was encrypted a second time and then from the User device was transmitted to the server and stored there in double-encrypted form.

The security measures discussed ensure that a transaction is not triggered by either the user device (or the application running on that user device), the server, or the transactional device (or the application running on the transactional device) alone can. The safety-related behavior used is similar to that of a bank safe deposit box. In the present case, each of the devices involved (user and transaction device, server) must have its own

To agree. Only then, exactly at this point in time, when all devices agree, will the transaction ("the locker") be opened exactly once for the parameters specified by the transaction device and the server, which have also been confirmed by the user device This system ensures optimum safety.

It should also be noted at this point that the method steps discussed above may also relate to configurations of system components of the system mentioned in the context of the discussion of the method. Advantages, which are mentioned in connection with the corresponding method steps, apply in an analogous way to the system or its system components.

FIGURES SHORT DESCRIPTION

The invention will be explained in more detail below with reference to the accompanying figures with reference to embodiments, to which the invention is not limited. Here are in the

different figures identical components provided with identical reference numerals. They show in a schematic way:

Fig. 1 is a block diagram of a transaction system according to the invention; Fig. 2 a sequence diagram visualizing the method according to the invention; Fig. 3 in a manner analogous to FIG. 2 shows another embodiment of the

Invention.

DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

FIG. 1 shows a transaction system 1 for executing a payment transaction, which has as a user device a mobile telephone 2, as a transaction device an electronic point-of-sale terminal 3 and a server 4.

On the mobile phone 2 for a specific user (not shown) personalized application 5 is executed, which is visualized on the screen 6 with the letter "k" and for interaction with the user, the POS terminal 3, and the server 4 is used and the unique

Identification against the POS terminal 3 and the server 4 is formed. The mobile telephone 2 has communication means of a first type 7 for communicating according to the specification "Bluetooth Low Energy" and

Communication means of a second type 8 for Internet-based, radio-based communication according to a mobile radio standard (eg GPRS, GSM, UMTS, etc.).

The point-of-sale terminal 3 is operated by a trading company and is designed to record a payment transaction, which can take place automatically or manually. In doing so, goods and associated prices are registered and a total price to be paid is determined. The POS terminal 3 has communication means of the first type 7 and Third-type communication means 9 for Internet-based,

wired communication (eg LAN). This may have advantages, but the third type 9 communication means may also have one

Have training for wireless communication. The point-of-sale terminal 3 is connected to a data processing system 10 of the trading company for the purpose of carrying out administrative processes, e.g. Inventory, Ein u. Sales, accounting, etc. connected, which also has communication means of the third type 9 and to implement the said processes a first

Processing stage 11 has.

The server 4 is from a service company

whose service is providing an innovative

Payment method and is used to process a transaction recorded by the terminal 3, taking into account a user as well as

Device interaction, which is discussed in detail below. From this company will also be the application 5 for users of one

Mobile phones 2 are provided. During installation on the mobile telephone 2, the application 5 and the user authorized to use the application 5 are registered on the server 4, so that the user can be clearly identified via the application 5 installed on the mobile telephone 2. Server 4 also offers payment options for each user (account information, available credit cards, etc.) or references thereto, as well as the loyalty programs of various retailers available to the user.

References stored on it. The server also has knowledge of the

Affiliation of a point-of-sale terminal 3 to the respective trading company. The server 4 has a second processing stage 12 for the stated purposes. The server 4 also comprises third-type communication means 9 and a connection (eg via the Internet) to second-type communication means 8, which are in the form of mobile-communication devices 13 of a

Mobile network operator (e.g., AI, 3, Telering, etc.).

FIG. 1 also shows a transaction execution server 14, which likewise has communication means of the third type 9 and a third processing stage 15 for carrying out payment transactions for a user. The transaction execution server 14 is operated by a payment service provider. The three processing stages 11, 12 and 15 have in non-exhaustive list z. B. a processor, memory modules,

Interface modules and mass storage, which are not shown for reasons of clarity. For the sake of completeness, it also mentions that, in addition to other device-specific components, such or similar processing stages are also formed in the devices 2 and 3.

In the following, the communication means of the first, second and third types 7 - 9 are abbreviated to Comtypl 7, Komype 2 8 and Komtyp3 9.

FIG. 1 also shows the movement of the mobile telephone 2 starting from a first position 16 towards a second position 17 and away from the second position 17 towards a third position 18. The course of movement follows the two arrows 19 and 20. This results in a position shift from outside (position 16) of a distance limit R measured from the Komtypl of the POS terminal 3 within (position 17) of said distance limit R and back to outside (position 18) of the Distance limit value R. Starting position (position 16) and end position (position 18) may be different or identical. Also, the respective movement patterns between the starting and ending positions can be identical or

be different.

1 also shows that the application 5 is active at the beginning of the movement, which is indicated by a wreath, which can also be animated in a rotating manner, around the letter "k." As soon as the distance limit value R has been undershot, this is recognized what through

Blanking the knitting ring is indicated. Subsequently, on

Screen 6 of the determined using the POS terminal 3 amount to be paid (€ 20.-) displayed and the user with the help of two buttons 22, 23, the possibility to start the execution of the payment transaction (first button 22) or reject (second button 23). Will the first

Button 22 is pressed, the deposited on the server 4 from the point of sale terminal 3 transaction executed, wherein subsequently using the in the figure 2

illustrated sequence diagram, a first embodiment of the

inventive transaction method is discussed in detail.

In the sequence diagram are at the top of the devices shown in the figure 1 (mobile phone 2, POS terminal 3, server 4) and the timing of the method from top to bottom in the form of steps of Process visualized. The starting point of the discussion is a transaction recorded with the aid of the point-of-sale terminal 3. Thus, the collection of goods and the accumulation of their prices were concluded at a total price.

Subsequently, the POS terminal 3 checks by means of Komtypl 7 in a first step 101 whether it receives a radio signal according to Bluetooth Low Energy. Since the application 5 has already been started on the mobile telephone 2 and the mobile telephone 2 generates such a radio signal with the aid of its shortcut 7, such a radio signal is received and evaluated at the POS terminal 2 and a data record is created for identification at the POS terminal. The mobile phone 2 is at this time still at the first position 16, from which it is now moved in the direction of the second position 17 (see Figure 1).

According to FIG. 2, in a second step 102 the POS terminal 3 automatically checks whether the mobile telephone 2 has been introduced into a range within the distance limit value R (for example along the arrow 19 shown in FIG. 1), that is to say the distance limit value R has fallen below has been. This is done by measuring the signal level of the received radio signal and comparing the averaged over a time window of, for example, 0.8 seconds measured value with a predefined threshold value. As soon as the

If the distance limit R has not been detected, a connection is established between the devices 2 and 3 in steps 103 to 109, in which services are polled by the mobile telephone 2, characteristics of the services are determined, and finally a connected status is established.

In the further steps 110 to 116, a session is generated on the server, in which both the mobile phone 2 and the POS terminal 3 are involved. For this purpose, in a tenth step 110, a at the

Point-of-sale terminal 3 generated random number together with a unique one

Identification of the point-of-sale terminal 3 communicates with the mobile phone 2 with the help of Komtypl 7. The receipt is confirmed in an eleventh step 111 using the Komtypl 7. In a twelfth step 112, a request to create a session is sent from the mobile phone 2 by means of the type 2 com 8 to the server 4, where the session is established. From the server 4 is in a

thirteenth step 113, a signature of the session formed from identification of the POS terminal 3, the random number, a session identifier and a

Timestamp transmitted to the mobile phone 2 with the help of Komtyp2 8. In one fourteenth step 114, a request to join this session is sent from the mobile phone 2 to the POS terminal 3. The received request is first checked at the POS terminal 3, whether in fact the receiving POS terminal 3 is addressed. For this purpose, the request is evaluated in terms of the identifier of the POS terminal 3 and the random number. As far as this test is completed positively, the POS terminal 3 communicates by means of Komtyp3 9 in one

fifteenth step 115 to join the session indicated by the session identifier to the server 4; otherwise a cancellation occurs. The server 4 confirms in a sixteenth step 116 by means of the Komptyp3 9 the POS terminal 3 to join the session.

In the context of the now established session, the POS terminal 3 queries in a seventeenth step 117 using the Komtyp3 9 from the server 4 from the permitted discounts for the recorded payment transaction. On the one hand, the server 4 takes into account the identity of the user uniquely determined according to the installed application. On the other hand, the server 4 also uses the unique identifier of the point-of-sale terminal to take into account the clearly defined trading company and can thus select the loyalty program permitted for the transaction and check in the data of the loyalty program whether the user has received a rebate (eg in digital form Discount coupons) of the total price determined in the course of recording the transaction. The discount communicated from the server 4 to the point-of-sale terminal 3 in an eighteenth step 118 by means of the type 3 is taken into account at the point-of-sale terminal 3 and the total amount to be paid reduced by the discount is calculated and in a nineteenth step 119 by means of the type 3 9 of the Point-of-sale terminal 3 communicates to the server 4, where the transaction is deposited in the form of a payment order marked with a payment identifier associated with the session. The identification of the affected user is guaranteed via the session. From the server 4 is in a

the twentieth step 120, a confirmation of the stored payment order with payment ID using the Komtyp3 9 is transmitted to the POS terminal 3.

Subsequently, in a twenty-first step 121 from the POS terminal 3 with the help of Komtypl 7 to the mobile phone 2 a

Request to query a payment order from the server 4

transmitted. Thereupon, in a twenty-second step 122, under Knowledge of the session identifier of the mobile phone 2 with the help of Komtyp2 8 sends a query of a payment order to the server 4. In a twenty-third step 123 is then from the server 4 only for the user of the mobile phone 2 for deciding essential information of the payment order such. B. payment amount, if necessary, also supplemented by

Rabatinformation and / or tip amount as well as for the application 5 for communicating the decision of the user to the server 4 essential payment identifier transmitted. Thereafter, the server 4 waits for the user's decision to execute or abort the transaction. The same applies to the POS terminal. 3

At this time, the mobile telephone 2 shown in FIG. 1 can still be located within the distance limit R or already outside again. In any case, an indication of the information essential for the user to decide takes place analogously to that shown at the third position 18. As soon as the user touches the second button 23, his desire to abort the transaction is sent to the server 4 and to the server

Point 3 terminal, after which the transaction is canceled, which in Fig. 2 is not shown. However, if the user touches the first button 22, the process illustrated in FIG. 2 is continued.

From the mobile phone 2, an execution confirmation is generated in a twenty-fourth step 124 by means of the Komype2 8 and communicated to the server 4. In a twenty-fifth step 125, the transaction is executed by contacting the server 4 with the transaction execution server 14 and receiving the final status of execution of the transaction from the transaction execution server 14. In a twenty-sixth step 126, this status is transmitted to the mobile telephone 2 with the aid of the type 2 com. In a twenty-seventh step 127, a representation of this execution confirmation is sent to the point-of-sale terminal 3 by means of the commytpl 7. The representation of the execution confirmation only shows the terminal 3 the consent to execute the

Payment transaction. The execution confirmation as such relates to the session identifier and the payment identifier and is thus uniquely assignable to the server. In a twenty-eighth step 128, this status is queried by the server 4 with the aid of the comtype 3 9 and in a twenty-ninth step 129 by means of the comptype 9 9 to the point-of-sale terminal 3 communicates. Both devices 2 and 3 and the server 4 then terminate the session.

In the following, a second exemplary embodiment of the transaction method according to the invention will be discussed in detail with the aid of the sequence diagram shown in FIG. In the present case is also the

Transaction execution server 14 was added to the sequence diagram at its right edge. The communication between the devices 2, 3; 3, 4; and 2, 4 with the help of Kommunitypl 7 - Komtyp3 9 as initially discussed in connection with Figures 1 and 2, so that it is not discussed in detail below. Starting point of the discussion is that with the help of the cash terminal 3 a total for a payment transaction was determined.

As soon as the application 5 is started on the mobile phone, it checks whether it has already received one from the server 4 for the relevant day

The "DailyToken" is a unique for each day generated by the server 4, unique and originally only the server

4 known identifier, which therefore does not correspond to the current date. As far as this "DailyToken" in the application 5 is not yet present, it is requested in a step 201 from the mobile phone 2 at the server 4 and communicated in a step 202 from the server 4 to the mobile phone 2 and its application 5.

As soon as the payment method "application on the mobile telephone" has been selected at the point-of-sale terminal 3, in a further step 203 the creation of a session for processing a payment transaction is initiated and created on the server 4. In a further step 204, the server 4 transmits the for the newly created session unique session identifier and the "DailyToken" to the POS terminal. 3

Then, the mobile phone 2 to the POS terminal. 3

approximately and finally into a range within the distance limit R (see Fig. 1) introduced. In contrast to that in FIG. 1 and 2

described procedure now checks the mobile phone 2 and the executed thereon application 5 automatically, whether the mobile phone 2 in a range within the distance limit R with respect to the POS terminal. 3

was introduced, so the distance limit R was exceeded. As soon as the undershooting of the distance limit value R has been established, in a further step 205 a connection is established

Application 5 with the point-of-sale terminal 3, in which the "DailyToken" known from the application 5 is transmitted from the application 5 to the point-of-sale terminal 3. In a further step 206, the "DailyToken" received by the application 5 is sent to the point-of-sale terminal 4 checked at the POS terminal 4 known "DailyToken", and if they match in a further step 207, the session identifier is transmitted together with a hash value of the known at the POS terminal 3 "DailyToken" from the POS terminal to the application 5. There, in a further step 208, the "DailyToken" is checked again and, as far as the "DailyToken" received by the point-of-sale terminal 3 is deemed valid, in a further step 209 with the aid of the session identifier known from the mobile telephone 2

Application 5 completed the session on the server 4 and confirmed in a further step 210 by the server 4 joining. From this point on, the server 4, the point-of-sale terminal 3 and the mobile telephone 2 or its application 5 are logically connected by means of the session and can exchange coded information with one another.

In a further step 211, the accession to the session is communicated by the application 5 to the point-of-sale terminal 3. Then, in a further step 212 from the point-of-sale terminal 3 on the server 4, a payment order is set up, which is assigned to the session. The payment order is signed by the cash terminal 3 on server 4 deposited. The server 4 confirms in a further step 213 the establishment of the payment order and a TAN code (eg a three-digit numerical code), ie a one-time password, to the

Point of sale terminal 3 communicates and visualized there in a further step 214 by means of its Anzeigemititt the user of the mobile phone 2. The

Point-of-sale terminal 3 requests application 5 in a further step 215 to check the existence of a payment order on server 4 for the known session.

With knowledge of the session identifier, the application 5 in a further step 216 now requests from the server 4 the payment order pending for the session. Subsequently, the server 4 generates billing information in a further step 217 and supplements the billing information by the billing information in a further step 218. The server 4 then transmits the billing information in a form signed by it in a further step 219 to the application 5. The billing information is thus in the server 5 tested and signed form in the application 5 before. There, the amount to be paid (for example EURO 37.50) is visualized by means of the screen 6 to the user of the mobile telephone 2.

Since in the present case the amount to be paid is smaller than a limit value (eg EURO 200.-), in step 219 the TAN code is also transmitted to the application and visualized with the aid of the screen 6. So he does not have to be typed explicitly, which is a relief for the

Users when paying relatively low amounts. The user, before confirming the transaction, can compare the TAN code displayed on the mobile telephone 2 with that TAN code displayed on the POS terminal 3 and make his confirmation dependent on the identity of the two displayed TAN codes. In the event that the amount to be paid is greater than the limit, the automatic display of the TAN code on screen 6 of the

Mobile phones 2 and the TAN code is only displayed on the cash terminal 3, where it is read by the user for security reasons and manually enter on the mobile phone 2.

As far as the user agrees with the transaction, he operates the first button 22 on the screen 6 (possibly after entering a

Tip amount and / or after entering the TAN code), which is determined by the application 5 in a further step 220. In one

following step 221, the fact of the user's consent as such is communicated from the mobile phone 2 to the point-of-sale terminal 3 without any further data. In addition, in a further step 222, information previously received from the application 5 (in particular the session identifier) is transmitted in form signed by it to the server 4 as an execution confirmation.

The signature of the payment order is checked at the server 4 in a further step 223, the payment order is supplemented, for example, with information about the tip, the status of the payment order is set to accepted, and an ALIAS (a reference to a payment method)

Payment method stored on the transaction execution server 14 where z. B. are actually used for coming credit card information) created.

When creating the ALIAS, an ALIAS prefix (first partial reference), formed by z. Eg the first m digits of the ALIAS, and an ALIAS Suffix (second part reference), formed by z. For example, the n digits of the ALIAS following the m digits are joined together.

The generation of the ALIAS prefix and the ALIAS suffix was carried out in accordance with a procedure preceding this transaction procedure in the context of the creation of a new payment method (payment card). This was a selection of a z. B. Credit card (VISA / MasterCard / Diners Club / etc) entering the card details (card number, cardholder, expiry date,

Security code). The server 4 generated the ALIAS prefix, which is a

Payment card is assigned in the application 5, and the application 5 generates the ALIAS suffix for this payment card.

The server 4 received from the application 5 the ALIS suffix. The server 4 encrypted the ALIAS suffix with a self-generated symmetric key and then placed the ALIAS suffix in its database. The symmetric key was with an asymmetric key

encrypted and also assigned to the ALIAS suffix.

Only the application 5 is able to decrypt the symmetric key via the asymmetric encryption method, since the private key is stored on the user device 2 with the application 5.

During the payment process, the encrypted symmetric key is transmitted from the server 4 to the application 5 in step 219, the application 5 decrypts the symmetric key and passes in step 222 the decrypted symmetric key to the server 4. Thus the server 4 the entire ALIAS now the server 4 decrypts the ALIAS suffix with the symmetric key, assembles ALIAS prefix and ALIAS suffix, and thus can use the ALIAS.

As far as it has been determined on the server 4 that the information received from the application 5 is in order, ie a valid payment order is present, the server 4 contacts the transaction execution server 14 with the various payment-relevant data in a further step 224 and makes all necessary Data, in particular also the ALIAS, which identifies a payment card, handed over to him.

As far as the transaction at the transaction execution server 14 could be carried out successfully, this is done in a further step 225 communicated to the server 4 and there changed in a further step 226, the status of the payment order to executed.

The confirmation of the execution of the payment is communicated in a further step 227 from the server 4 to the application 5, where the execution of the transaction is visualized by means of the screen 6 for the user. The application requests in a communication in a further step 228 the POS terminal 3, its status to

Finalize payment order. Thereupon, the POS terminal 3 queries the status of the session identifier from the server 4 in a further step 229. The server 4, if it has not yet received confirmation from the transaction execution server 14, in a further step 230 with the transaction execution server 14 clarify whether the payment has been accepted and receives in a further step 231 a payment confirmation, the Payment order is stored and is communicated in a further step 232 to the POS terminal 3, so that there can be a visualization of the confirmation of the execution of the transaction.

In summary, for both embodiments of the method according to the invention, the advantage is ensured that payment of an amount can not be triggered either by the mobile telephone on which the application 5 is running, by the server 4 or by the POS terminal 3 alone. in the

figuratively, it is like a bank safe deposit box. Each of the subscribers 5 and 3 and 4 must be "ok" to open the locker, only if the POS terminal 3 confirms that exactly that amount should be paid (step 212), the server 4 has checked and signed this (steps 217 - 219) and especially the application 5 by (as a result of pressing the first

Button 22 (ok) by a user) has enabled and signed the transmission of the execution acknowledgment, can accurately for exactly that amount at that exact time for the parameters set by the POS terminal 3 and server 4 and acknowledged by the application Once the secure payment is triggered (resp. transferred to the analogy of the locker the locker will be opened).

Finally, it should be mentioned that the measures mentioned in connection with one exemplary embodiment also apply to the other

Application can come. So in particular the measures concerning the daily token and / or the encryption method are also used in the embodiment discussed according to FIG. 2.

It is finally pointed out once again that the figures described above only in detail

Embodiments, which can be modified by the skilled person in various ways, without departing from the scope of the invention. For the sake of completeness, it is also pointed out that the use of indefinite articles does not exclude "a" or "one", that the characteristics in question can also be present multiple times. Also, individually disclosed features may be combined with other features without departing from the concept of the invention.

Claims

A method comprising the following steps:

Creating a session on a server (4) for processing a

Transaction,

- wherein at the session next to the server (4) a user device (2) and a transaction device (3), which is adapted to detect the transaction, can participate in the processing of the transaction, and

- wherein the session is initiated by one of the devices (2, 3), and automatically detecting the falling below a distance limit (R) between the two devices (2, 3) to a contactless

Establish communication link between them and the other device (3, 2) using the connection to join the session

allow and join the said other device (3, 2) to the session, and

Executing the transaction using the server (4) when an execution confirmation is received from the user device (2) participating in the session.

2. The method of claim 1, wherein

detecting the undershooting of the distance limit (R) by means of a measurement of a signal strength or a signal level of a

received radio signal, preferably in accordance with the Bluetooth standard, particularly preferably according to the specification Bluetooth low energy, takes place, wherein the radio signal by means of communication means of a first type (7) of one of the devices (2, 3), preferably from the

Transaction device (3), and the other device (3, 2), preferably the user device (3) is received and wherein the measured signal strength or the signal level is compared with a threshold value. A method according to claim 1 or 2, wherein

Motion data recorded by means of a motion sensor of one of the devices (2, 3), in particular of the user device (2), which is approximated to the other device (3, 2), in particular the transaction device (3), to verify the Validity of detecting the falling below the distance limit (R) can be used.

Method according to one of the preceding claims, wherein

the two devices (2, 3) after detecting the undershooting of the

Distance limit (R) establish a communicative relationship with each other.

Method according to one of the preceding claims, wherein

the generation of a session by means of one of the devices (2, 3), in particular of the transaction device (3) in a communication with the aid of

Communication means of a third type (9), in particular one

Internet communication, with the server (4) takes place.

Method according to claim 5, wherein the session-initiating device (2, 3), in particular the transaction device (3) in a communication with the aid of the communication means of the third type (9), receives from the server (4) a session identifier and communicating this session identifier to the other device (3, 2), in particular the user device (2) in a communication by means of the communication means of the first type (7).

Method according to claim 6, wherein the other device (3, 2), in particular the user device (2) is in communication with the aid of

Communication means of a second type (8) with the server (4), with the help of the received session identifier of the session join.

Method according to one of the preceding claims, wherein the

Transaction device (3) in communication with the help of

Communication means of the third type (9) with the server (4) the detected transaction on the server (9), preferably associated with the session, particularly preferably as part of the session, deposited.

9. The method of claim 8, wherein the transaction device (3) in a communication using the communication means of the first type (7) with the user device (2) on the user device (2) a query of the transaction from the server ( 4) abuts.

10. The method according to claim 9, wherein the server (4), as a result of receiving the query, communicates a representation of the transaction to the user equipment (2) in a communication by means of the communication means of the second type (8) Execution confirmation from the user device (2) using the

Communication means of the second type (8) is waiting.

11. The method according to any one of the preceding claims, wherein in the

User device (2) generates the execution confirmation as a result of detection of a predefined interaction caused by a user and sent out.

12. The method of claim 11, wherein the detection of the predefined

Interaction with the user device (2) using a

touch-sensitive screen (6) and a thus made

Detection of a stroking movement or touch movement executed with a finger of a user or a designated object is detected in a limited portion of the screen area.

A method according to any one of the preceding claims, wherein as a result of receiving the execution confirmation, the transaction is directly on the server (4) or on a communicatively connected to the server

Transaction Execution Server (14) is executed.

14. The method according to any one of the preceding claims, wherein by means of the server (4) or by means of the transaction device (3) automatically

Parameters of a loyalty program are considered before the transaction is executed for the transaction.

15. The method of claim 14, wherein the selection of the appropriate

Loyalty program taking advantage of the knowledge of the user registered with the user device (2) and / or an identifier of the user

Transaction device (3) takes place.

16. The method according to any one of the preceding claims 14-15, wherein the parameters of the loyalty program are discount coupons.

17. The method according to any one of the preceding claims, wherein the final status of the execution of the transaction from the server (4) to the

User device (2) and / or to the transaction device (3)

is communicated.

18. The method according to any one of the preceding claims, wherein on the

User device (2) is executed for a specific user personalized application (5), which is used for interaction with the user, the transaction device (3), and the server (4) and is designed for identification with the server (4) is formed.

A method according to any one of the preceding claims, wherein the transaction is a payment transaction.

20. The method according to any one of the preceding claims, wherein the

Running the transaction, the condition must be met

the transaction device (3) confirms that exactly this transaction should take place, signed and deposited on the server (4),

- The server (4) checked this and in turn signed to the user device (3) has communicated, and

- The user device (2) released this and in turn signed to the server (4) has communicated.

21. The method of claim 20, wherein the execution of the transaction is triggered at exactly the time the condition is established.

22. The method according to any one of the preceding claims, wherein the

Executing the transaction is possible just once.

Method according to one of the preceding claims, wherein as a result of receiving the execution confirmation with its help, a reference to an information required to execute the transaction, preferably stored on a transaction execution server (14), from a first part reference and a second partial reference in the server (4) is composed.

The method according to claim 23, wherein the first partial reference has been generated by the server (4) and the second partial reference by an application (5) executed on the user device (2).

Method according to one of claims 23 to 24, wherein the server (4) with a self-generated symmetric key encrypted the second part reference and stored and the symmetric key was encrypted with an asymmetric key and also the second part reference assigned stored.

The method of claim 25, wherein only the application (5) is capable of symmetric key over the asymmetric

Decrypt encryption method, since the private key to the user device (2) with the application (5) is stored.

The method of claim 26, wherein during processing of

Transaction of the encrypted symmetric key from the server (4) to the application (5) is transmitted, the application (5) the

symmetric key decrypted and decrypted

passes symmetric key to the server (4) and the server (4) decrypts the second part reference with the symmetric key.