EP3105724A1 - Transaction securisee utilisant un dispositif mobile - Google Patents
Transaction securisee utilisant un dispositif mobileInfo
- Publication number
- EP3105724A1 EP3105724A1 EP15703617.9A EP15703617A EP3105724A1 EP 3105724 A1 EP3105724 A1 EP 3105724A1 EP 15703617 A EP15703617 A EP 15703617A EP 3105724 A1 EP3105724 A1 EP 3105724A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transaction
- mobile device
- service
- authentication
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 claims abstract description 35
- 230000004044 response Effects 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 22
- 230000006854 communication Effects 0.000 description 22
- 238000012545 processing Methods 0.000 description 18
- 238000012795 verification Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- ZLSSXLNNHMPGJW-UHFFFAOYSA-N [1-hydroxy-4-[methyl(pentyl)amino]-1-phosphonobutyl]phosphonic acid Chemical compound CCCCCN(C)CCCC(O)(P(O)(O)=O)P(O)(O)=O ZLSSXLNNHMPGJW-UHFFFAOYSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 150000001768 cations Chemical class 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- ORQBXQOJMQIAOY-UHFFFAOYSA-N nobelium Chemical compound [No] ORQBXQOJMQIAOY-UHFFFAOYSA-N 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
- G06Q20/027—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3276—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
Definitions
- the present disclosure relates to a method and system for performing an electronic transaction using a mobile device, and in particular a method and system for performing a secure electronic transaction.
- NFC interfaces Near Field Communication - Near Field Communication
- electro ⁇ magnetic transponders which could be of the contactless card.
- Such features improve eg the mobile device, allowing it to be used for various applica ⁇ tions, such as electronic wallet to make payments to access services such as transport networks.
- An object of embodiments of the present disclosure is to at least partially solve one or more needs of the prior art.
- a method for performing an electronic transaction using a mobile device comprising: receiving, by a first service facilitating system from a plurality of service facilitating systems, transaction data relating to the transaction, generating by the first service facilitator system a transaction identifier associated with the transaction, and transmitting the transaction identifier to the mobile device, wherein the transaction identifier is part of an electronic token that includes an identifier of the first system facilitating the transaction.
- the method further comprises, prior to receiving the transaction data by the first service facilitating system, communicating the transaction data between the mobile device and a transaction element.
- the transaction identifier is transmitted to the mobile device in an electronic token comprising a secure identifier, the token being in the form of one or more of the following: a QR code (fast response code) readable by an application installed on the mobile device; URL intent (Uniform resource locator) and wireless data transmission.
- a QR code fast response code
- URL intent Uniform resource locator
- the transaction initialization request is transmitted to one of these authentication systems known to the mobile device.
- the electronic token includes a URL (Uniform Resource Locator) associated with the first service enabler system.
- URL Uniform Resource Locator
- control transaction execution is transmitted to the first service facilitator system, and the method further comprises executing the tran ⁇ saction at least partially by the first service facilitator system.
- control transaction execution is transferred to a supplementary service facilitator system, and the method further comprises Executing ⁇ execution of the transaction at least partially by the supplementary service facilitator system.
- the method further comprises, after transmitting the transaction identifier to the first service facilitating system, the authentication system, from the service facilitating system, receiving at least some transaction data.
- the transaction is a payment from the user to a payee, and the transaction data includes at least the payment amount.
- the method further comprises, after receiving the transaction identifier from the authentication system: determining by the first service facilitating system a plurality of payment types supported by the recipient, and transmitting an indication of the types of payment to the authentication system.
- the method further comprises transmitting the indication of the plurality of payment types to the mobile device, and wirelessly receiving from the mobile device a selection of one of the plurality of types of payment.
- the method further comprises: determining by the authentication system a plurality of payment types supported by the mobile device, and transmitting an indication of the payment types to the first service facilitating system; and select by the service facilitator system or by the recipient at least one of the payment types.
- the authentication of the mobile device is based on authentication data stored at least partially in a secure element or in a trusted execution environment of the mobile device.
- the authentication data is one or more of the following: a secret key; a PIN entered by a user of the mobile device; and a biometric sample of a user of the mobile device captured by a capture device of the mobile device.
- a system for performing an electronic transaction comprising: a device mobile; an authentication system; a first service facilitator system adapted to receive transaction data relating to the transaction, to generate a transaction identifier associated with the transaction, and to transmit the transaction identifier to the mobile device; at least one additional service enabler system, wherein: the mobile device is adapted to transmit a transaction initialization request to the authentication system, the transaction initialization request including the transaction identifier, wherein the transaction identifier is part of an electronic token that includes an identifier of the first service enabler system; the authentication system is adapted to identify the first service enabler system based on said identifier of the first service enabler system, to transmit the transaction identifier to the first service enabler system, to authenticate the mobile device, and to transmit a transaction execution command to the first service enabler system; and the first service facilitating system is further adapted to execute at least a portion of the transaction in response to the transaction execution command.
- FIG 1 schematically illustrates a mobile device and a transaction component according to an exemplary Réali ⁇ tion of the present disclosure
- FIG. 2 schematically shows the mobile device of Figure 1 in more detail according to an exemplary Réali ⁇ tion of the present disclosure
- 3 schematically represents the communi ⁇ cations between elements in an electronic transaction system according to an exemplary embodiment of the present disclosure
- FIG. 4 is a flowchart showing steps in a method of performing an electro ⁇ nic transaction according to an embodiment of the present description
- FIG. 5 illustrates an example of hardware implementing elements of the system of FIG. 3 according to exemplary embodiments of the present description
- Figure 6 illustrates a portion of a payment system according to another embodiment of the present description.
- Figure 1 schematically illustrates a mobile device 102 suitable for wireless communications, and to perform an electronic transaction.
- the mobile device 102 is a mobile phone, a smart phone, a tablet computer, a digital media player or the like, and includes a display 104, for example a touch screen.
- the mobile device 102 is shown in communi cation with a transaction ⁇ member 106.
- communication between the mobile device 102 and the transaction element is at least partially via a wireless interface, such as an NFC interface, a wireless data connection via a telecommunication network, a Bluetooth interface or a wireless local area network (WLAN).
- a wireless interface such as an NFC interface, a wireless data connection via a telecommunication network, a Bluetooth interface or a wireless local area network (WLAN).
- WLAN wireless local area network
- the transaction element 106 may communicate with the mobile device 102 using a camera of the mobile device 102.
- the transaction element 106 may include a display to display a bar code as a QR code (Quick Response Code), which can be captured by the camera and interpreted using a suitable application loaded on the mobile device 102.
- the transaction element 106 could be integrated into the mobile device 102.
- the mobile device 102 can store and execute an application of a merchant implementing the transaction element 106. in such a case, the transaction element 106 for example communicates with other circuits of the mobile device by generating an intention, such as a URL intention (uniform resource locator intent).
- an intention such as a URL intention (uniform resource locator intent).
- an intention is a digital message passed to the operating system of a mobile operative part ⁇ available from an application takes running on the mobile device, which causes call some applica ⁇ and password information as a parameter to the application.
- a type of intent may cause a web browser of the mobile device to access a specific location.
- the intent URI universal identification ⁇ fier resource
- https: // WEB_ADDRESS activates the navigation application to a mobile device and directs the browser to the location identified by the web address.
- the electronic transaction is an electronic payment
- the element of tran ⁇ saction 106 is a payment terminal.
- the electronic transaction could be any of a range of electronic services provided between the mobile device 102 and the transaction element 106, such as an electronic payment, including a card payment or a cardless payment.
- establishing a direct payment facility such as an electronic money order, a document or contract signature, a data verification, such as an address or age verification, and / or an authentication verification of the mobile device or a user of the mobile device.
- An electronic warrant is for example an agreement authorizing a merchant to receive one or more direct debit payments from a customer.
- the transaction element 106 is for example posi ⁇ tioned at an entrance barrier of a controlled access area, such as a transport network, or at a point of sale in a store or restaurant .
- the mobile device 102 is for example relatively close to the transaction element 106, and the communication between the mobile device and the transaction element is for example made by NFC, the mobile device emulating a wireless transponder .
- other forms of wireless communications between the mobile device 102 and the transaction element 106 could be envisioned, such as a wireless connection via Bluetooth or via a wireless local area network (WLAN). ).
- the mobile device 102 could be remote from the transaction element 106, and the communication between the mobile device and the transaction element could be via one or more intervening networks. , as a data network of a telecommunication network and / or the internet network. In such a case, the transaction element could correspond to a remote server of a merchant.
- Figure 2 schematically illustrates in more detail the mobile device 102 according to an exemplary embodiment.
- the device 102 comprises for example a contactless front-end integrated circuit (CLF) 202, which will be referred to herein as the NFC router.
- CLF contactless front-end integrated circuit
- the NFC router 202 is coupled to an NFC antenna 204, and together the router 202 and the antenna 204 provide an NFC circuit for emulating the behavior of an NFC transponder.
- the NFC router 202 is also for example coupled to a host processing device (P) 206 of the mobile device 102.
- the processing device 206 comprises for example one or more processors under the control of instructions stored in an instruction memory ( MEM MEM) 208.
- MEM MEM instruction memory
- the NFC router 202 is also for example coupled to a secure element (SE) 210, which is for example an integrated SE (eSE), and / or a SIM or SIM universal circuit 212.
- SE secure element
- eSE integrated SE
- SIM or SIM universal circuit 212 is for example coupled in addition to the processing device 206.
- the processing device 206 can perform host card emulation (HCE), which means that NFC communications are routed to the host processing device 206 which emulates the behavior of an NFC secure element. This makes it possible to perform secure NFC transactions directly by the processing device 206 without requiring the presence of a secure element in the mobile device 102.
- HCE host card emulation
- the processing device 206 is also for example coupled to: an antenna 214 enabling telecommunications in a cellular network; an antenna 215 for Wi-Fi communications (wireless fidelity); and / or an antenna 216 enabling ultra-wide band (or UWB) RF communications.
- the mobile device 102 may comprise only one or some of the antennas 214, 215 and 216.
- the mobile device 102 further comprises a user interface 218, for example comprising a display, a keypad and / or or a touch screen, coupled to the processing device 206.
- the mobile device 102 also includes, for example, an image capture device 220, comprising an image sensor for capturing digital images.
- the image capture device 220 is capable of capturing machine readable codes such as QR codes, and the mobile device 102 stores a suitable software application for interpreting the machine readable code.
- the image capture device 220 or a separate image sensor is capable of capturing biometric samples such as a fingerprint, a finger vein or a retina analysis.
- the mobile device 102 includes a trusted execution environment (TEE) 222 which for example includes a memory device 224. storing one or more software applications and a trai device processing resource allocation ⁇ ment 206 for running software applications in isolation with respect to the execution of other software applications stored in the instruction memory.
- TEE trusted execution environment
- the trusted execution environment 222 is used for executing sensitive software applications, such as an application for entering a PIN (personal identification number) and / or for capturing a biometric sample.
- FIG. 3 represents an electronic transaction system 300 supporting the execution of an electronic transaction between the mobile device 102 and the transaction element 106.
- the system 300 comprises, for example, in addition to the mobile device 102 and the mobile device 102.
- transaction element 106 an authentication system 301A and a service facilitating system 301B.
- the transaction element 106 could be integrated into the mobile device 102.
- the authentication system 301A provides an interface between the service facilitating system 301B and the mobile device 102, and is arranged to authenticate the mobile device 102 prior to the execution of a transaction.
- the authentication system 301A is capable of establishing a secure data connection with the mobile device 102, for example by using symmetric key cryptography or public key cryptography for the transmission of data packets.
- the secure connection is for example obtained by using an application executing in the trusted execution environment 222 of the mobile device 102 and / or by using a secure element of the mobile device 102, to store the key data used to authenticate the mobile device 102.
- the 301A authentication system corresponds to one or more servers associated with a bank of which a user of the mobile device 102 is a customer.
- the service facilitating system 301B comprises for example one or more servers arranged to execute or otherwise facilitate the execution of the electronic transaction.
- the service facilitating system 301B corresponds for example to a payment service provider, or a payment gateway, interconnecting several payment networks and / or acquiring banks, and is arranged to perform appropriate processing such as authentication and deletion in connection with the payment transaction.
- the service facilitating system 301B is a server that provides an interface between multiple transaction elements 106 and several authentication systems 301A that may be present. in the system.
- there may be more than one service facilitating systems 301B each of which may be adapted to handle a different type of electronic transaction such as transaction transactions. payment for different types of cards.
- communications between the service facilitating system 301B and the authentication system 301A utilize symmetric key cryptography or public key cryptography.
- FIG. 4 is a flow chart showing steps in a method for performing an electro ⁇ nic transaction using the mobile device 102. An example of operations in such a method will now be described in more detail with reference to both FIGS. 4.
- details of a transaction are received by the service facilitating system 301B and a transaction identifier is generated.
- the mobile device 102 and the transaction element 106 interact to initiate the electronic transaction.
- a user of the mobile device 102 has made a purchase in a store or restaurant, via the internet or using a merchant application on the mobile device, and wishes to use the mobile device 102 to perform a payment transaction.
- the user initiates e.g. the payment transaction using the mobile dispo ⁇ operative part 102.
- the mobile device is for example brought close to the transaction component 106 to trigger NFC communications between the mobile device 102 and 'transaction element 106, so that the transaction data is communicated to the mobile device 102.
- the transaction component 106 can transmit the transaction details to the mobile device 102 by the inter ⁇ lakeire of the internet .
- the user confirms such transaction data using a keypad of the mobile device, and a message confir ⁇ mation is transmitted from the mobile device 102 to the transaction element 106, to initiate creating a transaction.
- the user of the mobile device 102 wishes to initiate a different type of transaction, for example the establishment of a recurring payment order, such as an electronic money order, the signature of a document or a contract, a change of address, or responding to an address or age check.
- a recurring payment order such as an electronic money order, the signature of a document or a contract, a change of address, or responding to an address or age check.
- transaction data describing the transaction are for example transmitted to the mobile device 102, and the user confirms, for example, that he wishes to proceed with the transaction on the basis of these transactions.
- transaction data A confirmation message is then transmitted from the mobile device 102 to the transaction element 106.
- the transaction element 106 then makes an electronic transaction request to the service facilitating system 301B, as represented by the arrow 302, which request includes the transaction data.
- the transaction data may include one or more of the following: a transaction type of the electronic transaction, for example a payment, an age / address check, etc., an electronic money order, etc. identifiers of the parties involved in the transaction, such as a merchant account identifier or number associated with the transaction element 106 and the user of the mobile device 102; and other appropriate details of the transaction, such as a payment amount, currency, details of a warrant to be executed, etc.
- the service facilitating system 301B In response to receiving the transaction data, the service facilitating system 301B for example stores this data in a memory (not shown in FIG. 3), and generates the transaction identifier associated with the transaction.
- the transaction identifier could be a binary value of at least 32 bits long.
- the transaction identifier uniquely identifies the transaction. For example, two transactions made the same day by the same user to the same transaction item 106 using the mobile device 102 will each receive a different transaction identifier assignment by the service facilitating system 301B.
- the transaction identifier is transmitted to the mobile device 102. This operation is represented by an arrow 303 in FIG.
- this operation involves the transmission by the service facilitating system 301B of an electronic token to the mobile device 102, the electronic token including the identifier of the transaction.
- the electronic token includes data identifying the service facilitating system 301B that issued the token.
- the electronic token includes a URL or web address of the service facilitating system 301B.
- the token may include a secure identifier, allowing the token to be authenticated by the mobile device and / or the authentication system 301A.
- the token for example, takes the form of a QR code (fast response code) which can be decoded by an appropriate application stored on the mobile device 102.
- the token may take the form of an intention. URL that calls a transaction or payment application stored in the mobile device 102, and passes to this application the data of the electronic token.
- the electronic token may be transmitted to the mobile device 102 over the internet and / or through a data network or communication network.
- the electronic token can be transmitted to the mobile device 102 via the transaction element 106 and using the NFC interface, or in the case where the token is a visual element such as a QR code, it could be transmitted to and displayed on a display of the transaction element 106, and then captured by a camera of the mobile device 102.
- the transaction identifier is transmitted by the mobile device 102 to the authentication system 301A.
- the mobile device 102 transmits a transaction initialization request to the authentication system 301A comprising the transaction identifier.
- This operation is represented by an arrow 304 in FIG. 3.
- the reception by the mobile device 102 of the electronic token containing the transaction identifier activates an application of the mobile device 102 associated with the authentication system. 301A, which causes the transmission of the transaction initialization request comprising the identi bomb of ⁇ transaction system 301A authentication.
- the transaction identifier is transmitted by the authentication system 301A to the service facilitating system 301B.
- the authentication system 301A identifies the service enabler system based on the data included in or part of the transaction identifier identifying the service enabler system. This operation is represented by an arrow 305 in FIG. 3.
- the transaction identifier is transmitted to the service facilitating system 301B in the form of a request for the transaction data, and the service facilitating system 301B responds in turn. providing the authentication system 301A with at least some of the transaction data associated with the transaction.
- the service facilitating system 301A may locate in its memory the associated transaction data provided originally by the transaction element 106.
- a payment type may be selected by the mobile device 102 or by the transaction element 106.
- the payment type indicates a type of payment card, which may correspond to the brand card, such as VISA, MASTERCARD, AMERICAN EXPRESS, etc. (The names VISA, MASTERCARD and AMERICAN EXPRESS may be associated with one or more registered trademarks).
- VISA VISA
- MASTERCARD AMERICAN EXPRESS
- the payment type indicates a means of payment to be used for the transaction, for example a payment using the PAN number (primary account number) of a credit or debit card, or an IBAN number. (international bank transfer).
- the service facilitating system 301B may transmit to the authentication system 301A a list of one or more types of payments accepted by the transaction element 106, in other words by the merchant.
- the authentication system 301A may then select one of the payment types accepted as the default type to be offered to the user of the mobile device 102.
- an indication of a plurality of accepted payment types may be provided. to be transmitted to the mobile device 102, and the user of the mobile device 102 may be given an option to select one of these payment types to be used for the transaction.
- the authentication system 301A indicates to the service facilitating system 301B, with the transaction data request, one or more payment types accepted by the mobile device.
- the service facilitating system 301B and / or the transaction element 106 may select a preferred payment type from among these payment types, and inform the authentication system 301A of this selection when transmitting transaction data.
- the authentication involves the launch by the authentication system 301A of an authentication application on the mobile device 102.
- the authentication application is for example carried out in the EXE environment ⁇ trusted execution 222 of the mobile device 102, and / or a secure element 102.
- the authentication available ⁇ mobile operative part 102 involves checking the maintained or provided by the mobile device 102 data.
- authentication of the mobile device involves verifying that the mobile device is operated by an authorized user. This implies, for example, request that the user of the mobile device 102 provide input data, as a biome sample ⁇ stick, a PIN or password.
- the authentication application requests that the user type a PIN or password on a keypad of the mobile device 102 and / or place a finger on a fingerprint sensor. digital devices of the mobile device 102, and captures an image of the fingerprint.
- the verification of this data occurs for example in the trusted execution environment 222 of the mobile device, and the result of the authentication is transmitted to the system. authen ⁇ tification 301A.
- the user data is transmitted by the mobile device 102 to the authentication system 301A, and the verification of this data is performed by the authentication system 301A.
- the mobile device 102 may be authenticated by verifying data, such as a secret key, stored by the mobile device 102, for example in the secure element 210.
- the authentication system 301A also transmits for example at least some of the details of the transaction to the mobile device 102, such as a payment amount and / or a merchant indication, and asks to confirm that the transaction can take place.
- the mobile device 102 responds for example to the authentication system 301A by a confirmation message confirming that the user has accepted the transaction.
- the system authenticates ⁇ fication 301A is for example informed and the transaction is canceled.
- the authentication system 301A if the authentication has been successfully performed by the authentication system 301A, the authentication system then generates, for example, a transaction execution command causing the transaction to be executed in a server. following operation 412 of FIG.
- the transaction execution command is for example transmitted by the authentication system 301A to the service facilitating system 301B.
- this command may be accompanied by a proof of authentication, such as a cryptographic confirmation, signed by the authentication system 301A, ensuring that the authentication has been successful.
- the service facilitating system 301B then performs the electronic transaction, for example, either directly or by initiating the transaction and causing other systems to complete the transaction.
- the execution of the transaction may involve additional processing by one or more other systems, as a payment authorization and an erasure.
- the service facilitating system 301B may also send a message to the authentication system 301A indicating the final result of the transaction.
- the authentication system 301 transmits, for example, the command executing a transaction to another service enabler (not shown in Figure 3), which at least partially executes the transaction, and provides the result of the transaction to the authentication system 301A.
- the arrow 307 of Figure 3 represents a result of final tran ⁇ saction, which is then transmitted from the system authen ⁇ tification 301A to 301B service facilitator equipment, and communications represented by the arrows 308 and 309 are no longer realized.
- the result of the transaction is for example transmitted to the mobile device 102.
- the service facilitating system 301B also informs the transaction element. 106 of the result of the transaction, and can provide appropriate data as a payment reference.
- Figure 5 schematically shows hardware that could be used to implement at least a portion of the authentication system 301A and / or the service facilitating system 301B of Figure 3 to perform the method of Figure 4.
- the circuit 500 comprises for example a processing device 502 which may comprise one or more processors, under the control of instructions stored in an instruction memory 504.
- a memory storage device 506 is also coupled to the processing device 502, and for example stores the transaction identifier in association with the transaction data.
- the processing device 502 is also coupled to a communication interface 508, which allows ⁇ communi cation via a wired and / or wireless network, with the mobile device 102 or the transaction element 106.
- the circuit 500 includes a secure processing environment 510, which includes, for example, a secure microprocessor 512, under the control of an instruction memory 514, storing one or more software applications that can be executed in isolation from the execution of other software applications stored in the instruction memory 504.
- the environment of secure processing 510 is used for executing sensitive software applications, such as an application for encrypting communications, and / or for verifying sensitive data such as biometric data or a PIN.
- FIG. 6 illustrates a portion of an electronic transaction system 600, similar to the system 300 of Figure 3, but in which there are several authentication systems 301A and several service enablers 301B.
- each of the authentication systems 301A is for example coupled to one or more devices
- each of the service facilitating systems 301B is for example coupled to one or more transaction elements.
- a wired and / or wireless communication network 602 enables each of the 301A authentication systems to communicate with each of the service facilitating systems.
- the communication network 602 for example provides routing of the network, but does not include a central infra ⁇ structure as a routing directory.
- a mobile device receives an electronic token from one of the service facilitating systems 301B, it transmits, for example, the transaction identifier to one of the authentication systems 301A.
- This authentication system is capable of identifying, based on the transaction identifier and / or additional identifying information, the service facilitating system that issued the identification. transaction indicator.
- the authentication system is thus able to transmit, via the communication network 602, the transaction identifier directly to the service facilitating system that generated it, and to receive in response at least some of the transaction data. corresponding to the transaction.
- An advantage of the embodiments described herein is that an electronic transaction can be realized without the exchange of sensitive data, such as a credit card number, between the transaction element 106 and the mobile device 102.
- sensitive data such as a credit card number
- Another advantage is that an electronic transaction can be launched by a mobile device, and that the system does not rely on a centralized server to allow the transaction dé ⁇ ⁇ lement.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19207568.7A EP3627419B1 (fr) | 2014-02-14 | 2015-02-11 | Transaction sécurisée utilisant un dispositif mobile |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1451202A FR3017733B1 (fr) | 2014-02-14 | 2014-02-14 | Transaction securisee utilisant un dispositif mobile |
PCT/EP2015/052883 WO2015121307A1 (fr) | 2014-02-14 | 2015-02-11 | Transaction securisee utilisant un dispositif mobile |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19207568.7A Division EP3627419B1 (fr) | 2014-02-14 | 2015-02-11 | Transaction sécurisée utilisant un dispositif mobile |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3105724A1 true EP3105724A1 (fr) | 2016-12-21 |
Family
ID=51014405
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19207568.7A Active EP3627419B1 (fr) | 2014-02-14 | 2015-02-11 | Transaction sécurisée utilisant un dispositif mobile |
EP15703617.9A Ceased EP3105724A1 (fr) | 2014-02-14 | 2015-02-11 | Transaction securisee utilisant un dispositif mobile |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19207568.7A Active EP3627419B1 (fr) | 2014-02-14 | 2015-02-11 | Transaction sécurisée utilisant un dispositif mobile |
Country Status (4)
Country | Link |
---|---|
EP (2) | EP3627419B1 (fr) |
ES (1) | ES2973842T3 (fr) |
FR (1) | FR3017733B1 (fr) |
WO (1) | WO2015121307A1 (fr) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3049369A1 (fr) * | 2016-03-24 | 2017-09-29 | Orange | Procede de transfert de transaction, procede de transaction et terminal mettant en œuvre au moins l'un d'eux |
US10956905B2 (en) | 2017-10-05 | 2021-03-23 | The Toronto-Dominion Bank | System and method of session key generation and exchange |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7292996B2 (en) * | 2000-10-06 | 2007-11-06 | Openwave Systems Inc. | Method and apparatus for performing a credit based transaction between a user of a wireless communications device and a provider of a product or service |
EP2189932B1 (fr) * | 2008-11-24 | 2020-07-15 | BlackBerry Limited | Système de paiement électronique utilisant un dispositif mobile de communications sans fil et procédés correspondants |
WO2011130422A2 (fr) * | 2010-04-13 | 2011-10-20 | Visa International Service Association | Téléphone mobile en tant que commutateur |
EP2631860B1 (fr) * | 2012-02-24 | 2016-02-24 | POSPartner GmbH | Envoi de code 2D par interface matérielle d'un clavier NIP |
-
2014
- 2014-02-14 FR FR1451202A patent/FR3017733B1/fr active Active
-
2015
- 2015-02-11 WO PCT/EP2015/052883 patent/WO2015121307A1/fr active Application Filing
- 2015-02-11 ES ES19207568T patent/ES2973842T3/es active Active
- 2015-02-11 EP EP19207568.7A patent/EP3627419B1/fr active Active
- 2015-02-11 EP EP15703617.9A patent/EP3105724A1/fr not_active Ceased
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2015121307A1 * |
Also Published As
Publication number | Publication date |
---|---|
ES2973842T3 (es) | 2024-06-24 |
WO2015121307A1 (fr) | 2015-08-20 |
EP3627419B1 (fr) | 2024-02-07 |
EP3627419C0 (fr) | 2024-02-07 |
FR3017733B1 (fr) | 2017-08-25 |
FR3017733A1 (fr) | 2015-08-21 |
EP3627419A1 (fr) | 2020-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102624700B1 (ko) | IoT 장치와 애플리케이션 간의 생체 식별 및 검증 | |
EP2455923B1 (fr) | Serveur de transaction NFC | |
US10037082B2 (en) | Physical interaction dependent transactions | |
EP3221815B1 (fr) | Procédé de sécurisation d'un jeton de paiement. | |
JP6858203B2 (ja) | 近距離無線通信nfcベースの取引方式およびデバイス | |
US10885509B2 (en) | Bridge device for linking wireless protocols | |
US9413534B2 (en) | Mobile device-based keypad for enhanced security | |
JP2023522835A (ja) | 暗号化認証のためのシステム及び方法 | |
EP2873045A1 (fr) | Entite electronique securisee pour l'autorisation d'une transaction | |
US10373146B2 (en) | Smart card NFC secure money transfer | |
US20170202040A1 (en) | Dongle device for automatic pairing to a local device | |
EP1817890A1 (fr) | Procede, systeme et carte a microcontroleur pour la communication de services d'application depuis une carte a microcontroleur vers un terminal | |
EP3252692A1 (fr) | Procédé de fourniture de données relatives à une transaction de paiement, dispositif et programme correspondant | |
EP3627419B1 (fr) | Transaction sécurisée utilisant un dispositif mobile | |
CN110023936A (zh) | 供基于卡片的交易中使用的临时卡片安全码的生成和验证 | |
Poroye | Secure contactless mobile financial services with Near Field Communication | |
EP2867837B1 (fr) | Système de transmission sécurisée de données numériques | |
De Bruin | A Wallet-Less Mobile Payment System Using Near Field Communication (NFC) | |
EP4198791B1 (fr) | Transaction nfc | |
FR2980012A1 (fr) | Systeme et procede d'authentification par code personnel | |
EP4198792A1 (fr) | Transaction nfc | |
EP4198790A1 (fr) | Transaction nfc | |
Aldughayfiq | NFC-mobile payment system based on POS terminal authentication | |
FR2967514A1 (fr) | Procede et systeme de transaction nfc | |
WO2016108017A1 (fr) | Procédé de vérification d'une requête de paiement comprenant la détermination de la localisation du provisionnement d'un jeton de paiement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20160819 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20180115 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: BANCONTACT PAYCONIQ COMPANY |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20191123 |