EP3391316A1 - Verfahren zur sicherung einer transaktion aus einem mobilen endgerät - Google Patents

Verfahren zur sicherung einer transaktion aus einem mobilen endgerät

Info

Publication number
EP3391316A1
EP3391316A1 EP16826376.2A EP16826376A EP3391316A1 EP 3391316 A1 EP3391316 A1 EP 3391316A1 EP 16826376 A EP16826376 A EP 16826376A EP 3391316 A1 EP3391316 A1 EP 3391316A1
Authority
EP
European Patent Office
Prior art keywords
transaction
module
authentication
request
electronic card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP16826376.2A
Other languages
English (en)
French (fr)
Inventor
Arnaud BELLEE
Antoine DUMANOIS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Publication of EP3391316A1 publication Critical patent/EP3391316A1/de
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes

Definitions

  • the present invention relates to the field of transactions using mobile terminals.
  • Dematerialized or “virtualized” appeared recently, to make transactions (especially payments) through a dematerialized bank card on an electronic medium, for example a mobile terminal, able to make a payment remote or in proximity with a payment terminal, for example of non-contact type (NFC).
  • NFC non-contact type
  • the virtualization method used by these payment systems is for example the following: the customer, or cardholder, between the billing information recorded on his card in an application of the terminal controlled by an aggregator, or provider, of the payment service .
  • the wearer photographs his bank card and informs the visual cryptogram (the security code which is typically on the back).
  • the visual cryptogram the security code which is typically on the back.
  • the bank that is responsible for the bank account associated with the card validates the virtualization if it believes that the person who entered the information is actually the customer card holder, or carrier. If necessary, are loaded at the terminal virtualization data corresponding to the card, or token (in English "token"), encrypted using encryption keys known only by the bank responsible for the card ( or by the organization managing the banking scheme in delegation of the banking organization responsible for the card).
  • token in English "token”
  • Token transaction module data (bank card virtualization data) includes:
  • Additional code (usually the visual cryptogram); - A PIN, that is to say a personal confidential code, usually 4 digits.
  • the third must be known to the user, he will indeed be asked to validate any transaction using the dematerialized card (at least from a certain value).
  • wallet To facilitate the management of a plurality of dematerialized cards, it has been proposed the use of unified electronic wallet applications, called “wallet”. Such an application is for example described in the document US2015235212. If the user wants to use one of his cards for a transaction, he just has to open the wallet as the only payment application, and the latter offers him to choose between the cards (and more particularly between the transaction modules of cards) he wants to use, he just has to enter the associated PIN. Wallets also provide additional features such as PIN code change.
  • the number of PIN codes to be memorized can be quite high if it has dematerialized several cards.
  • a single card can be associated with several modules of a token, it can become complex if the user wants to change PIN. The latter may inadvertently put different PIN codes for several modules associated with the same card, and not understand why his code no longer works if he makes a purchase for example via Visa instead of CB or vice versa.
  • the present invention thus relates in a first aspect to a method for implementing a transaction from a mobile terminal comprising a data processing module and a security element on which a plurality of transaction modules are stored, each module transaction card associated with a card electronic, and adapted to authorize a transaction on behalf of said electronic card when activated on presentation of an associated PIN,
  • a security element such as a subscriber identification card for the implementation of an authentication module that oversees the transaction modules makes it possible to keep the maximum level of security in place. free from the need for multiple PIN management.
  • the data processing module implements a module for managing the transaction modules, step (b) comprising the reception by the authentication module of an activation request of the transaction module targeted by the request for transaction, said activation request being issued by said management module.
  • the present method is used cleverly with a management module of the "wallet” type facilitating the implementation of transactions by the user.
  • Step (b) comprises the prior transmission by the targeted transaction module, to the management module, of a request for presentation of the associated confidential code.
  • the management module thus makes it possible to implement the authentication module as a "wallet companion" without having to modify the transaction modules.
  • the management module is configured to request and obtain via the interface said authentication code.
  • the management module can simply control the authentication module by replacing the request for presentation of the PIN with a request for presentation of the unique authentication code, and this completely transparent manner.
  • Said activation request includes an identifier of the targeted transaction module, and the authentication code obtained via the interface;
  • Step (c) comprises the transmission by the authentication module of the confidential code associated with the targeted transaction module in response to the activation request.
  • Step (c) also comprises the reception by the targeted transaction module of the associated confidential code.
  • the authentication module provides the confidential code to the targeted transaction module so as to simulate a conventional operation.
  • Step (b) comprises the reception by the authentication module of an activation request of the transaction module targeted by the transaction request, said activation request being sent by said targeted transaction module.
  • the authentication module is configured to request and obtain via the interface said authentication code.
  • the authentication module and the transaction module communicate only within the security element, which physically prevents any attack to intercept the code requests.
  • Step (b) comprises the transmission by the authentication module of an activation command of the targeted transaction module in response to the activation request.
  • the authentication module completely controls the transaction module, which avoids the complexity (and therefore the security risks) associated with communication within the mobile OS.
  • the transaction module concerned is associated with a bank card, the transaction request being received in step (a) from an electronic payment terminal in wireless communication with the terminal, the transaction authorization being issued to the step (c) to the electronic payment terminal.
  • the method further comprises a step (d) of transmitting the transaction authorization to a bank server associated with said bank card via a network.
  • a mobile terminal configured in NFC mode can simulate a bank card with the same functionality. It is sufficient for the user to put his terminal on the TPE to authorize a payment with the dematerialized card.
  • the security element is chosen from a subscriber identification card and a secure execution space of the terminal's data processing module.
  • the method comprises the prior implementation of a digitization of at least one electronic card, comprising the implementation of steps by the security element of:
  • the method comprises prior to reception from the server of data representative of said electronic card:
  • the invention relates to a security element on which a plurality of transaction modules are stored, each transaction module being associated with an electronic card, and adapted to authorize a transaction on behalf of said electronic card when it is activated on presentation of an associated PIN,
  • the security element being configured to:
  • an authentication module Receiving at the level of an authentication module also stored on the security element a valid single authentication code obtained via an interface of a terminal, the authentication module storing the confidential codes associated with each of the transaction modules, and itself being activatable upon presentation of said authentication code;
  • the mobile terminal comprising a data processing module and the security element according to the second aspect.
  • the invention relates to a computer program product comprising code instructions for executing a method according to the first aspect of the invention for implementing a transaction from a mobile terminal.
  • the invention relates to a storage means readable by a computer equipment on which this computer program product is found.
  • FIG. 1 is a diagram of a general network architecture for the implementation of the invention
  • FIG. 2 represents an embodiment of implementation of a transaction via the method according to the invention
  • FIG. 3 represents an embodiment of digitalization of an electronic card via the method according to the invention.
  • the invention proposes a method for implementing a transaction from a mobile terminal 1, in particular a transaction using a dematerialized card on the terminal 1, ie a transaction reproducing the use of a a electronic card.
  • a transaction using a dematerialized card on the terminal 1 ie a transaction reproducing the use of a a electronic card.
  • the transaction is typically a payment transaction (that is, the dematerialized card on the terminal 1 is a bank card), in particular a proximity transaction initiated by an electronic payment terminal (EPT) 2 such as the it is found in most outlets (for example EFTPOS type).
  • EPT electronic payment terminal
  • the TPEs have near-field communication means (NFC) originally intended to interact with a physical bank card with this technology, but also allowing them to interact with the mobile terminal 1.
  • NFC near-field communication means
  • the TPE 2 is therefore advantageously on the one hand connected via a wireless link
  • NFC NFC, but also Wi-Fi or Bluetooth
  • a network 20 for example Internet
  • the payment can be remote (ie no near-field communication with a TPE 2)
  • the mobile terminal 1 can for example be connected via the Internet (through a mobile communication network, typically 4G) to a remote payment equipment .
  • the present method is not limited to payment transactions, but may relate to any transaction reproducing the use of an electronic card on the terminal 1, and in particular teletransmissions of care sheets via a vital card, validations of medical procedures via Health Professional Card, secure transmission of documents online (for example filing of a patent application by an EPO agent's smart card), etc.
  • the mobile terminal 1 can be of any type, in particular smartphone or touch tablets. It comprises a data processing module 11 (a processor), a data storage module 12, a user interface (HMI) 13 comprising, for example, input means and display means (for example a touch screen, we will see further alternatives).
  • a data processing module 11 a processor
  • a data storage module 12 a data storage module
  • a user interface (HMI) 13 comprising, for example, input means and display means (for example a touch screen, we will see further alternatives).
  • the terminal 1 further comprises a security element 12.
  • a security element is an element adapted to allow a connection of the terminal 1 to a mobile communication network, in particular a subscriber identification card.
  • subscriber identification card is meant any integrated circuit capable of performing the functions of identifying a subscriber to a network by means of data stored therein, and more particularly a "SIM” card (of the English “Subscriber Identity Module”), or a “e-UICC” card (for “(embedded) -Universal Integrated Circuit Card”) comprising data processing means in the form of a microcontroller and the "EEPROM” type memory (for "Electrically-Erasable Programmable Read -Only Memory "), or flash.
  • SIM SIM
  • e-UICC embedded
  • EEPROM Electrically-Erasable Programmable Read -Only Memory
  • flash Electrically-Erasable Programmable Read -Only Memory
  • the security module 12 is a secure memory area of the mobile terminal such as a "TEE” (Trusted Execution Environment) component embedded in the data processing module 11, or a dedicated hardware element of the terminal 1 (for example a microcontroller, an "eSE” chip for "(embedded) -Secure Element” or any “Secure Component GP (GlobalPIatform)”), or even a removable microSD component ("SD” for Secure Digital).
  • TEE Trusteon Environment
  • eSE embedded in the data processing module 11
  • a dedicated hardware element of the terminal 1 for example a microcontroller, an "eSE” chip for "(embedded) -Secure Element” or any “Secure Component GP (GlobalPIatform)"
  • SD Secure Digital
  • the server 3 of the network 20 designates a transaction management platform, and comprises a data processing module 31, for example a processor and a data storage module 32 such as a hard disk or, preferably, an HSM (for "Hardware Security Module”).
  • a data processing module 31 for example a processor
  • a data storage module 32 such as a hard disk or, preferably, an HSM (for "Hardware Security Module”).
  • server 3 can encompass a plurality of separate banking servers connected and adapted to communicate together.
  • a plurality of transaction modules are stored on the security element 12, each transaction module being associated with an electronic card (ie one or more transaction modules constituting a dematerialized version of the electronic card), and adapted to authorize a transaction on behalf of said electronic card when activated upon presentation of an associated PIN.
  • the transaction modules are advantageously organized into one or more sets each representative of an electronic card. In other words, each set includes the transaction modules associated with the same electronic card.
  • the electronic cards are bank cards, and the sets of transaction modules are "tokens" as mentioned, each token being thus representative of a bank card.
  • tokens modules In the remainder of the present description, we will take the example of tokens modules.
  • other types of electronic cards may be dematerialized, and generally any smart card allowing strong authentication, that is to say, whose possession associated with knowledge of a confidential code validates the identity of the user and his authorization to perform an action.
  • a transaction module contains (among other things):
  • an additional code for example the visual cryptogram, a confidential code.
  • a transaction module part of a token once installed (see below) has a two-part application identifier: a prefix designating the origin of the instance (Visa®, CB®, Mastercard®, Amex®, etc. .) and a unique suffix.
  • the present solution is distinguished in that is also stored on the security element 12 an authentication module storing the confidential codes associated with each of the transaction modules, and being itself activatable on presentation of a code of authentication.
  • the authentication module is a "key ring" containing the confidential codes, which acts as a broker with respect to the transaction modules.
  • the different confidential codes can have different lengths, different specifications, etc. .
  • the authentication module can not be wrong code. If the user is mistaken for authentication code, then the authentication module can be blocked, it does not require redo the card (no transaction module is blocked): just for example to go to shop operator and present an ID to obtain this unlock in a very secure remote reset mode, well known to those skilled in the art.
  • a security module such as a subscriber identification card is a physical device of confidence almost impossible to infect with a Trojan, because the installation of applications in these cards is limited to well identified entities, and controlled by the operator and / or the issuer of the service in relation to the manufacturer of the security element 12.
  • the data processing module 1 1 (“non-secure" processor) of the terminal 1 implements a management module of "wallet” type, which very cleverly completes the authentication module 1 called then "wallet companion". We will see their interactions later.
  • a first step (a) the security element 12 receives a transaction request for a transaction module of said plurality, for example transmitted from a TPE 2 in connection with the terminal 1, in particular once the user has reported wanting to implement a transaction via a dematerialized payment card he chose for example on his wallet.
  • This step is referenced 1. in Figure 2.
  • the TPE 2 can in this step query the matrix of active payment means, so as to select (using a filter) the instance (the transaction module) that will be in charge of the transaction. For example, assuming that the user has dematerialized an EMV card (Entropay MasterCard Visa) associated with the bank B3, it can have two associated transaction modules (referenced T3a / T3c), for example respectively associated with Visa® and CB ®. If the TPE 2 is a foreign terminal that only accepts Amex® and Visa®, it chooses the latter and targets the T3a module by issuing a GPO ("Get Processing Option") specifying the action it wants to use (here the payment of a given amount).
  • GPO Get Processing Option
  • the authentication module receives the valid unique authentication code obtained via an interface 13 of the terminal 1.
  • This step can be the subject of several embodiments.
  • a wallet that is to say a management module transaction modules
  • this management module requests the authentication module by sending an activation request to the transaction module targeted by the transaction request.
  • the communications between the management module and the authentication module are secure (encrypted) so as to prevent any interception or manipulation of the data exchanged.
  • Step (b) then comprises a substep 2. prior transmission by the target transaction module of a request for presentation of the confidential code addressed to the management module (wallet), in a completely natural and usual manner.
  • the management module instead of asking the user for the PIN associated with the transaction module that issued the request (as he would usually do), the management module requests the authentication code of the authentication module.
  • the management module is configured to request and obtain via the interface 13 said authentication code.
  • the code can be entered directly via a keyboard (in particular touch) of the interface 13, but that the code can also be generated following the verification of the identity of the user on the terminal 1, for example via a fingerprint reader, a voice recognition module, or other.
  • the authentication code can be only a command in a secure form (for example a message containing a key), representative of the verified identity of the user, and therefore of the authorization to activate the module. 'authentication.
  • the management module then generates said activation request, the latter advantageously comprising an identifier of the target transaction module (received from the latter via the request for presentation of its confidential code), and the authentication code obtained via the interface. 13.
  • said activation request advantageously comprising an identifier of the target transaction module (received from the latter via the request for presentation of its confidential code), and the authentication code obtained via the interface. 13.
  • the present embodiment allows the use of original transaction modules (as provided by a server 3 for example), they do not even know that they are controlled by an authentication module. Just configure the management module properly. As explained, this embodiment supports any requirements of the transaction modules, and in particular various PIN structures and lengths. No standardization is necessary.
  • the transaction module and the authentication module can communicate directly, in particular within the secure element 12 (in other words, the authentication module receives the request for authentication).
  • the authentication module receives the request for authentication.
  • activating the transaction module targeted by the transaction request said activation request being sent by said target transaction module and replacing the presentation request of the associated confidential code
  • hybrid configurations are possible using a management module through which only some of the requests pass (for example that of presentation of the confidential code associated with the targeted transaction module, while having the authentication module requiring its own authentication code).
  • the authentication module On receipt of the valid authentication code (otherwise it returns an error message, and preferably hangs after three errors) the authentication module is activated, and in a step (c) it activates the module authentication of the targeted transaction module, so that the latter ultimately issues a transaction authorization in response to said transaction request.
  • the authentication module transmits the confidential code associated with the targeted transaction module in response to the activation request, ie to the wallet management module which sends it back to the transaction module (under step 4. shown in Figure 2), either directly to the transaction module.
  • the authentication module transmits an activation command of the targeted transaction module (rather than the code alone) in response to the activation request, which command optionally includes the associated confidential code, which further improves the security of a notch. Any interception of requests and manipulation of the security element 12 becomes impossible.
  • the activated transaction module can then finish the implementation of the transaction in a conventional manner.
  • the method further comprises a step (d) of transmitting the transaction authorization to a bank server 3 associated with said bank card via the network 20.
  • the payment authorization is transferred to the TPE 2 so that the latter can report to the server 3 in a substep 6.
  • the TPE 2 when the GPO was issued, the TPE 2 kept a context for the transaction and waited for a new presentation of the terminal 1 to complete the payment in progress;
  • the user is invited to present the terminal 1 again to the TPE 2; - Recognizing the terminal 1, the TPE 2 emits again the same GPO that awaits the unlocked instance (the transaction module now activated). This double issue corresponds to official specifications to ensure the security of the transaction;
  • the transaction module can then insert payment information and sign the set in its response to the TPE 2;
  • the TPE 2 can then finish the transaction via the payment servers 3.
  • the present invention also relates to a method of digitizing an electronic card advantageously implemented prior to the method of implementing a transaction as previously described.
  • this second method can begin with a step 0. initialization by the management module of the authentication module. For example, the user defines his authentication code.
  • the dematerialization of a card is advantageously initiated at the level of the management module, which requires from a server 3 the digitization of at least one electronic card, the associated request comprising at least one identifier of said electronic card.
  • the destination server 3 is more particularly a "Token Requestor" TRQ, which can be for example of the SPS "Shared Payment Server” type, shared between several operators (hence the Shared). He plays the role of requiring tokens, namely that he is mandated by end customers to go to a banking organization to provide a virtualized payment technical means with features he specifies.
  • TSP Transactional Service Provider
  • the TSP is a Token Service Provider who is in charge of providing a virtualized technical payment method previously discussed with the requested features and a number of usage constraints relating to the security policy that it decides. He is also in charge of analyzing the legitimacy of the request since it is he who generates the virtualized payment method.
  • the TRQ upon receipt of the request for digitizing the electronic card, the TRQ contacts the TSP corresponding to the type of card (step 2. of the figure 3). It helps the TSP to determine the legitimacy of the request, the latter if necessary accepts dematerialization, generates data representative of said electronic card, and returns them to the TRQ.
  • the security element 12 of the terminal 1 implements steps of: - Reception from the server 3 (in this case the TRQ) data representative of said electronic card, said data comprising one or more code ( s) confidential (step 3), so as to install the appropriate transaction module (s) to authorize a transaction on behalf of said electronic card (ie the set of transaction modules) representative of the map);
  • the authentication module is then configured for the implementation of the method of implementing a transaction via the mobile terminal 1, using the newly dematerialized card.
  • the invention relates to the security element 12 for implementing the method according to the first aspect.
  • each transaction module being associated with an electronic card (and the set of transaction modules associated with the same card being representative of said card), and adapted to authorize a transaction for the account of said electronic card when activated on presentation of an associated PIN.
  • the security element 12 is configured to:
  • an authentication module Receive at the level of an authentication module also stored on the security element 12 (within an activation request also comprising an identifier of the targeted transaction module) a valid unique authentication code obtained via an interface 13 of a terminal 1, the authentication module storing the confidential codes associated with each of the transaction modules, and being itself activatable upon presentation of said authentication code;
  • the mobile terminal 1 comprising a data processing module 1 1 and such a security element 12, preferably in the form of a subscriber identification card, but also in the form of a TEE or an optionally removable external component, etc.
  • the invention relates to a computer program product comprising code instructions for execution (in particular on the security element 12 of the terminal 1) of a method according to the first aspect of the invention implementation of a transaction from the mobile terminal 1, and storage means readable by a computer equipment (a memory of the security element 12) on which we find this product computer program.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
EP16826376.2A 2015-12-18 2016-12-14 Verfahren zur sicherung einer transaktion aus einem mobilen endgerät Ceased EP3391316A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1562797A FR3045896A1 (fr) 2015-12-18 2015-12-18 Procede de securisation d'une transaction depuis un terminal mobile
PCT/FR2016/053437 WO2017103484A1 (fr) 2015-12-18 2016-12-14 Procédé de sécurisation d'une transaction depuis un terminal mobile

Publications (1)

Publication Number Publication Date
EP3391316A1 true EP3391316A1 (de) 2018-10-24

Family

ID=55862902

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16826376.2A Ceased EP3391316A1 (de) 2015-12-18 2016-12-14 Verfahren zur sicherung einer transaktion aus einem mobilen endgerät

Country Status (4)

Country Link
US (1) US11429955B2 (de)
EP (1) EP3391316A1 (de)
FR (1) FR3045896A1 (de)
WO (1) WO2017103484A1 (de)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1081914A2 (de) * 1999-04-28 2001-03-07 Sun Microsystems, Inc. Einmalige Anmeldung in einem Netzwerksystem, das mehrere gesondert steuerbare Betriebsmittel mit begrentzem Zugang enthält
JP2002041813A (ja) * 2000-07-31 2002-02-08 Tri-Arrow Inc 個人認証システム
JP2002269529A (ja) * 2001-03-13 2002-09-20 Nec Tokin Corp パスワード照合方法およびパスワード照合システム
JP2004086840A (ja) * 2002-06-26 2004-03-18 Hitachi Ltd 金融取引方法、金融取引システム、金融取引を仲介する第三者機関サーバ、統合キャッシュカード及びそのカードを使用するatm
WO2012042262A1 (en) * 2010-09-28 2012-04-05 Barclays Bank Plc Mobile payment system
US20120238206A1 (en) * 2011-03-14 2012-09-20 Research In Motion Limited Communications device providing near field communication (nfc) secure element disabling features related methods
US20130060618A1 (en) * 2011-09-06 2013-03-07 Loren Barton Method and System for Electronic Wallet Access
US20130226792A1 (en) * 2012-02-23 2013-08-29 XRomb Inc. System and method for processing payment during an electronic commerce transaction
KR20140069517A (ko) * 2012-11-29 2014-06-10 에스케이씨앤씨 주식회사 전자 지갑 서비스 장치 및 그 제공 방법
GB2510430A (en) * 2013-02-05 2014-08-06 Barclays Bank Plc System and method for mobile wallet data access
US20140358797A1 (en) * 2011-10-28 2014-12-04 Sequent Software Inc. System and method for presentation of multiple nfc credentials during a single nfc transaction
US20150019418A1 (en) * 2013-07-12 2015-01-15 Jvl Ventures, Llc Systems, methods, and computer program products for enabling instrument credentials

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5589855A (en) * 1992-08-14 1996-12-31 Transaction Technology, Inc. Visually impaired customer activated terminal method and system
US6598032B1 (en) * 2000-03-10 2003-07-22 International Business Machines Corporation Systems and method for hiding from a computer system entry of a personal identification number (pin) to a smart card
US7374079B2 (en) * 2003-06-24 2008-05-20 Lg Telecom, Ltd. Method for providing banking services by use of mobile communication system
US20070206743A1 (en) * 2006-02-23 2007-09-06 Industrial Technology Research Institute System and method for facilitating transaction over a communication network
US9734498B2 (en) * 2011-05-11 2017-08-15 Riavera Corp Mobile image payment system using short codes
FR2985063B1 (fr) * 2011-12-21 2014-07-04 Morpho Procede de routage au sein d'un terminal mobile emulant une carte de paiement sans contact
DE102012108645A1 (de) * 2012-09-14 2014-03-20 Paschalis Papagrigoriou Vorrichtung zur Absicherung elektronischer Transaktionen mit sicheren elektronischen Signaturen
CA3126471A1 (en) 2012-10-17 2014-04-17 Royal Bank Of Canada Virtualization and secure processing of data
CN104602224B (zh) * 2014-12-31 2018-07-24 浙江融创信息产业有限公司 一种基于nfc手机swp-sim卡的空中开卡方法

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1081914A2 (de) * 1999-04-28 2001-03-07 Sun Microsystems, Inc. Einmalige Anmeldung in einem Netzwerksystem, das mehrere gesondert steuerbare Betriebsmittel mit begrentzem Zugang enthält
JP2002041813A (ja) * 2000-07-31 2002-02-08 Tri-Arrow Inc 個人認証システム
JP2002269529A (ja) * 2001-03-13 2002-09-20 Nec Tokin Corp パスワード照合方法およびパスワード照合システム
JP2004086840A (ja) * 2002-06-26 2004-03-18 Hitachi Ltd 金融取引方法、金融取引システム、金融取引を仲介する第三者機関サーバ、統合キャッシュカード及びそのカードを使用するatm
WO2012042262A1 (en) * 2010-09-28 2012-04-05 Barclays Bank Plc Mobile payment system
US20120238206A1 (en) * 2011-03-14 2012-09-20 Research In Motion Limited Communications device providing near field communication (nfc) secure element disabling features related methods
US20130060618A1 (en) * 2011-09-06 2013-03-07 Loren Barton Method and System for Electronic Wallet Access
US20140358797A1 (en) * 2011-10-28 2014-12-04 Sequent Software Inc. System and method for presentation of multiple nfc credentials during a single nfc transaction
US20130226792A1 (en) * 2012-02-23 2013-08-29 XRomb Inc. System and method for processing payment during an electronic commerce transaction
KR20140069517A (ko) * 2012-11-29 2014-06-10 에스케이씨앤씨 주식회사 전자 지갑 서비스 장치 및 그 제공 방법
GB2510430A (en) * 2013-02-05 2014-08-06 Barclays Bank Plc System and method for mobile wallet data access
US20150019418A1 (en) * 2013-07-12 2015-01-15 Jvl Ventures, Llc Systems, methods, and computer program products for enabling instrument credentials

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
LANGER ET AL: "Anwendungen und Technik von Near Field Communication (NFC)", 31 December 2010 (2010-12-31), XP055641202, Retrieved from the Internet <URL:https://babylon.internal.epo.org/projects/babylon/evl.nsf/0/AAAB25117F1D5E12C1257C850055AEBE/$FILE/Anwendungen-und-Technik-von-Near-Field-Communication-NFC-German-Edition.pdf> [retrieved on 20191111] *
RANKL W ET AL: "Handbuch der Chipkarten, Passages", 1 January 1999, HANDBUCH DER CHIPKARTEN : AUFBAU - FUNKTIONSWEISE - EINSATZ VON SMART CARDS, CARL HANSER VERLAG, MÜNCHEN [U.A.], PAGE(S) 219 - 233, 238, ISBN: 978-3-446-21115-5, XP002533774 *
See also references of WO2017103484A1 *
WIKIPEDIA: "Personal unblocking key - Wikipedia", 28 August 2015 (2015-08-28), XP055652626, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=Personal_unblocking_key&oldid=678337591> [retrieved on 20191213] *

Also Published As

Publication number Publication date
WO2017103484A1 (fr) 2017-06-22
US20180374084A1 (en) 2018-12-27
FR3045896A1 (fr) 2017-06-23
US11429955B2 (en) 2022-08-30

Similar Documents

Publication Publication Date Title
EP3243177B1 (de) Verfahren zur verarbeitung einer autorisierung zur implementierung eines dienstes, vorrichtungen und entsprechendes computerprogramm
EP3113099B1 (de) Zahlungsbehälter, erstellungsverfahren, verarbeitungsverfahren, entsprechende vorrichtungen und programme
EP3241137B1 (de) In einem identitätsdokument durchgeführtes verfahren und entsprechendes identitätsdokument
US20180039988A1 (en) Methods for controlling access to a financial account
FR2987199A1 (fr) Securisation d&#39;une transmission de donnees.
EP2950256A1 (de) Identifizierungsverfahren, entsprechende vorrichtung und entsprechendes programm
EP3163487A1 (de) Verfahren, computerterminal und computerprogramm zur sicherung der verarbeitung transaktioneller daten
WO2020260136A1 (fr) Procédé et système de génération de clés de chiffrement pour données de transaction ou de connexion
FR3020167A1 (fr) Dispositif de traitement de donnees en provenance de carte a memoire sans contact, methode et programme d&#39;ordinateur correspondant
WO2017103484A1 (fr) Procédé de sécurisation d&#39;une transaction depuis un terminal mobile
WO2018091538A1 (fr) Procédé de traitement de données transactionnelles, terminal de communication, lecteur de cartes et programme correspondant
EP3113094B1 (de) Verarbeitungsverfahren von transaktionellen daten, vorrichtung und entsprechendes programm
EP2407920A1 (de) Server, Endgerät und gesichertes Transaktionsverfahren
WO2018024980A1 (fr) Procédé de mise en œuvre d&#39;une transaction depuis un moyen de transaction électronique
EP4078495A1 (de) Verfahren und vorrichtung zur verwaltung der zugangsberechtigung zu einem zahlungsdienst, der einem benutzer bereitgestellt wird
WO2023274979A1 (fr) Procédé d&#39;authentification de transaction utilisant deux canaux de communication
FR3031609A1 (fr) Procede de traitement d&#39;une transaction a partir d&#39;un terminal de communication
WO2018229089A1 (fr) Procédé de gestion d&#39;identifiants de fidélité, procédé de traitement de données de fidélité, serveur, dispositif de transaction et programmes correspondants
FR3031608A1 (fr) Methode de traitement d&#39;une autorisation de mise en œuvre d&#39;un service, dispositifs et programme d&#39;ordinateur correspondant
FR2994006A1 (fr) Procede et dispositif pour conduire une transaction aupres d&#39;un distributeur automatique
FR3008516A1 (fr) Methode de realisation de transaction, terminal et programme d&#39;ordinateur correspondant.
FR3031610A1 (fr) Procede de traitement d&#39;une transaction a partir d&#39;un terminal de communication
FR2998398A1 (fr) Procede d&#39;activation d&#39;un service en ligne a partir d&#39;un equipement mobile

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20180716

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200102

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20220130