Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/409—Device specific authentication in transaction processing
  • G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash

Definitions

• the field of the invention is that of remote service provision. More precisely, the invention relates to a method and a system allowing players of a virtual casino (or any service provider offering games: individual or played in a group), to access in a safe and rapid manner, by means of a connected microphone. to a communication network, to the various games that the virtual casino offers to its players.
• the problem is to prevent a malicious user from accessing the virtual casino without being authorized, without paying the corresponding rights or by claiming that he did not participate in the games of money debited to him by the casino. virtual.
• access keys generated by memory cards and to modify the telephone handsets so that they can read the memory cards.
• the said card emits short acoustic identification signals, of DTMF type, encrypted at least in part, varying with each operation, when it is actuated by the player, - the said acoustic identification signals are received by the microphone and transmitted by the communication network to the IT department of the virtual casino,
• the transmitted signals and the identification data of the player and the card held by the IT department are processed and compared electronically by the IT department of the virtual casino.
• the virtual casino can verify that the caller has an authentic card and not a computer decoy. He was also able to identify the card holder as being a person authorized to use the services he offers. So that in case of coincidence, the player is immediately put in communication with the voice server or the operator of the virtual casino.
• fraudsters no longer have the possibility of stealing identification data since they are automatically transmitted in encrypted form.
• recording, in any form whatsoever, acoustic signals will not be of any use to a fraudster to be identified by the virtual casino. Indeed, the acoustic identification signals vary with each operation. That is to say each time the card is pressed.
• said card Preferably said card:
• the method further comprises the following step: the player transmits, by means of a keyboard associated with the telephone handset and / or the card, a confidential code. After transmission to the virtual casino IT department, via the communication network, this confidential code is processed and compared to the player's personal confidential code held by the virtual casino IT department.
• the virtual casino can verify that the caller is the person authorized to enter into contact with its services. A stolen card cannot be used by the thief for lack of knowing the confidential code.
• the process further comprises the following step:
• the orders given by the player to the virtual casino are validated by the player by actuating the card so that it emits an encrypted acoustic validation signal, - the said validation signal is recorded by the computer service of the virtual casino.
• the method according to the invention may include the following additional step:
• the invention also relates to a system allowing the players of a virtual casino, to access in a safe and rapid manner, the various games that the virtual casino offers to its players.
• the characteristic of this system is to understand the means for implementing the method defined above and its variant embodiments. More specifically: -
• the system according to the invention comprises a card, in credit card format, personalized with specific identifiers for each card and each player, made available to them.
• the card includes means for transmitting brief acoustic identification signals. These transmission means are actuated by the player by means of an element accessible from the outside of the card.
• the card also comprises encryption means making it possible to encrypt at least in part and to vary the acoustic signals each time the card is actuated.
• the system according to the invention comprises means for receiving and transforming acoustic signals, in particular a microphone of a telephone handset, into electronic signals transmissible remotely by means of a communication network, -
• the system according to invention comprises computer means, dependent on the computer service of the virtual casino, connected to the communication network and located remotely from the means for receiving acoustic signals, said computer means comprising:
• the virtual casino can verify that the caller has an authentic card and not a computer decoy. He was also able to identify the card holder as being a person authorized to use the services he offers. So that in case of coincidence, the player is immediately put in communication with the voice server or the operator of the virtual casino. Furthermore, fraudsters no longer have the possibility of stealing identification data since they are automatically transmitted in encrypted form. In addition, the recording, in any form whatsoever, of acoustic signals will not be of any use to a fraudster to be identified by the computer services of the virtual casino. Indeed, the acoustic identification signals vary with each operation. That is to say each time the card is pressed.
• said card further comprises:
• said computer means further include:
• said means of processing and said means of comparing electronic signals and identification data contained in the database include means making it possible to recalculate the electronic signals according to the state
• the system further comprises second means for comparing a personal confidential code to the player, contained in the database, with a confidential code issued by the player.
• This code is issued by means of a keyboard associated with the telephone handset and / or the card and transmitted to the computer means of the virtual casino, by the communication network.
• the virtual casino can verify that the caller is indeed a person authorized to participate in the games. A stolen card cannot be used by the thief for lack of knowing the confidential code.
• the system according to the invention is such that:
• said card also emits, when activated by the player of the virtual casino, an encrypted acoustic signal for validation of the orders given by the player,
• Said computer means further comprise means for detecting and recording the validation signal. Thanks to this system, the player validated, by an electronic signature, the order he gave to the virtual casino.
• the computer means further comprising means for editing an acknowledgment of receipt of the orders given, intended to be addressed to the player.
• FIG. 1 showing a schematic perspective view of the system and the method according to the invention
• FIG. 2 presenting the map in the form of a block diagram
• the system and method according to the invention allow the player 11 to call, in a safe and rapid manner, in particular by means of a telephone handset 16 comprising a microphone 17, the services (the various games) 30 as the virtual casino 12 provides its players 11.
• the telephone handset 16, located remotely from the computer services 18 of the virtual casino, is connected to the computer services 18 via a communication network 15.
• the system includes a card 10, in credit card format , personalized with specific identifiers for each card and for each player 11. This card is made available to 1 1 players by the virtual casino.
• the card 10 comprises transmission means, in particular a loudspeaker 13 emitting brief acoustic identification signals 20, of the DTMF type.
• These signals are emitted when the emission means 13 and the organs which control them are actuated by the player by means of a button 14 accessible from the outside of the card (not visible in FIG. 1 because located on the other side of the card).
• These transmission means 13 are excited by a DTMF signal generator 99, controlled by a microprocessor 104 supplied by a battery 106 and controlled by a resonator 107.
• the microprocessor 104 contained in the card comprises encryption means 103 making it possible to encrypt, at least in part, the acoustic signals 20, comprising an encryption algorithm 108 and identifiers 109 specific for each card 10 and for each player 11, in particular the secret key 250 used by the encryption algorithm 108.
• the acoustic signals 20 are received by the microphone 17 of the telephone handset, against which the player attaches the card 10.
• the system also comprises means 19 for transmitting the acoustic signals 20, located in the telephone handset 16. These means transmission 19 transmit the acoustic signals remotely, after processing and conversion into electronic signals, via the communication network 15.
• the system also includes computer means 21, dependent on the computer services 18 of the virtual casino.
• These IT means are connected to the communication network 15 and located at a distance from the telephone handsets 16.
• These IT means 21 themselves include:
• a database 23 containing the references of the cards and the players and their identification data
• the microprocessor 104 and the encryption means 103 are designed so that the acoustic signal 20 varies with each operation. Indeed, to encrypt an identification code is to transform it into a series of information, incomprehensible to everyone, and that only the holder of the encryption key can decrypt. But that absolutely does not prevent the copy of the encrypted identification code, either during its acoustic transmission (tape recorder), or by hacking of the telephone line. This copy, used unduly by a fraudster, will be treated by the receiving system as having all the characteristics of the original, then interpreted in order to verify the identifiers of the card.
• One of the variants consists in using a so-called timestamping function (for example, as described in US Pat. No. 4,998,279).
• This time stamping function uses the "time” parameter which is constantly changing. The "copy” is thus late when it is issued.
• Such a solution requires synchronization between the transmission means 13 and the computer means 21. For this, both must have a "time base” and a “frequency standard”. These two time bases have their own precision and their own drift. As a result, they slowly out of sync, but gradually. To overcome this technical difficulty, a certain drift is tolerated between the time bases of the transmission means 13 and computer means 21. The greater this drift, the more the uncertainty increases on the "validity" of the information received. and more increases the risk of fraud.
• any illegal copy of the transmission of the encrypted signal, and fraudulently reused within 30 seconds, will be perceived as valid by the computer means analysis system 21.
• Another variant consists to use incremental lists (for example, as described in US Patent No. 4,928,098).
• the sending and receiving devices have the ordered list of successive encryption of the identification code or else have algorithms allowing them to be established as they arise.
• the computer means 21 are awaiting the encrypted result C (n). If they actually receive the message C (n), it validates the operation.
• the computer means 21 can receive a different message, in fact the user of the card can have actuated the transmission means 13 of the card several times, by play, by mistake, so that the card is in the situation to send the encrypted result C (n + p) when it is next used with the computer means 21. If the computer means 21 receive a different message, they search forward, in the list of successive encrypted results, if there is a message C (n + p) identical to that received. To resolve the ambiguity "is this an authentic message sent by the sender?" or "is this a fraudulent message?", the solution is to request or wait for the next transmission.
• the microprocessor 104 on board the card 10 includes an incremental counter 105.
• the incremental counter 105 is incremented by one or more units. Obviously, like a ratchet wheel, it cannot go back, it cannot that advance with each use.
• the state C (p, n) 242 of the counter 105 enters into the calculation of the encrypted message 244 transmitted by the transmission means 13.
• the coded part S (p, n) 241 is calculated by the algorithm 108 (the equivalent of which 247 is stored in the computer means 21 by means of the secret key 250 specific to each card and of the state C (p, n) 242 of the counter 105.
• the card 10 transmits , in addition to the identification number I (p) 240 of the card and the encrypted identification code S (p, n) 241, the state C (p, n) 242 of its incremental counter 105 on each transmission.
• the computer means 21 store 230, in the data base 23, the state C (p, n) 242 of the incremental counter 105 during the last validated operation.
• the comparison means 25 of the computer means 21 can compare 245 the information received relating to the state C (p, n) 242 of the counter 105, with the previous information received C (p, m) 2 46 and kept in memory 230, 23. a) - If state C (p, n) 242 of counter 105 (fig. 2) expressed in message 244 is strictly greater (n> m) than that C (p, m) 246 previously received, then message 244 is accepted and analysis continues.
• the encrypted code S '(p, n) 248 thus calculated is compared 249 to that actually received S (p, n) 241, by comparison means 25.
• This method and these means therefore make it possible to validate or invalidate the message 244, without it being necessary for the user of the card to actuate it several times, as is the case in the variant embodiment described above.
• the existence within the card 10 of an incremental counter 105 makes it possible, at no additional cost, to fix, at the time of the individual programming of the card, the number maximum number of times the card can be used. Once this maximum is reached, the latter no longer sends a coherent message and is therefore refused by the computer means 21.
• the frame 244 transmitted contains, for a given card (p),
• variable part S (p, n) 241 apparently random (the result of an encryption algorithm 108 on the secret key 250 specific to this card (p)).
• - is always different from one card to another, - is, for a given card, always different on each issue.
• the computer means 21 allow, for a given card (p), to:
• the computer means 21 also comprise second comparison means 26. These comparison means make it possible to compare a personal confidential code with the player
• This code is transmitted by means of a keyboard 27 associated with the telephone handset 16 and / or the card 10 and transmitted to the computer means 21 of the virtual casino, by the communication network. 15.
• the virtual casino has the assurance that the caller 11 is indeed the person authorized to enter into contact with his services. A stolen card cannot be used by the thief for lack of knowing the confidential code.
• the system according to the invention is such that:
• the card 10 emits, when it is actuated 14 by the player, an encrypted acoustic signal for validation of the orders given by the player 11, - the said computer means 21 comprise means of detection 21a and recording 21b of the signal of confirmation.
• the computer means 21 further comprise means 28 for editing an acknowledgment 29 of the orders given. This acknowledgment of receipt is addressed to player 11.

Landscapes

• Engineering & Computer Science (AREA)
• Business, Economics & Management (AREA)
• Accounting & Taxation (AREA)
• Computer Security & Cryptography (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Finance (AREA)
• General Business, Economics & Management (AREA)
• Strategic Management (AREA)
• Theoretical Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Economics (AREA)
• Development Economics (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Telephonic Communication Services (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=9496212

Family Applications (1)

Country Status (5)

Families Citing this family (47)

Family Cites Families (26)

• 1996
  • 1996-09-25 FR FR9611916A patent/FR2753861B1/fr not_active Expired - Fee Related
• 1997
  • 1997-09-25 WO PCT/FR1997/001687 patent/WO1998013972A1/fr not_active Application Discontinuation
  • 1997-09-25 AU AU43893/97A patent/AU4389397A/en not_active Abandoned
  • 1997-09-25 EP EP97942092A patent/EP1008252A1/de not_active Withdrawn
  • 1997-09-25 US US09/269,349 patent/US6904520B1/en not_active Expired - Lifetime

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events