EP4074004A1 - Verfahren und system, vorrichtung und zahlungsendgerät unter verwendung persönlicher daten - Google Patents

Verfahren und system, vorrichtung und zahlungsendgerät unter verwendung persönlicher daten

Info

Publication number
EP4074004A1
EP4074004A1 EP20845184.9A EP20845184A EP4074004A1 EP 4074004 A1 EP4074004 A1 EP 4074004A1 EP 20845184 A EP20845184 A EP 20845184A EP 4074004 A1 EP4074004 A1 EP 4074004A1
Authority
EP
European Patent Office
Prior art keywords
transaction
payment
personal information
payment terminal
condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20845184.9A
Other languages
English (en)
French (fr)
Inventor
David Naccache
Michel Leger
Elena Trichina
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Banks and Acquirers International Holding SAS
Original Assignee
Banks and Acquirers International Holding SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Banks and Acquirers International Holding SAS filed Critical Banks and Acquirers International Holding SAS
Publication of EP4074004A1 publication Critical patent/EP4074004A1/de
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/207Tax processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices

Definitions

  • the present invention relates to a method, a system, a device and a payment terminal using personal data. More generally, the invention relates to an improvement in secure electronic payments.
  • An electronic transaction allows the sale or purchase of goods or services using electronic means of payment.
  • This document relates more particularly to transactions initiated at a point of sale and carried out on a device having means to secure such transactions.
  • a payment device stores payment identifiers, such as a bank card (magnetic, contact or contactless), a mobile phone or a smart watch, in order to be presented to a payment terminal which verifies the authenticity of the means of payment and validates the transaction.
  • payment identifiers such as a bank card (magnetic, contact or contactless), a mobile phone or a smart watch
  • the EMV protocol (derived from the initials of the founding companies Europay international, MasterCard international and Visa international) specifies the interoperability between bank cards and payment terminals by authorizing numerous implementation variants: with or without contact, with cash or credit payment, with or without PIN code, with varying security levels depending on the type of transaction or the card issuer, etc.
  • payment conditions may be conditioned according to certain personal data of a purchaser and certain transactions may also be legally prohibited according to such personal data. When they exist, these transaction conditions are generally verified. by a seller when purchasing. Non-resident consumers may wish not to pay certain taxes imposed on the sale of products, such as, for example, VAT (Value Added Tax in France). To do this, they must justify their condition or make a request for zero-rating after a purchase. A buyer's age check may be required to obtain a price reduction or purchase authorization. This type of control is only achievable if a seller is present or, if such a purchase is made on a vending machine, trusting the data that is indicated by the buyer. In addition, a seller may fail to verify such personal data or be deceived by a malicious buyer, just like a vending machine.
  • a payment device comprises at least one personal item of information which is presented in a certified manner to a payment terminal.
  • the payment terminal is suitable for implementing a transaction policy which takes into account one or more personal information to authorize or refuse to finalize a transaction.
  • the invention proposes an electronic transaction method between a payment device associated with a bank account of a user and a payment terminal associated with an acquiring bank account in which the payment device and the payment terminal perform at at least one cryptographic key exchange before performing a transaction step during which the transaction is validated or rejected.
  • the payment device comprises at least one personal information relating to the user.
  • the payment terminal includes at least one transaction policy including a condition relating to at least one personal information.
  • the method includes a verification step, prior to the transaction step, to verify the condition of the transaction policy relating to personal information in a secure manner using the cryptographic key.
  • the verification step can consist in that the payment device sends the personal information accompanied by a cryptographic signature made using the personal information and the cryptographic key in order to to authenticate personal information.
  • the payment terminal can check the condition of the transaction policy after authenticating personal information.
  • the payment terminal prior to sending the personal information, can send a request to the payment device to cause the sending of the personal information by the latter.
  • the verification step can consist in that the payment terminal sends a request to verify the transaction policy to the payment device, the request being signed using the cryptographic key .
  • the verification of the condition of the transaction policy can be carried out by the payment device, after having authenticated the request using the cryptographic key, which generates and transmits a validation or invalidation message to the payment terminal by depending on condition and personal information.
  • the amount of the transaction can be modified by the payment terminal depending on the result of the verification step.
  • the cryptographic key exchange can be carried out during a mutual authentication step.
  • the invention also proposes an electronic transaction method implemented by a microprocessor of a payment device associated with a bank account of a user intended to cooperate with a payment terminal associated with an acquiring bank account in order to carry out a step of transaction during which the transaction is validated or rejected, said method comprising a step for exchanging at least one cryptographic key with the payment terminal.
  • the payment device comprises at least one personal information relating to the user recorded in a data memory.
  • the method comprises a step of verifying a condition of a transaction policy relating to the personal information is verified in a secure manner using the cryptographic key.
  • the verification step may include sending a message containing personal information accompanied by a cryptographic signature made using the personal information and the cryptographic key in order to authenticate said personal information.
  • the step of verifying the condition of the transaction policy may include a preliminary step for authenticating a request sent by the payment terminal containing the condition of the transaction policy, the request being signed using the cryptographic key, and a step of sending a validation or invalidation message depending on the condition and personal information.
  • the invention provides an electronic transaction method implemented by a microprocessor of a payment terminal, associated with an acquiring bank account, intended to cooperate with a payment device associated with a bank account of an user.
  • Said method comprises a step for exchanging at least one cryptographic key with the payment device and a transaction step during which the transaction is validated or rejected.
  • the payment terminal includes at least one transaction policy including a condition relating to at least one personal information relating to the user of the payment device.
  • the method includes a verification step for requesting verification of the condition of the personal information transaction policy using the cryptographic key, and the transaction step is carried out if and only if the condition is verified.
  • the method may include a step for receiving a message including personal information accompanied by a cryptographic signature made using the personal information and the cryptographic key and a step to verify the condition of the transaction policy after having authenticated the personal information using the cryptographic key.
  • the method may include a step for developing and transmitting a request to the payment device in order to obtain personal information.
  • the verification step may consist in developing and transmitting a request for verifying the transaction policy to the payment device, the request being signed using the cryptographic key.
  • the method may include a step for modifying the amount of the transaction as a function of the result of the verification of the condition prior to the validation of the transaction.
  • the invention provides an electronic transaction system comprising a payment device associated with a bank account of a user and payment terminal associated with an acquiring bank account in which the payment device and the terminal payments are configured to perform an exchange of at least one cryptographic key before performing a transaction step during which the transaction is validated or rejected.
  • the payment device includes at least one personal information relating to the user and the payment terminal includes at least one transaction policy including a condition relating to at least one personal information.
  • the device and the payment terminal are configured to perform a verification step between the cryptographic key exchange step and the transaction step during which the condition of the transaction policy relating to personal information is verified. securely using the cryptographic key.
  • the payment device can be configured to transmit to the payment terminal a message containing the personal information signed using the personal information and the key cryptographic to authenticate the personal information and the payment terminal can be configured to verify the condition after authenticating the personal information using the cryptographic key.
  • the payment terminal can be configured to develop and transmit a request to the payment device in order to obtain personal information.
  • the payment terminal can be configured to generate and transmit to the payment device a request for verifying the condition of the transaction policy signed using the cryptographic key.
  • the payment device can be configured to authenticate said request using the cryptographic key before verifying the condition in response to the verification request and to return a validation or invalidation message to the payment terminal as a function of the condition and personal information.
  • the payment terminal can be configured to modify the amount of the transaction depending on the result of the verification step.
  • the invention proposes a payment device associated with a bank account of a user intended to cooperate with a payment terminal to carry out an electronic transaction, said payment device being configured to exchange at least one cryptographic key with the payment terminal.
  • the payment device includes at least one personal information relating to the user, and the payment device is configured to perform a step of verifying a condition of a transaction policy relating to personal information in a secure manner at the same time. 'using the cryptographic key
  • the payment device can be configured to send the personal information to the payment terminal in a signed message using the personal information and the cryptographic key in order to authenticate the payment.
  • the payment device can be configured to check the condition of the transaction policy in response to the receipt of a verification request containing the condition, said request being signed and transmitted by the payment terminal using the cryptographic key, and to develop and transmit a validation or invalidation message to the payment terminal in function condition and personal information.
  • the payment device can be a device included in the following list: smart card conforming to the IS07816 standard and / or to the 14443 standard, mobile phone or tablet comprising a secure payment capability, smart watch comprising payment functions, secure computer comprising a communication interface with or without contact and comprising a secure payment capability.
  • the invention provides a payment terminal associated with an acquiring bank account intended to cooperate with a payment device associated with a bank account of a user to carry out an electronic transaction in which the payment terminal is configured. to exchange at least one cryptographic key with the payment device before implementing a transaction step during which the transaction is validated or rejected.
  • the payment terminal includes at least one transaction policy comprising a condition relating to at least one personal information stored in a memory of the payment device, said personal information relating to the user.
  • the payment terminal is configured to perform a verification step, prior to the transaction step, in which the condition of the personal information transaction policy is securely verified using the cryptographic key.
  • the payment terminal can be configured to receive a message containing the personal information signed using the personal information and the cryptographic key by the payment device.
  • the payment terminal can be configured to check the condition after authenticating the personal information using the cryptographic key.
  • the payment terminal can be configured to develop and transmit a request to the payment device in order to obtain personal information.
  • the payment terminal can be configured to generate and transmit to the payment device a request for verifying the condition of the transaction policy signed using the cryptographic key.
  • the payment terminal can be configured to complete the transaction following a validation or invalidation message returned by the payment device depending on the condition and personal information.
  • the payment terminal can be configured to modify the amount of the transaction depending on the result of the verification step.
  • said payment terminal can be included in the following list of devices: point of sale terminal for chip card, mobile phone or tablet comprising a secure payment recording capacity, cash register comprising a capacity for secure payment registration.
  • FIG.1 illustrates an electronic payment system concerned by the invention
  • FIG.2 illustrates a smart card according to the invention
  • FIG.3 illustrates a mobile phone used as a means of payment according to the invention
  • FIG.4 illustrates a payment terminal according to the invention
  • FIG.5 shows a modified payment scheme according to a first embodiment of the invention
  • FIG.6 shows a modified payment scheme according to a second exemplary embodiment of the invention.
  • FIG. 1 illustrates a secure electronic payment system used according to the state of the art and used to implement the invention.
  • the system of FIG. 1 comprises a payment terminal 1 capable of communicating on the one hand with a bank server 2 and on the other hand with a payment device 3 or 4.
  • This type of system is commonly used to perform payment operations. payment from a point of sale, as defined in many payment service standards, for example in the EMV standard which is the most widely used and which has many possibilities of implementation.
  • the payment terminal 1 may be required to carry out “offline” or “online” transactions, that is to say in a disconnected or connected manner with the banking server 2.
  • the payment device 3 is conventionally a smart card.
  • a mobile phone 4 or even any other electronic device capable of emulating the operation of a smart card in a secure manner, such as for example a smart watch which is an extension of a mobile phone in the form of a watch bracelet, or any type of computer with the same capacities or functions.
  • FIG. 2 functionally illustrates a bank card 3, or smart card, which comprises a microprocessor 31 controlling a central bus 32 for exchanging data with a memory 33, a crypto-processor 34, a contact communication interface 35 and a contactless communication interface 36.
  • the contact communication interface 35 is for example compatible with the IS07816 standard.
  • the contactless communication interface 36 is for example a near-field communication interface, of the NFC type (standing for Near Field Contactless) compatible with the IS014443 standard.
  • NFC type standing for Near Field Contactless
  • the memory 33 can be segmented into volatile memory of RAM type (standing for Random Access Memory), in non-writable program memory of ROM type (standing for Read-Only Memory) and in non-volatile memory of EEPROM (Electrically-Erasable Programmable Read-Only Memory) or Flash type.
  • RAM Random Access Memory
  • ROM Read-Only Memory
  • EEPROM Electrically-Erasable Programmable Read-Only Memory
  • Flash type Flash type.
  • a secure operating system is implemented by the microprocessor 31 to guarantee the security of the information stored in the memory 33 of the smart card 3.
  • the microprocessor 31 can authorize read or write access to certain areas. from the memory to commands coming from one of the communication interfaces 35 or 36.
  • Other areas of the memory 33 can only be accessible to the microprocessor 31 or to the crypto-processor 34. Certain data can be made accessible by the microprocessor 31 from the outside conditionally.
  • personal information PI is stored in the non-volatile part of the memory 33 during the personalization of the smart card concomitantly with data relating to a bank account with which the smart card is associated.
  • Personal PI information relates to the holder of the bank account. It can relate to his age, his date of birth, his place of residence or consist of any other personal information which can be used during a transaction according to the invention.
  • the personal information PI can be stored in a memory area which can be read directly from one of the communication interfaces 35 or 36 while being write-protected so that it cannot be altered after personalization by an unauthorized person. .
  • the personal information PI is stored in an area of the memory 33 which is not directly accessible from one of the communication interfaces 35 or 36.
  • the personal information PI is not at all accessible from the outside. The use of this personal PI information will be described later in this description.
  • FIG. 3 functionally illustrates a portable telephone 4 which can be used as a payment device.
  • the portable telephone 4 is a portable telephone of the intelligent type, commonly called under the Anglo-Saxon name “smartphone”, which comprises a microprocessor 41 connected through a central bus 42 to a volatile memory 43, a non-volatile memory 44, a user interface 45, a SIM card 46, a radio communication interface 47, a proximity interface 48 and a secure element 49.
  • Other elements can also be part of the mobile phone 4 but are not shown because they do not directly relate to the invention.
  • these other elements can comprise a microphone, a loudspeaker, a vibrator, a camera, a memory card reader, a wired communication interface, for example of the USB type, a battery or even any other integrated element. in a cell phone.
  • the mobile telephone 4 described with the aid of FIG. 3 corresponds to a non-limiting preferred type of telephone.
  • the mobile telephone 4 does not include the secure element 49 or the SIM card 46.
  • the microprocessor 41 is the "heart" of the mobile telephone 4 which manages all of the elements constituting it via the central bus 42 from programs stored in the non-volatile memory 44 using the volatile memory 43 as working memory .
  • the non-volatile memory 44 is for example composed of memory of ROM type and of electrically erasable memory of EEPROM type or of Flash type.
  • the operating system of the mobile telephone 4 makes it possible to manage the different functionalities by calling on specific programs which make it possible to produce different commands intended for the different elements of the telephone 4.
  • the operating system is not secure as such because the securing of sensitive data and operations can be done in the SIM card 46 and / or in the secure element 49.
  • the user interface 45 is preferably a touch screen that can also include a fingerprint reader.
  • the user interface can be limited to a display screen and a keyboard. Many other variations are also possible for a person skilled in the art without limiting the scope of the invention.
  • the SIM card 46 (from the English Subscriber Identity Module) is commonly used to store access identifiers to a mobile telephone network (not shown) and to secure access to said network.
  • the SIM card 46 is a smart card used to authenticate the telephone on the telephone network according to one of the telephony standards, such a card for example conforms to the IS07816 standard and to the ETSI TS 102221 standard.
  • the SIM card 46 only fulfills its role of communication with the mobile telephone network.
  • the radio communication interface 47 is a programmable multi-frequency radio interface having modulation, demodulation, encoding and decoding circuits that can be configured in different ways in order to communicate on a frequency band and according to a protocol.
  • the proximity interface 48 is a CLF type interface (from English
  • the mobile telephone 4 can emulate the operation of a contactless smart card or of a contactless smart card reader.
  • This proximity interface is controlled by means of the central bus 42 or by a specific communication port intended to be directly connected to a SIM card as defined in the ETSI TS 102613 standard.
  • Secure element 49 is an independent integrated circuit that contains a secure processor, runtime memory, and tamper-proof storage like a smart card.
  • the secure element 49 comprises a first communication port linked to the central bus 42 and a second communication port linked to the specific communication port of the proximity interface 48.
  • the secure element 49 can be switched off. supplied directly by the proximity interface 48 from the electromagnetic field used for communication.
  • Secure element 49 can securely store data and programs. It can also run them safely.
  • This secure element 49 can contain and execute secure programs identical to those executable by the chip card 3 described above, in particular for carrying out payment transactions.
  • the secure element contains personal PI information.
  • the SIM card 46 can be a multi-application card integrating a banking application and personal information PI.
  • the SIM card can comply with the ETSI TS 102 613 standard and have a direct link with the proximity interface 48 via its specific communication port or perform data exchanges with the payment terminal 1 via the 'radiocommunication interface 47.
  • the SIM card 46 can thus replace the secure element 49 and provide in its place the various functions described above.
  • the mobile phone 4 does not have a secure element 49 or a SIM card 46.
  • the phone 4 has a secure operating system, an application program banking and the personal information PI is stored in a protected area of the non-volatile memory 44.
  • the mobile telephone 4 can be replaced by any other electronic device comprising a microprocessor having all or part of the elements described in relation to FIG. 3.
  • a device can be a tablet, smart watch, or laptop.
  • the electronic device should have a read, write and execute security capability for programs and data to be able to receive a secure payment application and a contact or contactless communication interface that allows communication with the customer. payment terminal 1.
  • FIG. 4 functionally illustrates a payment terminal 1 intended to receive payments in the form of electronic transactions.
  • the payment terminal 1 can be a secure point-of-sale or POS terminal (standing for Point Of Sale), that is to say integrated in a structurally reinforced box against any malicious attempt to undermine its integrity. but can also be placed in an automatic product dispenser or be improper in a store cash register, or even be emulated on an intelligent portable telephone of the “smartphone” type.
  • the payment terminal 1 comprises a microprocessor 101 connected through a central bus 102 to a volatile memory 103, a non-volatile memory 104, a screen 105, a keyboard 106, a SAM card 107, a printer 108, a communication interface 109 with and / or without contact, a smart card reader 110 with contact, a proximity communication interface 111.
  • Other elements can also form part of the payment terminal 1 but are not shown because they do not directly relate to the invention.
  • these other elements may comprise a battery, a SIM card, a memory card reader or even any other element which can be integrated into a payment terminal.
  • the payment terminal 1 described corresponds to a terminal of the non-limiting preferred POS type.
  • the payment terminal 1 it is possible for the payment terminal 1 to be simplified or emulated on a secure mobile telephone and not to include proximity communication interface 111, smart card reader 110, printer 108 or SAM card 107.
  • the screen 105 and the keyboard 106 can be replaced by a touch screen or any other type of display. man-machine interface allowing interaction with a user.
  • the microprocessor 101 is the heart of the payment terminal 1 which manages all of the elements constituting it via the central bus 102 from programs stored in the non-volatile memory 104 using the volatile memory 103 as working memory.
  • the non-volatile memory 104 is for example composed of a ROM type memory and an electrically erasable memory of the EEPROM type or of the Flash type.
  • EEPROM electrically erasable memory
  • the microprocessor 101 we can cite a secure operating system implemented by the microprocessor 101 to guarantee the security of the information stored in the memory 104. Thus, access in reading and / or in writing to certain memory areas is only possible under the control of the microprocessor 101 from one of the communication interfaces 109.
  • the non-volatile memory 104 also includes programs executable by the microprocessor 101 intended for carrying out banking transactions. These programs include a certain number of subroutines capable of supporting different transaction options which depend on the type of bank card, on the issuer of the bank card, and also on particular parameters which can for example be defined by a merchant who uses said bank card.
  • payment terminal 1. Some may relate respectively to transaction policies (in English Transaction Policies) which define particular payment conditions, for example electronic verifications to be carried out according to the type of card, a threshold of payment beyond which the bank must be contacted to authorize or refuse the transaction, conditions relating to the entry or entry of a verification code or to additional verifications that can be configured by the merchant having said terminal 1.
  • transaction policies in English Transaction Policies
  • the screen 105 allows the users of the payment terminal 1 to view information during the execution of a transaction.
  • the keyboard 106 allows its user to indicate to the payment terminal 1 payment information.
  • transaction such as for example the amount of the transaction or the entry of a personal identification code or PIN (standing for Personal Identification Number).
  • the printer 108 is used to print a transaction receipt intended for the debtor and / or the merchant. In a variant, the printer 108 is not present and the transaction receipt can be sent in the form of an electronic message to each of the parties to the transaction or to another machine connected to the payment terminal 1 which will perform the transaction. 'edition instead of said terminal 1.
  • the SAM 107 (from the English Secure Access Module) card is a secure access module or secure application module.
  • the SAM card guarantees the security of the transaction and the sensitive information of the payment terminal 1.
  • the SAM 107 card can store and produce cryptographic keys and / or implement cryptographic calculation algorithms necessary for the implementation of a security policy, for example to carry out a strong authentication process carried out during a transaction.
  • the SAM 107 card is a chip card inserted into an internal reader (not shown) of the payment terminal 1.
  • the SAM card 107 can be replaced by a secure element or by the microprocessor 101 if the latter comprises a cryptographic processor. and a secure operating system to ensure sufficient security of sensitive information.
  • the communication interface 109 allows the terminal to communicate with the bank server 2.
  • a communication interface 109 conventionally supports so-called "wired" communications, for example according to the protocol. Internet and / or communications of radiocommunication type, for example according to a 3G or 4G radiotelephony protocol.
  • the encryption of the communications carried out via the communication interface 109 is preferably carried out by the SAM card 107.
  • a communication between a payment device 4 and the payment terminal 1 can be carried out via the intermediary. of the communication interface 109.
  • the smart card reader 110 is a smart card reader conforming to the IS07816 standard in order to receive a bank card 3 and to communicate with it by electrical contacts.
  • the proximity interface 111 is a contactless card reader conforming to the IS014443 standard which makes it possible to communicate with a bank card 3 or any other contactless payment device 4 having a proximity interface compatible with said IS014443 standard.
  • the memory 104 of the payment terminal 1 comprises one or more subroutines corresponding to one or more transaction policies Pol (PI) in order to take into consideration the personal information PI stored in the payment device 3 or 4.
  • Such transaction policies may be justified from a legal point of view or from a commercial point of view.
  • Each Pol (PI) transaction policy includes a condition relating to personal PI information which conditions the completion of a transaction depending on whether or not said condition is verified by said personal PI information.
  • the payment terminal 1 makes it possible to avoid having to justify the veracity of this information to a seller by producing example an identity document.
  • a first transaction policy Pol may relate to a minimum age of the bearer of the payment device in order to be able to carry out a transaction on a legally restricted product. For example, a sale may be refused to a minor.
  • This first policy allows, for example, a distributor of cigarettes or alcoholic beverages to verify the age of the customer without having to resort to a person to carry out said verification.
  • a second Pol (PI) transaction policy may relate to a commercial discount according to the age of the person as part of a commercial promotion to favor a young or senior clientele.
  • the payment terminal 1 can verify the personal information PI corresponding to the age of the holder of the device. payment and calculate a ten percent discount on a transaction amount.
  • a third Pol (PI) transaction policy may consist of zero-rating foreign persons in order to avoid subsequent zero-rating operations. With this third policy, the payment terminal 1 can, for example, verify personal information PI corresponding to the country of residence of the bearer of the payment device and deduct the amount of taxes if the personal information PI corresponds to a country for which the zero-rating is applicable.
  • the address can also be used commercially in a fourth Pol (PI) transaction policy that causes trade discounts to people residing in trade promotion geographies.
  • the terminal verifies personal information PI corresponding to the address or postal code of the bearer of the payment device and then calculates a commercial discount if the address of residence corresponds to a geographical area of commercial promotion.
  • Many other policies can be considered as long as certain personal information is present in the payment device. Very many variants are possible since a transaction can be conditioned by personal information PI.
  • Verifying the conformity of personal PI information with the condition of the Pol (PI) transaction policy can be done in different ways. According to the invention, the authenticity of the personal information PI is verified prior to the verification of compliance with said condition.
  • Figures 5 and 6 illustrate two verification techniques. For these two FIGS. 5 and 6, the payment terminal 1 and the bank server 2 are considered jointly. Indeed, for certain authentication operations, the payment terminal 1 becomes “transparent” and only serves as a relay or gateway between a payment device 3 or 4 and the bank server 2.
  • FIGS. 5 and 6 we consider a payment terminal 1 of the chip card reader type, in conjunction with a payment device 3 of the bank card type. However, all the variants of banking terminal or payment device 3 or 4 can replace the system described.
  • FIG. 5 and 6 illustrate two verification techniques. For these two FIGS. 5 and 6, the payment terminal 1 and the bank server 2 are considered jointly. Indeed, for certain authentication operations, the payment terminal 1 becomes “transparent” and only serves as a relay or gateway between a payment device 3 or 4 and the bank server
  • a first example of a method of using personal information is described.
  • the payment terminal 1 and the payment device 3 implement their respective transaction programs including the subroutines relating to the various steps of the method which will be described and in particular the subroutines relating to the implementation of the transaction policies.
  • Pol PI
  • the payment terminal 1 and the payment device 3 perform a mutual authentication step 500, as defined in a bank payment protocol, for example the EMV protocol.
  • the payment device 3 and the payment terminal 1 can exchange public keys, certificates, a secret, carry out a challenge, determine a session key and, optionally, exchange a PIN code.
  • the purpose of the authentication step 500 is to allow, on the one hand, the payment terminal 1 to verify that the payment device 3 is an authorized payment device and, on the other hand, the payment device 3 to verify that the payment terminal 1 is an authorized payment terminal and, optionally, that the holder of the payment device validates the transaction on the payment terminal 1.
  • the payment terminal 1 to verify that the payment device 3 is an authorized payment device
  • the payment device 3 to verify that the payment terminal 1 is an authorized payment terminal and, optionally, that the holder of the payment device validates the transaction on the payment terminal 1.
  • any transaction standard can replace the EMV standard and it is not necessary to have mutual authentication when at least one cryptographic key is exchanged between the payment terminal 1 and payment device 3.
  • a transaction step 501 comes after the mutual authentication step 500.
  • the payment terminal 1 and the payment device 3 exchange the transaction data, such as for example the amount of the transaction, and executes each of the offline risk analysis subroutines, possibly supplemented by an online risk analysis by communicating with the bank server 2 then finalize the transaction either by refusing the transaction or by accepting it and memorizing the transaction carried out on both sides.
  • a step of verifying the personal information PI is added between the mutual authentication step 500 and the transaction step 501.
  • the application of the transaction policy Pol (PI) can then be executed before or at the time of the transaction step 501.
  • the payment terminal 1 sends a request 510 requesting one or more personal information PI to the payment device 3.
  • the payment device 3 sends back a response 520 containing the information.
  • the payment terminal 1 verifies the authentication data of the personal information PI in a step 530 and, if the latter is authenticated, verifies that the personal information complies with the condition of the transaction policy Pol (PI).
  • the transaction policy Pol (PI) is then applied according to the verification before or during the transaction step 501.
  • the 510 request can be sent in several ways, or even sent implicitly. According to a first embodiment conforming to the EMV protocol, the request 510 is not sent.
  • the mutual authentication step 500 information relating to the possibilities of the payment terminal 1 can be sent to the payment device 3 so that the latter is informed of the protocol to be applied with respect to the payment terminal 1 .
  • the payment terminal 1 indicates that personal data PI is required to finalize the transaction.
  • the payment terminal 1 performs a hot reset of the payment device 3, also known by the English terminology “Hot Reset”.
  • the payment device 3 sends a response 520 which corresponds to an ATR type message (standing for Answer To Reset) completed by the personal information PI and by a signature Sig (PI) of personal PI information.
  • the Sig (PI) signature is a cryptographic signature of the personal data PI, for example a signature as defined in the PKCS # 1 standard using a cryptographic key which can be a common encryption key, or an encryption structure to public key, shared by the payment device 3 and the payment terminal 1.
  • MAC for English Message Authentication Code
  • HMAC Keyed-Hashing for Message Authentication
  • the important thing is that the cryptographic key used by the payment device 3 allows the payment terminal 1 to ensure the authenticity of the personal data PI during step 530.
  • the personal information PI being considered authentic , the payment terminal checks whether said personal information PI complies with the condition of the transaction policy Pol (PI).
  • the payment terminal 1 sends a request 510 in the form of an APDU type command (standing for Application Protocol Data Unit) defined in the IS07816 standard to read personal information.
  • APDU type command standing for Application Protocol Data Unit
  • the commands GET_DATA, READ_BINARY and READ_RECORD make it possible to read information in a payment device 3.
  • the payment device In response to the one of these commands identifying the personal PI information or an area containing said PI information, the payment device responds by sending a response message 520 containing the personal PI information accompanied by a certificate or a cryptographic signature Sig (PI ) to allow the payment terminal to authenticate said personal information PI during step 530.
  • the certificate or the cryptographic signature is produced for example according to one of the techniques described above. Since personal PI information is considered authentic, the payment terminal checks whether said personal PI information complies with the condition of the Pol (PI) transaction policy.
  • FIG. 6 illustrates a second example of a method of using personal information PI.
  • the payment terminal 1 and the payment device 3 implement their respective transaction programs including the subroutines relating to the different steps of the method which will be described and in particular the subroutines relating to the implementation of the transaction policies.
  • Pol PI
  • the payment terminal 1 and the payment device 3 perform a mutual authentication step 500 and a transaction step 501, as previously defined according to an electronic payment protocol.
  • a verification of the personal information PI is added between the mutual authentication step 500 and the step transaction 501 before applying the transaction policy prior to or at the time of transaction step 501.
  • any transaction standard can replace the EMV standard and it is not necessary to have mutual authentication as soon as at least one cryptographic key is exchanged between the payment terminal 1 and payment device 3.
  • the payment terminal 1 sends a request 610 for verifying the personal information PI to the payment device 3 indicating a condition to be verified with respect to the personal information PI in order to apply the policy Pol (PI) transaction.
  • the payment device 3 verifies that the personal information PI corresponds to the condition sent in the request 610.
  • the payment device 3 sends a response 630 to the payment terminal 1 containing the result of the verification. .
  • the payment terminal 1 then applies the transaction policy Pol (PI) as a function of the result of the verification before or during the transaction step 501.
  • the personal information PI can remain confidential because the only information given is that the personal PI information satisfies the condition of the transaction policy.
  • the verification request 610 can be sent using a VERIFY type APDU which has a number of data fields which specify the personal PI information to be verified and the condition of the transaction policy. Pol (PI).
  • the request 610 can also include a signature made using a cryptographic key shared by the payment terminal 1 and the payment device 3. The signature is carried out for example. on all the bits of the request that correspond to the condition.
  • the condition can include a value and a relationship between the value and the personal PI information.
  • the value can be the age or the cut-off date of birth and the relation can be a comparison to this age or date of birth of the type "Lower" or "higher". If the personal information is a place of residence, for example a country, a postal code or an address, the relation can be of the type "equal" or "different".
  • the payment device 3 On receipt of the request 610, the payment device 3 implements a verification subroutine during step 620. Thus the payment device checks that the signature of the request 610 complies with the condition requested. This first check makes it possible to ensure that the request is indeed sent by the payment terminal 1 which is considered to be a device authorized to perform such a check. Once the request has been verified successfully, the microprocessor 31 of the payment device 3 reads from its memory 33 the personal information PI specified in the request 610. Then, the payment device 3 performs the requested comparison of the information. personal PI with the specified value. Once the comparison has been made, the payment device will then prepare and send back a response 630 corresponding to the result of said comparison.
  • the result is binary, ie the condition is verified or the condition is not verified and the response 630 may correspond to a response message to the VERIFY command validating or invalidating the comparison carried out in a secure manner.
  • the response can also be signed using the cryptographic key.
  • the payment terminal 1 then applies the transaction policy Pol (PI) according to the result of the verification, before or during the transaction step 501.
  • PI transaction policy Pol
  • the second example of implementation of the invention also makes it possible to store personal information PI in the payment device. This keeps personal PI information confidential, which may be sensitive information, such as the holder's address, for example.
  • PI Pol
  • several personal information can be present in the payment device 3 and several Pol (PI) transaction policies can be used during the same transaction.
  • PI Pol
  • the APDUs used must be defined both in the payment device 3 and in the payment terminal 1.
  • those skilled in the art will understand that it is necessary to codify and standardize such functionalities in order to be able to use them.
  • the transaction can be done using a radiofrequency communication protocol, for example conforming to the IEEE 802.11 standard better known under the name of Wifi.
  • Securing the transaction can be done by using, for example, an encrypted channel using a transaction method similar to that described above.
  • the embodiments described with the aid of FIGS. 5 and 6 can be applied in a similar manner while taking into account that the messages exchanged between the payment terminal 1 and the mobile telephone 4 will be made according to another exchange protocol. data that does not necessarily use APDUs.
  • the use of a certification of personal information PI helps to guarantee at the transaction level that the information is authentic.
  • the personal information PI is stored in the payment device 3 by an authorized third party, such as for example a banking establishment, and the certification carried out by the payment device constitutes certification by the authorized third party.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
EP20845184.9A 2019-12-13 2020-12-11 Verfahren und system, vorrichtung und zahlungsendgerät unter verwendung persönlicher daten Pending EP4074004A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1914352A FR3104779B1 (fr) 2019-12-13 2019-12-13 Procede et systeme, dispositif et terminal de paiement utilisant des donnees personnelles
PCT/FR2020/052395 WO2021116625A1 (fr) 2019-12-13 2020-12-11 Procede et systeme, dispositif et terminal de paiement utilisant des donnees personnelles

Publications (1)

Publication Number Publication Date
EP4074004A1 true EP4074004A1 (de) 2022-10-19

Family

ID=70456862

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20845184.9A Pending EP4074004A1 (de) 2019-12-13 2020-12-11 Verfahren und system, vorrichtung und zahlungsendgerät unter verwendung persönlicher daten

Country Status (5)

Country Link
US (1) US20230004965A1 (de)
EP (1) EP4074004A1 (de)
CA (1) CA3161315A1 (de)
FR (1) FR3104779B1 (de)
WO (1) WO2021116625A1 (de)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2008212549A1 (en) * 2007-02-09 2008-08-14 Business Intelligent Processing Systems, Plc System and method for performing payment transactions, verifying age, verifying identity, and managing taxes
US20130185206A1 (en) * 2012-01-16 2013-07-18 International Business Machines Corporation Real-Time System for Approving Purchases Made with a Mobile Phone
FR3012645A1 (fr) * 2013-10-24 2015-05-01 Orange Procede d'execution d'une transaction entre un premier terminal et un deuxieme terminal
US10699274B2 (en) * 2015-08-24 2020-06-30 Samsung Electronics Co., Ltd. Apparatus and method for secure electronic payment
US20180005235A1 (en) * 2016-06-29 2018-01-04 Ca, Inc. Electronic transaction risk assessment based on digital identifier trust evaluation

Also Published As

Publication number Publication date
US20230004965A1 (en) 2023-01-05
CA3161315A1 (fr) 2021-06-17
FR3104779A1 (fr) 2021-06-18
FR3104779B1 (fr) 2024-03-29
WO2021116625A1 (fr) 2021-06-17

Similar Documents

Publication Publication Date Title
EP2455922B1 (de) Verfahren und System für NFC-Transaktion
EP1014317B1 (de) Gesichertes Bezahlungsverfahren
EP0818763B1 (de) Verfahren zum Kontrollieren von unabhängigen gesicherten Transaktionen mit einer einzigen physischen Vorrichtung
US20130041831A1 (en) Secure and shareable payment system using trusted personal device
US20150056957A1 (en) Biometric authentication of mobile financial transactions by trusted service managers
EP2873045A1 (de) Sichere elektronische entität zur autorisierung einer transaktion
FR2964285A1 (fr) Protection d'un canal de communication d'un dispositif de telecommunication couple a un circuit nfc contre un deroutement
CN106296174A (zh) 一种基于hce技术的小额支付卡装置及其实现方法
CA2946143A1 (fr) Procede de traitement de donnees transactionnelles, dispositif et programme correspondant
FR2757661A1 (fr) Procede de transfert securise de donnees par un reseau de communication
FR2923635A1 (fr) Systeme pour des transactions de commerce electronique, dispositif electronique portatif, reseau de communication, produit programme d'ordinateur et methode correspondants.
EP3479518A1 (de) Verfahren zur authentifizierung von zahlungsdaten, zugehörige vorrichtungen und programme
EP4074004A1 (de) Verfahren und system, vorrichtung und zahlungsendgerät unter verwendung persönlicher daten
EP1323140B1 (de) Verfahren zum liefern von identifikationsdaten einer bezahlkarte an einen anwender
EP2824625B1 (de) Methode zur Ausführung einer Transaktion, Endgerät und entsprechendes Computerprogramm
EP1354288B1 (de) Verfahren mit elektronischen bankdaten zur durchführung sicherer transaktionen
EP3291188B1 (de) Verfahren zur steuerung eines elektronischen geräts und korrespondierendes elektronisches gerät
WO2020128240A1 (fr) Traitement d'un service de tickets electroniques
KR20060127215A (ko) 컨텐츠에 대한 전자 지불
FR2927454A1 (fr) Procede de detection de cartes a microprocesseur non authentiques, carte a microprocesseur, terminal lecteur de carte et programmes correspondants
EP3358493A1 (de) Verfahren zur sicherung einer elektronischen operation
CA2325895C (fr) Procede de paiement securise
EP0979495A1 (de) Verfahren zum beglaubugen einer gesamtsumme in einem leser
FR2967513A1 (fr) Serveur de transaction nfc

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220706

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)