Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/12—Payment architectures specially adapted for electronic shopping systems
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/322—Aspects of commerce using mobile devices [M-devices]
  • G06Q20/3223—Realising banking transactions through M-devices
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
  • G06Q20/102—Bill distribution or payments
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/327—Short range or proximity payments by means of M-devices
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/327—Short range or proximity payments by means of M-devices
  • G06Q20/3272—Short range or proximity payments by means of M-devices using an audio code
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/327—Short range or proximity payments by means of M-devices
  • G06Q20/3274—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

• the invention relates to the field of data exchange security during transactions.
• OTP One Time Password
• OTPs have a short validity period, of the order of a few minutes, and become obsolete after a single use.
• OTPs are transmitted through an intermediary, often the customer's banking organization, by texting on a customer's phone, or SMS for "Short Message Service" in English.
• OTP makes it possible to exempt the customer from entering a code durably linked to his means of payment, for example a PIN code (PIN for "Personal Identification Number" in English) of a smart card or a registered cryptogram. on a payment card.
• PIN code PIN for "Personal Identification Number” in English
• the sending of an OTP to the customer is triggered only upon receipt of a request from the merchant to the intermediary. To be established, such a request requires the customer to provide the merchant with sensitive data such as the identity of his bank, an identifier of the means of payment, a name, a first name, etc.
• sensitive data such as the identity of his bank, an identifier of the means of payment, a name, a first name, etc.
• the customer must often provide other sensitive data such as personal data: physical delivery address, billing address, email, telephone numbers, delivery information such as digicodes, hours of presence at home etc.
• the Applicant proposes a method of transaction security initialized between a first communication terminal available and a transaction device via a server.
• the method comprises:
• the comparison triggering in case of correspondence between the two code sequences, associating the second terminal, the second user and the transaction, making it possible to issue authorization for the continuation of the transaction between the second terminal and the transaction device associated with the server.
• Such a method allows a first user to initiate a transaction with the transaction device, for example a command of an object to be delivered, on the first terminal.
• the first terminal and / or a part of the network used may not be secure, be poorly secured or have an unknown level of security on the part of the first user.
• the user may nevertheless prefer to use a computer of an Internet café for a better comfort of navigation rather than to use a smartphone whose screen is smaller ("smartphone" is used here in the sense of "ordiphone” in French).
• the smartphone can be used as the second terminal. It is then useless for the user to enter sensitive data, including banking and personal data, on the first terminal. In other words, the transaction is possible without the sensitive data passing through the first terminal or a portion of network whose security is unknown.
• the applicant proposes a server for securing an initialized transaction between a first communication terminal and a transaction device, the server being able to communicate with a second communication terminal and with the transaction device, the server comprising:
• a comparator a first sequence of codes transmitted with a first data stream associated with the transaction, by a transmitter from the server to the transaction device, the data of the first stream comprising the first series of codes derived from a private key associated with the second user, and
• the comparator being able, in case of correspondence between the two code sequences, to associate the second terminal, the transaction device and the transaction, triggering
• a device for authorizing the continuation of the transaction between the second terminal and the associated transaction device, via the server a device for authorizing the continuation of the transaction between the second terminal and the associated transaction device, via the server.
• the Applicant proposes an initialized transaction validation method between a first communication terminal and a transaction device, implemented by a second communication terminal.
• the method includes: inserting into a second data stream a second code sequence in response to a receipt of a first code sequence associated with the transaction by the transaction device in a first data stream from a server; second sequence of codes being taken from a private key associated with the transaction device, the second stream being adapted to be transmitted from the second terminal to the server.
• the Applicant proposes a communication terminal capable of communicating with a server and comprising a validation device.
• the validation device comprises:
• the Applicant proposes a computer program comprising instructions for the implementation of one and / or the other of the processes when this program is executed by a processor.
• the following features may optionally be implemented. They can be implemented independently of each other or in combination with each other: -
• the first stream is transmitted continuously in response to a request from the transaction device sent to the server, and is interrupted at the closing of the transaction .
• the continuous transmission of the first stream containing the first sequence of codes makes it possible to repeat the comparison until a sufficient level of correspondence is detected between a first transmitted sequence and a second received sequence.
• the first code sequence of the first stream takes the form of multimedia content.
• the second terminal is equipped with a sensor, it will be useless to connect the first terminal 11 and the second terminal 12 to each other via a physical or wireless connection so that a first user having the first terminal and the second terminal, reading the first received code sequence seize on its second terminal a second sequence of code that will be transmitted in a second stream.
• the comparison of the first code sequence and the second code sequence comprises: verifying that the correspondence level of the second sequence with the first sequence is greater than a predefined matching threshold value and less than 100%.
• the authorization of the continuation of the transaction includes:
• the second stream includes data for capturing multimedia content via at least one sensor of the second terminal, the second series of codes being included in the capture data of the multimedia content.
• the validation method further comprises: capturing a multimedia content contained in the first stream, received by the first terminal of the transaction device, and reproduced by the first terminal, the capture being performed via at least one sensor of the second terminal, the multimedia content including the first series of codes.
• the first terminal receives the first sequence of code in a multimedia content that it reproduces, it will be useless to connect the first terminal and the second terminal to one another via a physical or wireless connection so that a first user reading the first code sequence received on its first terminal enters on its second terminal a second sequence of code that will be transmitted in a second stream.
• the capture of the multimedia content reproduced by the first terminal comprises at least one of the following operations:
• photographing and / or filming by means of an optical sensor of the second terminal, a display screen of the first terminal displaying a succession of still or moving images, or a video;
• Optical sensors and microphones are generally present on known devices available to users, including smart phones. It is then useless for the first user to acquire a terminal or dedicated equipment.
• the validation process furthermore comprises, between the capture of the multimedia content and the transmission of the at least part of the first series of codes, an operation of deciphering the codes contained in the multimedia content captured by the second terminal, the second stream capable of being transmitted comprising the second sequence of codes in decrypted form and taken from the captured multimedia content. The amount of data to be transmitted from the second terminal is then reduced.
• FIG. 1 shows a system for implementing a method according to one or more embodiments of the invention
• FIG. 2 shows a diagram illustrating a set of proposed methods according to one or more embodiments of the invention.
• FIG. 1 represents interactions between three distinct entities and generally distant from each other: a client system 11, 12, a transaction device 20 and a server 30.
• a first user 1 has the client system 11-12 composed of a first communication terminal 11 and a second communication terminal 12.
• a second user 2 has the unit 20, also known as transaction.
• a third entity 3 has a server 30.
• the three separate entities are the first user 1, the second user 2 and the third entity 3.
• the system comprises the following elements: the terminals 11, 12, the unit 20 and the server 30.
• the aforementioned elements implement respective methods.
• the processes can therefore essentially be implemented by computer means.
• the methods are then described as a whole in order to better understand how the elements interact in operation.
• Those skilled in the art understand that the distinct elements above are intended to work together and having links between them. It is the same for the process aspects of the invention.
• the first user 1 is a person wishing to purchase an article via the Internet and have it delivered to the home.
• the second user 2 is a merchant managing a point of sale, for example via a commercial website, and wishing to sell an article to the first user 1.
• the third entity 3 is distinct from the first user 1 and the second user 2.
• the third entity 3 acts as a trusted third party between the first user 1 and the second user 2.
• the third entity 3 may, for example, be a bank.
• the term "bank” refers generally to a commercial and / or financial intermediary and should not be equated with a particular legal or regulatory status.
• the first terminal 11 designates a terminal by which the first user 1 does not want to pass data that he considers sensitive, for example when he has doubts about the good security data that have entered.
• the first terminal 11 may be loaned to the first user 1 or be connected to a public Wi-Fi type network whose first user 1 does not control the security features.
• the second terminal 12 designates, on the contrary, a trusted terminal for the first user 1.
• the second terminal 12 may be a telephone or a personal computer of the first user 1 and be connected to a trusted network.
• trust are here understood in their relative sense by comparison with the first terminal 11, it being understood that no connected terminal can ensure absolute security of the data entered therein.
• the first terminal 11 is a computer while the second terminal 12 is a smartphone ("smartphone” being here equivalent to “ordiphone” or “smart phone”).
• the terminals 1, 2 are of another type.
• the first terminal 11 comprises communication means, also called transaction transmitter, able to put the first terminal 11 into communication with the unit 20, for example via the Internet network.
• the means of communication involve packet data transfer protocols (such as for example the IP protocol (in English, "Internet Protocol”)).
• the first terminal 11 furthermore comprises several input / output interfaces, such as a graphic interface including a screen 111, and a loudspeaker 112.
• the input / output interfaces can be integrated in the first terminal 1 or be deported , for example by means of peripherals connected to the first terminal 11.
• the second terminal 12 comprises communication means capable of placing the second terminal 12 in communication with the server 30, for example via the Internet network.
• the means of communication involve packet data transfer protocols.
• the second terminal 12 further comprises communication means compatible with a telecommunications network of the mobile telephony type, for example compatible GSM, GPRS, EDGE, 3G, 4G or LTE. Other means may be considered.
• the second terminal 12 also comprises input / output interfaces, here sensors, for example an optical sensor 121 and a microphone 122.
• the input / output interfaces can be integrated in the second terminal 12 or be remote, for example by means of devices communicating with the second terminal 12.
• Each of the first terminal 11 and the second terminal 12 includes several devices, or units, among which respectively a transaction interface 115 and a validation device 125, each including one or more processors that control the operations of the first terminal 11, respectively the second terminal 12, as a central processing unit (CPU) or another hardware processor, and a memory associated (for example, a random access memory (RAM), a read only memory (ROM), a cache memory and / or a flash memory, or any other storage medium capable of storing software code in the form of instructions executable by a processor or data structures accessed by a processor) operatively coupled to the processor (s).
• Each of the first terminal 11 and the second terminal 12 includes an operating system and programs, components, modules, applications in the form of software executed by the processor (s), which can be, in one or more modes of realization, stored in a non-volatile memory.
• the unit 20 and the server 30 each include one or more processors, such as a central processing unit (CPU) or other hardware processor, and an associated memory (for example, a random access memory (RAM), a read only memory (ROM), a cache memory and / or a flash memory, or any other storage medium capable of storing software code in the form of instructions executable by a processor or of data structures accessible by a processor) operatively coupled to the processor (s) (s).
• the unit 20 and the server 30 each include an operating system and programs, components, modules, software applications executed by the processor (s), which may be in one or more embodiments , stored in a non-volatile memory.
• the unit 20 comprises means of communication with the server 30 of the third party entity 3 on the one hand and with the first terminal 11 on the other hand.
• the server 30 includes a transmitter enabling the transmission of the first stream 100 between the server 30.
• the unit 20 comprises a first transmitter capable of receiving the first stream 100 from the transmitter of the server 30.
• the unit 20 further comprises a second transmitter, said transaction transmitter, allowing the exchanges between the unit 20 and the first terminal 11.
• the first stream 100 will be received from the server 30 by the first transmitter unit 20 and, eventually, issued by the second transmitter from the unit to the first terminal 11.
• the unit 20 includes a background portion (or "back-end” in English) including the processor (s) and the means of communication with the server 30 of the third party entity 3.
• the unit 20 includes a portion in frontal (or "front-end” in English).
• the front part includes, here, a website accessible via the Internet by the first user 1, that is to say a user interface.
• the server 30 comprises means of communication with the second terminal 12 of the first user 1 on the one hand and with the unit 20 of the second user 2 on the other hand.
• the server 30 comprises a receiver able to wait for the reception of data from the second terminal 12 of the first user 1 (in particular the second stream 200 of written after), and a transmitter able to transmit data to the second terminal 12, l issuer that may be distinct or common to the issuer mentioned above.
• the communication channels between the server 30 of the third party entity 3 and the second terminal 12 of the first user 1, as well as the communication channels between the server 30 (or first transmitter) of the entity third 3 and the background portion of the unit 20 of the second user 2, are secured.
• the transaction device 20 comprises a comparator of code sequences comparing a first sequence of codes transmitted in a first stream of the transaction device from a server, in particular from the third party entity, to a second sequence of code received in a second stream received from a second terminal, in particular from the first user.
• the transaction device 20 comprises, in particular, a first transmitter transmitting the first stream to the server, in particular the third party entity, and / or a receiver receiving the second stream.
• the transaction device 20 comprises, in particular, an authorization device allowing the continuation of the transaction between the second terminal and the transaction device via the server, that is to say, in particular, the continuation of the transaction between the first user and the second user through the third party entity.
• the transaction device 20 includes a user interface allowing the first user through his first terminal to initiate a transaction with the second user, such as a website.
• the comparison of the codes and / or the authorization is carried out by the transaction device 20 rather than by the server 30, in particular of the third party entity 3.
• the methods begin when a transaction is started beforehand.
• the first user 1 as a client of the transaction device 20, in particular the second user 2, selects on the website a set of one or more items he wishes to acquire.
• This set usually called “basket”, includes a set of information considered as non-sensitive. For example, item IDs, item quantities, availability dates, delivery dates possible and / or price of items.
• the basket does not include any banking or personal information relating to the first user 1.
• the first user 1 is not identified and is substantially anonymous from the point of view of the unit 20 and the user.
• second user 2. No sensitive data has passed through the first terminal 11 and the communication channels connecting the first terminal 11 to the unit 20, potentially unsecured.
• the first user 1 can accept to transmit personal data, for example by identifying with the website of the transaction device 20, including the second user 2.
• This may, for example, allow the unit 20, especially the second user 2, to adapt to the first user 1 by adapting the navigation on the website to pre-recorded preferences or by suggesting articles according to the preferences of the first user 1.
• some personal data such as an identifier and a password can be entered on the first terminal 11. Nevertheless, the bank data of the first user 1 are not entered there.
• the transaction is started.
• This initial state corresponds to the operation referenced 1001 in FIG. 2.
• the operation 1001 is implemented as soon as the basket is validated.
• the transaction device 20, in particular the second user 2 can propose to a first terminal 11, in particular the first user 1, the implementation of the system according to the invention as a choice among other methods of transactions. for example known methods in themselves.
• the first user 1 can choose the level of security of his data, for example according to his confidence for the first terminal 11.
• the operation 1001 is implemented when the first User 1 selected a method according to the invention.
• the transaction is initialized by the operation 1001.
• the unit 20 transmits to the server 30 a request comprising an identifier of the initialized transaction and an identifier of the unit 20.
• the identifier of the unit 20 may to be integrated in the identifier of the transaction, for example by means of a unique transaction number of which a portion corresponds to an identifier of the unit 20.
• the identifier of the transaction allows in particular to distinguish, later, two simultaneous transactions from the same unit 20.
• the request may also be accompanied by the provision of data relating to the current transaction, for example the price to be paid.
• the server 30 stores the data relating to the current transaction in order to call them later to confirm or cancel the transaction.
• the data relating to the current transaction may be transmitted from the unit 20 to the server 30 during a subsequent operation.
• the request may also include a list of data types that the transaction device 20 requires, such as the second user 2 wishes to obtain.
• a list may include a classification of the type of data desired.
• the obtaining by the transaction device 20, especially the second user 2 of a delivery address can be classified as a mandatory data type, that is, in the absence of which the unit 20 will not confirm the transaction. In the case where a delivery address is not obtained, the transaction can not succeed. On the contrary, obtaining a telephone number of the first user 1 can be classified as optional.
• the request has no list of desired data.
• Such a list can be established generally for any transaction, for example when the transaction device is subscribed, in particular the second user 2, to the services of the server 30, in particular of the third party entity 3, or subsequently at the time of the transaction. verification of the transaction. Such a list may also not be established.
• the server 30 In an operation 1003, the server 30 generates a first sequence 101 of codes specific to the transaction.
• the server 30 thus comprises a code generator.
• the first sequence 101, or series, of codes is generated for each transaction.
• the code generator is a pseudo-random number generator (or PRNG for "PseudoRandom Number Gêner ator" in English).
• PRNG pseudo-random number generator
• the generator implements an algorithm capable of generating dynamic codes derived from a seed specific to each transaction device 20, in particular to each second user 2.
• the seed is derived from a private key of the transaction device 20, in particular a private key of the second user 2.
• the code generator can generate an almost infinite number and substantially continuously consisting of a series of codes.
• the code sequence can also be seen as a dynamic code.
• the code sequence can for example be generated substantially continuously throughout the duration of the transaction.
• the code generation operation 1003 starts upon receipt of the request from the unit 20 and can continue until the end of the transaction and concurrently with the operations described below. Generating a sequence of codes continuously, or a dynamic code makes it difficult to decode by a malicious third party. But the code becomes useless at the end of the transaction. It is enough that the code remains indecipherable the time of the transaction.
• code generators may be implemented to generate a first sequence of codes.
• the server 30 transmits to the unit 20 the first sequence 101 of codes.
• the first sequence 101 is transmitted in a first stream 100 of data transmitted from the server 30 to the unit 20.
• the first stream 100 passes through a secure channel between the server 30 and the unit 20.
• the first stream 100 is substantially continuous (in the form of "streaming" in English) until the end of the transaction, defects and errors in the communication between the server 30 and the unit 20. In other words, depending on the quality of the communication, portions of the first suite 101 may be missing upon receipt by the unit 20.
• the first suite 101 is further stored by the server 30.
• the first suite 101 is registered associated with data identifying the transaction.
• the unit 20 transmits to the first terminal 11 the first stream 100 received from the unit 20, including the first suite 101.
• the unit 20 acts as a relay between the server 30 and the first terminal 11.
• the first stream 100 is also substantially continuous between the server 30 and the unit 20. Faultes and errors in the communication between the server 30 and the unit 20 and between the unit 20 and the first terminal 11 can cause problems. losses between the first sequence 101 generated by the server 3 and the first suite 101 received by the first terminal 11. Such losses can be considered negligible. Nevertheless, the possibility of such losses will be taken into account later.
• the first terminal 11 upon receipt of the first stream 100 by the first terminal 11, the first terminal 11 is arranged to broadcast a multimedia content 130 including at least a portion of the first sequence 101 of codes.
• Multimedia content 130 may include, for example, sound, still images, motion pictures, videos, or a combination of such mediums.
• the multimedia content 130 is broadcast via the screen 111 and / or the loudspeaker 112 of the first terminal 11.
• the first suite 101 is encoded into a multimedia content 130 by the server 30 itself after the generation of the codes and before transmission to the unit 20.
• the first suite 101 is present in the form of multimedia content 130 as soon as it is transmitted to the unit 20, in particular the second user 2, in the first stream 100.
• the multimedia content 130 is streamed by the server 30 to the first terminal 11 via the unit 20.
• the first sequence 101 may be encoded into a multimedia content 130 a posteriori, for example by the unit 20 before being transmitted to the first terminal 11.
• the multimedia content 130 broadcast by the first terminal 11 is captured by the second terminal 12.
• the capture comprises:
• the display screen 111 of the first terminal 11 displaying a succession of still or moving images, or a video, and / or
• the microphone 122 of the second terminal 12 by means of the microphone 122 of the second terminal 12, the sound emitted by the speaker 112 of the first terminal 11.
• the sensors of the second terminal 12 contributed are selected compatible with the type of multimedia content 130 (sounds, images stills, moving pictures, videos or combinations of the preceding forms).
• the first user 1 uses his smartphone 12 to capture the content broadcast by the computer of the cybercafe.
• the multimedia content 130 picked up by the second terminal 12 is stored at least temporarily in a memory of the terminal 12, for example a buffer memory.
• the second terminal 12 transmits to the server 30, including the third entity 3, a second stream 200 of data.
• the second terminal 12 comprises a transmitter capable of transmitting, from the terminal 12 to the server 30, the second stream 200.
• the transmission can be carried out continuously (streaming mode).
• the second data stream 200 comprises a second code sequence 201.
• the second code suite 201 is derived from the multimedia content 130 as captured by the second terminal 12.
• the second code suite 201 at least partially comprises the first code string 101.
• the differences between the first sequence 101 and the second sequence 201 correspond to the successive information losses, namely here the information losses due to the communication failures between the server 30 and the unit 20, the communication defects between the unit 20 and the first terminal 11 and the loss of information due to the passage of the multimedia content 130 from the first terminal 11 to the second terminal 12 by capture-diffusion.
• the second suite 201 can therefore be seen as part of a sequence of codes taken from the multimedia content 130 picked up by the sensors 121 and / or 122, and validated by the validation device 125 of the second terminal 12.
• the validation device 125 comprises a flow generator inserting in the second stream 200 of data the second series of codes 201 in response to the reception of the first suite 101.
• the transmission of data by broadcasting and capturing multimedia content can generate a substantial loss of information. Nevertheless, it is unnecessary to connect the first terminal 11 and the second terminal 12 to each other via a physical or wireless connection.
• the first user 1 can thus ensure that the first terminal 11 and the second terminal 12 do not communicate by computer. The risk to the security of the second terminal 12 and the data to which it is possible to access via the second terminal 12 is thus reduced.
• the second terminal 12 transmits no information to the first terminal 11.
• the capture-diffusion transmission is one-way.
• the transmission-capture transmission of multimedia content requires components and software generally available on the usual terminals (speaker, screen, microphone, optical sensor and corresponding software).
• the second sequence 201 of codes is extracted from the multimedia content 130.
• the multimedia content 130 is decrypted, totally or partially, so as to obtain the second sequence 201 of codes.
• the operation 1009 is implemented, at least in part, by the second terminal 12, before the implementation of the operation 1008, before the transmission of the second suite 201 to the server 30.
• the second terminal 12 is equipped with a decryption module, also called decryption device or decryptor.
• the decryptor can take the form of an application or software installed on the second terminal 12.
• Such a decryptor can, for example, be implemented in the validation device 125 or, according to the embodiment, implemented by the validation device 125 the second terminal 12 and via an application previously installed on the second terminal 12.
• existing terminals can be made to conform to the second terminal 12 according to the invention by a software modification ("software") without which it is necessary to intervene physically on the terminal (“hardware").
• Such applications may be provided by the third party entity providing the service.
• the decryption is partial.
• the amount of data transmitted to the server 3 is low and the complete decryption remains centralized on the server 30.
• the second stream 200 may comprise the second suite 201 in at least partially decrypted form.
• the transmission can be carried out via a secure channel between the second terminal 12 and the server 30.
• the amount of data transmitted from the second terminal 12 to the server 30 is small, which may be particularly desirable, for example. example when the amount of data received and / or transmitted affects the costs incurred by the second user 2, for example in the context of a mobile phone subscription.
• the operation 1009 is implemented by the server 30, after the implementation of the operation 1008 and on receiving the second stream 200 from the second terminal 12.
• the second terminal 12 may be devoid of decipherer.
• the second stream 200 may comprise for example the multimedia content 130 in a raw form, not decrypted, as captured by the second terminal 12.
• the second stream 200 includes capture data of the multimedia content 130.
• the server 30 comprises a decryptor.
• the computing power of the validation device 125, the second terminal 12 is not used for decryption and therefore remains available for other uses.
• the decryptor can be located centrally on the server 30. By centralizing the decryption module on the server 30, coding characteristics of the multimedia content can remain partly secret, accessible only to the third party entity 3, this which makes the task of malicious third parties more complex.
• operation 1010 is implemented.
• the first code sequence 101 and the second code sequence 201 are compared with each other.
• the server 30 comprises a comparison module, also called comparison device or comparator.
• the comparator may take the form of an application or software installed on the server 30. Such a comparator may, for example, be implemented in the server 30 or implemented by the server 30 via a server. application previously installed on the server 30.
• the server 30 verifies that the correspondence level of the second suite 201 with the first suite 101 is greater than a threshold value C of predefined correspondence, for example expressed as a percentage .
• the threshold value C is selected so as to detect a theoretical identity of the codes of the second sequence 201 and the codes of the first sequence 101 while taking into account the transmission errors that may occur between the transmission of the first stream 100 to the unit 20, in particular the second user 2, (operation 1004) and the reception of the second stream 200 (operation 1008) from the second terminal 12, in particular from the first user 1.
• the threshold value C can be selected equal to (100 - X)%, where the value of X is selected as a function of the quality of the communication means implemented, for example proportional to the sum of the percentages of losses by transmission error.
• the server 30 may implement, for example prior to the operation 1010, a verification of the validity of the second sequence 200 of codes received, for example according to the pseudo-random generation rules.
• a code analysis makes it possible to check whether the codes are compatible with the pseudo-arbitrary generation rules implemented at the generation of the codes. An incompatibility indicates on the contrary a corruption of the transaction. Security measures can be taken accordingly, including the end of the transaction if it can be identified later (operation 1020). Thus, security against fraud is further improved.
• the operation 1010 is repeated until a sufficient level of correspondence is detected between a first sequence 101 transmitted (operation 1004) and a second sequence 201 received (operation 1008).
• This is particularly advantageous in combination with continuous operation of the method: when the code sequence is generated substantially continuously, the first stream 100 and the second stream 200 can also be transmitted substantially continuously (in "streaming" mode). A temporary break in the transmission circuit of the code sequence does not interrupt the process.
• the process for the second received stream 200 may be terminated.
• the process for the corresponding transaction can be terminated.
• the transactions initialized at the server 30 (operation 1003) and the second stream 200 received by the server 30 (operation 1008) are not yet associated with each other by the server 3 (subsequent operation 1011 ). In such cases, stopping the comparison iterations (operation 1010) and stopping the transaction (operations 1003 and 1004) are treated separately.
• the stop condition of the iterations and the end of the process may for example be based on an assumed validity period. For example, a timer is started upon receipt of the second stream 200 (operation 1008). If the elapsed time exceeds a predetermined time, then the comparison process (operation 1010) is terminated. The second stream 200 is then ignored. In this case at least, the server 30 is equipped with a clock. Operation 1015 can also limit the number of iterations, for example by means of an iteration counter. Other conditions can be implemented during the operation 1015. Preferably, an error message and / or interruption of the transaction is sent in response to the second terminal 12 at the origin of the second stream 200 .
• a stopwatch can also be started (operations 1003 and 1004). If the elapsed time exceeds a predetermined time, then the code generation and transmission processes of the first stream (100) are terminated (operations 1003 and 1004).
• the server 30 is equipped with a clock.
• an error message and / or interruption of the transaction is sent in response to the unit 20 at the origin of the request (operation 1002).
• the server 3 waits for a return of a second device 12 (not yet identified) in response to the transaction. In the absence of a satisfactory response (a second series 201 of codes corresponding to the first series 101), the transaction is terminated (operation 1020).
• the second terminal 12, the transaction device 20 and the current transaction are associated (In particular, the first user 1, the second user 2, and the current transaction are associated).
• the server 30 identifies the second terminal 12, in particular the first user 1, as being the client of the transaction device 20, in particular the second user 2, in the current transaction.
• the server in particular of the third party entity 3, can act as a trusted intermediary between the second terminal 12 and the transaction device 20, in particular the first user 1 and the second user 2, in the context of the transaction.
• the server 30 may receive an identifier of the first user 1 transmitted by the second terminal 12, for example included in the second stream 200 of data.
• the continuation of the transaction is authorized between the second terminal 12 and the transaction device 20, in particular between the first user 1 and the second user 2, via the server 30, and therefore, in particular, the third entity 3.
• the authorization is implemented by the server 30.
• the server 30 includes an authorization device allowing the continuation of the transaction between the second terminal 12 and the transaction device 20 , in particular between the first user 1 and the second associated user 2, via the third party entity 3.
• the transaction authorization authorization operation 1012 comprises the transmission of data from the second terminal 12, in particular the first user 1, to the unit 20, in particular the second user 2, through the server 30 acting relay.
• the first user 1 can transmit sensitive data, for example bank and / or personal, without going through the first potentially unsecured terminal 1.
• the server 30 transmits sensitive data relating to the first user 1 to the unit 20 at least partially automatically.
• the server 30 may have access to at least some of the sensitive data of the first user 1.
• the first user 1 may have provided the third party 3 some of the sensitive data prior to the transaction, for example during a subscription to the service by the first user 1.
• the first user may have provided the third party with a default delivery address and bank details.
• Such data is stored on one or more databases accessible to the server 30.
• the first user 1 may also have given prior authorization to the server 30 to transmit said data in such a way that Automated as soon as a transaction is authorized. In this case, the server 30 may be exempted from requesting additional confirmation from the first user 1 at each transaction.
• the authorization of the continuation of the transaction may comprise: sending sensitive data relating to the first user 1 to the unit 20, in particular the second user 2, from the server 30, in particular from the third entity 3.
• Such embodiments are particularly advantageous when the third party 3 controlling the server 30 is an organization such as a usual banking organization of the first user 1. Often for regulatory reasons, the banking organizations have at least some banking information and in the case of the first user 1. In such cases, the server 30 may, rather than transmit the bank details to the unit 20, transmit a confirmation of the transaction to the unit 20.
• the financial exchanges can then be carried out a posteriori: the third entity 3 made then also function of financial intermediary.
• the third-party entity 3 can substitute the first user 1 as the payer with respect to the second user 2 and group the payments of several transactions of several first users into a single payment, for example by a periodic payment. of all transactions confirmed during a previous period.
• the server 30 can bill each first user 1 by grouping several transactions of the same first user 1.
• the server 30 can transmit to the second terminal 12, in particular the first user 1, a request for confirmation of the transaction.
• a request may comprise, for example, a reference of the transaction, a price corresponding to the transaction and optionally requests for additional information from the transaction device, in particular the second user 2 as described herein. before (email, phone number, etc.).
• the server 30 can in turn transmit a confirmation of the transaction to the unit 20, in particular the second user 2, optionally accompanied by data provided by the first user 1 via the second terminal 12.
• the server 30 may optionally transmit a confirmation of the transaction to the second terminal 12, and therefore, in particular to the first user 1 via the second terminal 12.
• the process is terminated in operation 1020.
• Operation 1020 indicates the end of the process, whether the transaction is finally completed or canceled.
• the server 30 may, at any time, receive a refusal of confirmation, ie a reversal, of the transaction by the second terminal 12, in particular the first user 1 and / or on the part of the transaction device, in particular the second 2.
• the process is terminated by the operation 1020, optionally after transmitting cancellation messages of the transaction to the second terminal 12, in particular the first user 1 and / or the transaction device, particular of the second user 2.
• the first stream 100 is transmitted continuously in response to a request from the transaction device 20 addressed to the server 3, and is interrupted at the closing of the transaction.
• closing the transaction here means either a realization or a cancellation of the transaction.
• the stored codes can be erased.
• the comparisons of the operation 1010 may be limited to the active transactions to associate each second stream 200 received by the server 30 to an active transaction.
• a transaction security method initialized between a first communication terminal available to a first user and a transaction device of a second user via a server of a third entity comprises:
• a first code sequence transmitted with a first data flow associated with the transaction, from the server of the third party entity to the second user's transaction device, the data of the first stream comprising the first series of codes taken from a private key; associated with the second user, and
• Such a method allows the first user to initiate a transaction with the second user, for example a command of an object to be delivered, on the first terminal.
• the first terminal and / or a part of the network used may not be secure, be poorly secured or have an unknown level of security on the part of the first user.
• the user may nevertheless prefer to use a computer of an Internet café for a better comfort of navigation rather than to use a smartphone whose screen is smaller ("smartphone” is used here in the sense of "ordiphone” in French).
• the smartphone can be used as the second terminal. It is then useless for the user to enter sensitive data, including banking and personal data, on the first terminal. In other words, the transaction is possible without the sensitive data passing through the first terminal or a portion of network whose security is unknown.
• the applicant proposes a server of a third entity to secure a transaction initiated between a first communication terminal available to a first user and a transaction device of a second user, the server being able to communicate with a second communication terminal available to the first user and with the transaction device of the second user, the server comprising:
• a first code sequence transmitted with a first data stream associated with the transaction, by a sender from the server of the third party entity to the second user's transaction device, the data of the first stream comprising the first series of codes drawn; a private key associated with the second user, and
• the comparator being adapted, in case of correspondence between the two code sequences, to associate the first user, the second user and the transaction, triggering
• a device for authorizing the continuation of the transaction between the first user and the second associated user, via the third party entity a device for authorizing the continuation of the transaction between the first user and the second associated user, via the third party entity.
• the Applicant proposes an initialized transaction validation method between a first communication terminal available to a first user and a transaction device of a second user, implemented by a second communication terminal available. of the first user.
• the method comprises: inserting in a second data stream a second code sequence in response to a receipt of a first code sequence associated with the transaction by the second user's transaction device in a first data stream from a server of a third entity, the second code sequence being derived from a private key associated with the second user, the second stream being adapted to be transmitted from the second terminal to the server of the third party entity.
• the Applicant proposes a communication terminal capable of communicating with a server and comprising a validation device.
• the validation device comprises:
• a flow generator inserting in a second data stream a second sequence of codes in response to a receipt of a first code sequence associated with the transaction by the second user's transaction device in a first data stream from a server of a third entity, the second code sequence being derived from a private key associated with the second user, the second stream being adapted to be transmitted by a transmitter of the second terminal to the server of the third party entity.
• the Applicant proposes a computer program comprising instructions for the implementation of one and / or the other of the processes when this program is executed by a processor.
• the following features may optionally be implemented. They can be implemented independently of each other or in combination with each other: -
• the first stream is transmitted continuously in response to a request from the transaction device sent to the server, and is interrupted at the closing of the transaction .
• the continuous transmission of the first stream containing the first sequence of codes makes it possible to repeat the comparison until a sufficient level of correspondence is detected between a first transmitted sequence and a second received sequence.
• the first code sequence of the first stream takes the form of multimedia content.
• the second terminal is equipped with a sensor, it will be useless to connect the first terminal 11 and the second terminal 12 to each other via a physical or wireless connection so that the first user reading the first code string received on his second terminal a second sequence of code that will be transmitted in a second stream.
• the comparison of the first code sequence and the second code sequence comprises: verifying that the correspondence level of the second sequence with the first sequence is greater than a predefined matching threshold value and less than 100%. This makes it possible to identify a correspondence between the first and second code sequences despite transmission errors that may occur between the transmission of the first stream to the second user's transaction device and the receipt of the second stream from the second user's first terminal. .
• the first stream and / or the second stream are each transmitted via a secure channel, respectively between the server of the third party entity and the transaction device of the second user, respectively between the second terminal of the first user and the server of the third party entity.
• the authorization of the continuation of the transaction includes:
• the second stream includes data for capturing multimedia content via at least one sensor of the second terminal, the second series of codes being included in the capture data of the multimedia content.
• the validation method further comprises: capturing a multimedia content contained in the first stream, received by the first terminal of the transaction device, and reproduced by the first terminal, the capture being performed via at least one sensor of the second terminal, the multimedia content including the first series of codes.
• the first terminal receives the first sequence of code in a multimedia content that it reproduces, it will be useless to connect the first terminal and the second terminal to one another via a physical or wireless connection so that the first user reading the first code sequence received seize on his second terminal a second sequence of code that will be transmitted in a second stream.
• the capture of the multimedia content reproduced by the first terminal comprises at least one of the following operations:
• photographing and / or filming by means of an optical sensor of the second terminal, a display screen of the first terminal displaying a succession of still or moving images, or a video;
• Optical sensors and microphones are generally present on known devices available to users, including smart phones. It is then useless for the first user to acquire a terminal or dedicated equipment.
• the validation process furthermore comprises, between the capture of the multimedia content and the transmission of the at least part of the first series of codes, an operation of deciphering the codes contained in the multimedia content captured by the second terminal, the second stream capable of being transmitted comprising the second sequence of codes in decrypted form and taken from the captured multimedia content. The amount of data to be transmitted from the second terminal is then reduced.

Landscapes

• Business, Economics & Management (AREA)
• Accounting & Taxation (AREA)
• Engineering & Computer Science (AREA)
• Physics & Mathematics (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Finance (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Economics (AREA)
• Development Economics (AREA)
• Telephonic Communication Services (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=58314470

Family Applications (1)

Country Status (5)

Family Cites Families (4)

• 2016
  • 2016-12-19 FR FR1662729A patent/FR3060818A1/fr active Pending
• 2017
  • 2017-12-13 US US16/470,825 patent/US20190311349A1/en active Pending
  • 2017-12-13 EP EP17822409.3A patent/EP3555829A1/de active Pending
  • 2017-12-13 CN CN201780073985.2A patent/CN110383312B/zh active Active
  • 2017-12-13 WO PCT/FR2017/053542 patent/WO2018115641A1/fr active Application Filing

Also Published As

Similar Documents

Legal Events