EP3391316A1 - Procédé de sécurisation d'une transaction depuis un terminal mobile - Google Patents
Procédé de sécurisation d'une transaction depuis un terminal mobileInfo
- Publication number
- EP3391316A1 EP3391316A1 EP16826376.2A EP16826376A EP3391316A1 EP 3391316 A1 EP3391316 A1 EP 3391316A1 EP 16826376 A EP16826376 A EP 16826376A EP 3391316 A1 EP3391316 A1 EP 3391316A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transaction
- module
- authentication
- request
- electronic card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012545 processing Methods 0.000 claims abstract description 17
- 238000013475 authorization Methods 0.000 claims abstract description 15
- 230000004044 response Effects 0.000 claims abstract description 14
- 230000004913 activation Effects 0.000 claims description 25
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 7
- 230000003213 activating effect Effects 0.000 abstract description 2
- 230000008685 targeting Effects 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 26
- 229920002725 thermoplastic elastomer Polymers 0.000 description 13
- 230000008520 organization Effects 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
- G06Q20/3263—Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3229—Use of the SIM of a M-device as secure element
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
Definitions
- the present invention relates to the field of transactions using mobile terminals.
- Dematerialized or “virtualized” appeared recently, to make transactions (especially payments) through a dematerialized bank card on an electronic medium, for example a mobile terminal, able to make a payment remote or in proximity with a payment terminal, for example of non-contact type (NFC).
- NFC non-contact type
- the virtualization method used by these payment systems is for example the following: the customer, or cardholder, between the billing information recorded on his card in an application of the terminal controlled by an aggregator, or provider, of the payment service .
- the wearer photographs his bank card and informs the visual cryptogram (the security code which is typically on the back).
- the visual cryptogram the security code which is typically on the back.
- the bank that is responsible for the bank account associated with the card validates the virtualization if it believes that the person who entered the information is actually the customer card holder, or carrier. If necessary, are loaded at the terminal virtualization data corresponding to the card, or token (in English "token"), encrypted using encryption keys known only by the bank responsible for the card ( or by the organization managing the banking scheme in delegation of the banking organization responsible for the card).
- token in English "token”
- Token transaction module data (bank card virtualization data) includes:
- Additional code (usually the visual cryptogram); - A PIN, that is to say a personal confidential code, usually 4 digits.
- the third must be known to the user, he will indeed be asked to validate any transaction using the dematerialized card (at least from a certain value).
- wallet To facilitate the management of a plurality of dematerialized cards, it has been proposed the use of unified electronic wallet applications, called “wallet”. Such an application is for example described in the document US2015235212. If the user wants to use one of his cards for a transaction, he just has to open the wallet as the only payment application, and the latter offers him to choose between the cards (and more particularly between the transaction modules of cards) he wants to use, he just has to enter the associated PIN. Wallets also provide additional features such as PIN code change.
- the number of PIN codes to be memorized can be quite high if it has dematerialized several cards.
- a single card can be associated with several modules of a token, it can become complex if the user wants to change PIN. The latter may inadvertently put different PIN codes for several modules associated with the same card, and not understand why his code no longer works if he makes a purchase for example via Visa instead of CB or vice versa.
- the present invention thus relates in a first aspect to a method for implementing a transaction from a mobile terminal comprising a data processing module and a security element on which a plurality of transaction modules are stored, each module transaction card associated with a card electronic, and adapted to authorize a transaction on behalf of said electronic card when activated on presentation of an associated PIN,
- a security element such as a subscriber identification card for the implementation of an authentication module that oversees the transaction modules makes it possible to keep the maximum level of security in place. free from the need for multiple PIN management.
- the data processing module implements a module for managing the transaction modules, step (b) comprising the reception by the authentication module of an activation request of the transaction module targeted by the request for transaction, said activation request being issued by said management module.
- the present method is used cleverly with a management module of the "wallet” type facilitating the implementation of transactions by the user.
- Step (b) comprises the prior transmission by the targeted transaction module, to the management module, of a request for presentation of the associated confidential code.
- the management module thus makes it possible to implement the authentication module as a "wallet companion" without having to modify the transaction modules.
- the management module is configured to request and obtain via the interface said authentication code.
- the management module can simply control the authentication module by replacing the request for presentation of the PIN with a request for presentation of the unique authentication code, and this completely transparent manner.
- Said activation request includes an identifier of the targeted transaction module, and the authentication code obtained via the interface;
- Step (c) comprises the transmission by the authentication module of the confidential code associated with the targeted transaction module in response to the activation request.
- Step (c) also comprises the reception by the targeted transaction module of the associated confidential code.
- the authentication module provides the confidential code to the targeted transaction module so as to simulate a conventional operation.
- Step (b) comprises the reception by the authentication module of an activation request of the transaction module targeted by the transaction request, said activation request being sent by said targeted transaction module.
- the authentication module is configured to request and obtain via the interface said authentication code.
- the authentication module and the transaction module communicate only within the security element, which physically prevents any attack to intercept the code requests.
- Step (b) comprises the transmission by the authentication module of an activation command of the targeted transaction module in response to the activation request.
- the authentication module completely controls the transaction module, which avoids the complexity (and therefore the security risks) associated with communication within the mobile OS.
- the transaction module concerned is associated with a bank card, the transaction request being received in step (a) from an electronic payment terminal in wireless communication with the terminal, the transaction authorization being issued to the step (c) to the electronic payment terminal.
- the method further comprises a step (d) of transmitting the transaction authorization to a bank server associated with said bank card via a network.
- a mobile terminal configured in NFC mode can simulate a bank card with the same functionality. It is sufficient for the user to put his terminal on the TPE to authorize a payment with the dematerialized card.
- the security element is chosen from a subscriber identification card and a secure execution space of the terminal's data processing module.
- the method comprises the prior implementation of a digitization of at least one electronic card, comprising the implementation of steps by the security element of:
- the method comprises prior to reception from the server of data representative of said electronic card:
- the invention relates to a security element on which a plurality of transaction modules are stored, each transaction module being associated with an electronic card, and adapted to authorize a transaction on behalf of said electronic card when it is activated on presentation of an associated PIN,
- the security element being configured to:
- an authentication module Receiving at the level of an authentication module also stored on the security element a valid single authentication code obtained via an interface of a terminal, the authentication module storing the confidential codes associated with each of the transaction modules, and itself being activatable upon presentation of said authentication code;
- the mobile terminal comprising a data processing module and the security element according to the second aspect.
- the invention relates to a computer program product comprising code instructions for executing a method according to the first aspect of the invention for implementing a transaction from a mobile terminal.
- the invention relates to a storage means readable by a computer equipment on which this computer program product is found.
- FIG. 1 is a diagram of a general network architecture for the implementation of the invention
- FIG. 2 represents an embodiment of implementation of a transaction via the method according to the invention
- FIG. 3 represents an embodiment of digitalization of an electronic card via the method according to the invention.
- the invention proposes a method for implementing a transaction from a mobile terminal 1, in particular a transaction using a dematerialized card on the terminal 1, ie a transaction reproducing the use of a a electronic card.
- a transaction using a dematerialized card on the terminal 1 ie a transaction reproducing the use of a a electronic card.
- the transaction is typically a payment transaction (that is, the dematerialized card on the terminal 1 is a bank card), in particular a proximity transaction initiated by an electronic payment terminal (EPT) 2 such as the it is found in most outlets (for example EFTPOS type).
- EPT electronic payment terminal
- the TPEs have near-field communication means (NFC) originally intended to interact with a physical bank card with this technology, but also allowing them to interact with the mobile terminal 1.
- NFC near-field communication means
- the TPE 2 is therefore advantageously on the one hand connected via a wireless link
- NFC NFC, but also Wi-Fi or Bluetooth
- a network 20 for example Internet
- the payment can be remote (ie no near-field communication with a TPE 2)
- the mobile terminal 1 can for example be connected via the Internet (through a mobile communication network, typically 4G) to a remote payment equipment .
- the present method is not limited to payment transactions, but may relate to any transaction reproducing the use of an electronic card on the terminal 1, and in particular teletransmissions of care sheets via a vital card, validations of medical procedures via Health Professional Card, secure transmission of documents online (for example filing of a patent application by an EPO agent's smart card), etc.
- the mobile terminal 1 can be of any type, in particular smartphone or touch tablets. It comprises a data processing module 11 (a processor), a data storage module 12, a user interface (HMI) 13 comprising, for example, input means and display means (for example a touch screen, we will see further alternatives).
- a data processing module 11 a processor
- a data storage module 12 a data storage module
- a user interface (HMI) 13 comprising, for example, input means and display means (for example a touch screen, we will see further alternatives).
- the terminal 1 further comprises a security element 12.
- a security element is an element adapted to allow a connection of the terminal 1 to a mobile communication network, in particular a subscriber identification card.
- subscriber identification card is meant any integrated circuit capable of performing the functions of identifying a subscriber to a network by means of data stored therein, and more particularly a "SIM” card (of the English “Subscriber Identity Module”), or a “e-UICC” card (for “(embedded) -Universal Integrated Circuit Card”) comprising data processing means in the form of a microcontroller and the "EEPROM” type memory (for "Electrically-Erasable Programmable Read -Only Memory "), or flash.
- SIM SIM
- e-UICC embedded
- EEPROM Electrically-Erasable Programmable Read -Only Memory
- flash Electrically-Erasable Programmable Read -Only Memory
- the security module 12 is a secure memory area of the mobile terminal such as a "TEE” (Trusted Execution Environment) component embedded in the data processing module 11, or a dedicated hardware element of the terminal 1 (for example a microcontroller, an "eSE” chip for "(embedded) -Secure Element” or any “Secure Component GP (GlobalPIatform)”), or even a removable microSD component ("SD” for Secure Digital).
- TEE Trusteon Environment
- eSE embedded in the data processing module 11
- a dedicated hardware element of the terminal 1 for example a microcontroller, an "eSE” chip for "(embedded) -Secure Element” or any “Secure Component GP (GlobalPIatform)"
- SD Secure Digital
- the server 3 of the network 20 designates a transaction management platform, and comprises a data processing module 31, for example a processor and a data storage module 32 such as a hard disk or, preferably, an HSM (for "Hardware Security Module”).
- a data processing module 31 for example a processor
- a data storage module 32 such as a hard disk or, preferably, an HSM (for "Hardware Security Module”).
- server 3 can encompass a plurality of separate banking servers connected and adapted to communicate together.
- a plurality of transaction modules are stored on the security element 12, each transaction module being associated with an electronic card (ie one or more transaction modules constituting a dematerialized version of the electronic card), and adapted to authorize a transaction on behalf of said electronic card when activated upon presentation of an associated PIN.
- the transaction modules are advantageously organized into one or more sets each representative of an electronic card. In other words, each set includes the transaction modules associated with the same electronic card.
- the electronic cards are bank cards, and the sets of transaction modules are "tokens" as mentioned, each token being thus representative of a bank card.
- tokens modules In the remainder of the present description, we will take the example of tokens modules.
- other types of electronic cards may be dematerialized, and generally any smart card allowing strong authentication, that is to say, whose possession associated with knowledge of a confidential code validates the identity of the user and his authorization to perform an action.
- a transaction module contains (among other things):
- an additional code for example the visual cryptogram, a confidential code.
- a transaction module part of a token once installed (see below) has a two-part application identifier: a prefix designating the origin of the instance (Visa®, CB®, Mastercard®, Amex®, etc. .) and a unique suffix.
- the present solution is distinguished in that is also stored on the security element 12 an authentication module storing the confidential codes associated with each of the transaction modules, and being itself activatable on presentation of a code of authentication.
- the authentication module is a "key ring" containing the confidential codes, which acts as a broker with respect to the transaction modules.
- the different confidential codes can have different lengths, different specifications, etc. .
- the authentication module can not be wrong code. If the user is mistaken for authentication code, then the authentication module can be blocked, it does not require redo the card (no transaction module is blocked): just for example to go to shop operator and present an ID to obtain this unlock in a very secure remote reset mode, well known to those skilled in the art.
- a security module such as a subscriber identification card is a physical device of confidence almost impossible to infect with a Trojan, because the installation of applications in these cards is limited to well identified entities, and controlled by the operator and / or the issuer of the service in relation to the manufacturer of the security element 12.
- the data processing module 1 1 (“non-secure" processor) of the terminal 1 implements a management module of "wallet” type, which very cleverly completes the authentication module 1 called then "wallet companion". We will see their interactions later.
- a first step (a) the security element 12 receives a transaction request for a transaction module of said plurality, for example transmitted from a TPE 2 in connection with the terminal 1, in particular once the user has reported wanting to implement a transaction via a dematerialized payment card he chose for example on his wallet.
- This step is referenced 1. in Figure 2.
- the TPE 2 can in this step query the matrix of active payment means, so as to select (using a filter) the instance (the transaction module) that will be in charge of the transaction. For example, assuming that the user has dematerialized an EMV card (Entropay MasterCard Visa) associated with the bank B3, it can have two associated transaction modules (referenced T3a / T3c), for example respectively associated with Visa® and CB ®. If the TPE 2 is a foreign terminal that only accepts Amex® and Visa®, it chooses the latter and targets the T3a module by issuing a GPO ("Get Processing Option") specifying the action it wants to use (here the payment of a given amount).
- GPO Get Processing Option
- the authentication module receives the valid unique authentication code obtained via an interface 13 of the terminal 1.
- This step can be the subject of several embodiments.
- a wallet that is to say a management module transaction modules
- this management module requests the authentication module by sending an activation request to the transaction module targeted by the transaction request.
- the communications between the management module and the authentication module are secure (encrypted) so as to prevent any interception or manipulation of the data exchanged.
- Step (b) then comprises a substep 2. prior transmission by the target transaction module of a request for presentation of the confidential code addressed to the management module (wallet), in a completely natural and usual manner.
- the management module instead of asking the user for the PIN associated with the transaction module that issued the request (as he would usually do), the management module requests the authentication code of the authentication module.
- the management module is configured to request and obtain via the interface 13 said authentication code.
- the code can be entered directly via a keyboard (in particular touch) of the interface 13, but that the code can also be generated following the verification of the identity of the user on the terminal 1, for example via a fingerprint reader, a voice recognition module, or other.
- the authentication code can be only a command in a secure form (for example a message containing a key), representative of the verified identity of the user, and therefore of the authorization to activate the module. 'authentication.
- the management module then generates said activation request, the latter advantageously comprising an identifier of the target transaction module (received from the latter via the request for presentation of its confidential code), and the authentication code obtained via the interface. 13.
- said activation request advantageously comprising an identifier of the target transaction module (received from the latter via the request for presentation of its confidential code), and the authentication code obtained via the interface. 13.
- the present embodiment allows the use of original transaction modules (as provided by a server 3 for example), they do not even know that they are controlled by an authentication module. Just configure the management module properly. As explained, this embodiment supports any requirements of the transaction modules, and in particular various PIN structures and lengths. No standardization is necessary.
- the transaction module and the authentication module can communicate directly, in particular within the secure element 12 (in other words, the authentication module receives the request for authentication).
- the authentication module receives the request for authentication.
- activating the transaction module targeted by the transaction request said activation request being sent by said target transaction module and replacing the presentation request of the associated confidential code
- hybrid configurations are possible using a management module through which only some of the requests pass (for example that of presentation of the confidential code associated with the targeted transaction module, while having the authentication module requiring its own authentication code).
- the authentication module On receipt of the valid authentication code (otherwise it returns an error message, and preferably hangs after three errors) the authentication module is activated, and in a step (c) it activates the module authentication of the targeted transaction module, so that the latter ultimately issues a transaction authorization in response to said transaction request.
- the authentication module transmits the confidential code associated with the targeted transaction module in response to the activation request, ie to the wallet management module which sends it back to the transaction module (under step 4. shown in Figure 2), either directly to the transaction module.
- the authentication module transmits an activation command of the targeted transaction module (rather than the code alone) in response to the activation request, which command optionally includes the associated confidential code, which further improves the security of a notch. Any interception of requests and manipulation of the security element 12 becomes impossible.
- the activated transaction module can then finish the implementation of the transaction in a conventional manner.
- the method further comprises a step (d) of transmitting the transaction authorization to a bank server 3 associated with said bank card via the network 20.
- the payment authorization is transferred to the TPE 2 so that the latter can report to the server 3 in a substep 6.
- the TPE 2 when the GPO was issued, the TPE 2 kept a context for the transaction and waited for a new presentation of the terminal 1 to complete the payment in progress;
- the user is invited to present the terminal 1 again to the TPE 2; - Recognizing the terminal 1, the TPE 2 emits again the same GPO that awaits the unlocked instance (the transaction module now activated). This double issue corresponds to official specifications to ensure the security of the transaction;
- the transaction module can then insert payment information and sign the set in its response to the TPE 2;
- the TPE 2 can then finish the transaction via the payment servers 3.
- the present invention also relates to a method of digitizing an electronic card advantageously implemented prior to the method of implementing a transaction as previously described.
- this second method can begin with a step 0. initialization by the management module of the authentication module. For example, the user defines his authentication code.
- the dematerialization of a card is advantageously initiated at the level of the management module, which requires from a server 3 the digitization of at least one electronic card, the associated request comprising at least one identifier of said electronic card.
- the destination server 3 is more particularly a "Token Requestor" TRQ, which can be for example of the SPS "Shared Payment Server” type, shared between several operators (hence the Shared). He plays the role of requiring tokens, namely that he is mandated by end customers to go to a banking organization to provide a virtualized payment technical means with features he specifies.
- TSP Transactional Service Provider
- the TSP is a Token Service Provider who is in charge of providing a virtualized technical payment method previously discussed with the requested features and a number of usage constraints relating to the security policy that it decides. He is also in charge of analyzing the legitimacy of the request since it is he who generates the virtualized payment method.
- the TRQ upon receipt of the request for digitizing the electronic card, the TRQ contacts the TSP corresponding to the type of card (step 2. of the figure 3). It helps the TSP to determine the legitimacy of the request, the latter if necessary accepts dematerialization, generates data representative of said electronic card, and returns them to the TRQ.
- the security element 12 of the terminal 1 implements steps of: - Reception from the server 3 (in this case the TRQ) data representative of said electronic card, said data comprising one or more code ( s) confidential (step 3), so as to install the appropriate transaction module (s) to authorize a transaction on behalf of said electronic card (ie the set of transaction modules) representative of the map);
- the authentication module is then configured for the implementation of the method of implementing a transaction via the mobile terminal 1, using the newly dematerialized card.
- the invention relates to the security element 12 for implementing the method according to the first aspect.
- each transaction module being associated with an electronic card (and the set of transaction modules associated with the same card being representative of said card), and adapted to authorize a transaction for the account of said electronic card when activated on presentation of an associated PIN.
- the security element 12 is configured to:
- an authentication module Receive at the level of an authentication module also stored on the security element 12 (within an activation request also comprising an identifier of the targeted transaction module) a valid unique authentication code obtained via an interface 13 of a terminal 1, the authentication module storing the confidential codes associated with each of the transaction modules, and being itself activatable upon presentation of said authentication code;
- the mobile terminal 1 comprising a data processing module 1 1 and such a security element 12, preferably in the form of a subscriber identification card, but also in the form of a TEE or an optionally removable external component, etc.
- the invention relates to a computer program product comprising code instructions for execution (in particular on the security element 12 of the terminal 1) of a method according to the first aspect of the invention implementation of a transaction from the mobile terminal 1, and storage means readable by a computer equipment (a memory of the security element 12) on which we find this product computer program.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1562797A FR3045896A1 (fr) | 2015-12-18 | 2015-12-18 | Procede de securisation d'une transaction depuis un terminal mobile |
PCT/FR2016/053437 WO2017103484A1 (fr) | 2015-12-18 | 2016-12-14 | Procédé de sécurisation d'une transaction depuis un terminal mobile |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3391316A1 true EP3391316A1 (fr) | 2018-10-24 |
Family
ID=55862902
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16826376.2A Ceased EP3391316A1 (fr) | 2015-12-18 | 2016-12-14 | Procédé de sécurisation d'une transaction depuis un terminal mobile |
Country Status (4)
Country | Link |
---|---|
US (1) | US11429955B2 (fr) |
EP (1) | EP3391316A1 (fr) |
FR (1) | FR3045896A1 (fr) |
WO (1) | WO2017103484A1 (fr) |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1081914A2 (fr) * | 1999-04-28 | 2001-03-07 | Sun Microsystems, Inc. | Enregistrement unique dans un réseau qui contient plusieurs ressources à accès limité controllées séparement |
JP2002041813A (ja) * | 2000-07-31 | 2002-02-08 | Tri-Arrow Inc | 個人認証システム |
JP2002269529A (ja) * | 2001-03-13 | 2002-09-20 | Nec Tokin Corp | パスワード照合方法およびパスワード照合システム |
JP2004086840A (ja) * | 2002-06-26 | 2004-03-18 | Hitachi Ltd | 金融取引方法、金融取引システム、金融取引を仲介する第三者機関サーバ、統合キャッシュカード及びそのカードを使用するatm |
WO2012042262A1 (fr) * | 2010-09-28 | 2012-04-05 | Barclays Bank Plc | Système de paiement mobile |
US20120238206A1 (en) * | 2011-03-14 | 2012-09-20 | Research In Motion Limited | Communications device providing near field communication (nfc) secure element disabling features related methods |
US20130060618A1 (en) * | 2011-09-06 | 2013-03-07 | Loren Barton | Method and System for Electronic Wallet Access |
US20130226792A1 (en) * | 2012-02-23 | 2013-08-29 | XRomb Inc. | System and method for processing payment during an electronic commerce transaction |
KR20140069517A (ko) * | 2012-11-29 | 2014-06-10 | 에스케이씨앤씨 주식회사 | 전자 지갑 서비스 장치 및 그 제공 방법 |
GB2510430A (en) * | 2013-02-05 | 2014-08-06 | Barclays Bank Plc | System and method for mobile wallet data access |
US20140358797A1 (en) * | 2011-10-28 | 2014-12-04 | Sequent Software Inc. | System and method for presentation of multiple nfc credentials during a single nfc transaction |
US20150019418A1 (en) * | 2013-07-12 | 2015-01-15 | Jvl Ventures, Llc | Systems, methods, and computer program products for enabling instrument credentials |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5589855A (en) * | 1992-08-14 | 1996-12-31 | Transaction Technology, Inc. | Visually impaired customer activated terminal method and system |
US6598032B1 (en) * | 2000-03-10 | 2003-07-22 | International Business Machines Corporation | Systems and method for hiding from a computer system entry of a personal identification number (pin) to a smart card |
US7374079B2 (en) * | 2003-06-24 | 2008-05-20 | Lg Telecom, Ltd. | Method for providing banking services by use of mobile communication system |
US20070206743A1 (en) * | 2006-02-23 | 2007-09-06 | Industrial Technology Research Institute | System and method for facilitating transaction over a communication network |
US9734498B2 (en) * | 2011-05-11 | 2017-08-15 | Riavera Corp | Mobile image payment system using short codes |
FR2985063B1 (fr) * | 2011-12-21 | 2014-07-04 | Morpho | Procede de routage au sein d'un terminal mobile emulant une carte de paiement sans contact |
DE102012108645A1 (de) * | 2012-09-14 | 2014-03-20 | Paschalis Papagrigoriou | Vorrichtung zur Absicherung elektronischer Transaktionen mit sicheren elektronischen Signaturen |
CA3126471A1 (fr) | 2012-10-17 | 2014-04-17 | Royal Bank Of Canada | Virtualisation et traitement securise de donnees |
CN104602224B (zh) * | 2014-12-31 | 2018-07-24 | 浙江融创信息产业有限公司 | 一种基于nfc手机swp-sim卡的空中开卡方法 |
-
2015
- 2015-12-18 FR FR1562797A patent/FR3045896A1/fr not_active Withdrawn
-
2016
- 2016-12-14 EP EP16826376.2A patent/EP3391316A1/fr not_active Ceased
- 2016-12-14 US US16/063,459 patent/US11429955B2/en active Active
- 2016-12-14 WO PCT/FR2016/053437 patent/WO2017103484A1/fr active Application Filing
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1081914A2 (fr) * | 1999-04-28 | 2001-03-07 | Sun Microsystems, Inc. | Enregistrement unique dans un réseau qui contient plusieurs ressources à accès limité controllées séparement |
JP2002041813A (ja) * | 2000-07-31 | 2002-02-08 | Tri-Arrow Inc | 個人認証システム |
JP2002269529A (ja) * | 2001-03-13 | 2002-09-20 | Nec Tokin Corp | パスワード照合方法およびパスワード照合システム |
JP2004086840A (ja) * | 2002-06-26 | 2004-03-18 | Hitachi Ltd | 金融取引方法、金融取引システム、金融取引を仲介する第三者機関サーバ、統合キャッシュカード及びそのカードを使用するatm |
WO2012042262A1 (fr) * | 2010-09-28 | 2012-04-05 | Barclays Bank Plc | Système de paiement mobile |
US20120238206A1 (en) * | 2011-03-14 | 2012-09-20 | Research In Motion Limited | Communications device providing near field communication (nfc) secure element disabling features related methods |
US20130060618A1 (en) * | 2011-09-06 | 2013-03-07 | Loren Barton | Method and System for Electronic Wallet Access |
US20140358797A1 (en) * | 2011-10-28 | 2014-12-04 | Sequent Software Inc. | System and method for presentation of multiple nfc credentials during a single nfc transaction |
US20130226792A1 (en) * | 2012-02-23 | 2013-08-29 | XRomb Inc. | System and method for processing payment during an electronic commerce transaction |
KR20140069517A (ko) * | 2012-11-29 | 2014-06-10 | 에스케이씨앤씨 주식회사 | 전자 지갑 서비스 장치 및 그 제공 방법 |
GB2510430A (en) * | 2013-02-05 | 2014-08-06 | Barclays Bank Plc | System and method for mobile wallet data access |
US20150019418A1 (en) * | 2013-07-12 | 2015-01-15 | Jvl Ventures, Llc | Systems, methods, and computer program products for enabling instrument credentials |
Non-Patent Citations (4)
Title |
---|
LANGER ET AL: "Anwendungen und Technik von Near Field Communication (NFC)", 31 December 2010 (2010-12-31), XP055641202, Retrieved from the Internet <URL:https://babylon.internal.epo.org/projects/babylon/evl.nsf/0/AAAB25117F1D5E12C1257C850055AEBE/$FILE/Anwendungen-und-Technik-von-Near-Field-Communication-NFC-German-Edition.pdf> [retrieved on 20191111] * |
RANKL W ET AL: "Handbuch der Chipkarten, Passages", 1 January 1999, HANDBUCH DER CHIPKARTEN : AUFBAU - FUNKTIONSWEISE - EINSATZ VON SMART CARDS, CARL HANSER VERLAG, MÜNCHEN [U.A.], PAGE(S) 219 - 233, 238, ISBN: 978-3-446-21115-5, XP002533774 * |
See also references of WO2017103484A1 * |
WIKIPEDIA: "Personal unblocking key - Wikipedia", 28 August 2015 (2015-08-28), XP055652626, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=Personal_unblocking_key&oldid=678337591> [retrieved on 20191213] * |
Also Published As
Publication number | Publication date |
---|---|
WO2017103484A1 (fr) | 2017-06-22 |
US20180374084A1 (en) | 2018-12-27 |
FR3045896A1 (fr) | 2017-06-23 |
US11429955B2 (en) | 2022-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3243177B1 (fr) | Méthode de traitement d'une autorisation de mise en oeuvre d'un service, dispositifs et programme d'ordinateur correspondant | |
EP3113099B1 (fr) | Conteneur de paiement, procédé de création, procédé de traitement, dispositifs et programmes correspondants | |
EP3241137B1 (fr) | Procede mis en oeuvre dans un document d'identite et document d'identite associe | |
US20180039988A1 (en) | Methods for controlling access to a financial account | |
FR2987199A1 (fr) | Securisation d'une transmission de donnees. | |
EP2950256A1 (fr) | Méthode d'identification, dispositif et programme correspondant | |
EP3163487A1 (fr) | Procédé de sécurisation de traitement de données transactionnelles, terminal et programme d'ordinateur correspondant | |
WO2020260136A1 (fr) | Procédé et système de génération de clés de chiffrement pour données de transaction ou de connexion | |
FR3020167A1 (fr) | Dispositif de traitement de donnees en provenance de carte a memoire sans contact, methode et programme d'ordinateur correspondant | |
WO2017103484A1 (fr) | Procédé de sécurisation d'une transaction depuis un terminal mobile | |
WO2018091538A1 (fr) | Procédé de traitement de données transactionnelles, terminal de communication, lecteur de cartes et programme correspondant | |
EP3113094B1 (fr) | Procédé de traitement de données transactionnelles, dispositif et programme correspondant | |
EP2407920A1 (fr) | Serveur, terminal et procédé de transaction sécurisée | |
WO2018024980A1 (fr) | Procédé de mise en œuvre d'une transaction depuis un moyen de transaction électronique | |
EP4078495A1 (fr) | Procédé et dispositif de gestion d'une autorisation d'accès à un service de paiement fourni à un utilisateur | |
WO2023274979A1 (fr) | Procédé d'authentification de transaction utilisant deux canaux de communication | |
FR3031609A1 (fr) | Procede de traitement d'une transaction a partir d'un terminal de communication | |
WO2018229089A1 (fr) | Procédé de gestion d'identifiants de fidélité, procédé de traitement de données de fidélité, serveur, dispositif de transaction et programmes correspondants | |
FR3031608A1 (fr) | Methode de traitement d'une autorisation de mise en œuvre d'un service, dispositifs et programme d'ordinateur correspondant | |
FR2994006A1 (fr) | Procede et dispositif pour conduire une transaction aupres d'un distributeur automatique | |
FR3008516A1 (fr) | Methode de realisation de transaction, terminal et programme d'ordinateur correspondant. | |
FR3031610A1 (fr) | Procede de traitement d'une transaction a partir d'un terminal de communication | |
FR2998398A1 (fr) | Procede d'activation d'un service en ligne a partir d'un equipement mobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20180716 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20200102 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20220130 |