WO2005008608A1

WO2005008608A1 - Payment system, payment system terminal and method for making an electronic payment

Info

Publication number: WO2005008608A1
Application number: PCT/EP2004/007566
Authority: WO
Inventors: Rene Lehmann
Original assignee: Rene Lehmann
Priority date: 2003-07-11
Filing date: 2004-07-09
Publication date: 2005-01-27

Abstract

The invention concerns a payment system comprising a background system (30) with access to databanks (34, 35, 39, 37), a first group of terminals, in particular with a supplier terminal (10), a second group of terminals, in particular with a client terminal (20), and a coding system for performing a money transaction in the domain of the background system by data transmission between a first terminal (10) of the first group of terminals and a second terminal (20) of the second group of terminals. The invention aims at enhancing client security. Therefor, the coding system for data transmission between the second terminal or client terminal (20) and the background system (30) comprises codes (OSK, PSK; OKS, PKS) available and used with an individual key (OSK, OKS, OHS, OSH) for terminal stations of the transmission link. Thus, a transmission which cannot be decoded by a supplier may nevertheless be carried through its terminal (10). The invention also concerns corresponding terminals and a payment method.

Description

Bezahlsvstem. Terminal for a payment system and method for carrying out an electronic payment process

The invention relates to a payment system with the generic features of claim 1, a terminal for such a payment system and a method for carrying out an electronic payment process.

There are a number of electronic payment systems for paying for services or goods or for other ways of transferring money. A payment system with a background system with access to databases in which data on traders and potential customers, in particular bank customers with bank accounts, is stored is generally known. The payment system also has a first group of terminals, which are available as dealer terminals at points of sale or service points. Furthermore, the payment system has a second group of terminals as customer terminals, the customer terminals being operated by users who wish to make a payment at the dealer terminal or towards a dealer terminal. It is generally known to use a simple encryption system in order not to transmit the data as plain text. The payment system thus serves to carry out a monetary transaction by transferring data between a specific first terminal of the first group of terminals and a specific second terminal of the second group of terminals.

A problem with such payment systems, however, is the security of the authorization of the payment by the customer, whereby it cannot be ensured against misuse that the person who initiates the payment is actually the person who is authorized to do so. Often, a customer only authorizes a head office to credit money from his account to a merchant's account. The central office can be a bank, a credit card institute, etc. The signature is usually sufficient at the location of the action or purchase of the customer on a form which the dealer receives as credit card receipt, direct debit receipt, etc. after the customer has inserted his card into a corresponding dealer terminal. After the customer has signed, the merchant only checks whether the supposed card holder is correct by comparing the signature on the receipt and the signature on the customer's card. A somewhat higher level of security is provided by entering a personal identification number (PIN), which the customer enters into the dealer terminal.

In any case, however, there is a problem that the customer transfers specific data from his card and, if applicable, specific personal data about himself to the retailer terminal, so that the retailer receives sensitive data that can be misused by the retailer.

The data that was entered in the dealer terminal can be transferred to the background system in different ways. Telephone connections with special protocols for data transmission, such as payment traffic terminals (ZVT), are customary for the transmission of the data. The use of mobile radio devices is also known, the advantage being taken advantage of the fact that the customer is known to the mobile radio operator and the latter has the permission to collect amounts together with the mobile radio bill as a collection company. There is also the advantage that the customer authenticates himself by transmitting the mobile number of his mobile device serving as the customer terminal or, in the best case, provides additional security by entering a further PIN or comparable identification.

From DE 199 03 363 C2, a method for carrying out cashless financial transactions is known, in which essentially an infrared interface is used when transmitting the data between the dealer terminal and the customer terminal. Such an infrared interface is set up in a standardized manner in conventional mobile radio devices, notebooks and the like. A disadvantage of such infrared interfaces is a great deal of uncertainty due to the large scattering angle, since the simplest and most inconspicuous technology means that all data can be read, copied and also generated from a separate facility near the transmitting terminal. Security for money transactions is therefore not guaranteed. In addition, data is exchanged directly between the customer and dealer in this process. This enables manipulations of various kinds, in particular manipulation with credit card data at dubious merchants. In addition, the anonymity of the customer towards the dealer is not guaranteed. The method also has a background system with a background method for credit check, authorization check, etc., this method essentially corresponds to the standard methods of conventional online payments such as when using an EC card (EC: Eurocheque) in connection with a PIN input.

An electronic payment system is known from WO 98/47116, which essentially corresponds to methods known per se from the area of credit card inquiries and the so-called e-cash and from loading electronic wallets. In this process, the customer terminal, dealer terminal and a server in the background system are connected to one another during the process, which is an online process. Attention is also drawn to the possibility of using encryption methods, although there is no specific description of the type of encryption. However, it is disadvantageous that customer data is stored in the so-called SIM card (SIM: Subscriber Identification Module), in which the IMSI identifier (IMSI: International Mobile Subscriber Identity) that is uniquely assigned to the SIM card is also stored. The SIM card is protected against misuse by a 4-digit PIN as long as the PIN is kept secret. The storage of customer data in the SIM card is particularly disadvantageous.

The problem with the known methods is the transmission of sensitive data during the transmission of data or data sets for cashless payment, since this represents a considerable security risk. Especially with payments Manipulation, fraud and data theft are a common problem on the Internet, but also in the currently usual methods of paying with an EC card in offline mode, ie electronic direct debit (ELV). The use of mobile radio technology using GSM (GSM: Global System for Mobile Communications) or UMTS (UMTS: Universal Mobile Telecommunications System) offers authentication of the SIM card holder in the customer terminal used, but prevents data misuse by, for example, intercepting a data record and repeatedly sending the data record out to damage the customer.

In the known methods of paying with a mobile radio device, no additional PIN is required, with which the theft of a switched-on cell phone permits misuse.

The object of the invention is to further develop a payment system for electronically carrying out a monetary transaction, terminals for such a payment system and a method for carrying out an electronic payment process.

This object is achieved by a payment system with the features of patent claim 1, terminals for such a payment system with the features of patent claims 23 and 24 and a method with the features of patent claim 28. Advantageous refinements are the subject of dependent claims.

The starting point is an electronic payment system with a background system that enables access to databases. In the usual way, necessary data of dealers and customers as well as bank accounts of these dealers and customers are stored in the databases. Access to this data from outside is blocked. The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals and a second group of terminals serving as customer terminals, with a payment from the operator of a customer terminal to the operator of a dealer terminal is initiated. The term terminal can be seen widely here and includes passive devices with an electronic chip, which is activated when contacted by an external field in order to exchange data. Furthermore, a terminal is to be understood to mean, for example, mobile radio devices with a SIM card for identifying them in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with network access to a remote data source.

The payment system also has an encryption system for encrypting the data to be transmitted or parts of the data, so that they cannot be transmitted as plain text, making interception and direct use more difficult. The payment system is used to carry out a monetary transaction by transferring data or data records between a first terminal of the first group of terminals and a second terminal of the second group of terminals, the data not necessarily having to be exchanged directly between the terminals concerned.

To increase security, an encryption system is used to encrypt the data between the first terminal, the second terminal and / or the background system, which provides unique key pairs, each with a public key and a private key. The public key is used to have data or data records encrypted by a third-party device before the data is transmitted. The encrypted data is then decrypted by the recipient using the private key. An encryption system with, for example, a so-called RSA key pair is therefore used. In addition to the use of an individual key or key pair for all or part of the individual connections, the use of a special key, which may be independent of the connection, is advantageous if the data is transmitted to the first or second terminal via a mobile radio interface , A system key can be used if the background system is to be used to charge electronic exchanges and the like arranged in the terminal.

The use of a key pair is particularly advantageous if the transmission of the data between the first terminal and the background system, between the second terminal and the background system and / or between the second terminal and the first terminal is carried out with one or preferably two such key pairs , With two key pairs, one key pair is provided for each connection direction, so that in an ideal configuration each of the devices has a unique key pair for each special connection to one of the other devices in order to encrypt data with a public key, which can only be decrypted by the receiver-side device ,

In addition to the direct transmission of data from a device that has encrypted this data with a public key to the receiving device or station that has the assigned private key, the transmission of such encrypted data packets without an increased security risk via third devices is also uhd Stations possible. Such a third device can, in particular, be the further device present in the payment system, so that, for example, data encrypted by the background system after a check for the customer terminal as the second terminal is first transmitted to the first terminal or dealer terminal, in order to finally be sent from the first terminal to be forwarded to the second terminal. In the second terminal, the data can then be decrypted with the private key, while in the dealer terminal only forwarding of data that cannot be decrypted and cannot be used further. Such a transmission can of course be carried out in any direction between the three participating devices, dealer terminal, customer terminal and background system, with the interposition of the third of these devices if a corresponding number of individually and uniquely assigned key pairs is provided in the corresponding devices , In particular, this also enables the transfer of customer data through the second terminal to the dealer terminal if the second terminal cannot establish a direct data connection to the background system at the moment or in principle. The dealer terminal then forwards the data from the customer terminal to the background system via any communication link. Nevertheless, it is ensured that misuse in the area of the dealer terminal or the data connections is not possible.

Advantageously, payment data can also be transmitted from the second or customer terminal to the background system independently of the first or dealer terminal. This case enables e.g. Constellations in which data from the dealer terminal or an article assigned to the dealer terminal are transferred to the second terminal manually or via an automated interface. In the second terminal, the data is encrypted as payment data with the public key of the background system and transmitted to it. The background system can then initiate a transaction with or without prior consultation with the first and / or the second terminal.

Advantageously, data that are to be transmitted from the first or second terminal are supplemented prior to the transmission by additional data that were previously requested and received by the background system for the special payment process. This additional data consists in particular of a transaction number clearly assigned to the process, which can be uniquely assigned to the case process and the originally requesting device by the background system upon receipt of corresponding data. The Additional data thus represent a transaction number. Data which are transmitted from the first terminal to the second terminal or vice versa can be provided with such a transaction number, in particular in order to then be forwarded from the receiving terminal to the background system. In connection with the forwarding, a further addition to the data of the receiving station can be carried out, whereby this supplementary data or the total combination of the supplementary data and the encrypted original data can in turn be encrypted.

The background data can in particular also be used as a key or code for encrypting further data to be transmitted.

The encryption advantageously takes place in an encryption or control device that is independent of the interfaces for transmission and cannot be accessed from the outside. A smart card with a cryptocoprocessor can advantageously be used for this purpose. For particularly good security, the encryption device is assigned one or two individual key pairs which are used to secure the connection to the background system for the transmission of data from the background system. The keys, in particular the private key, are stored in a memory area that is not accessible from the outside and can only be accessed by the smart card.

An interface for short distances is advantageously used for the transmission between the first terminal and the second terminal, in order to avoid the disadvantages of widely dispersing interfaces. In particular, this can be an interface according to ISO 14443, which can also communicate directly with the smart card if it is designed as a dual-interface smart card with such an interface.

For further security, it is advantageous to transfer the data to be transferred with a personal device that is independent of the device To additionally encrypt the identification number PIN of the user, the PIN only being known to the operator of the first or the second terminal on the one hand and on the other hand being stored in a secure database of the background system.

The transmission of time information as additional data together with the data is particularly advantageous, such time information data also being usable as a key for encrypting the data or as a further key for further encryption. The time information is advantageously provided as additional data on request by the background system or the respective terminal, so that the background system can use the time information of received data to check whether too long a time has passed since the start of the process. This prevents malicious interception and repeated sending of a payment data record, for example. Otherwise, the time information can be checked on the receiver side after the data has been transmitted, which includes not only the background system, but also the other terminal communicating with a terminal, with regard to a maximum permissible duration of the operation. The time information is advantageously encrypted together with the data to be transmitted using the unique key, so that a further device which transmits the encrypted data is not able to decrypt the attached time information and manipulate it before it is forwarded.

In principle, such a system can also be used to transfer data as application data to a terminal. Such application data can be transmitted from the background system to the terminal, in particular to the customer terminal, so that its functionality or its area of application can be expanded. In addition to data for refreshing an electronic wallet, application data can also be concert tickets or tickets for public transport. In particular, the application data can directly manipulate the functionality of one of the control devices of the received terminal to determine its area of use or Extend functionality. In addition to or instead of into the actual terminal, the data can advantageously also be loaded into an independent and possibly interchangeable processor chip card or smart card. The data can also be advantageously loaded into other storage media, for example an exchangeable memory card.

A real money flow advantageously takes place only within the background system, but not via the connections to the first or to the second terminal. There is no real cash flow between the two terminals either, but only a transfer of encrypted data, which is then used to trigger the actual monetary financial transaction after corresponding forwarding in the background system.

A terminal provided as the first terminal for such a transaction system advantageously has an interface to the background system and a further interface, in particular an output interface to the second terminal. The output interface to the second terminal can be designed in the simplest embodiment in the form of a displayed website with data to be transmitted by hand. However, interfaces that allow direct automatic transmission, in particular of encrypted data, are preferred. In addition, the terminal has a control device for receiving, processing and transmitting data and for encrypting the data in a secure memory using keys that cannot be accessed from outside.

In a similar manner, a terminal is constructed as a second terminal for such a transaction system, the simplest embodiment of which only has an interface to either the background system or the first terminal. In a preferred embodiment, however, the second terminal also has two interfaces to the background system on the one hand and the first terminal on the other hand. In principle, the two interfaces can also be based on the same interface protocol, so that they can be provided structurally as a single interface. Of course, this also applies to the first terminal. The second terminal as a customer terminal has, in particular, a control device for receiving, processing and transmitting data and a control device for encrypting the data with a secure key of a key pair.

To increase security, the control device, which coordinates the transmission via an interface, and the control device, which performs the encryption of the data, are two different control devices, although in principle a single control device can also take over the entire functions. The keys, above all the private keys, but advantageously also the public keys, are stored in a memory that is not accessible from the outside or directly inaccessible from or in the control device responsible for encryption or decryption.

In addition to equipping a known mobile radio device or mobile computer with such functionality, in particular by installing a second processor as a second control device in addition to a SIM card known per se, simple devices can also be provided as a second terminal. For example, an SMS pad (SMS: Short Massage Service / Short Message Service) can be used, which, in contrast to the mobile phone, has no voice functionality. In such a simple device, the encryption device is advantageously an independent chip, in particular with a cryptocoprocessor, which provides sufficient performance for complex encryption of the data. The installation of a dual interface smart card known per se is preferred. The independent chip is provided in addition to a SIM card, which serves to enable communication via the mobile radio networks. The use of the short message service offers the further advantage that short messages do not have to be transmitted over a fixed connection between the data terminals involved. Such a system also makes it possible, in particular, to initiate the actual payment process by transferring data through the second or customer terminal, which is operated by the payer, and advantageously even a direct integration of the merchant terminal can be omitted.

According to the method, the data to be transmitted between two devices are advantageously encrypted or decrypted with a key pair, in which case this key pair is only known to the two devices involved. A corresponding further key pair is provided for the transmission in the reverse direction. This even enables transmission via other intermediary devices, which as such should actually be classified as untrustworthy. The secrecy of the public key also increases security. ^{■ '}

The encryption is expediently carried out by means of a chip card, and confirmation or further encryption using a PIN or a SIM card number can advantageously be used. Transmission via the short message service or an ISO 14443 interface is particularly preferred. In principle, however, any type of connection, such as end-to-end point connections in a mobile radio system, in a line-oriented fixed network or packet-oriented connections via a mobile or line-bound packet data network, is also possible. According to the method, a transmission is preferred in which the first or dealer terminal receives no or only encrypted data that cannot be decrypted by the first terminal with regard to the internal data of the second or customer terminal or its operator for transmission from or to the background system ,

It is also particularly advantageous to load data into applications of the terminal, in particular into its control device, which is part of a chip card or dual interface smart card according to a particularly preferred embodiment. Exemplary embodiments are explained in more detail below with reference to the drawing. Show it:

1 shows schematically a payment system with a large number of devices and transmission links, the process of a payment process by SMS in a shop also being schematically outlined;

2 shows such a representation for a payment process by SMS for an offer on the Internet; and

Fig. 3 such a payment system for a payment process via SMS on the Internet or television without an existing GSM connection.

As can be seen from FIG. 1, an electronic payment system consists of a large number of devices and components as well as transmission links. In addition to the payment system shown, it is also possible to implement variants with additional or alternative facilities and transmission links, as well as process sequences.

As basic system components, the payment system shown has a first terminal as a merchant terminal 10, a second terminal as a customer terminal 20 and a background system 30, which exchange data or data records with one another via transmission links 41-43. The terminals 10, 20 are representative of a large number of the most varied of devices and facilities which are suitable for the purposes of payment by electronic means. As an example, the dealer terminal is a cash register 11 which transmits data, in particular a price indication, to an interface device 12. To control the operation, the dealer terminal also has a control device C. Data is stored in a memory M which can be part of an independent storage device in the dealer terminal 10 or part of a processor of the control device.

The customer terminal 20 shown as an example is an SMS pad, which is essentially comparable to a mobile radio telephone without a voice transmission function. The customer terminal 20 has, in particular, an integrated first interface device 21 for setting up a transmission link 43 to the interface device 12 of the dealer terminal 10. Via this transmission link 43, for example, price information, a transaction number TAN, a time information T and / or dealer identification information HID are transmitted as data. In addition, the customer terminal 20 has a second interface device 22 which is designed to set up a transmission path 42 to the background system 30 which is independent of the first terminal 10. The customer terminal or the SMS pad expediently has an input keyboard 24 for manual input of data and commands and a display device 25 for displaying data, information and input requests. In order to enable a functionality for transmitting short messages SMS, the customer terminal 20 also has a corresponding control and identification device with the correspondingly required components and data of a mobile radio device. In particular, this includes a SIM card SIM. For further control functions and in particular encryption functions, the customer terminal 20 also has a separate control device C, which is integrated in the customer terminal 20 in particular as an additional chip. This additional chip is preferably a dual interface chip card with a cryptocoprocessor. The customer terminal preferably has a commercially available device as the first interface device 21 for setting up the transmission link to the dealer terminal 10.

The background system 30 essentially has a central computer or host 31. This is equipped with one or more interfaces 32 for setting up a first transmission path 41 to the dealer terminal 10 and a second transmission path 42 to the customer terminal 20. For the Communication with the interface device 32 of the background system 30, the dealer terminal 10 has a correspondingly suitable interface device 13.

In addition to the provision of various interface devices in the individual main devices, the dealer terminal 10, the customer terminal 20 and the host 31 for setting up the first, second and third transmission links 41, 42, 43, a single interface device with a dual function can be used in each case Setup of two different transmission links can be provided. In particular, it is in principle also possible to operate all transmission links with the same transmission standard, so that each device then only provides a single interface device with an addressing option for contacting the desired other device.

The host 31 of the background system 30 expediently has a central control device C for controlling its own operating sequence and for providing and processing transmitted or to be transmitted data. In addition, the background system 30 has a timer or a clock for outputting time information or a time stamp T in order to have a current reference time available at each point in time. For intermediate processing, the background system 30 expediently also has a memory, in particular a temporary memory M. A dealer database 34 is provided for storing data from the dealer terminals 10 and the dealer data or operator of the dealer terminals 10. Correspondingly, data from customer terminals 20 or from operators of the customer terminals are stored in a customer database 35.

As further components, the background system 30 expediently has external interfaces to a personalization device 36 and external institutions 37, for example banks, credit card companies and publishers of security information. A connection between the background system 30 and a so-called Call center 38 for direct customer care in relation to the background system 30.

In order to provide a secure payment system, the individual devices or the dealer terminal 10, the customer terminal 20 and the background system 30 have encryption and decryption devices which are formed by the respective control device C or a special processor. A first and a second key pair are used as keys for the individual transmission links 41-43, each key pair consisting of a private and a public key. Data is encrypted with the public key, and decryption is only possible with the private key. In order to ensure security for the operator of the customer terminal 20 during transmissions between the customer terminal 20 and the background system 30, a key pair with a private key PSK and a public key ÖSK is provided. This key pair is used for transfers of data between only the customer terminal 20 and the background system 30. As a result, data encrypted with this public key ÖSK, which is intercepted by third parties during transmission over the second transmission link 42, cannot be decrypted by these third parties. Even in the case of a transmission via the third transmission link 43 to the dealer terminal 10 and from there via the first transmission link 41 to the background system 30, the dealer and the dealer terminal 10 are denied usable access via the encrypted data. In this simple example, the public key ÖSK is stored in the customer terminal 20 and the private key PSK in the background system 30.

In principle, the same key pair can also be used for encrypting data which are to be transmitted from the background system 30 to the customer terminal. In this case, both the private key PSK and the public key ÖSK would be stored both in the background system and in the customer termianal 20. According to the particularly preferred embodiment, however, two key pairs are provided for the individual transmission links 41-43. For the encryption of data in the customer terminal 20 there is therefore a first public key ÖSK for encryption of the data to be transmitted to the background system 30 and possibly a second public key ÖSK for encryption of data which are to be transmitted to the dealer terminal 10 , to disposal. In addition, a private key PSK is stored in the customer terminal 20, which is used to decrypt data which was encrypted in the background system 30 with the public key ÖSK for transmission to the customer terminal 20. If a pair of keys is provided for transmissions between the customer terminal 20 and the dealer terminal 10, a private key PHK for decrypting data that has been encrypted in the dealer terminal 10 with a public key ÖHK is additionally stored in the customer terminal 20 ,

Advantageously, one or advantageously two key pairs are also provided for the transmission of data between the background system 30 and the dealer terminal 10. For this purpose, the background system 30 has a public key ÖSH for encryption and a private key PHS for decrypting data which are transmitted to or from the dealer terminal 10. The dealer terminal 10 accordingly has a first private key PSF and a first public key ÖSH for decrypting or encrypting data that is transmitted to or from the background system 30.

In the case of encrypted communication between dealer terminal 10 and customer terminal 20, one or advantageously two corresponding key pairs with a private key PHK and a public key ÖKH can also be provided for the transmission to or from the customer terminal 20. Encryption of data to be transmitted between dealer terminal 10 and customer terminal 20 is, if used at all, in particular for dealer terminal 10 / customer terminal 20. Combinations are expedient in which a specific customer regularly contacts his customer terminal 20 with a specific dealer or his dealer terminal 10. This can be of interest, for example, if a customer term is used to pay petrol station bills when using a company vehicle that is used by different drivers, so that there are firm business contacts with changing people.

The private and public keys are advantageously stored in the background system 30 in the customer database 35 or the dealer database 34, these two databases then having to be secured against unauthorized access.

An exemplary payment process between a customer and a dealer at a point of sale is described below.

In a first step 1, an action takes place between the cash register 11 of the dealer terminal 10 and its interface device 12 as a terminal. A price indication is transmitted as a data record between the cash register and the interface device 12. The data can be transmitted in accordance with the RS 323 standard, for example.

In a second step 2, a transmission takes place via the first transmission path 41 from the terminal 12 of the dealer terminal 10 to the interface 32 of the background system 30. The price data and, in addition, the dealer identification information or dealer identification number HID are optionally encrypted together and then transmitted. Encryption of this data is not absolutely necessary, since there is no immediate security risk here. This also applies to the data that the dealer passes on to the customer. Only the data that is exchanged between the customer and the host in both directions is actually relevant for security, so that one can focus on the Encryption of this data can restrict. Nevertheless, the above transmission data can of course also be encrypted.

The public key ÖSH of the background system-dealer key pair ÖSH, PSH is used for encryption by the dealer terminal 10 or by its control device or by a special chip C, in particular a cryptocoprocessor. The public key ÖSH is stored in the memory M or in the special chip C so that it cannot be read from the outside. The key pair ÖSH, PSH is expediently a key pair for a so-called RSA encryption or a comparable secure encryption principle.

The transmission link 41 can be, for example, a radio connection for transmitting short messages SMS, data call (bidirectional data call) or a connection-oriented line in a fixed network. In addition to such connection-oriented telecommunication networks, packet-oriented data networks can also be used for transmission.

After receiving the data, the received data is decrypted in the background system 30 with the appropriate private key PSH, which is stored securely in the memory, in particular in the dealer database 34 of the background system 30, and is not accessible from the outside. It is then checked whether the dealer identification number HID is registered in the dealer database 34 as a system partner permitted for the requested transaction. This can be carried out using data from a blocking list 39, which can be part of a further internal or external storage device, in order to check whether the corresponding dealer or the corresponding dealer terminal 10 is not blocked for individual, special or all transactions. If the check is successful, the control device C of the background system 30 generates a transaction number TAN, which is assigned to the specific transaction process. The received data and the generated data made available for dispatch are expediently stored in the temporary memory M. According to a particularly preferred embodiment, current time data are also provided as time information T by the system clock and used as separate data T or as an integral part of the transaction number TAN for the current transaction process.

The data provided, in particular the price data, the transaction number TAN and possibly the time information T are then encrypted and made available for transmission to the dealer terminal 10 at the interface device 32 of the background system 30. For encryption, either the dealer-background system-key pair ÖSH, PSH or, preferably, a separate background-system-dealer key pair ÖHS, PHS is used. In principle, depending on the configuration, only some or all of the transmitted data can be encrypted. The encryption for this and also the other transmissions is expediently carried out in such a way that the recipient side of the encrypted data can recognize which of the private keys is to be used.

In a third step, the data encrypted in this way is then transmitted from the background system 30 via the first transmission path 41 to the dealer terminal 10. Any type of transmission link can again be used for the transmission, a short message service or landline connection being particularly preferred.

In the dealer terminal 10, the data received in this way is decrypted according to one embodiment with the appropriate private key PHS of the dealer terminal and processed for a further transmission via the third transmission path 43 to the customer terminal 20. The data are then transmitted to the customer terminal 20 via the third transmission link 43.

According to a further and particularly preferred embodiment, the data which are provided in the background system are already in the background system 30 with a public key ÖKS Background system customer key pair ÖKS, PKS encrypted. The data encrypted in this way is then transmitted to the customer terminal 20.

The public keys ÖKS encrypted with the background system customer key pair from, for example, the customer database 35 are transmitted either directly to the customer terminal 20 via the second transmission path 42 or, according to a preferred embodiment, via the first transmission path 41 to the dealer terminal 10. Terminal 10, which cannot decrypt this data due to the lack of a suitable private key, this encrypted data is then forwarded via the third transmission link 43 to the customer terminal 20. The received data is then decrypted and processed in the customer terminal 20 with the corresponding private key PKS.

Insofar as embodiments are implemented in which the dealer terminal 10 or a central computer assigned to it at the dealer to which several dealer terminals 10 or interfaces are connected so that transaction processes can be carried out with several customers at the same time are to be carried out or if they are delayed Transactions are to be carried out, sending an additional identifier together with the price and dealer identification data in the second step to the background system 30 is advisable, the background system 30 then carrying out a return in the third step in such a way that the dealer terminal 10 matches this additional identifier Can assign customers so that the received encrypted data are sent to the correct customer terminal 20.

After the dealer terminal 10 has already indirectly given consent to the transaction by forwarding the data to the customer terminal 20, the operator of the customer terminal 20 can now further process the received data. This further processing includes in particular a review and approval of the planned transaction. Thereupon the received data with possibly further data of the customer terminal, which enable sufficient identification of the customer terminal 20 in the background system 30, is encrypted. A public key ÖSK of the background system customer key pair ÖSK, PSK is used for encryption. In particular, a cryptocoprocessor of the customer terminal 20 is used for encryption, which is used for this purpose as an independent chip in the customer terminal 20. The encrypted data provided in this way are then made available to one of the interface devices 22 for transmission to the background system 30.

In principle, the data provided in this way can optionally be transmitted to the background system 30 via the third transmission point 43 and the dealer terminal 10 as an intermediate device and from there via the first transmission path 41. In a fifth step 5, however, the transmission of the encrypted data from the customer terminal 20 via the second interface device 22 directly to the background system 30 or its interface device 32 is preferred. The short message service SMS is preferably used for this transmission, other types of transmission lines and Transmission systems can be used in principle. For the transmission using the short message service SMS, the customer terminal 20 has the SIM card SIM, which controls the transmission via the second transmission link 42 or provides data which are required for the transmission using the short message service SMS.

For the transmission via the third transmission link 43, transmission systems are preferably used which prevent recording or interception of the transmitted data as well as possible. Accordingly, an interface according to ISO 14443 is preferred, although other systems, for example Bluetooth, infrared interface, can also be used as interface systems.

In the fifth step 5, in addition to the price, the transaction number TAN, the dealer identification number HID and, if appropriate, the time information T, there are others Transfer data. These further data serve to identify the customer terminal 20 with respect to the background system 30 and are in particular a SIM number, a card number of the corresponding smart card, a personal identification number PIN, which is preferably assigned to the user of the customer terminal, and preferably information about the desired payment method.

If such information about the desired payment method is transmitted in the fifth step 5, appropriate payment methods are preferably proposed to the user of the customer terminal 20 in the event that different payment methods are possible for the user via different payment systems or via different accounts. The user of the customer terminal 20 can then read the possible payment methods on the display device 25 and select one of the desired payment methods via the input keyboard 24.

While in the first four, in particular the first three procedural steps, simple encryption is sufficient in principle, and encryption may even be dispensed with entirely, the transmission of data from the customer terminal 20 is to be carried out in encrypted form. Again, in the fifth step 5, some of the data to be transmitted or preferably all of the data to be transmitted are encrypted.

The background system 30 decrypts the data received in the fifth step 5 with the corresponding private key PSK and checks the data for the admissibility of the transaction. This check includes, for example, a check of the customer terminal 20 and / or the user of the customer terminal 20 using the corresponding data from the customer database 30, the PIN entered and the blocking list 39. reviews at external institutions 37 are also possible. In addition, the transaction number TAN is checked on the basis of the data previously stored in the temporary memory M of the background system 30. Ultimately, a credit check is carried out by the customer terminal 20 notified payment method instead. If these and any other verification steps are positive, the corresponding transaction is initiated. This can be done either in the background system 30 itself or preferably by sending corresponding data to an external institution.

Ultimately, in a sixth step 6.1, 6.2, confirmation messages are sent from the background system 30 via the interface device 32. A first confirmation message is sent via the second transmission link 42, in particular via short message service SMS, to the customer terminal 20 in order to display a confirmation of the transaction on its display device 25. In addition to a payment confirmation OK, in particular the price, the dealer identification number HID and the payment method are confirmed. In addition, a confirmation that the payment has been made is sent to the dealer terminal 10 via the first transmission link 41. In addition to the payment confirmation OK, the transaction number and the price are preferably also transmitted as data to the dealer terminal 10. A corresponding document can then be printed out in the dealer terminal 10 for transfer to the user of the customer terminal 20.

The payment confirmations are preferably also each in encrypted form, a corresponding public key ÖKS of the customer-background system key pair ÖKS, PKS being used for the transmission to the customer terminal 20. A public key ÖHS of the dealer-background system key pair ÖHS, PHS is used accordingly for the transmission to the dealer terminal.

In embodiments which use the time information T as an additional variable, the data arriving at the background system 30 are checked before the execution of a transaction with regard to the time elapsed since the original time information T was sent out. In this way it can be prevented that a data record intercepted in particular on the second transmission link 42 from the customer terminal 20 to the background system 30 is intended to be sent repeatedly to the Background system 30 is forwarded, which could possibly result in a multiple execution of the transaction.

A data exchange with external devices takes place between the background system 30 and other external devices, provided that corresponding activities are not carried out in the background system 30 itself. This relates, for example, to the personalization of a customer terminal and / or a dealer terminal by a personalization device 36. In addition to the allocation of personal identification numbers PIN, smart card with corresponding clearly assigned identification information, this can also include checking the respective user.

Furthermore, a so-called call center 38 can be connected to the background system 30, via which a telephone call or possibly other communication channels such as e.g. the short message service or electronic mail from a customer, for example, can be contacted with the background system 30. In addition to the use of a call center 38 to cause a block in the event, for example, of the theft of the customer terminal 20, such a call center 38 can also be used to order a transaction by telephone.

In embodiments in which a selection of the payment method is possible, as early as the fourth step 4, additional information can be communicated to the customer terminal 20 which payment methods are permissible with a view to the communicating dealer terminal 10 or its operator. The display device 25 then only shows the selection of the payment methods which form an intersection between the payment methods which are possible with a view of the dealer terminal 10 and with a view of the customer terminal 20.

Further encryption can be associated with the positive confirmation by the operator of the customer terminal 20 that the payment data may be transmitted to the background system 30 in the fifth step 5. For example the customer's personal identification number PIN is also encrypted. The encryption takes place directly in the chip card, in particular in the cryptocoprocessor C. The card number or internal number is advantageously also used when forming the data record to be transmitted to the background system 30. In the case of a transmission via short message service SMS, a data record with usual SMS header data, in particular the telephone number of the SIM card, and subsequently the actual encrypted data is sent in the usual way. It is preferably sent directly from the customer terminal 20 to a short message service router and from there to the background system 30.

FIG. 2 shows an alternative exemplary embodiment for a transaction process in connection with payment for an offer on the Internet or television using a customer terminal 20. Details and procedural steps in this and a further exemplary embodiment which have already been described are omitted. In this regard, reference is made to the corresponding description above. In particular, the same reference numerals are chosen for the same or similar structural or procedural implementations.

Instead of a directly actively communicating dealer terminal 10, the customer faces an offer on the Internet or television. The offer is given accordingly by a dealer terminal 10 ', which consists of a dealer center 13' and a display device 14 'connected to it. The offer is displayed in the form of an article with additional information about the price, an article number and / or transaction number TAN, which is assigned to the article, as well as a dealer identification number HID. In the case of complex systems, the transaction number TAN may already have been assigned at an earlier point in time by the background system 30 specifically for the selected article of this special dealer or dealer terminal 10 ', so that the transaction number TAN is compared to the background system 30 and when it is returned to the dealer terminal 10 'is already sufficient to identify the corresponding dealer terminal 10' and the special article. However, this makes it necessary to assign a separate transaction number TAN for each individual article of a merchant and thus also represents a certain load on the overall system. As further information, information about possible payment methods and can also be provided by the merchant terminal 10 'on its display device 14 " This information can also be provided either as a separate number, part of the article number and / or part of the transaction number TAN. A type of shipping is, for example, in the case of a transmission via the Internet, via downloadable software, a so-called download Another possible mode of dispatch is, however, a conventional dispatch by, for example, courier or mail. In the latter case, however, the customer address must be communicated to the dealer terminal 10 ', which would otherwise theoretically allow complete anonymity of the customer or the customer ter excludes at least 20 towards the dealer or dealer terminal 10 '.

The customer transmits the data displayed on the display device 14 "by hand via the input keyboard 24 into the customer terminal 20. Alternatively, in the case of an offer on the Internet, a transmission can also be carried out via a corresponding interface device 12" with access to the corresponding page of the dealer. Terminals 10 'and a third transmission link 43' can be carried out, which automatically enables the transfer from the dealer terminal 10 'to the customer terminal 20. The transmission of the data essentially corresponds to the fourth step 4 of the first exemplary embodiment.

The customer enters the corresponding data in the customer terminal 20 and makes appropriate selection options, such as the desired payment method. Finally, the customer confirms his purchase request, whereupon a corresponding data record is created and encrypted in the customer terminal 20. Confirmation is as above by entering the PIN, which is integrated into the data record and encrypted. All data is processed and encrypted accordingly by the chip card C. A short message text or SMS text is then generated from the encrypted data record and transferred to the GSM part of the customer terminal 20. The GSM part of the customer terminal in turn consists of the SIM card SIM or includes this as a further essential component.

Subsequently, in the fifth step 5, a transmission via the second transmission link 42 to the background system 30 is carried out, as in the first exemplary embodiment. After receipt, the background system 30 decrypts the received data and carries out the corresponding checking steps with regard to the dealer, customer and credit rating.

If all the data or entries are in order, payment confirmations are sent to the customer terminal 20 or the dealer terminal 10 'in the sixth step 6.1, 6.2, as in the first exemplary embodiment, the dealer terminal 10' preferably being one in the present case Is a computer for processing purchase campaigns and arranging for the delivery of requested articles or the initiation of requested services.

In the case of an Internet system as a dealer terminal 10 ', the confirmation to the dealer terminal 10' is preferably sent via a corresponding packet-based data network in accordance with the TCP / IP protocol, for example. Forms of transmission such as sending an electronic mail are e.g. possible.

A further transaction number TAN 2 is preferably transmitted to the dealer terminal 10 'for confirmation. In addition, identification information is transmitted which enables the transfer. In the case of a desired download, for example, a generated code can be generated which is transmitted to both the dealer terminal 10 'and the customer terminal 20. By entering the code on the part of the customer on a corresponding Internet access computer, the latter can identify himself to the dealer terminal 10 ', so that the download is released. In this case, the dealer or the dealer terminal 10 'advantageously does not need any personal Information regarding the customer or the customer terminal 20. Alternatively, the customer terminal 10 'can also be given a customer address if the customer is to be sent an article or a service is to be provided to the customer.

Depending on the complexity, this method requires a correspondingly large storage space for the dealer database 34 and / or a linking of the background system 30 to the Internet offers of the dealer terminals 10 '.

FIG. 3 shows a third exemplary embodiment. Again, the same reference symbols or those identified by asterisks and apostrophes denote components or method steps which have already been described with the aid of the above exemplary embodiments as being identical, having the same effect or being similar, which is why essentially only different features are described. As in the previous exemplary embodiments, the transmission via the first, second and / or third transmission link 41, 42, 43 'also takes place in this exemplary embodiment, preferably with the encryption system already described, using key pairs with private and public keys.

A payment system is shown in which the retailer terminal 10 'is in turn designed as an Internet provider or an offer via television. Of course, as in the first exemplary embodiment, a dealer terminal can also be provided as an alternative embodiment.

In the present exemplary embodiment, it is assumed that there is currently no mobile radio network available to the customer terminal, so that encrypted data cannot be transmitted from the customer terminal 20 *, 20 to the background system 30 via the second transmission path 42 in the previous fifth step 5. Nevertheless, a transaction should be made possible. As in the above exemplary embodiments, the data from the dealer terminal 10 'are transmitted directly or, as shown, indirectly to the customer terminal 20, 20 *. On the display device 14 'of the dealer terminal 10', for example, a selected item with a corresponding price is again displayed over the Internet. In addition, various payment methods and payment via SMS message service may be offered.

The customer can in turn choose to pay via short message service. The website or the television screen in turn display the data, the goods or service, download or delivery, etc. on the display device 14 '. In addition, the price, an article number or a transaction number, which are provided specifically for the goods and number of pieces, are displayed. After the transmission of the corresponding data to the customer terminal 20 *, 20, the processing by the customer terminal 20, 20 * takes place in a manner which has essentially already been described. However, the customer terminal 20, 20 * recognizes that neither a GSM connection for sending a short message SMS nor any other suitable connection is available.

The customer terminal 20, 20 * then calculates a code from the available data, using secure methods such as the DES (Data Encryption Standard), 3DES (Triple Data Encryption Standard), RSA, etc., which are known per se. In particular, the actual code is preferably encrypted with the public key ÖSK of the background system-Kuhden key pair ÖSK, PSK to protect against misuse, as was carried out in a comparable manner to the data for transmission in fifth step 5 in the above exemplary embodiments.

The code is transmitted in a fifth step 5 * from the customer terminal 20 to the background system 30 and there with the corresponding private one, if applicable

PSK key decrypted. Furthermore, in the background system 30

Data of the code the data required to carry out the transaction removed, whereby data supplied by the dealer terminal 10 * additionally to the background system 30 may also be used.

FIG. 3 shows alternative ways of transmitting the code from the customer terminal 20 *, 20 to the background system 30.

In the case of the first alternative, a new mask is displayed on the display device 14 'of the dealer terminal 10 in the case of Internet access, after appropriate selection of the customer by his inputs on an interface device 12 * in the case of Internet access. On the mask, the first text information is displayed prepared, such as the dealer name and the dealer identification number HID, the article, an article number and / or transaction number, a desired number of pieces, the price and an open field for entering the code, which the customer or customer Terminal 20 * is to be transferred. The interface device can be an automatic interface 12 'which communicates with the customer terminal 20 *, 20 via the third transmission link 43', with which the customer can make inputs directly via the keyboard 24 of the customer terminal. The input device of the dealer terminal 10 'can also be a keyboard 12 * or the like on the dealer terminal 10', which is used for manual entry of the code by the customer or operator of the customer terminal 20, 20 ^* , who then uses the code reads and transmits from the display device 25 of the customer terminal 20 ^* .

Corresponding transmission is then carried out from the dealer terminal 10 'or the downstream central computer 13', for example by electronic mail program using an electronic mail in the fifth step 5 * to the background system 30. The dealer or the dealer terminal 10 'has no access to falsify or read out the code, since this contains correspondingly encrypted data from the customer terminal 20. According to the second alternative, the customer lacks an input option at the dealer terminal 10 ', for example in the absence of a corresponding interface device 12', 12 *, as is the case when buying an offer shown on television. In this case, the customer or user of the customer terminal 20 * can select a connection to the background system 30 in a manner known per se via the call center 38 in a fifth step 5 °.

In contrast to a conventional order via call center 38, the customer notifies the call center 38 of the code calculated by the customer terminal 20 *, which is displayed on the display device 25 of the customer terminal 20 *. For further security, the call center 28 can optionally additionally ask a security question stored in the background system 30 or at the call center 38, which the customer has to answer correctly. The call center 38 then transmits the code 5 to the background system 30 via any connection route. The encryption with the public key ÖSK of the background system customer key pair ÖSK, PSK prevents abuse by the call center 38. This applies in particular if time information is integrated in the code, which was updated by the background system 30 via the dealer terminal 10 ', was originally generated by the dealer terminal 10' or by the customer terminal 20 * and contains time information in the background system 30 can be compared.

As an alternative to transmission via a call center 38, other transmission paths known per se can also be used, such as, for example, a call to a voice computer or a computer system, which enables control and data input via a telephone keypad.

With these alternatives as well, the background system 30 can initiate a transaction on the basis of a secure transaction request and, in parallel or subsequently, send confirmation messages in a sixth step 6.1, 6.2 as in the above exemplary embodiments. While a corresponding confirmation can be transmitted directly to the dealer terminal 10 ', A corresponding confirmation message in the form of a short message SMS is temporarily stored in the short message service router via the second transmission link 42 until the customer terminal 20 * again establishes a communication connection to the short message service router and can receive the transaction confirmation with a time delay.

It is also possible to use terminals that technically do not contain GSM / UMTS modules. Can be implemented e.g. a use of such terminals as pure encryption units for a) the case shown here and b) if the encrypted data is passed to the server via a terminal of the first group.

According to simple embodiments, the provision of simple dealer or customer terminals 10, 20 is sufficient, which enables inexpensive implementation by provision of, for example, an SMS pad as customer terminal 20. In principle, however, complex terminals can also be implemented, for example a conventional mobile radio device with an encryption chip C in addition to the SIM card, with the separation of the functionality into two components with communication information and communication functions on the one hand and encryption data and encryption functions on the other hand without external access to security particularly preferred in a preferred manner. In addition to any possible combinations of the individual aspects of the exemplary embodiments described, combinations with corresponding alternatives for devices and methods known per se are also possible, for example combinations with the most varied of protocols and systems for setting up transmission links.

The particularly preferred system thus consists of three components, the background system 30, the dealer terminal 10 and the customer terminal 20, for example an SMS pad of the customer with an integrated chip card (dual interface smart card, possibly with a cryptocoprocessor). The background system consists of an SMS host for sending and receiving SMS messages and a server that performs standard clearing tasks and checks customers and dealers using the known methods. In addition, he has the respective RSA key for encrypting and decrypting data records that are sent and received via SMS.

The dealer terminal is preferably a conventional POS (point of sale / sales) terminal, supplemented by an interface according to ISO 14443, an internet shop, or a GSM terminal supplemented by an interface according to ISO 14443.

The customer terminal or SMS pad is preferably a device for sending and receiving SMS, GPRS, and or data call connections (data calls). It is equipped with a standard SIM card, which ensures the handling of the GSM standards, and additionally with a processor chip card with an integrated cryptocoprocessor and dual interface, i.e. a contacted interface with T = 1 or comparable and an interface according to ISO 14443. Various applications can be included in this card, e.g. E-Börse, E-Ticket etc., and an application for the encryption of payment data and the management of the data. The required RSA keys or keys of other key systems (3DES) are also securely stored in it.

The transmission of sensitive data during the transfer of data records for cashless payments always represents a considerable security risk. Manipulations, particularly on the Internet but also in the methods currently used for payment with the EC card in the offline method (ELV: electronic direct debit method), are manipulations, Fraud and data theft are common. The use of GSM technology and the future UMTS procedure for payment transactions is therefore repeatedly assessed as insufficiently secure.

The present procedure is intended to close this gap. The combination of highly encrypted data records in connection with GSM / UMTS radio as independent data transmission can be ensured. The Transaction data, in particular those in which the sensitive data of the customer who is making the payment is transmitted, takes place independently of the retailer's terminal or even an internet connection, i.e. in a completely separate way that the retailer cannot control. The data is encrypted and signed with an RSA key. Both a system of uniform keys and a customer-specific key can be used. The encryption of the sensitive data is carried out by a microprocessor chip card, possibly with a cryptocoprocessor. This stores the keys securely. In addition, the authentication of the creditor can be secured with a PIN. This PIN can be stored on the card as well as in the background system or only in the background system. The microprocessor chip card works in conjunction with a device according to GSM and or UMTS standard which secures the sending and receiving of SMS, possibly supports GPRS and DataCall. Additional functions are optional. The transfer of the necessary data from the dealer to the customer (price, dealer number, TAN, payment options of the dealer, etc.) can be carried out using an interface according to ISO 14443, if this is supported by the chip card or the device. Other interfaces are conceivable, since this data is not sensitive. The way that encrypted data is transferred to the dealer terminal is also not critical, since it is then encrypted.

It is also possible for encrypted data to be sent to the device and for the device to decrypt it using the chip card. This makes it possible to change the data content of chip card applications. This can e.g. via SMS or via DataCall in dialog mode while a connection is on hold. With this procedure, tickets can be loaded into the DF ticket (DF: Data File) of a cash card or comparable device or loaded into e-exchanges.

The processing in the background system differs from the known methods, in particular in clearing servers, by storing the RSA key, decrypting the data records, checking the decrypted PIN, possibly checking the SIM card number and vice versa the encryption of sensitive data records to the SMS-capable device, the inclusion of the GSM / UMTS time stamp in the security query and, if necessary, a random number. When using different and card-dependent keys for sending and receiving data, the "cracking" of such a system can be ruled out for the foreseeable future.

Instead of RSA encryption, almost any known symmetrical or asymmetrical key method can alternatively be used. It is also possible to use several keys and / or different methods with one card.

Claims

claims

1. Payment system with - a background system (30) with access to databases (34, 35, 39, 37), - a first group of terminals, in particular with at least one merchant terminal (10; 10 '), - a second group of Terminals, in particular at least one customer terminal (20; 20 *), and - an encryption system - for performing a monetary transaction in the area of the background system (30) by transferring data between a first terminal (10; 10 ') of the first group of terminals and a second terminal (20, 20 *) of the second group of terminals, characterized in that - in the encryption system for transmitting at least some of the data between the first terminal (10; 10 ') and the second terminal (20; 20 *) and / or the background system (30) bowl (ÖSK, PSK; ÖKS, PKS; ÖSH, PSH; ÖHS, PHS; ÖKH, PKH; ÖHK, PHK) with an individual key (ÖSK, ÖKS, ÖHS, ÖSH, ÖKH , ÖHK, PKS, PSK, PSH, PHS, PHK, PKH) provided u nd can be used.

2. Payment system, in particular according to claim 1, with - a background system (30) with access to databases (34, 35, 39, 37), - a first group of terminals, in particular with at least one merchant terminal (10; 10 ') , - a second group of terminals, in particular at least one customer terminal (20; 20 *), and - an encryption system - for performing a monetary transaction in the area of the background system (30) by transferring data between a first terminal (10; 10 ') of the first group of terminals and a second terminal (20, 20 *) of the second group of terminals, characterized in that - In the encryption system for transmitting at least part of the data between the first terminal (10; 10 '), the second terminal (20; 20 *) and / or the background system (30) at least one bowl (ÖSK, PSK; ÖKS, PKS; ÖSH, PSH; ÖHS, PHS; ÖKH, PKH; ÖHK, PHK, ÖSK, ÖKS, ÖHS, ÖSH, ÖKH, ÖHK, PKS, PSK, PSH, PHS, PHK, PKH) is provided and used, the data on a Mobile radio interface are transmitted to the first or second terminal.

3. Payment system according to claim 1 or 2, characterized in that for the transmission of the data between the first terminal (10; 10 ') and the background system (30), the second terminal (20, 20 *) and the background system (30) and / or the second terminal (20, 20 *) and the first terminal (10, 10 ') are provided with at least one, in particular two key pairs, each clearly assigned to the encryption or decryption devices involved.

4. Payment system according to one of the preceding claims, characterized in that the data for the transmission of the data between the first terminal (10, 10 ') and the background system (30) from the first terminal (10, 10') via the second terminal (20 , 20 *) and from the second terminal (20, 20 *) to the background system (30) and from the first terminal (10, 10 ') before the transmission with a public key (ÖSH) of the background system (30) or the first terminals (10, 10 ') are encrypted, the encrypted data from the second terminal (20, 20 *) not being decryptable.

5. Payment system according to claim 4, characterized in that the key (ÖSH) comes from a unique key pair (ÖSH, PSH) which is only sent between the first terminal (10, 10 ') and the background system (30).

6. Payment system according to one of the preceding claims, characterized in that the data for the transmission of the data between the second terminal (20, 20 *) and the background system (30) are transmitted from the second terminal (20, 20 *) via the first terminal (10, 10 ') and the background system (30) and from the second terminal (20, 20 *) the transmission is encrypted with a public key (ÖSK) of the background system (30) or the second terminal (20, 20 *), the encrypted data from the first terminal (10, 10 ') not being decryptable.

7. Payment system according to claim 6, characterized in that the public key (ÖSH) originates from a unique key pair (ÖSH, PSH) which is only sent between the second terminal (20, 20 *) and the background system (30).

8. Payment system according to one of the preceding claims, characterized in that the data are transmitted as payment data from the second terminal (20, 20 *) to the background system (30) independently of the first terminal (10, 10 ').

9. Payment system according to claim 8, characterized in that part of the data is previously transferred from the first terminal (10, 10 ') to the second terminal (20, 20 *) manually or via an automatic interface (12; 12').

10. Payment system according to one of the preceding claims, characterized in that data transmitted by the first terminal (10, 10 ') or the second terminal (20, 20 *) prior to the transmission by additional data (TAN, T.) Previously received by the background system (30) ) can be added.

11. Payment system according to one of the preceding claims, characterized in that data transmitted between the first terminal (10, 10 ') and the second terminal (20, 20 *) is supplemented by additional data previously received from the background system (30) and together with the additional data (TAN, T) are encrypted.

12. Payment system according to one of the preceding claims, characterized in that the encryption in each case in an encryption and / or control device which is independent of the interfaces (12, 12 ', 12 *, 32, 22, 23, SIM) and cannot be accessed from the outside ( C) is carried out.

13. Payment system according to claim 12, characterized in that the encryption device (C) is assigned its own individual key pair.

14. Payment system according to one of the preceding claims, characterized in that a dual interface smart card is used as an encryption device in the second terminal (20, 20 *) and private and / or public keys (PKS, ÖSK, PKH, ÖHK) are in from the outside inaccessible memory areas (M) are stored.

15. Payment system according to one of the preceding claims, characterized in that the first terminal (10, 10 ') and the second terminal (20, 20 *) have an interface (12, 22) for transmitting the data over only a short, tap-proof route , especially an interface according to ISO 14443.

16. Payment system according to one of the preceding claims, characterized in that the data are supplemented with a device-independent personal identification number (PIN) prior to transmission, which only the operator of the first terminal (10, 10 ') or the second terminal (20, 20 * ) on the one hand and on the other hand the background system (30, 34; 30, 35) is known.

17. Payment system according to one of the preceding claims, characterized in that time information (T) is transmitted in encrypted form together with the data and / or is used as an additional key for the data when encrypting.

18. Payment system according to claim 17, characterized in that the time information (T) from the background system (30) is used individually for the process as a security feature.

19. Payment system according to claim 17 or 18, characterized in that the time information (T) after the transmission of the. Data is checked on the recipient side with regard to a maximum permissible process duration.

20. Payment system according to one of the preceding claims, characterized in that application data from the background system (30) is transmitted in encrypted form to the first or second terminal (10, 20).

21. Payment system according to claim 20, characterized in that the application data manipulate a control device of the first or second terminal (10, 20).

22. Payment system according to one of the preceding claims, characterized in that when the data is transmitted there is no real cash flow over the transmission links from and to the first terminal (10, 10 ') and from or to the second terminal (20, 20 *).

23. Terminal as the first terminal (10, 10 ') for a payment system according to one of the preceding claims with an interface (13) to the background system (30) and a further interface, in particular an output interface (12, 12', 14 ', 12 *), and a control device (C) for receiving, processing and transmitting data and for encrypting the data, and with a memory for keys that is not accessible from the outside.

24. Terminal as second terminal (20, 20 *) for a payment system according to one of claims 1 to 22 with an interface (22; 25) to the background system (30) and a further interface, in particular an input interface (22; 24), for entering data from the first terminal (10, 10 ') and a control device (C) for receiving, processing and transmitting the data as well as for encrypting the data and with an inaccessible memory (N) for keys.

25. Terminal according to claim 24; characterized in that it is equipped with the interface device, in particular a short message transmission and / or reception device (SIM, 24), and a control and encryption device (C), the interface device, in particular the short message transmission and / or Receiving device, and the encryption device are structurally separate devices.

26. Terminal according to claim 25, characterized in that the encryption device (C) is an independent chip, in particular a dual interface smart card with a cryptocoprocessor and / or another suitable smart card.

27. Terminal according to one of claims 24 to 26, characterized in that an input device for triggering encryption and outputting the data is designed after the transfer of data to the second terminal (20).

28. A method for performing an electronic payment process, in particular with a payment system according to one of claims 1 to 22 and / or with a terminal according to one of claims 23 to 27, in which - data from a first terminal (10, 10 '), in particular Dealer terminal, from a first group of terminals via a second terminal (20, 20 *), in particular customer terminal, from a group of second terminals to a background system (30) or from the second terminal (20, 20 *) via the first Terminal (10, 10 ') are transmitted to the background system (30), - the data in the background system (30) being checked and a transaction possibly being triggered, characterized in that - The data are each encrypted with an individual key for the first terminal, the second terminal and / or the background system and the other device relevant for the transmission.

29. A method for performing an electronic payment process, in particular with a payment system according to the method according to claim 28 and / or according to one of claims 1 to 22 and / or with a terminal according to one of claims 23 to 27, in which - data from a background system (30) to a terminal (20), in particular a customer terminal, are transmitted from a group of terminals, - the data in the background system (30) being assigned to a monetary transaction and - the data being encrypted before transmission, characterized in that that - at least part of the data is encrypted with an individual key or a system key and transmitted via a mobile radio interface.

30. The method according to claim 28 or 29, in which in the second terminal (20) and / or in the first terminal (10) an intersection of the payment methods possible on both sides is determined and displayed for selection.

31. The method according to any one of claims 28 to 30, wherein the data are encrypted with a key, in particular a key of a key pair with a private and public key, of the originally sending terminal (20; 10; 30) that the data is only from the ultimately receiving device (10; 20; 30) can be decrypted.

32. The method according to any one of claims 28 to 31, in which the encryption is carried out by means of a separate processor, in particular by means of a separate chip card (C).

33. The method according to any one of claims 28 to 32, in which data are transmitted by means of short message service and / or short-distance transmission.

34. Method according to one of claims 28 to 33, in which the first terminal (10, 10 ') has no or only encrypted data from the second terminal (20, 20 *) that cannot be decrypted by the first terminal (10, 10') for further transmission to the background system (30) and / or in the reverse transmission direction.

35. The method according to any one of claims 28 to 34, in which data in applications of the control device (C), in particular in a chip card or dual interface smart card of the second terminal (20) are loaded.