WO2017011888A1 - Système et procédé d'autorisation de transactions de paiement par carte - Google Patents

Système et procédé d'autorisation de transactions de paiement par carte Download PDF

Info

Publication number
WO2017011888A1
WO2017011888A1 PCT/BR2016/050161 BR2016050161W WO2017011888A1 WO 2017011888 A1 WO2017011888 A1 WO 2017011888A1 BR 2016050161 W BR2016050161 W BR 2016050161W WO 2017011888 A1 WO2017011888 A1 WO 2017011888A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
hsm
acquirer
message
tef
Prior art date
Application number
PCT/BR2016/050161
Other languages
English (en)
Portuguese (pt)
Inventor
Plinio CARDOSO DA COSTA PATRÃO
Henrique KAZUHIRO TAKAKI
Rafael DO NASCIMENTO
Kelly Cristina DA SILVA PITTERRI
Original Assignee
Cielo S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cielo S.A. filed Critical Cielo S.A.
Publication of WO2017011888A1 publication Critical patent/WO2017011888A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/202Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages

Definitions

  • the present invention relates to a system and method of authorizing card payment (credit or debit) transactions that provide greater security to card sensitive data during the transaction.
  • the present invention provides a scenario oriented solution where there are several payment service purchasers such as the Brazilian scenario.
  • the system and method of the present invention utilize an HSM ("Hardware Security Module”) device of an acquirer in the merchant environment, as well as payment devices (preferably PIN pad type) having encryption keys particular to several operating acquirers recorded on their hardware during the manufacturing process.
  • HSM Hardware Security Module
  • payment devices preferably PIN pad type
  • Acquirer means the company responsible for capturing, transmitting, storing payment card data, requesting authorization of transactions from issuing banks and providing financial liquidity, which is the transaction in which the value is transferred from the issuing bank. from buyer to merchant account (also referred to here as merchant).
  • the acquirer is also responsible for communicating with card brands and may also offer other services to merchants such as solutions for recharging mobile phones. prepaid, customer loyalty programs or promotion management systems.
  • merchant systems Upon detection by the acquirer, merchant systems use the encryption standards and protection keys of the acquirer. In this way, sensitive card data is unprotected in merchant device memories during the transaction lifecycle, and is subject to malicious software that scans computer memories for such information.
  • Payment device PIN pad-type equipment complying with applicable payment transaction standards (PCI, EMV, ABECS, and others) and capable of processing sensitive payment card data
  • Cash front device equipment used to record transaction-related products and connected to the payment device
  • EFT concentrating device equipment that controls the flow of payment transactions and services provided by various market entities, including acquirers.
  • sensitive payment card data is stored unprotected in the memory of the EFT concentrator device and, in some cases, in the memory. of the box front device.
  • the present invention introduces a HS1V1 (Hardware Securitty Module) device from an acquirer into the merchant's environment.
  • HS1V1 Hardware Securitty Module
  • keys are synchronized between the buyer's security systems and the merchant-installed security system, which in turn operates seamlessly with the payment devices connected to the front-end devices. Cashier. This condition prevents sensitive card data from being visible, unprotected, to merchant systems, increasing transaction reliability.
  • the object of the present invention is to provide greater security in the process of authorizing payment transactions (credit or debit).
  • the present invention is directed especially, but not limited to, payment systems of large merchants. markets with the coexistence of a plurality of payment service purchasers.
  • the objectives of the invention are achieved by means of a payment transaction authorization system and method in which an HSM device of a particular acquirer is inserted into the merchant's environment.
  • an HSM device of a particular acquirer is inserted into the merchant's environment.
  • control system, and payment devices that have specific acquirer-specific encryption procedures (routines) that are securely written to your hardware allows your cryptographic processes to be managed by hardware. , which provides more secure payment card sensitive data during the transaction,
  • the proposed payment transaction authorization system comprises: an EFT concentrating device that provides control of the flow of payment transactions performed; at least one cash-front device that registers the products involved in an establishment's payment transactions, and which communicates with the TEF concentrator device by at least one communication protocol; at least one payment device that captures and processes sensitive payment card data.
  • Each payment device communicates with at least one cash-front device by means of at least one communication protocol, and wherein the at least one payment device comprises, recorded in its hardware, keys and procedures. encryption of data relating to a plurality of purchasers; a Hardware Securitty Module (HSM) device, provided to a merchant by the acquirer, to manage the payment transaction cryptographic processes, and which communicates with the TEF concentrator device through at least one communication protocol.
  • HSM Hardware Securitty Module
  • said at least one payment device and the HSM device comprise, recorded on their respective hardware, keys and data encryption procedures specific to the acquirer providing the HSM device in order to provide encryption security.
  • At least one payment device is a PIN pad device.
  • payment transactions may be debit transactions or credit transactions.
  • the HSM device is disposed of inside or outside the premises of the establishment and may be shared by more than one establishment.
  • the proposed payment transaction authorization method comprises the steps of: generating in a HSM device a pair of cryptographic keys, being a public key and a private key, and forwarding the public key from the HSM device for a payment device, where the HSM device is provided to an establishment by an acquirer; store the public key on a payment device storage medium; in response to a request from a cash-front device, generate a payment key on the payment device and route from the payment device to the HSM device a message containing the transport key encrypted with the public key ; decrypting on the HSM device the message containing the encrypted transport key via the private key and storing the transport key on a device storage medium; in response to a request from the cash-front device, obtain sensitive payment data from a payment card used in the transaction on the payment device; encrypt payment card sensitive data on the payment device with an acquirer-specific encryption key that provides the HSM device; forward from the payment device to the HSM device a message containing sensitive payment card data encrypted; decrypt, on the HSM device, the message
  • the steps of generating and forwarding the public key from the HSM device to the payment device occur at the time of initialization of the cash front device and the payment device.
  • step of forwarding the public key from the HSM device to the payment device comprises the following steps to: send the public key from the HSM device to the TEF concentrator device; send the public key from the EFT concentrator device to the cashier device; and send the public key from the cashier device to the payment device.
  • the request occurs after a buyer chooses to pay the transaction through a payment card.
  • the step of forwarding from the payment device to the HS1V1 device a message containing the transport key encrypted with the public key may comprise the steps of: sending said message from the device payment for the cash front device; storing said message in a box front device storage means and sending said message from the box front device to the TEF concentrator device; and storing said message on a storage device of the TEF concentrator device and sending said message from the TEF concentrator device to the HSM device,
  • the step of routing the acquirer identification information from an HSM device to a cash front device may comprise the steps of: sending the acquirer identification information from the HSM device for the TEF concentrator device; and sending the acquirer identifying information from the TEF concentrator device to the cashier device.
  • the request from the cashier device to the payment device can be made after sending the acquirer identification information from the TEF concentrator device to the cashier device.
  • the step of forwarding from the payment device to the HSM device the message containing the doubly encrypted additional information may comprise the steps of: sending said message from the payment device to the front device Of box; sending said message from the cashier device to the TEF concentrator device; and sending said message from the TEF concentrator device to the HSM device.
  • the payment device is a PIN pad device.
  • payment transactions may be debit transactions or credit transactions.
  • the HSM device may be arranged on premises or outside of premises.
  • the HSM device is shared by more than one establishment.
  • additional transaction information may include the payment card password.
  • Figure 1 shows the configuration of the payment transaction authorization system present in the state of the art
  • Figure 2 shows the configuration of the payment transaction authorization system proposed by the present invention
  • FIG. 3 shows the flowchart of steps of the payment transaction authorization method present in the prior art.
  • FIG. 4 shows the step flowchart of the payment transaction authorization method proposed by the present invention.
  • Figure 1 represents the payment transaction authorization system 1 used equally in the EFT market.
  • Authorization system 1 comprises an EFT concentrating device 4 which provides the merchant with control of the flow of payment transactions (debit and credit) as well as control of the services offered by various entities involved in a payment transaction. including acquirers, card banners, among others.
  • the TEF concentrating device 4 communicates with at least one box front device 3 (1 to "n"), which is the equipment in which the products involved in purchases are registered, commonly referred to as the "box". of the establishment.
  • Each cash-front device 3 is connected to a payment device 2 (1 to "n"), which consists of a PIN pad type equipment, adapted to current payment transaction standards (for example: certifications PCI, EMV, ABECS, among others), and capable of processing sensitive payment card data.
  • Payment devices 2 comprise keys and data encryption procedures of a plurality of acquirers securely stored in their hardware. Such payment devices 2 receive keys and data encryption procedures during their manufacturing process.
  • Said cash front device 3 comprises a merchant automation module 31 and an interface module 32 with the payment device 2.
  • the merchant automation module 31 performs the management of the merchant including inventory control, management operators and other systems specific to the needs of each type of trade.
  • Interface module 32 provides data exchange from the cashier device 3 with its respective payment device 2.
  • FIG. 2 shows the payment transaction authorization system 5 proposed by the present invention, wherein the payment devices 6, connected to the respective cash front devices 3 (1 to "n"), comprise keys and procedures. encryption of data from a plurality of acquirers securely stored on their hard drive. re “during their manufacture. Said payment devices 6 further comprise differentiated routines for handling credit and debit transactions that include an acquirer-specific encryption routines - called the owner - to protect sensitive card data involved in payment transactions.
  • the authorization system 5 further comprises an EFT concentrating device 4 which allows the merchant to control the flow of payment transactions (debit and credit).
  • the TEF concentrator device 4 communicates with at least one box front device 3 and an HSM device 7 provided by the proprietary acquirer.
  • the HSM 7 device is typically installed at the merchant's premises and consists of physically secure equipment used for key management and cryptographic processes.
  • the HSM 7 device includes protection systems that ensure its uselessness when there is any attempt to obtain the information stored in its memories.
  • the communications made between the components of the proposed payment transaction authorization system 5, ie cash-front device 3, TEF concentrator device 4, payment device 6 and HSM device 7, may be carried out in such a manner. secure with encryption by "hardware" and through at least one communication protocol.
  • the HS1V1 7 device is installed remotely (outside of the merchant's premises).
  • the HSM 7 device is shared by more than one merchant. This configuration is geared especially for small and medium sized businesses.
  • Both payment devices 6 and HS device 7 have a specific operating system that modifies the way these devices are used.
  • the present invention further provides data key timing between the acquirer and merchant security systems.
  • sensitive card data is stored in the memory of the unprotected, ie vulnerable, TEF 4 concentrator device. In some cases, sensitive card data is stored in the memory of the cashier device 3.
  • an EFT concentrator device 4 At the time of initialization of payment device 2 and cash front device 3, an EFT concentrator device 4 generates a cryptographic key pair (public and private) and sends the public key to at least one front device Box 3 (step S301). Then each cash-front device 3 stores the received public key and forwards it to the payment device 2 to which it is connected (step S302) which in turn stores the public key on a storage medium as , for example, a memory (step S303).
  • an operator of the cash-front device 3 Upon registration of purchases on a cash-front device 3, an operator of the cash-front device 3 asks the customer or buyer what the mode of payment is: cash, debit or credit.
  • the commercial automation module 31 of the cashier device 3 triggers the interface module 32, which asks the respective payment device 2 to send a key encrypted by the public key previously received at the time of initialization of payment device 2 and cashier device 3 (step S304), [0068]
  • payment device 2 Upon receipt of the request, payment device 2 generates a payment key 2. transport and encrypts it using the public key stored in it. The encrypted transport key is sent to the cashier device 3 (step S305).
  • the cashier device 3 upon receiving the encrypted transport key from the payment device 2, stores it in its memory and forwards it to the TEF concentrator device 4 (step S306).
  • the EFT concentrator device 4 uses the private key, where the private key is paired with the public key previously forwarded to the payment device 2, to decrypt the received message. In this way, the TEF concentrator device 4 obtains the transport key generated by the payment device 2 (step S307).
  • the cashier device 3 After forwarding the transport key to the TEF concentrator device 4, the cashier device 3 requests the payment device 2 to read the payment card chip or magnetic stripe (step S308). ). The payment device 2 therefore reads the card data for payment (step S309), encrypts the card sensitive data with the transport key (step S310) and forwards the encrypted data to the device of box front 3 (step S31 1).
  • Box front device 3 upon receiving the message with the data encrypted by the transport key, directs it to the TEF concentrator device 4 (step S312), which performs the following operations:
  • step S313 Decrypts the message with the transaction using the transport key and obtains and stores the payment card sensitive data (step S313);
  • B1 It identifies which acquirer is responsible for the transaction using a table that has the Bank Identification Number (BIN) list corresponding to the first six card number positions of the various acquirers and sends this information. Such information is required for the correct routing of transaction data to the cashier device 3 (step S314).
  • BIN Bank Identification Number
  • cashier 3 requests the respective payment device 2 to obtain additional transaction information such as additional chip and password data and to encrypt it using the identified acquirer's data encryption key (step S315).
  • payment device 2 Upon request from cash-front device 3, payment device 2 performs the following operations:
  • step S318 Captures additional information and encrypts it using the identified acquirer's encryption procedures (step S318); and [0079] D1. It then encrypts the entire data block with the transport key and forwards this block to the cashier device 3 (step S317).
  • the box front device 3 receives this block and forwards it to the TEF concentrator device 4 (step S318).
  • the TEF 4 concentrator decrypts the block with the transport key, adds the data that was stored in its memory in the decrypt step S313 and forwards the message to the acquirer's system for authorization of the transaction (step S319).
  • FIG 4 shows the flowchart of steps of the payment transaction authorization method of the present invention, which is performed by the payment transaction authorization system 5 shown in Figure 2.
  • a proprietary acquiring HSIvl 7 device At the time of initialization of cashier device 3 and payment device 6, a proprietary acquiring HSIvl 7 device generates a cryptographic key pair (public and private) and sends the public key to a cash concentrator device. TEF 4 (step S401).
  • the EFT concentrator device 4 forwards the public key to at least one cashier device 3 (step S402), which directs it to the payment device 6 to which it is connected (step S403).
  • the payment device 6 in turn stores the public key in its memory (step S404).
  • the at least one payment device 6 consists of PIN pad type equipment, meeting current standards - including, without limitation, PCI, EMV and ABECS certifications. 6 comprises keys and data encryption procedures of a plurality of purchasers, properly recorded on their hardware during security procedures in their manufacturing process.
  • the HSM 7 device which is provided by a particular purchaser (owner) to be installed preferably at the merchant's premises, has the specific data keys of said proprietary acquirer,
  • a cash-front device operator 3 After registering purchases on a cash-front device 3, a cash-front device operator 3 asks the customer or buyer what the mode of payment is: cash, debit or credit.
  • the cashier device 3 commercial automation module 31 triggers interface module 32, which requests the respective payment device 6 to send a cashier key. transport encrypted by the public key previously received at the time of initialization of the equipment (step S405).
  • payment device 6 generates a transport key, encrypts it using the public key stored therein, and sends it to cashier device 3 (step S406).
  • the cashier device 3 upon receiving the encrypted transport key from the payment device 6, stores it in its memory in order to maintain compatibility with the existing system, avoiding modifications to the cashier device 3, and forwards it to the TEF concentrator device 4 (step S407).
  • the TEF concentrator device forwards the message with the encrypted transport key to the HSM device 7 (step S408).
  • the HSM device 7 uses the private key, paired with the public key previously forwarded to the payment device 6, to decrypt the received message, thereby obtaining and storing the transport key generated by the payment device 6 (step S409).
  • the cashier device 3 After forwarding the transport key to the TEF concentrator device 4, the cashier device 3 asks the payment device 6 to read the payment card chip or magnetic stripe (step S410).
  • the payment device 6 therefore reads the card data for payment (step S41 1), encrypts the sensitive card data via the HSM proprietary acquirer data key recorded on its hardware. in its manufacturing process (step S412) and forwards the encrypted data to the cashier device 3 (step S413).
  • the cashier device 3 upon receiving the message with data encrypted by the acquirer's data key, forwards it to the TEF concentrator device 4 (step S414), which promptly directs it to the HSM device 7 (step S415). Then the HSM 7 device performs the following operations:
  • A2. Decrypts the encrypted message through the payment device 6 through the owner acquirer's data key, obtaining and storing the payment card sensitive data (step S416);
  • the EFT concentrating device 4 then directs the identifying information of the acquirer responsible for the transaction to the cashier device 3 (step S418), which in turn requests the respective payment device 6 to obtain additional information.
  • transaction data for example, additional chip data and password
  • encryption using the identified acquirer data encryption key step S419)
  • payment device 6 performs the following operations:
  • step S420 Captures additional information and encrypts it using the identified acquirer's encryption procedures (step S420); and [00104] D2. It then encrypts the entire data block again with the HSIVI proprietary acquirer's data key and forwards this block to the cashier device 3 (step S421),
  • the cashier device 3 receives this block and forwards it to the TEF concentrator device 4 (step S422), which directs it to the HSIVI device 7 (step S423).
  • the HSM device 7 then decrypts the block via the acquirer's data key, adds the data that was stored in its memory in the decrypt step S416, and forwards this new formatted message to the TEF concentrator device 4 ( step S424).
  • the message is sent with hardware cryptographic protection only when the identified responsible purchaser is the owner of the HSIVI 7 device. In other cases, this information is sent with software cryptographic protection. .
  • the TEF concentrating device 4 forwards the ready-formatted message from the HSIVI device 7 to the buyer's system for authorization of the transaction (step S425).
  • the proposed method - and the payment transaction authorization system 5 which implements it - prevent sensitive data from Payment card contents are stored unprotected - even temporarily - in the memory of the TEF concentrator device 4 and the cashier device 3 during the payment transaction.
  • sensitive card data is not vulnerable to malicious programs that may obtain it.

Abstract

La présente invention concerne un système (5) et un procédé d'autorisation de transactions de paiement par carte (crédit ou débit), visant à conférer davantage de sécurité aux données sensibles de la carte de paiement pendant la transaction. La solution proposée est destinée à des contextes impliquant divers acquéreurs de services de paiement, tels que, par exemple, le contexte brésilien. Le système (5) comprend un dispositif concentrateur de TEF (4), au moins un dispositif d'interface de caisse (3), au moins un dispositif de paiement (6) et un dispositif HSM ("Hardware Security Module") (7), fourni pour l'établissement par un acquéreur, au moins un dispositif de paiement (8) et le dispositif HSM (7) comprenant, enregistrés sur leurs « hardwares » respectifs, des clés et des opérations de cryptographie spécifiques de l'acquéreur propriétaire du dispositif HSM (7). On confère ainsi une sécurité de cryptographie par « hardware » aux communications réalisées entre les composants du système (5) dans une transaction de paiement. Le procédé de la présente invention confère une protection améliorée aux données sensibles de la carte par échange de données cryptographiées par « hardware » entre les composants du système (5), assurant en outre une compatibilité avec les systèmes d'interface de caisse présents dans l'état de la technique.
PCT/BR2016/050161 2015-07-20 2016-07-13 Système et procédé d'autorisation de transactions de paiement par carte WO2017011888A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BRBR102015017288-5 2015-07-20
BR102015017288A BR102015017288A2 (pt) 2015-07-20 2015-07-20 sistema e método de autorização de transações de pagamento por cartão

Publications (1)

Publication Number Publication Date
WO2017011888A1 true WO2017011888A1 (fr) 2017-01-26

Family

ID=57833497

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2016/050161 WO2017011888A1 (fr) 2015-07-20 2016-07-13 Système et procédé d'autorisation de transactions de paiement par carte

Country Status (3)

Country Link
AR (1) AR105355A1 (fr)
BR (1) BR102015017288A2 (fr)
WO (1) WO2017011888A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007010333A1 (fr) * 2005-07-20 2007-01-25 Hani Girgis Module de securite hote utilisant une serie de cartes intelligentes
US7278582B1 (en) * 2004-12-03 2007-10-09 Sun Microsystems, Inc. Hardware security module (HSM) chip card
WO2008042175A2 (fr) * 2006-09-29 2008-04-10 Cipheroptics, Inc. Système et procédé d'encapsulation de clé par cryptage
US20120310840A1 (en) * 2009-09-25 2012-12-06 Danilo Colombo Authentication method, payment authorisation method and corresponding electronic equipments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7278582B1 (en) * 2004-12-03 2007-10-09 Sun Microsystems, Inc. Hardware security module (HSM) chip card
WO2007010333A1 (fr) * 2005-07-20 2007-01-25 Hani Girgis Module de securite hote utilisant une serie de cartes intelligentes
WO2008042175A2 (fr) * 2006-09-29 2008-04-10 Cipheroptics, Inc. Système et procédé d'encapsulation de clé par cryptage
US20120310840A1 (en) * 2009-09-25 2012-12-06 Danilo Colombo Authentication method, payment authorisation method and corresponding electronic equipments

Also Published As

Publication number Publication date
AR105355A1 (es) 2017-09-27
BR102015017288A2 (pt) 2017-01-24

Similar Documents

Publication Publication Date Title
US20210295315A1 (en) Terminal Data Encryption
JP6438989B2 (ja) セキュアエレメントのトランザクション及びアセットの管理のための装置及び方法
US20210185020A1 (en) Systems and methods for creating fingerprints of encryption devices
US9686250B2 (en) Systems and methods for decryption as a service via a hardware security module
RU2631983C2 (ru) Защита данных с переводом
KR102150722B1 (ko) 보안 요소들이 구비되어 있지 않은 모바일 기기에서 어드밴스트 저장 키를 생성하는 방법 및 시스템
US20180322489A1 (en) System and method for restricted transaction processing
BRPI0615665A2 (pt) método para usar um número de conta assegurado para processar tipos de proximidade de transações financeiras sem fio, meio legìvel por computador, computador de servidor, dispositivo de comsumidor de proximidade portátil para executar transações sem contato, sistema para executar transações de pagamento, e, método para conduzir transações financeiras sem fio
BR112014020191A2 (pt) cartões de pagamento descartáveis
EP2324464A2 (fr) Procédé et dispositif électronique pour le transfert de données d application à partir d un dispositif électronique de source vers un dispositif électronique de destination
KR100725146B1 (ko) 카드 인식 장치를 이용한 결제 시스템 및 방법
US20160110713A1 (en) Method and system for secure global tokenization
US20230325803A1 (en) Payment processing system and method therefor
WO2017011888A1 (fr) Système et procédé d'autorisation de transactions de paiement par carte
US20170039557A1 (en) Virtual point of sale
US20200342458A1 (en) Techniques for processing pin-inclusive transactions in connection with an electronic device
US11880446B2 (en) Systems and methods for decryption as a service
CN112585638A (zh) 安全传送敏感数据的技术
PT106178A (pt) Sistema que permite a emissão de documentos electrónicos associados a pagamentos imediatos e presenciais

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16826947

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16826947

Country of ref document: EP

Kind code of ref document: A1