EP4298580A1 - Payment card, authentication method and use for a remote payment - Google Patents

Payment card, authentication method and use for a remote payment

Info

Publication number
EP4298580A1
EP4298580A1 EP22706329.4A EP22706329A EP4298580A1 EP 4298580 A1 EP4298580 A1 EP 4298580A1 EP 22706329 A EP22706329 A EP 22706329A EP 4298580 A1 EP4298580 A1 EP 4298580A1
Authority
EP
European Patent Office
Prior art keywords
payment card
authentication
cryptogram
bearer
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22706329.4A
Other languages
German (de)
French (fr)
Inventor
William SMADJA
Marlène ABISDID
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ccs12
Original Assignee
Ccs12
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ccs12 filed Critical Ccs12
Publication of EP4298580A1 publication Critical patent/EP4298580A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4018Transaction verification using the card verification value [CVV] associated with the card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • G06Q20/3415Cards acting autonomously as pay-media
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/346Cards serving only as information carrier of service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4015Transaction verification using location information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention falls within the field of securing financial transactions by credit card, and more particularly remote banking payments made on the Internet.
  • a bank card is a card made of plastic, or even paper or cardboard, with a side of a few centimeters and one to two millimeters thick.
  • the card conventionally carries at least one integrated circuit capable of containing information.
  • This integrated circuit corresponds to the chip and may contain a microprocessor capable of processing this information or be limited to non-volatile memory circuits and, possibly, a security component such as a memory card.
  • This security data is generally written on one or the other of the faces of this smart card.
  • a bank card includes identification data for a bank account and/or the owner of the bank card. These identification data are generally written on the front of the bank card. More precisely, the card number, also called PAN number, is linked to a bank account.
  • most bank cards include, on the one hand, the identity of the holder of the bank card (surname and first name and/or company name).
  • banking organizations also enter the expiry date of the payment card.
  • bank cards also include a security code or a visual cryptogram affixed to the back (or rear face) of the bank card.
  • Fraud of the first type involves the physical theft of the bank card and the hacker, in possession of this stolen card, who also has security data that allows him to usurp the identity of the bearer of the bank card in order to online payments.
  • the visual hacking of security data can also be assimilated to this first type of identity theft fraud. Indeed, visual hacking occurs in principle during a payment in store, the seller copying the security data without the knowledge of the holder / cardholder. The pirate is then in possession of the secure data of the bank card and can carry out transactions remotely, either for his own account or to resell them to a third party.
  • Phishing is the second type of identity theft fraud. This technique is undoubtedly the one that has developed the most in recent years. The technique consists in making the victim believe that he is addressing a trusted third party such as a bank, an administration, in order to extract personal information from him: password, credit card number, number or photocopy of identity card, date of birth, etc. This can be achieved by replicating an entire website, by sending an email or even by sending a text message. As a result, the hacker finds himself in possession of the secure data of the bank card which also allows him to carry out transactions for his own account.
  • a trusted third party such as a bank
  • an administration in order to extract personal information from him: password, credit card number, number or photocopy of identity card, date of birth, etc. This can be achieved by replicating an entire website, by sending an email or even by sending a text message.
  • the hacker finds himself in possession of the secure data of the bank card which also allows him to carry out transactions for his own account.
  • banking organizations have implemented payment security methods by sending a payment confirmation text message or "sms" to the cardholder's mobile phone.
  • This text message generally includes an alphanumeric code sent by the banking institution in order to validate the payment.
  • This service is called “3D-Secure ® ” authentication.
  • 3D-Secure ® This service is called “3D-Secure ® ” authentication.
  • this system provides some security, it has some flaws that allow hackers to circumvent it. First of all, not all banks offer such a service. Similarly, the payment system of all merchant sites does not allow the use of this method of securing the financial transaction. So that to date only 40% of French online transactions are validated by this system. In addition, this system makes it possible to change the telephone number to which the alphanumeric code is sent. A godsend for the pirate who can thus divert the sending of the alphanumeric code to his own mobile phone.
  • the CW cryptogram is said to be dynamic, since the series of three digits evolves randomly, automatically and at regular frequency. Thus, it is possible to entrust without fear the information of a dynamic bank card for online transactions. Indeed, even in the event of hacking by phishing, the security data of the bank card will be unusable, since the cryptogram changes regularly.
  • the dynamic cryptogram bank card is only a partial answer to the problem of phishing. However, it does not address the problem of physical theft of the bank card. Apart from the fact that the technique embedded in such a card is a technological feat, in particular through the integration of both a battery and a screen in the thickness of the card, this technology is very expensive and not ecological, which delays its generalization.
  • the plaintiff has developed a technical solution which aims to secure online payment through double authentication ensuring the authentication of the bank card and the holder of this bank card.
  • a first aspect of the present invention relates to a payment card comprising a front side and a back side, the payment card also incorporates an electronic chip, the front side comprising security data which includes, at least, a PAN number , an identity of the bearer of the payment card and an expiry date of the payment card, the back side having a CW cryptogram generally consisting of three digits.
  • the payment card is characterized in that it has on one side at least one authentication cryptogram comprising a number of characters between 200 and 10,000, this authentication cryptogram is unique and the owner of the payment card. payment on which the authentication cryptogram is affixed, this authentication cryptogram constitutes a means of identification of the payment card by optical recognition, this means of identification being linked to a bank account to which the payment card is linked.
  • the payment card according to the invention is equipped with a proprietary authentication cryptogram which is affixed to one side of the payment card.
  • This authentication cryptogram contains a large number of characters which makes it unique.
  • the authentication cryptogram contributes to providing a means of authentication of the payment card by optical recognition of the authentication cryptogram.
  • This authentication cryptogram helps to improve the security of secure operations, by limiting phishing fraud. Indeed, when a hacker has managed to steal the security data of the payment card, an authentication method according to the invention requires the validation of the secure operation by optical recognition of the authentication cryptogram. Thus, if the hacker does not hold the payment card and its secure data, he cannot use the payment card for his benefit.
  • the authentication cryptogram is a matrix code consisting of a determined number of black modules arranged in a white background so as to form a single pattern, each black module constituting a character of the authentication cryptogram.
  • This type of matrix code provides a large number of combinations which allows each payment card to include a unique authentication cryptogram also called "owner".
  • the PAN number consists of four series of four digits
  • the payment card comprising a PAN cryptogram substituting at least one series of four digits of the PAN number.
  • the PAN cryptogram provides additional security that helps prevent physical theft and/or visual hacking of the payment card. Indeed, even in the event of physical theft and/or visual hacking, the hacker does not hold the full PAN number of the payment card. It is therefore unusable.
  • the PAN cryptogram comprises between 16 and 100 characters, preferably the PAN cryptogram comprises between 36 and 64 characters.
  • the PAN cryptogram is a gimbal grid.
  • the CW ciphertext can be substituted by a ciphertext having a number of characters greater than three. This feature also aims to hide the security data of the payment card in order to fight against physical theft and/or visual hacking of the payment card.
  • a second aspect of the invention relates to a method for authenticating a payment card defined according to the first aspect of the invention, and the bearer of this payment card.
  • the authentication method aims to carry out a secure operation relating to the personal data of the bearer of the payment card.
  • the authentication process comprises at least: a) A first step of authentication of the payment card by entering the security data of the payment card and/or a first authentication of the bearer of the payment card, the bearer of the payment card providing his identity and/or an identifier; b) A step of requesting a secure transaction relating to the personal data of the bearer of the payment card, the request made to a secure digital space linked to the bank account of the payment card opened with a banking institution , the secure digital space being stored on a remote server managed by the banking institution; c) A step of verifying the security data entered on the payment card, this step being carried out by comparing the security data entered with reference data stored in the secure digital space; d) A second step of authentication of the payment card and the bearer of the payment card, the second authentication step being carried out by recognition of the authentication cryptogram owner of the payment card, this step being carried out through a digital recognition module available or accessible via a digital terminal belonging to the bearer of the payment card, and; e) A stage for final
  • the method according to the invention integrates a double authentication of the payment card and/or of the holder of this card.
  • This double authentication reinforces the security of a secure operation such as a remote payment. Indeed, this process involves entering the security data of the payment card, but also that it is the bearer of this card who performs this operation to open the recognition module, and finally that the bearer of the payment card holds his payment card for the cryptogram owner of the payment card is recognized.
  • the authentication process makes phishing hacking, as we know it today, ineffective since this type of hacking does not make it possible to recover the proprietary authentication cryptogram of the payment card.
  • the second authentication step d) is performed by opening a secure communication channel between the secure digital space of the bank account and the digital terminal of the bearer of the payment card, the secure digital space of the bank account then calling for the opening of the digital recognition module.
  • the authentication method comprises, on opening the recognition module, a biometric and/or codified authentication operation of the bearer of the payment card, in if the authentication of the bearer of the payment card is successful, the recognition module gives access to a camera of the digital terminal to allow digital capture of the authentication cryptogram of the payment card.
  • the method comprises a comparison of the authentication cryptogram affixed to the payment card, with a reference digital image of the authentication cryptogram stored in the secure digital space. from the bank account.
  • connection step a) when the connection step a) is performed on a secure online portal separate from the secure digital space 6, a secure communication channel is opened between the portal in secure line and a secure digital space linked to the bank account of the payment card.
  • the authentication method comprises a step of geolocation of the digital terminal of the bearer of the payment card.
  • a third aspect of the invention relates to a use of the authentication method defined according to the second aspect of the invention, to operate a validation of remote payment and in particular of a remote payment made via a website, the remote payment being operated through a payment card defined according to the first aspect of the invention.
  • FIG. 1 is a representation of a front face of a payment card in accordance with the invention.
  • FIG. 2 is a representation of a reverse side of the payment card in Figure 1.
  • FIG. 3 is a representation of a digital terminal receiving a call from a banking server in order to authenticate a payment card.
  • FIG. 4 is a representation of a recognition step of the authentication cryptogram of the payment card of figures 1 and 2.
  • FIG. 5 is a representation of a system and method for authenticating a payment card in accordance with a first embodiment of the invention.
  • FIG.6 is a representation of a system and method for authenticating a payment card that complies with a second embodiment of the invention.
  • the invention relates to a payment card 1.
  • This payment card 1 corresponds to a bank card.
  • the payment card 1 according to the invention is linked to a bank account opened with a banking organization.
  • the bank account and the payment card 1 are assigned to a user also called the holder of the bank account, or bearer 100 of the payment card 1 .
  • the payment card 1 comprises a front face 10 and a back face 11. Conventionally, the payment card 1 also incorporates an electronic chip 12. This electronic chip 12 comprises a processor and a memory configured to execute an algorithm and/or store data.
  • the front face 10 includes security data 2.
  • the security data 2 includes at least one PAN number 20.
  • the PAN number 20 is composed of several series of digits, for example four series four digits, making a total of sixteen digits.
  • the term PAN is common in banking jargon. In this example, reading payment card 1 from left to right, the PAN number 20 has a first set of numbers 200, a second set of numbers 201, a third set of numbers and a fourth set of numbers 203.
  • the PAN cryptogram 21 replaces the third series of digits of the PAN number 2
  • the PAN ciphertext 21 substitutes the fourth series 203 of digits of the PAN number 2.
  • the PAN 21 cryptogram comprises between 16 and 100 characters.
  • the PAN cryptogram 21 comprises between 36 and 64 characters.
  • the cryptogram PAN 21 consists of a gimbal grid. Nevertheless, it is quite possible to consider the use of another type of PAN 21 cryptogram such as a simple bar code or a matrix bar code.
  • the security data 2 also includes the identity 22 of the bearer 100 of the payment card 1.
  • the security data 2 includes a deadline 23 for the validity of the payment card 1 .
  • the security data 2, 20, 21, 22, 23 affixed to the front face 10 of the payment card 1 are written by printing and/or embossing, or even by screen printing on the surface of the payment card 1
  • the other security data 2, 20, 22, 23 are affixed by embossing.
  • the reverse side 11 has a CW cryptogram 24.
  • This CW cryptogram 24 generally consists of three digits.
  • a gimbal grid, simple barcode or matrix barcode type cryptogram can be used to replace the CW 24 cryptogram.
  • the CW cryptogram 24 is also part of the security data 2 of the payment card 1. We are talking about security data since during a remote payment, these security data 2 are used to authenticate the payment card 1 with the bank management organization.
  • the payment card 1 comprises at least one authentication cryptogram 3. It is unique and owner of the payment card 1.
  • This authentication cryptogram 3 constitutes a means of authentication of the card of payment 1 by optical recognition. It is linked to the bank account of payment card 1.
  • the authentication cryptogram 3 can be affixed to a face 10, 11 of the payment card 1.
  • the authentication cryptogram 3 is affixed to the back face 11.
  • the authentication cryptogram 3 could also be placed on the front face 10 of the payment card 1.
  • the authentication cryptogram 3 comprises a number of characters between 200 and 10,000.
  • the authentication cryptogram 3 consists of a matrix code.
  • Matrix code is also called “two-dimensional barcode”.
  • the matrix code consists of a determined number of black modules arranged in a white background in such a way as to form a single pattern. Therefore, each black module constitutes a character of the authentication cryptogram 3.
  • Each black module has determined dimensions. This type of matrix code is known as a “QR code®”. The high number of characters in the authentication cryptogram 3 gives it its unique character.
  • the authentication cryptogram 3 could consist of another type of visual cryptogram such as a holographic cryptogram, a gimbal grid, etc.
  • a data matrix cryptogram is that it can already be read, recognized by a smartphone and current banking applications.
  • the invention also relates to an authentication system 4 of a payment card 1 and of the bearer 100.
  • the double authentication of the bearer 100 and of his payment card 1 contributes to achieving a secure operation relating to the personal data of the bearer 100 of the payment card 1.
  • the secure operation may correspond to a remote payment made using the payment card 1 (FIG. 5).
  • This double authentication is particularly useful for remote payment via the Internet.
  • double authentication can also be used to carry out a digital signature, operation on a loyalty account, transfer of bank funds, etc.
  • the authentication system 4 includes a digital terminal 5.
  • the digital terminal 5 may consist of a "smartphone” or smart mobile phone, a digital tablet, etc. More broadly, it is possible to implement the invention with an electronic device equipped with display means such as a screen, a multimedia capture tool such as a camera or a video camera, a memory and a processor to store and run algorithmic applications.
  • the electronic device can also comprise means of communication through a telecommunications network such as a mobile telephone network, a wired telephone network, the Internet, etc.
  • the digital terminal 5 integrates a recognition module 50 of the authentication cryptogram 3 owner of the payment card 1.
  • the recognition module 50 is configured for a digital capture of the authentication cryptogram 3.
  • the recognition module 50 is integrated into an application system configured to take control of the camera of the digital terminal 5.
  • the recognition module 50 can be integrated into an application for managing the bank account linked to payment card 1 .
  • This bank account management application is of course stored and executed by the digital terminal 5. It should be noted that on the day of writing this document, each banking organization provides its customers with a bank management application.
  • the recognition module 50 is therefore an algorithmic brick which can be added to an already pre-existing application or correspond to an application algorithm strictly speaking.
  • the digital terminal 5 is configured to communicate remotely through a wireless communication network.
  • the digital terminal 5 can include communication means such as a mobile telephone transmitter/receiver.
  • the transmitter/receiver can be of the GSM, 2G, 3G, 4G, 5G, 6G type.
  • the digital terminal 5 can include a near field transmitter/receiver, such as Bluetooth, Wifi or other. It should be noted that most digital terminals include a Wifi transmitter/receiver and a transmitter/receiver Bluetooth.
  • mobile telephones or smartphones additionally comprise a mobile telephone transmitter/receiver.
  • the authentication system 4 further comprises a secure digital space 6.
  • the secure digital space 6 is linked to the bank account of the payment card 1.
  • the secure digital space 6 is managed by a banking organization managing said bank account of the bearer of the payment card 1.
  • the secure digital space 6 is stored by a remote server. In a known manner, this secure digital space 6 is accessible remotely via secure protocols, such as the service call.
  • This service call is of the same type as that used by electronic payment terminals (TPE) to make bank payments following the reading of a bank payment card.
  • a service call can be secured by a security protocol of the APA, HTTPS, OAuth2 type.
  • the secure digital space 6 is also configured to open a secure communication channel using a payment validation system, of the PSP or “Payment service provider” type for example.
  • a PSP payment validation system corresponds to an application programming interface also called “API”.
  • the API of this payment validation system is configured to open a secure communication channel between the secure digital space 6 and the holder of the bank account, in order to confirm a remote payment.
  • the payment validation system used is configured to establish secure communication between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1 connected to said bank account.
  • the authentication system 4 may include a secure online portal 7.
  • the online portal 7 is itself stored on a remote server which is separate from the banking server.
  • the online portal 7 is configured to communicate with the remote server storing a secure digital space 6 of a bank account.
  • the online portal 7 is a payment portal hosted on a website such as a merchant site.
  • the online portal 7 is configured to carry out a secure operation relating to the personal data of the bearer 100 of the payment card 1 .
  • Said secure operation may correspond, as described previously, to a remote payment, a digital signature, a transaction on a loyalty account, a transfer of bank funds, etc.
  • the online portal 7 can be confused with the secure digital space 6. This possibility is more specific to a bank funds transfer operation or an operation on a card. of loyalty.
  • the wearer 100 communicates directly with his digital terminal 5 with the secure digital space 6.
  • the secure digital space 6 is configured to communicate remotely through a wireless communication network with the digital terminal 5 and/or the online portal 7 .
  • the secure operation relating to the personal data of the bearer 100 is carried out after a double authentication of the payment card 1 of the bearer 100 of the payment card 1.
  • the authentication system 4 involves a classic first authentication in all online payment transactions. This first authentication corresponds, on the one hand, to an authentication of the bearer 100 by his connection to a personal digital space.
  • This authentication of the bearer 100 includes the information of an identifier and a password or else a biometric recognition.
  • the first authentication also involves information security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. It should be noted that in this example the number PAN 20 includes a PAN 21 cryptogram.
  • the bearer 100 can reveal this series of digits via a revelation process described by the French patent application FR 20 05961 also held by the plaintiff.
  • the first authentication is performed by connecting to an online portal 7. Conversely, in the example of Figure 6, the first authentication is performed directly with the secure digital space 6 linked to payment card 1.
  • the authentication system 4 involves a second authentication. This second authentication takes place through a secure communication channel open between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1.
  • this second authentication corresponds, on the one hand, to authentication of the bearer 100 by entering a password or by biometric recognition via the recognition module 50.
  • the payment module recognition 50 performs a second authentication of the payment card 1.
  • This second authentication involves reading or capturing the authentication cryptogram 3 of the payment card 1.
  • this double authentication conditions the validation of the secure operation on the fact that the bearer 100 holds his payment card 1 during the validation of the operation.
  • a pirate cannot validate the secure operation.
  • an additional level of security is provided by a payment card 1 equipped with a PAN 21 cryptogram.
  • the invention also relates to a method for authenticating a payment card 1 in accordance with the invention and the bearer 100 of this payment card 1.
  • This authentication is carried out in order to carry out a secure operation relating to data personal details of the bearer 100 of the payment card 1.
  • this authentication method can be used to carry out a validation of remote payment and in particular of a remote payment made via a website.
  • the method according to the invention can also be useful for carrying out a financial transaction, an operation on a loyalty account, a digital signature, etc.
  • the authentication process includes a first authentication step of the payment card 1 and of the bearer 100 of the payment card 1.
  • This first authentication step is named a).
  • the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1.
  • step a) may also involve authentication of the identity of the bearer 100 of the payment card 1.
  • This authentication is carried out by connection to a secure digital space. The connection involves entering an identifier accompanied by an access code and/or biometric recognition. Biometric recognition can be digital or facial. This functionality depends on the characteristics integrated into the digital terminal 5 of the bearer 100 of the payment card 1.
  • the authentication method includes a step of requesting a secure transaction relating to the personal data of the bearer 100 of the payment card 1.
  • the request step is denoted b) .
  • the request is made to a secure digital space 6 linked to the bank account of the payment card 1.
  • This bank account is of course opened with a banking organization.
  • the secure digital space 6 is stored on a remote server managed by the banking organization.
  • the secure digital space 6 is accessible remotely through current telecommunication means (internet, mobile telephony).
  • the authentication process includes a step of verifying the security data 20, 21, 22, 23, 24, 200, 201, 203 entered on the payment card 1. This step is denoted c).
  • the verification step c) is performed by comparing the security data 20, 21, 22, 23, 24, 200, 201, 203 filled in with reference data stored in the secure digital space 6.
  • the method according to the invention calls for a second authentication in order to validate the operation relating to the personal data of the bearer 100 of the payment card 1 .
  • the authentication process includes a second step of authentication of the payment card and of the bearer of the payment card.
  • This second authentication step is denoted d).
  • the second authentication step is carried out by recognition of the authentication cryptogram 3 owner of the payment card 1.
  • step d) is performed through a digital recognition module 50 available or accessible by the digital terminal 5 belonging to the bearer 100 of the payment card 1.
  • the second authentication step d) is carried out by opening a secure communication channel between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1 .
  • a secure communication channel can use a PSP system described above.
  • the secure digital space 6 of the bank account calls for the opening of the digital recognition module 50 on the digital terminal 5 of the bearer 100 of the payment card 1.
  • the method may include a biometric and/or encoded authentication operation of the bearer 100 of the payment card 1 .
  • biometric authentication by recognition of a fingerprint 51 is requested.
  • the recognition module 50 gives access to a camera of the digital terminal 5 to allow digital capture of the authentication cryptogram 3 owner of the payment card 1 (see figure 4).
  • the recognition module 50 includes a frame 52 in the payment card 1 must be placed through the screen of the digital terminal 5. It should be noted that the recognition module 50 asks to scan the payment card 1.
  • the second authentication step comprises a comparison operation of the authentication cryptogram 3 affixed to the payment card 1, with a reference digital image of the authentication cryptogram. This reference image is stored in the secure digital space 6 of the bank account. When the picture of reference corresponds to cryptogram 3 affixed to the payment card, the second authentication step is considered successful.
  • the secure operation can be aborted immediately, however, the method can allow the bearer 100 of the payment card to benefit from a determined number of attempts to acknowledgement. For example, it is possible to offer three recognition attempts of the authentication cryptogram 3 before the secure operation is interrupted by failure of the double authentication of the payment card 1 and the identity of its bearer 100. In the event of a first failure, it is also possible to switch to more classic authentication methods such as the 3D secure system presented in the introduction to this document.
  • the authentication method includes a step for finalizing the secure operation relating to the personal data of the bearer 100 of the payment card 1.
  • the step of finalization is denoted e).
  • the finalization step transmits the authorizations to proceed with said secure operation.
  • the authentication method may include a step of geolocation of the digital terminal 5 of the bearer 100 of the payment card 1.
  • the location of the bearer 100 of the payment card 1 can give information as to a attempted fraud. Indeed, if the digital terminal 5 is located in a State different from that in which the bank account was opened, this can generate an alert for the attention of the bearer 100.
  • the recognition module 50 is configured to have access to the location data of the digital terminal 5.
  • the IP address of the digital terminal 5 can make it possible to provide information on the geolocation of the bearer 100 of the payment card 5.
  • this geolocation is intended to ensure that the entry of the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1 and the recognition of the cryptogram of authentication 3, in particular of the "QR code®" are carried out from the same place.
  • the first authentication step a) when the first authentication step a) is performed following a connection to a secure digital space of a secure online portal 7 separate from the space secure digital 6,
  • This possibility corresponds to a purchase made by the bearer 100 of the payment card 1 on the online portal 7 of a merchant site.
  • the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 directly into the secure digital space of the online portal 7.
  • the request step b) is carried out through a secure communication channel which is open between the online portal 7 and the secure digital space 6. This channel may be the one already used between a service provider payment and a bank.
  • the finalization step e) also takes place through this secure communication channel.
  • the finalization step e) consists in transmitting the direct debit authorizations between the banking organization of the payment card 1 and a banking organization to which is attached the payment portal.
  • the online portal 7 can also request a digital signature which will be provided through the authentication process of the invention.
  • the validation step e) transmits an authorization or a digital signature.
  • the first authentication step a) is carried out following a connection to the secure digital space 6 linked to the bank account of the payment card 1 .
  • the bearer 100 identifies himself to the secure digital space 6.
  • the bearer 100 authenticates himself by entering his identity, via an identifier. This identifier is verified using a password and/or by biometric recognition (digital or facial).
  • the request step b) is performed within the secure digital space 6.
  • the finalization step e) takes place directly with the banking institution, for example to carry out an internal banking transaction, that is to say, between two bank accounts opened with the same organisation. These two bank accounts can belong to the same bearer 100 or to two different entities.
  • the finalization step consists in transferring the direct debit authorizations from the bank account of the bearer 100 of the payment card 1 , to a beneficiary banking organization.

Abstract

The invention relates to a payment card (1) which comprises, on one side (10, 11), at least one authentication cryptogram (3), said authentication cryptogram (3) being unique and belonging to the payment card (1), the authentication cryptogram (3) being affixed to the payment card (1), said authentication cryptogram (3) forming a means of identifying the payment card (1) by optical recognition, said identification means being linked to a bank account to which the payment card (1) is linked. The invention also relates to a method for authenticating the payment card (1) and the bearer (100) of said payment card (1) with a view to carrying out a secure operation relating to personal data of the bearer (100) of the payment card (1). Finally, the invention relates to a use of the authentication method to make a remote payment using the payment card (1).

Description

Description Description
Titre de l'invention : Carte de paiement, procédé d’authentification et utilisation pour un paiement à distance Title of the invention: Payment card, authentication method and use for remote payment
[0001] La présente invention entre dans le domaine de la sécurisation des transactions financières par carte bancaire, et plus particulièrement des paiements bancaires à distance opérés sur internet. The present invention falls within the field of securing financial transactions by credit card, and more particularly remote banking payments made on the Internet.
[0002] Pour rappel, une carte bancaire est une carte en matière plastique, voire en papier ou en carton, de quelques centimètres de côté et d'un à deux millimètres d'épaisseur. La carte porte classiquement au moins un circuit intégré capable de contenir de l'information. Ce circuit intégré correspond à la puce et peut contenir un microprocesseur capable de traiter cette information ou être limité à des circuits de mémoire non volatile et, éventuellement, un composant de sécurité tel qu’une carte mémoire. [0002] As a reminder, a bank card is a card made of plastic, or even paper or cardboard, with a side of a few centimeters and one to two millimeters thick. The card conventionally carries at least one integrated circuit capable of containing information. This integrated circuit corresponds to the chip and may contain a microprocessor capable of processing this information or be limited to non-volatile memory circuits and, possibly, a security component such as a memory card.
[0003] Lors d’un paiement à distance par carte bancaire, il est nécessaire de renseigner les données « dites données sécuritaires » de la carte bancaire afin de procéder à la transaction financière. [0003] During a remote payment by bank card, it is necessary to enter the data "known as security data" of the bank card in order to proceed with the financial transaction.
[0004] Ces données sécuritaires sont généralement inscrites sur l’une ou l’autre des faces de cette carte à puce. Typiquement, une carte bancaire comprend des données d’identification d’un compte bancaire et/ou du propriétaire de la carte bancaire. Ces données d’identification sont généralement inscrites sur la face recto de la carte bancaire. Plus précisément, le numéro de carte, également appelé numéro PAN, est lié à un compte bancaire. En complément, la plupart des cartes bancaires comporte, d’une part, l’identité du titulaire de la carte bancaire (nom et prénom et/ou raison social). [0004] This security data is generally written on one or the other of the faces of this smart card. Typically, a bank card includes identification data for a bank account and/or the owner of the bank card. These identification data are generally written on the front of the bank card. More precisely, the card number, also called PAN number, is linked to a bank account. In addition, most bank cards include, on the one hand, the identity of the holder of the bank card (surname and first name and/or company name).
D’autre part, les organismes bancaires inscrivent également la date limite de validité de la carte de paiement. On the other hand, banking organizations also enter the expiry date of the payment card.
[0005] Ces données d’identification d’un compte et/ou du propriétaire de la carte à puce sont généralement inscrites par impression ou en relief sur la face recto de la carte bancaire. Généralement, ces inscriptions sont réalisées par une technique d’embossage (face avant) de la carte à puce ou par sérigraphie. [0005] These identification data for an account and/or for the owner of the smart card are generally printed or embossed on the front side of the bank card. Generally, these inscriptions are made by an embossing technique (front side) of the smart card or by screen printing.
[0006] La majorité des cartes bancaires comprennent aussi un code de sécurité ou un cryptogramme visuel apposé au verso (ou face arrière) de la carte bancaire. [0006] The majority of bank cards also include a security code or a visual cryptogram affixed to the back (or rear face) of the bank card.
[0007] En pratique, le propriétaire ou porteur de la carte bancaire est invité à fournir ces données d’identification lorsqu’il réalise un paiement en ligne ou par téléphone. [0007] In practice, the owner or holder of the bank card is asked to provide this identification data when making a payment online or by telephone.
[0008] Depuis le début du XXIème siècle le commerce en ligne et plus généralement le paiement en ligne affichent une croissance quasi exponentielle du nombre de transactions mais aussi du volume financier de ces transactions. [0009] Face à cette augmentation du volume de paiements en ligne, la question de la cybersécurité semble critique. En effet, en parallèle de cette augmentation des paiements en ligne on observe également une augmentation, des fraudes à la carte bancaire notamment au travers du piratage en ligne ou par téléphone. [0008] Since the beginning of the 21st century, online commerce and more generally online payment have shown an almost exponential growth in the number of transactions but also in the financial volume of these transactions. [0009] Faced with this increase in the volume of online payments, the issue of cybersecurity seems critical. Indeed, in parallel with this increase in online payments, there is also an increase in credit card fraud, particularly through online or telephone piracy.
[0010] Parmi ces nombreuses fraudes, on distingue deux types ; l’un avec usage de la carte bancaire, dit CP pour carte présente, l’autre sans carte dit CNP pour carte non présente. Une fraude du premier type implique un vol physique de la carte bancaire et le pirate, en possession de cette carte volée, disposant par ailleurs des données sécuritaires qui lui permettent d’usurper l’identité du porteur de la carte bancaire en vue de procéder à des paiements en ligne. Le piratage visuel des données sécuritaires, peut être aussi assimilé à ce premier type de fraude par usurpation d’identité. En effet, le piratage visuel intervient en principe lors d’un paiement en magasin, le vendeur copiant les données sécuritaires à l'insu du titulaire / porteur de la carte. Le pirate est alors en possession des données sécuritaires de la carte bancaire et peut effectuer des transactions à distance, soit pour son propre compte, soit pour les revendre à un tiers. Among these numerous frauds, there are two types; one with use of the bank card, says CP for card present, the other without card says CNP for card not present. Fraud of the first type involves the physical theft of the bank card and the hacker, in possession of this stolen card, who also has security data that allows him to usurp the identity of the bearer of the bank card in order to online payments. The visual hacking of security data can also be assimilated to this first type of identity theft fraud. Indeed, visual hacking occurs in principle during a payment in store, the seller copying the security data without the knowledge of the holder / cardholder. The pirate is then in possession of the secure data of the bank card and can carry out transactions remotely, either for his own account or to resell them to a third party.
[0011] L’hameçonnage ou « phishing » constitue le deuxième type de fraudes à l’usurpation d’identité. Cette technique est sans doute celle qui s’est le plus développée ces dernières années. La technique consiste à faire croire à la victime qu'elle s'adresse à un tiers de confiance telle qu’une banque, une administration, ceci afin de lui soutirer des renseignements personnels : mot de passe, numéro de carte de crédit, numéro ou photocopie de la carte d'identité, date de naissance, etc. Ceci peut être réalisé en reproduisant un site internet entier, par envoi d’un courriel ou encore par envoie d’un texto. Résultat, le pirate se retrouve en possession des données sécuritaires de la carte bancaire qui lui permettent également de réaliser des transactions pour son propre compte. [0011] Phishing is the second type of identity theft fraud. This technique is undoubtedly the one that has developed the most in recent years. The technique consists in making the victim believe that he is addressing a trusted third party such as a bank, an administration, in order to extract personal information from him: password, credit card number, number or photocopy of identity card, date of birth, etc. This can be achieved by replicating an entire website, by sending an email or even by sending a text message. As a result, the hacker finds himself in possession of the secure data of the bank card which also allows him to carry out transactions for his own account.
[0012] Pour prévenir ce type de fraudes, les organismes bancaires ont mis en place des procédés de sécurisation du paiement au travers de l’envoi d’un texto ou « sms » de confirmation de paiement sur le téléphone portable du porteur de la carte bancaire. Ce texto comprend généralement un code alphanumérique envoyé par l’organisme bancaire afin de valider le paiement. Ce service porte le nom authentification par « 3D-Secure® ». Bien que ce système apporte une certaine sécurité, il possède quelques failles qui permettent aux pirates de le contourner. Tout d’abord, toutes les banques ne proposent pas un tel service. De même, le système de paiement de tous les sites marchands ne permettent pas l’utilisation de ce procédé de sécurisation de la transaction financière. De sorte qu’à ce jour seules 40% de transactions en ligne françaises sont validées par ce système. Par ailleurs, ce système permet de changer le numéro de téléphone vers lequel le code alphanumérique est envoyé. Une aubaine pour le pirate qui peut ainsi détourner l’envoi du code alphanumérique vers son propre téléphone portable. [0012] To prevent this type of fraud, banking organizations have implemented payment security methods by sending a payment confirmation text message or "sms" to the cardholder's mobile phone. banking. This text message generally includes an alphanumeric code sent by the banking institution in order to validate the payment. This service is called “3D-Secure ® ” authentication. Although this system provides some security, it has some flaws that allow hackers to circumvent it. First of all, not all banks offer such a service. Similarly, the payment system of all merchant sites does not allow the use of this method of securing the financial transaction. So that to date only 40% of French online transactions are validated by this system. In addition, this system makes it possible to change the telephone number to which the alphanumeric code is sent. A godsend for the pirate who can thus divert the sending of the alphanumeric code to his own mobile phone.
[0013] Ces inconvénients ont poussé, dans une décision récente, la Commission[0013] These disadvantages led, in a recent decision, the Commission
Européenne à établir de nouvelles normes européennes plus strictes qui requièrent un niveau de sécurisation plus élevé en ce qui concerne les paiements en ligne. Le calendrier ambitieux de l’application de ces nouvelles normes visait une entrée en vigueur courant 2021 , avec un inconvénient majeur, celui de laisser aux banques le choix des solutions avec le risque d’un défaut d’harmonisation. European Union to establish new stricter European standards which require a higher level of security with regard to online payments. The ambitious timetable for the application of these new standards aimed for entry into force in 2021, with a major drawback, that of leaving the choice of solutions to the banks with the risk of a lack of harmonization.
[0014] Des solutions alternatives existent pour sécuriser les transactions. Par exemple, il existe un type de carte bancaire qui comporte un cryptogramme CW dynamique. Le cryptogramme CW correspond à la suite de trois chiffres qui se trouve généralement sur la face recto de la carte bancaire. [0014] Alternative solutions exist to secure transactions. For example, there is a type of bank card that has a dynamic CW cryptogram. The CW cryptogram corresponds to the sequence of three digits which is generally found on the front side of the bank card.
[0015] Le cryptogramme CW est dit dynamique, puisque la série de trois chiffres évolue de manière aléatoire, automatiquement et à fréquence régulière. Ainsi, il est possible de confier sans crainte les informations d’une carte bancaire dynamique pour des transactions en ligne. En effet, même en cas de piratage par hameçonnage, les données sécuritaires de la carte bancaire seront inutilisables, puisque le cryptogramme change régulièrement. [0015] The CW cryptogram is said to be dynamic, since the series of three digits evolves randomly, automatically and at regular frequency. Thus, it is possible to entrust without fear the information of a dynamic bank card for online transactions. Indeed, even in the event of hacking by phishing, the security data of the bank card will be unusable, since the cryptogram changes regularly.
[0016] La carte bancaire à cryptogramme dynamique n’est qu’une réponse partielle à la problématique de l’hameçonnage. Cependant, elle ne répond pas à la problématique de vol physique de la carte bancaire. Outre le fait que la technique embarquée sur une telle carte est une prouesse technologique, notamment au travers de l’intégration à la fois d’une batterie et d’un écran dans l’épaisseur de la carte, cette technologie est très coûteuse et non écologique, ce qui retarde sa généralisation. [0016] The dynamic cryptogram bank card is only a partial answer to the problem of phishing. However, it does not address the problem of physical theft of the bank card. Apart from the fact that the technique embedded in such a card is a technological feat, in particular through the integration of both a battery and a screen in the thickness of the card, this technology is very expensive and not ecological, which delays its generalization.
[0017] Il est à noter que la demanderesse propose déjà une solution pour lutter contre l’usurpation d’identité à la suite d’un vol physique de la carte bancaire et/ou de son piratage visuel. La solution propose d’intégrer un cryptogramme en lieu et place du trois chiffres du numéro PAN de la carte bancaire. Cette solution est notamment décrite dans le document WO 2020/120849. Bien qu’en possession de la carte bancaire, le pirate ne possède pas l’entièreté des données sécuritaires afin de procéder à des paiements en ligne pour son propre compte. En effet, le titulaire de ce type de carte de bancaire reçoit, d’une part, une carte bancaire dont une partie du chiffre PAN est masqué, et d’autre part, le numéro masqué. Ce numéro masqué peut être révélé par un procédé numérique également développé par la demanderesse a également fait l’objet d’un dépôt d’une demande de brevet français FR 20 05961. [0017] It should be noted that the plaintiff already offers a solution to combat identity theft following physical theft of the bank card and/or its visual hacking. The solution proposes to integrate a cryptogram instead of the three digits of the bank card's PAN number. This solution is described in particular in document WO 2020/120849. Although in possession of the bank card, the hacker does not have all the secure data in order to make online payments for his own account. Indeed, the holder of this type of bank card receives, on the one hand, a bank card of which part of the PAN figure is masked, and on the other hand, the masked number. This masked number can be revealed by a digital process also developed by the applicant has also been the subject of a French patent application FR 20 05961.
[0018] Bien que cette solution d’encrypter le numéro PAN de la carte bancaire ait fait ses preuves contre le vol physique et/ou le piratage visuel d’une carte bancaire, elle ne permet pas de prévenir un piratage par hameçonnage des données sécuritaires de la carte bancaire. [0018] Although this solution of encrypting the PAN number of the bank card has proven itself against the physical theft and/or the visual hacking of a bank card, it does not does not prevent hacking by phishing of secure bank card data.
[0019] En conséquence, au jour de la rédaction de ce document, nous sommes forcés de constater que les organismes bancaires et les acteurs du commerce en ligne n’ont pas encore trouvés une solution idoine afin de sécuriser les transactions en ligne par carte bancaire. [0019] Consequently, on the day of writing this document, we are forced to note that banking organizations and e-commerce players have not yet found an appropriate solution to secure online transactions by bank card. .
[0020] Pour pallier ces inconvénients, la demanderesse a développé une solution technique qui vise à sécuriser le paiement en ligne au travers d’une double authentification assurant l’authentification de la carte bancaire et du titulaire de cette carte bancaire. To overcome these drawbacks, the plaintiff has developed a technical solution which aims to secure online payment through double authentication ensuring the authentication of the bank card and the holder of this bank card.
[0021] Un premier aspect de la présente invention concerne une carte de paiement comprenant une face recto et une face verso, la carte de paiement intègre aussi une puce électronique, la face recto comprenant des données sécuritaires qui incluent, au moins, un numéro PAN, une identité du porteur de la carte de paiement et une date limite de validité de la carte de paiement, la face verso possédant un cryptogramme CW généralement constitué de trois chiffres. A first aspect of the present invention relates to a payment card comprising a front side and a back side, the payment card also incorporates an electronic chip, the front side comprising security data which includes, at least, a PAN number , an identity of the bearer of the payment card and an expiry date of the payment card, the back side having a CW cryptogram generally consisting of three digits.
[0022] La carte de paiement se caractérise en ce qu’elle comporte sur une face au moins un cryptogramme d’authentification comprenant un nombre de caractères compris entre 200 et 10 000, ce cryptogramme d’authentification est unique et propriétaire de la carte de paiement sur laquelle le cryptogramme d’authentification est apposé, ce cryptogramme d’authentification constitue un moyen d’identification de la carte de paiement par reconnaissance optique, ce moyen d’identification étant lié à un compte bancaire auquel la carte de paiement est liée. The payment card is characterized in that it has on one side at least one authentication cryptogram comprising a number of characters between 200 and 10,000, this authentication cryptogram is unique and the owner of the payment card. payment on which the authentication cryptogram is affixed, this authentication cryptogram constitutes a means of identification of the payment card by optical recognition, this means of identification being linked to a bank account to which the payment card is linked.
[0023] La carte de paiement selon l’invention est équipée d’un cryptogramme d’authentification propriétaire qui est apposé sur une face de la carte de paiement. Ce cryptogramme d’authentification comporte un nombre important de caractère qui le rend unique. De fait, le cryptogramme d’authentification contribue à fournir un moyen d’authentification de la carte de paiement par reconnaissance optique du cryptogramme d’authentification. Ce cryptogramme d’authentification contribue à améliorer la sécurité d’opérations sécurisées, en limitant, les fraudes par hameçonnage. En effet, lorsqu’un pirate est parvenu à dérober les données sécuritaires de la carte de paiement, un procédé d’authentification selon l’invention requiert la validation de l’opération sécurisée par reconnaissance optique du cryptogramme d’authentification. Ainsi, si le pirate ne détient pas la carte de paiement et ses données sécuritaires, il ne peut pas utiliser la carte paiement à son profit. The payment card according to the invention is equipped with a proprietary authentication cryptogram which is affixed to one side of the payment card. This authentication cryptogram contains a large number of characters which makes it unique. In fact, the authentication cryptogram contributes to providing a means of authentication of the payment card by optical recognition of the authentication cryptogram. This authentication cryptogram helps to improve the security of secure operations, by limiting phishing fraud. Indeed, when a hacker has managed to steal the security data of the payment card, an authentication method according to the invention requires the validation of the secure operation by optical recognition of the authentication cryptogram. Thus, if the hacker does not hold the payment card and its secure data, he cannot use the payment card for his benefit.
[0024] Selon une deuxième caractéristique du premier aspect de l’invention, le cryptogramme d’authentification est un code matriciel constitué d’un nombre déterminé de modules noirs disposés dans un fond blanc de manière à former un motif unique, chaque module noir constituant un caractère du cryptogramme d’authentification. Ce type de code matriciel fournit un grand nombre de combinaison qui permet à chaque carte de paiement de comporter un cryptogramme d’authentification unique encore appelé « propriétaire ». According to a second characteristic of the first aspect of the invention, the authentication cryptogram is a matrix code consisting of a determined number of black modules arranged in a white background so as to form a single pattern, each black module constituting a character of the authentication cryptogram. This type of matrix code provides a large number of combinations which allows each payment card to include a unique authentication cryptogram also called "owner".
[0025] Selon une troisième caractéristique du premier aspect de l’invention, le numéro PAN est constitué de quatre séries de quatre chiffres, la carte de paiement comprenant un cryptogramme PAN substituant au moins une série de quatre chiffres du numéro PAN.According to a third characteristic of the first aspect of the invention, the PAN number consists of four series of four digits, the payment card comprising a PAN cryptogram substituting at least one series of four digits of the PAN number.
Le cryptogramme PAN fournit une sécurité supplémentaire qui permet de lutter contre le vol physique et/ou le piratage visuel de la carte de paiement. En effet, même en cas de vol physique et/ou de piratage visuel, le pirate ne détient pas l’intégralité du numéro PAN de la carte de paiement. Celle-ci est par conséquent inutilisable. The PAN cryptogram provides additional security that helps prevent physical theft and/or visual hacking of the payment card. Indeed, even in the event of physical theft and/or visual hacking, the hacker does not hold the full PAN number of the payment card. It is therefore unusable.
[0026] En particulier, le cryptogramme PAN comprend entre 16 et 100 caractères, de préférence, le cryptogramme PAN comprend entre 36 et 64 caractères. Selon l’invention, le cryptogramme PAN est une grille de cardan. In particular, the PAN cryptogram comprises between 16 and 100 characters, preferably the PAN cryptogram comprises between 36 and 64 characters. According to the invention, the PAN cryptogram is a gimbal grid.
[0027] Selon une quatrième caractéristique du premier aspect de l’invention, le cryptogramme CW peut être substitué par un cryptogramme possédant un nombre de caractères supérieur à trois. Cette caractéristique vise à également à masquer les données sécuritaires de la carte de paiement en vue de lutter contre le vol physique et/ou le piratage visuel de la carte de paiement. [0027] According to a fourth characteristic of the first aspect of the invention, the CW ciphertext can be substituted by a ciphertext having a number of characters greater than three. This feature also aims to hide the security data of the payment card in order to fight against physical theft and/or visual hacking of the payment card.
[0028] Un deuxième aspect de l’invention concerne un procédé d’authentification d’une carte de paiement définie selon le premier aspect de l’invention, et du porteur de cette carte de paiement. Le procédé d’authentification vise à réaliser une opération sécurisée relative à des données personnelles du porteur de la carte de paiement. Dans cette optique, le procédé d’authentification comprend au moins : a) Une première étape d’authentification de la carte de paiement par renseignement des données sécuritaires de la carte de paiement et/ou une première authentification du porteur de la carte paiement, le porteur de la carte de paiement renseignant son identité et/ou un identifiant ; b) Une étape de requête d’une opération sécurisée relative à des données personnelles du porteur de la carte de paiement, la requête effectuée auprès d’un espace numérique sécurisé lié au compte bancaire de la carte de paiement ouvert auprès d’un organisme bancaire, l’espace numérique sécurisé étant stocké sur un serveur distant géré l’organisme bancaire ; c) Une étape de vérification des données sécuritaires renseignées de la carte de paiement, cette étape étant effectuée par comparaison des données sécuritaires renseignées avec des données de références stockées sur l’espace numérique sécurisé ; d) Une seconde étape d’authentification de de la carte de paiement et du porteur de la carte paiement, la seconde étape d’authentification étant opérée par reconnaissance du cryptogramme d’authentification propriétaire de la carte de paiement, cette étape étant réalisée au travers d’un module de reconnaissance numérique disponible ou accessible via un terminal numérique appartenant au porteur de la carte de paiement, et ; e) Une étape de finalisation de l’opération sécurisée relative aux données personnelles du porteur de la carte de paiement. A second aspect of the invention relates to a method for authenticating a payment card defined according to the first aspect of the invention, and the bearer of this payment card. The authentication method aims to carry out a secure operation relating to the personal data of the bearer of the payment card. With this in mind, the authentication process comprises at least: a) A first step of authentication of the payment card by entering the security data of the payment card and/or a first authentication of the bearer of the payment card, the bearer of the payment card providing his identity and/or an identifier; b) A step of requesting a secure transaction relating to the personal data of the bearer of the payment card, the request made to a secure digital space linked to the bank account of the payment card opened with a banking institution , the secure digital space being stored on a remote server managed by the banking institution; c) A step of verifying the security data entered on the payment card, this step being carried out by comparing the security data entered with reference data stored in the secure digital space; d) A second step of authentication of the payment card and the bearer of the payment card, the second authentication step being carried out by recognition of the authentication cryptogram owner of the payment card, this step being carried out through a digital recognition module available or accessible via a digital terminal belonging to the bearer of the payment card, and; e) A stage for finalizing the secure transaction relating to the payment card holder's personal data.
[0029] Au travers des deux étapes d’authentification a) et d), le procédé selon l’invention intègre une double authentification de la carte de paiement et/ou du porteur de cette carte. Cette double authentification renforce la sécurisation d’une opération sécurisée telle qu’un paiement à distance. En effet, ce procédé implique de renseigner les données sécuritaires de la carte de paiement, mais aussi que se soit le porteur de cette carte qui effectue cette opération pour ouvrir le module de reconnaissance, et enfin que le porteur de la carte de paiement détienne sa carte de paiement pour le cryptogramme propriétaire de la carte de paiement soit reconnu. De fait, le procédé d’authentification rend le piratage par hameçonnage, tel qu’on le connaît aujourd’hui, inefficace puisque ce type de piratage ne permet pas de récupérer le cryptogramme d’authentification propriétaire de la carte de paiement. [0029] Through the two authentication steps a) and d), the method according to the invention integrates a double authentication of the payment card and/or of the holder of this card. This double authentication reinforces the security of a secure operation such as a remote payment. Indeed, this process involves entering the security data of the payment card, but also that it is the bearer of this card who performs this operation to open the recognition module, and finally that the bearer of the payment card holds his payment card for the cryptogram owner of the payment card is recognized. In fact, the authentication process makes phishing hacking, as we know it today, ineffective since this type of hacking does not make it possible to recover the proprietary authentication cryptogram of the payment card.
[0030] Selon une première caractéristique du deuxième aspect de l’invention, la seconde étape d’authentification d), est opérée par une ouverture d’un canal de communication sécurisé entre l’espace numérique sécurisé du compte bancaire et le terminal numérique du porteur de la carte de paiement, l’espace numérique sécurisé du compte bancaire appelant alors l’ouverture du module de reconnaissance numérique. According to a first characteristic of the second aspect of the invention, the second authentication step d) is performed by opening a secure communication channel between the secure digital space of the bank account and the digital terminal of the bearer of the payment card, the secure digital space of the bank account then calling for the opening of the digital recognition module.
[0031] Selon une deuxième caractéristique du deuxième aspect de l’invention, le procédé d’authentification comporte, à l’ouverture du module de reconnaissance, une opération d’authentification biométrique et/ou codifiée du porteur de la carte de paiement, en cas de succès de l’authentification du porteur de la carte de paiement, le module de reconnaissance donne accès à une caméra du terminal numérique pour permettre une capture numérique du cryptogramme d’authentification de la carte de paiement. [0031] According to a second characteristic of the second aspect of the invention, the authentication method comprises, on opening the recognition module, a biometric and/or codified authentication operation of the bearer of the payment card, in if the authentication of the bearer of the payment card is successful, the recognition module gives access to a camera of the digital terminal to allow digital capture of the authentication cryptogram of the payment card.
[0032] Selon une troisième caractéristique du deuxième aspect de l’invention, le procédé comporte une comparaison du cryptogramme d’authentification apposé sur la carte de paiement, avec une image numérique de référence du cryptogramme d’authentification stockée dans l’espace numérique sécurisé du compte bancaire. According to a third characteristic of the second aspect of the invention, the method comprises a comparison of the authentication cryptogram affixed to the payment card, with a reference digital image of the authentication cryptogram stored in the secure digital space. from the bank account.
[0033] Selon une quatrième caractéristique du deuxième aspect de l’invention, lorsque l’étape de connexion a) est opérée sur un portail en ligne sécurisé distinct de l’espace numérique sécurisé 6, un canal de communication sécurisé est ouvert entre le portail en ligne sécurisé et un espace numérique sécurisé et relié au compte bancaire de la carte de paiement. [0033] According to a fourth characteristic of the second aspect of the invention, when the connection step a) is performed on a secure online portal separate from the secure digital space 6, a secure communication channel is opened between the portal in secure line and a secure digital space linked to the bank account of the payment card.
[0034] Selon une cinquième caractéristique du deuxième aspect de l’invention, le procédé d’authentification comporte une étape de géolocalisation du terminal numérique du porteur de la carte de paiement. [0034] According to a fifth characteristic of the second aspect of the invention, the authentication method comprises a step of geolocation of the digital terminal of the bearer of the payment card.
[0035] Un troisième aspect de l’invention concerne une utilisation du procédé d’authentification défini selon le deuxième aspect de l’invention, pour opérer une validation de paiement à distance et notamment d’un paiement à distance réalisé via un site internet, le paiement à distance étant opéré au travers d’une carte de paiement définie selon le premier aspect de l’invention. A third aspect of the invention relates to a use of the authentication method defined according to the second aspect of the invention, to operate a validation of remote payment and in particular of a remote payment made via a website, the remote payment being operated through a payment card defined according to the first aspect of the invention.
[0036] D’autres particularités et avantages apparaîtront dans la description détaillée qui suit, de deux exemples de réalisation, non limitatifs, de l’invention illustrés par les figures 1 à 6 placées en annexe et dans lesquelles : Other features and advantages will appear in the following detailed description of two non-limiting embodiments of the invention illustrated by Figures 1 to 6 placed in the appendix and in which:
[0037] [Fig. 1] est une représentation d’une face recto d’une carte de paiement conforme de l’invention. [0037] [Fig. 1] is a representation of a front face of a payment card in accordance with the invention.
[0038] [Fig. 2] est une représentation d’une face verso de la carte de paiement de la figure 1. [0038] [Fig. 2] is a representation of a reverse side of the payment card in Figure 1.
[0039] [Fig. 3] est une représentation d’un terminal numérique recevant un appel d’un serveur bancaire en vue d’authentifier une carte de paiement. [0039] [Fig. 3] is a representation of a digital terminal receiving a call from a banking server in order to authenticate a payment card.
[0040] [Fig. 4] est une représentation d’une étape de reconnaissance du cryptogramme d’authentification de la carte de paiement des figures 1 et 2. [0040] [Fig. 4] is a representation of a recognition step of the authentication cryptogram of the payment card of figures 1 and 2.
[0041] [Fig. 5] est une représentation d’un système et d’un procédé d’authentification d’une carte de paiement conforme d’un premier exemple de réalisation de l’invention. [0041] [Fig. 5] is a representation of a system and method for authenticating a payment card in accordance with a first embodiment of the invention.
[0042] [Fig.6] est une représentation d’un système et d’un procédé d’authentification d’une carte de paiement conforme d’un second exemple de réalisation de l’invention. [0042] [Fig.6] is a representation of a system and method for authenticating a payment card that complies with a second embodiment of the invention.
[0043] Comme illustrée aux figures 1 à 5, l’invention concerne une carte de paiement 1. As illustrated in Figures 1 to 5, the invention relates to a payment card 1.
Cette carte de paiement 1 correspond à une carte bancaire. De fait, la carte de paiement 1 selon l’invention est reliée à un compte bancaire ouvert auprès d’un organisme bancaire. Le compte bancaire et la carte de paiement 1 sont attribués à un utilisateur encore appelé titulaire du compte bancaire, ou porteur 100 de la carte de paiement 1 . This payment card 1 corresponds to a bank card. In fact, the payment card 1 according to the invention is linked to a bank account opened with a banking organization. The bank account and the payment card 1 are assigned to a user also called the holder of the bank account, or bearer 100 of the payment card 1 .
[0044] La carte de paiement 1 comprend une face recto 10 et une face verso 11. De manière classique, la carte de paiement 1 intègre aussi une puce électronique 12. Cette puce électronique 12 comprend un processeur et une mémoire configurées pour exécuter un algorithme et/ou stocker des données. [0045] Comme cela est illustré à la figure 1 , la face recto 10 comprend des données sécuritaires 2. Les données sécuritaires 2 incluent au moins un numéro PAN 20. Le numéro PAN 20 est composé de plusieurs séries de chiffres, par exemple quatre séries de quatre chiffres, soit seize chiffres au total. L’appellation PAN est courante dans le jargon bancaire. Dans cet exemple, en lisant la carte de paiement 1 de gauche à droite, le numéro PAN 20 comporte une première série 200 de chiffres, une deuxième série 201 de chiffres, une troisième série de chiffres et une quatrième série de chiffres 203. The payment card 1 comprises a front face 10 and a back face 11. Conventionally, the payment card 1 also incorporates an electronic chip 12. This electronic chip 12 comprises a processor and a memory configured to execute an algorithm and/or store data. [0045] As illustrated in Figure 1, the front face 10 includes security data 2. The security data 2 includes at least one PAN number 20. The PAN number 20 is composed of several series of digits, for example four series four digits, making a total of sixteen digits. The term PAN is common in banking jargon. In this example, reading payment card 1 from left to right, the PAN number 20 has a first set of numbers 200, a second set of numbers 201, a third set of numbers and a fourth set of numbers 203.
[0046] Comme illustré à la figure 1 , il est possible de substituer au moins une série de quatre chiffres du numéro PAN 20 par un cryptogramme PAN 21. Dans cet exemple, le cryptogramme PAN 21 substitue la troisième série de chiffres du numéro PAN 2. Toutefois, de manière alternative, il est possible que le cryptogramme PAN 21 substitue la quatrième série 203 de chiffres du numéro PAN 2. As illustrated in Figure 1, it is possible to substitute at least one series of four digits of the PAN number 20 by a PAN cryptogram 21. In this example, the PAN cryptogram 21 replaces the third series of digits of the PAN number 2 However, alternatively, it is possible that the PAN ciphertext 21 substitutes the fourth series 203 of digits of the PAN number 2.
[0047] Selon l’invention le cryptogramme PAN 21 comprend entre 16 et 100 caractères. De préférence, le cryptogramme PAN 21 comprend entre 36 et 64 caractères. Dans l’exemple de la figure 1 , le cryptogramme PAN 21 est constitué par une grille de cardan. Néanmoins, il est tout à fait possible d’envisager l’utilisation d’un autre type de cryptogramme PAN 21 tel qu’un code barre simple ou un code barre matriciel. According to the invention, the PAN 21 cryptogram comprises between 16 and 100 characters. Preferably, the PAN cryptogram 21 comprises between 36 and 64 characters. In the example of figure 1, the cryptogram PAN 21 consists of a gimbal grid. Nevertheless, it is quite possible to consider the use of another type of PAN 21 cryptogram such as a simple bar code or a matrix bar code.
[0048] Il est à noter que cette technique d’encryptage du numéro PAN utilisant la grille de cardan comme cryptogramme PAN 21 est décrite plus en détails dans la demande internationale WO 2020/120849 déposée par la demanderesse. En complément, un procédé de révélation numérique de la série de chiffre encryptée est décrit dans la demande de brevet français FR 20 05961 également déposée par la demanderesse. Comme cela est exposé dans la partie introductive, l’encryptage d’une série de chiffre du numéro PAN 21 permet de lutter efficacement contre les fraudes d’usurpation d’identité suite notamment à un vol physique de la carte de paiement. It should be noted that this technique for encrypting the PAN number using the gimbal grid as the PAN 21 cryptogram is described in more detail in international application WO 2020/120849 filed by the applicant. In addition, a process for digitally revealing the series of encrypted digits is described in French patent application FR 20 05961 also filed by the applicant. As explained in the introductory part, the encryption of a series of digits of the PAN 21 number makes it possible to effectively fight against identity theft fraud, in particular following the physical theft of the payment card.
[0049] Comme illustré à la figure 1 , les données sécuritaires 2 comprennent également l’identité 22 du porteur 100 de la carte de paiement 1. De plus, les données sécuritaires 2 comportent une date limite 23 de validité de la carte de paiement 1 . [0049] As illustrated in Figure 1, the security data 2 also includes the identity 22 of the bearer 100 of the payment card 1. In addition, the security data 2 includes a deadline 23 for the validity of the payment card 1 .
[0050] Classiquement, les données sécuritaires 2, 20, 21 , 22, 23 apposées sur la face recto 10 de la carte de paiement 1 sont inscrites par impression et/ou embossage, voire par sérigraphie à la surface de la carte de paiement 1. Dans cet exemple, à l’exception du cryptogramme PAN 21 qui est imprimé, les autres données sécuritaires 2, 20, 22, 23 sont apposées par embossage. [0050] Conventionally, the security data 2, 20, 21, 22, 23 affixed to the front face 10 of the payment card 1 are written by printing and/or embossing, or even by screen printing on the surface of the payment card 1 In this example, with the exception of the PAN cryptogram 21 which is printed, the other security data 2, 20, 22, 23 are affixed by embossing.
[0051] Comme illustré à la figure 2, la face verso 11 possède un cryptogramme CW 24. Ce cryptogramme CW 24 est généralement constitué de trois chiffres. De façon optionnelle, il est également possible de substituer le cryptogramme CW 24 par un cryptogramme possédant un nombre de caractères supérieur à trois. A titre informatif, un cryptogramme de type grille de cardan, code barre simple ou code barre matriciel peut être utilisé pour substituer le cryptogramme CW 24. As illustrated in Figure 2, the reverse side 11 has a CW cryptogram 24. This CW cryptogram 24 generally consists of three digits. In a way optional, it is also possible to substitute the ciphertext CW 24 by a ciphertext having a number of characters greater than three. For information, a gimbal grid, simple barcode or matrix barcode type cryptogram can be used to replace the CW 24 cryptogram.
[0052] Le cryptogramme CW 24 fait également parti des données sécuritaires 2 de la carte de paiement 1. On parle de données sécuritaires puisque lors d’un paiement à distance, ces données sécuritaires 2 sont utilisées pour authentifier la carte de paiement 1 auprès de l’organisme de gestion bancaire. The CW cryptogram 24 is also part of the security data 2 of the payment card 1. We are talking about security data since during a remote payment, these security data 2 are used to authenticate the payment card 1 with the bank management organization.
[0053] Selon l’invention, la carte de paiement 1 comporte au moins un cryptogramme d’authentification 3. Il est unique et propriétaire de la carte de paiement 1. Ce cryptogramme d’authentification 3 constitue un moyen d’authentification de la carte de paiement 1 par reconnaissance optique. Il est relié au compte bancaire de la carte de paiement 1. According to the invention, the payment card 1 comprises at least one authentication cryptogram 3. It is unique and owner of the payment card 1. This authentication cryptogram 3 constitutes a means of authentication of the card of payment 1 by optical recognition. It is linked to the bank account of payment card 1.
[0054] Le cryptogramme d’authentification 3 peut être apposé sur une face 10, 11 de la carte de paiement 1. Dans l’exemple de la figure 2, le cryptogramme d’authentification 3 est apposé sur la face verso 11. Toutefois, le cryptogramme d’authentification 3 pourrait également être disposé sur la face recto 10 de la carte de paiement 1. The authentication cryptogram 3 can be affixed to a face 10, 11 of the payment card 1. In the example of Figure 2, the authentication cryptogram 3 is affixed to the back face 11. However, the authentication cryptogram 3 could also be placed on the front face 10 of the payment card 1.
[0055] Selon l’invention le cryptogramme d’authentification 3 comprend un nombre de caractères compris entre 200 et 10 000. According to the invention the authentication cryptogram 3 comprises a number of characters between 200 and 10,000.
[0056] Dans l’exemple illustré aux figures 2, 4 et 5, le cryptogramme d’authentification 3 est constitué par un code matriciel. Le code matriciel est également appelé « code-barres bidimensionnel ». En pratique, le code matriciel est constitué d’un nombre déterminé de modules noirs disposés dans un fond blanc de manière à former un motif unique. Dès lors, chaque module noir constitue un caractère du cryptogramme d’authentification 3. Chaque module noir possède des dimensions déterminées. Ce type de code matriciel est connu sous le nom de « QR code® ». Le nombre élevé de caractère du cryptogramme 3 d’authentification lui confère son caractère unique. In the example illustrated in Figures 2, 4 and 5, the authentication cryptogram 3 consists of a matrix code. Matrix code is also called “two-dimensional barcode”. In practice, the matrix code consists of a determined number of black modules arranged in a white background in such a way as to form a single pattern. Therefore, each black module constitutes a character of the authentication cryptogram 3. Each black module has determined dimensions. This type of matrix code is known as a “QR code®”. The high number of characters in the authentication cryptogram 3 gives it its unique character.
[0057] Il est à noter que le cryptogramme 3 d’authentification pourrait être constitué par un autre type de cryptogramme visuel tel qu’un cryptogramme holographique, une grille de cardan, etc. L’avantage d’un cryptogramme de type data matrix, consiste en ce qu’il est d’ores et déjà susceptible d’être lu, reconnu par un smartphone et les applications bancaires actuelles. It should be noted that the authentication cryptogram 3 could consist of another type of visual cryptogram such as a holographic cryptogram, a gimbal grid, etc. The advantage of a data matrix cryptogram is that it can already be read, recognized by a smartphone and current banking applications.
[0058] Comme illustré aux figures 5 et 6, l’invention concerne aussi un système d’authentification 4 d’une carte de paiement 1 et du porteur 100. La double authentification du porteur 100 et de sa carte de paiement 1 contribue à réaliser une opération sécurisée relative à des données personnelles du porteur 100 de la carte de paiement 1. Par exemple, l’opération sécurisée peut correspondre à un paiement à distance réalisé à l’aide de la carte de paiement 1 (figure 5). Cette double authentification est plus particulièrement utile pour un paiement à distance via internet. Toutefois, la double authentification peut également servir pour réaliser une signature numérique, opération sur un compte fidélité, un transfert de fonds bancaires etc. As illustrated in Figures 5 and 6, the invention also relates to an authentication system 4 of a payment card 1 and of the bearer 100. The double authentication of the bearer 100 and of his payment card 1 contributes to achieving a secure operation relating to the personal data of the bearer 100 of the payment card 1. For example, the secure operation may correspond to a remote payment made using the payment card 1 (FIG. 5). This double authentication is particularly useful for remote payment via the Internet. However, double authentication can also be used to carry out a digital signature, operation on a loyalty account, transfer of bank funds, etc.
[0059] Dans l’exemple des figures 5 et 6, le système d’authentification 4 comporte un terminal numérique 5. Le terminal numérique 5 peut consister en un « smartphone » ou téléphone portable intelligent, une tablette numérique etc. Plus largement, il est possible de mettre en oeuvre l’invention avec un dispositif électronique équipé de moyens de visualisation tel qu’un écran, d’un outil de capture multimédia tel qu’un appareil photo ou une caméra, d’une mémoire et d’un processeur afin de stocker et exécuter des applications algorithmiques. Le dispositif électronique peut également comprendre des moyens de communications au travers d’un réseau de télécommunication tels qu’un réseau de téléphonie mobile, un réseau de téléphonie filaire, internet etc. In the example of Figures 5 and 6, the authentication system 4 includes a digital terminal 5. The digital terminal 5 may consist of a "smartphone" or smart mobile phone, a digital tablet, etc. More broadly, it is possible to implement the invention with an electronic device equipped with display means such as a screen, a multimedia capture tool such as a camera or a video camera, a memory and a processor to store and run algorithmic applications. The electronic device can also comprise means of communication through a telecommunications network such as a mobile telephone network, a wired telephone network, the Internet, etc.
[0060] Selon l’invention, le terminal numérique 5 intègre un module de reconnaissance 50 du cryptogramme d’authentification 3 propriétaire de la carte de paiement 1. Le module de reconnaissance 50 est configuré pour une capture numérique du cryptogramme d’authentification 3. A ces fins, le module de reconnaissance 50 est intégré à un système applicatif configuré pour prendre le contrôle de la caméra du terminal numérique 5. A titre indicatif, le module de reconnaissance 50 peut être intégré à une application de gestion du compte bancaire lié à la carte de paiement 1 . Cette application de gestion du compte bancaire est bien entendu stockée et exécutée par le terminal numérique 5. Il à noter qu’au jour de la rédaction de ce document, chaque organisme bancaire, met à disposition de ses clients, une application de gestion bancaire. Le module de reconnaissance 50 est donc une brique algorithmique qui peut s’ajouter à une application déjà préexistante ou correspondre à un algorithme applicatif à proprement parlé. According to the invention, the digital terminal 5 integrates a recognition module 50 of the authentication cryptogram 3 owner of the payment card 1. The recognition module 50 is configured for a digital capture of the authentication cryptogram 3. For these purposes, the recognition module 50 is integrated into an application system configured to take control of the camera of the digital terminal 5. For information, the recognition module 50 can be integrated into an application for managing the bank account linked to payment card 1 . This bank account management application is of course stored and executed by the digital terminal 5. It should be noted that on the day of writing this document, each banking organization provides its customers with a bank management application. The recognition module 50 is therefore an algorithmic brick which can be added to an already pre-existing application or correspond to an application algorithm strictly speaking.
[0061] Le terminal numérique 5 est configuré pour communiquer à distance au travers d’un réseau de communication sans fil. A cet effet, le terminal numérique 5 peut comprendre des moyens de communication tels qu’un émetteur/récepteur de téléphonie mobile. A titre d’exemple, l’émetteur/récepteur peut être de type GSM, 2G, 3G, 4G, 5G, 6G. En complément, le terminal numérique 5 peut comprendre un émetteur/récepteur de champs proche, tel que Bluetooth, Wifi ou autre. Il est à noter que la plupart des terminaux numériques comprennent un émetteur/récepteur Wifi et un émetteur/récepteur Bluetooth. Par ailleurs, les téléphones portables ou smartphones comprennent en sus un émetteur/récepteur de téléphonie mobile. The digital terminal 5 is configured to communicate remotely through a wireless communication network. To this end, the digital terminal 5 can include communication means such as a mobile telephone transmitter/receiver. By way of example, the transmitter/receiver can be of the GSM, 2G, 3G, 4G, 5G, 6G type. In addition, the digital terminal 5 can include a near field transmitter/receiver, such as Bluetooth, Wifi or other. It should be noted that most digital terminals include a Wifi transmitter/receiver and a transmitter/receiver Bluetooth. Furthermore, mobile telephones or smartphones additionally comprise a mobile telephone transmitter/receiver.
[0062] Comme illustré aux figures 5 et 6, le système d’authentification 4 selon l’invention comprend en outre un espace numérique sécurisé 6. L’espace numérique sécurisé 6 est relié au compte bancaire de la carte de paiement 1 . De manière générale, l’espace numérique sécurisé 6 est géré par un organisme bancaire gérant ledit compte bancaire du porteur de la carte de paiement 1. L’espace numérique sécurisé 6 est stocké par un serveur distant. De manière connue, cet espace numérique sécurisé 6 est accessible à distance via des protocoles sécurisés, tels que l’appel de service. Cet appel de service est de même type que celui qui est utilisé par les terminaux de paiement électronique (TPE) pour effectuer des paiements bancaires à la suite de la lecture d’une carte de paiement bancaire. As illustrated in Figures 5 and 6, the authentication system 4 according to the invention further comprises a secure digital space 6. The secure digital space 6 is linked to the bank account of the payment card 1. In general, the secure digital space 6 is managed by a banking organization managing said bank account of the bearer of the payment card 1. The secure digital space 6 is stored by a remote server. In a known manner, this secure digital space 6 is accessible remotely via secure protocols, such as the service call. This service call is of the same type as that used by electronic payment terminals (TPE) to make bank payments following the reading of a bank payment card.
[0063] Typiquement, un appel de service peut être sécurisé par un protocole sécuritaire de type APA, HTTPS, OAuth2. [0063] Typically, a service call can be secured by a security protocol of the APA, HTTPS, OAuth2 type.
[0064] L’espace numérique sécurisé 6 est également configuré pour ouvrir un canal de communication sécurisé utilisant un système de validation de paiement, de type PSP ou « Payment service provider » par exemple. Un tel système de validation de paiement PSP correspond à une interface de programmation d’application encore appelée « API ». L’API de ce système de validation de paiement est configurée pour ouvrir un canal de communication sécurisé entre l’espace numérique sécurisé 6 et le titulaire du compte bancaire, en vue de confirmer un paiement à distance. Dans cet exemple, le système de validation de paiement employé est configuré pour établir une communication sécurisée entre l’espace numérique sécurisé 6 et le terminal numérique 5 du porteur 100 de la carte de paiement 1 relié audit compte bancaire. The secure digital space 6 is also configured to open a secure communication channel using a payment validation system, of the PSP or “Payment service provider” type for example. Such a PSP payment validation system corresponds to an application programming interface also called “API”. The API of this payment validation system is configured to open a secure communication channel between the secure digital space 6 and the holder of the bank account, in order to confirm a remote payment. In this example, the payment validation system used is configured to establish secure communication between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1 connected to said bank account.
[0065] Dans l’exemple illustré à la figure 5, le système d’authentification 4 peut comprendre un portail en ligne 7 sécurisé. Le portail en ligne 7 est lui-même stocké sur un serveur distant qui est distinct du serveur bancaire. Dans cet exemple, le portail en ligne 7 est configuré pour communiquer avec le serveur distant stockant un espace numérique sécurisé 6 d’un compte bancaire. Lorsque le porteur 100 souhaite effectuer une opération de paiement en ligne, le portail en ligne 7 est un portail de paiement hébergé sur un site internet tel qu’un site marchand. In the example illustrated in Figure 5, the authentication system 4 may include a secure online portal 7. The online portal 7 is itself stored on a remote server which is separate from the banking server. In this example, the online portal 7 is configured to communicate with the remote server storing a secure digital space 6 of a bank account. When the bearer 100 wishes to carry out an online payment transaction, the online portal 7 is a payment portal hosted on a website such as a merchant site.
[0066] Selon l’invention, le portail en ligne 7 est configuré pour réaliser une opération sécurisée relative à des données personnelles du porteur 100 de la carte de paiement 1 . Ladite opération sécurisée peut correspondre, comme décrit précédemment, à un paiement à distance, une signature numérique, une opération sur un compte fidélité, un transfert de fonds bancaires etc. According to the invention, the online portal 7 is configured to carry out a secure operation relating to the personal data of the bearer 100 of the payment card 1 . Said secure operation may correspond, as described previously, to a remote payment, a digital signature, a transaction on a loyalty account, a transfer of bank funds, etc.
[0067] Dans l’exemple de la figure 6, le portail en ligne 7 peut se confondre avec l’espace numérique sécurisé 6. Cette possibilité est plus spécifique d’une opération de transfert de fonds bancaire ou d’une opération sur une carte de fidélité. Dans cette configuration, le porteur 100 dialogue directement avec son terminal numérique 5 avec l’espace numérique sécurisé 6. In the example of Figure 6, the online portal 7 can be confused with the secure digital space 6. This possibility is more specific to a bank funds transfer operation or an operation on a card. of loyalty. In this configuration, the wearer 100 communicates directly with his digital terminal 5 with the secure digital space 6.
[0068] Ainsi, dans le cadre du système d’authentification 4, l’espace numérique sécurisé 6 est configuré pour communiquer à distance au travers d’un réseau de communication sans fil avec le terminal numérique 5 et/ou le portail en ligne 7. Thus, within the framework of the authentication system 4, the secure digital space 6 is configured to communicate remotely through a wireless communication network with the digital terminal 5 and/or the online portal 7 .
[0069] Dans tous les cas, l’opération sécurisée relative aux données personnelles du porteur 100 est opérée après une double authentification de la carte de paiement 1 du porteur 100 de la carte de paiement 1. En pratique, le système d’authentification 4 implique une première authentification classique dans toutes opérations de paiement en ligne. Cette première authentification correspond, d’une part, à une authentification du porteur 100 par sa connexion à un espace numérique personnel. Cette authentification du porteur 100 comprend le renseignement d’un identifiant et d’un mot de passe ou encore une reconnaissance biométrique. D’autre part, la première authentification implique également un renseignement des données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 de la carte de paiement 1. Il est à noter que dans le présent exemple le numéro PAN 20 comporte un cryptogramme PAN 21. Lorsque le porteur 100 n’a pas en mémoire la série de chiffres substituée par le cryptogramme PAN 21 , le porteur 100 peut révéler cette série de chiffres via un procédé de révélation décrit par la demande de brevet français FR 20 05961 également détenue par la demanderesse. Dans l’exemple de la figure 5, la première authentification est opérée par connexion à un portail en ligne 7. A l’inverse, dans l’exemple de figure 6, la première authentification est opérée directement auprès de l’espace numérique sécurisé 6 lié à la carte de paiement 1. In all cases, the secure operation relating to the personal data of the bearer 100 is carried out after a double authentication of the payment card 1 of the bearer 100 of the payment card 1. In practice, the authentication system 4 involves a classic first authentication in all online payment transactions. This first authentication corresponds, on the one hand, to an authentication of the bearer 100 by his connection to a personal digital space. This authentication of the bearer 100 includes the information of an identifier and a password or else a biometric recognition. On the other hand, the first authentication also involves information security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. It should be noted that in this example the number PAN 20 includes a PAN 21 cryptogram. When the bearer 100 does not have in memory the series of digits substituted by the PAN 21 cryptogram, the bearer 100 can reveal this series of digits via a revelation process described by the French patent application FR 20 05961 also held by the plaintiff. In the example of Figure 5, the first authentication is performed by connecting to an online portal 7. Conversely, in the example of Figure 6, the first authentication is performed directly with the secure digital space 6 linked to payment card 1.
[0070] Dans un second temps, le système d’authentification 4 implique une seconde authentification. Cette seconde authentification se déroule au travers d’un canal de communication sécurisé ouvert entre l’espace numérique sécurisé 6 et le terminal numérique 5 du porteur 100 de la carte de paiement 1. [0070] Secondly, the authentication system 4 involves a second authentication. This second authentication takes place through a secure communication channel open between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1.
[0071] En pratique, cette seconde authentification correspond, d’une part, à une authentification du porteur 100 par renseignement d’un mot de passe ou par reconnaissance biométrique via le module de reconnaissance 50. Lorsque l’authentification du porteur 100 de la carte de paiement 1 est un succès, le module de reconnaissance 50 opère une seconde authentification de la carte de paiement 1. Cette seconde authentification implique la lecture ou la capture du cryptogramme d’authentification 3 de la carte de paiement 1. De fait, cette double authentification conditionne la validation de l’opération sécurisée au fait que le porteur 100 détienne sa carte de paiement 1 lors de la validation de l’opération. En l’absence des données biométriques du porteur 100 ou du cryptogramme d’authentification 3, un pirate ne peut pas valider l’opération sécurisée. De plus, un niveau de sécurité supplémentaire est conféré par une carte de paiement 1 équipée d’un cryptogramme PAN 21. In practice, this second authentication corresponds, on the one hand, to authentication of the bearer 100 by entering a password or by biometric recognition via the recognition module 50. When the authentication of the bearer 100 of the payment card 1 is a success, the payment module recognition 50 performs a second authentication of the payment card 1. This second authentication involves reading or capturing the authentication cryptogram 3 of the payment card 1. In fact, this double authentication conditions the validation of the secure operation on the fact that the bearer 100 holds his payment card 1 during the validation of the operation. In the absence of the biometric data of the bearer 100 or of the authentication cryptogram 3, a pirate cannot validate the secure operation. In addition, an additional level of security is provided by a payment card 1 equipped with a PAN 21 cryptogram.
[0072] L’invention concerne également un procédé d’authentification d’une carte de paiement 1 conforme de l’invention et du porteur 100 de cette carte de paiement 1. Cette authentification est réalisée afin de mener une opération sécurisée relative à des données personnelles du porteur 100 de la carte de paiement 1. Selon l’invention, ce procédé d’authentification peut être utilisé pour opérer une validation de paiement à distance et notamment d’un paiement à distance réalisé via un site internet. Néanmoins, le procédé selon l’invention peut également être utile pour effectuer une transaction financière, une opération sur un compte de fidélité, une signature numérique etc. The invention also relates to a method for authenticating a payment card 1 in accordance with the invention and the bearer 100 of this payment card 1. This authentication is carried out in order to carry out a secure operation relating to data personal details of the bearer 100 of the payment card 1. According to the invention, this authentication method can be used to carry out a validation of remote payment and in particular of a remote payment made via a website. Nevertheless, the method according to the invention can also be useful for carrying out a financial transaction, an operation on a loyalty account, a digital signature, etc.
[0073] Comme illustré aux figures 5 et 6, le procédé d’authentification comprend une première étape d’authentification de la carte de paiement 1 et du porteur 100 de la carte paiement 1. Cette première étape d’authentification est nommée a). Lors de cette étape a), le porteur 100 renseigne les données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 de la carte de paiement 1 . En pratique, l’étape a) peut aussi impliquer une authentification de l’identité du porteur 100 de la carte de paiement 1. Cette authentification est réalisée par connexion à un espace numérique sécurisé. La connexion implique le renseignement d’un identifiant accompagné d’un code d’accès et/ou d’une reconnaissance biométrique. La reconnaissance biométrique peut être digitale ou faciale. Cette fonctionnalité dépend des caractéristiques intégrées au terminal numérique 5 du porteur 100 de la carte de paiement 1. As illustrated in Figures 5 and 6, the authentication process includes a first authentication step of the payment card 1 and of the bearer 100 of the payment card 1. This first authentication step is named a). During this step a), the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. In practice, step a) may also involve authentication of the identity of the bearer 100 of the payment card 1. This authentication is carried out by connection to a secure digital space. The connection involves entering an identifier accompanied by an access code and/or biometric recognition. Biometric recognition can be digital or facial. This functionality depends on the characteristics integrated into the digital terminal 5 of the bearer 100 of the payment card 1.
[0074] Comme illustré aux figures 5 et 6, le procédé d’authentification comprend une étape de requête d’une opération sécurisée relative à des données personnelles du porteur 100 de la carte de paiement 1. L’étape de requête est notée b). Selon l’invention, la requête est effectuée auprès d’un espace numérique sécurisé 6 lié au compte bancaire de la carte de paiement 1. Ce compte bancaire est bien entendu ouvert auprès d’un organisme bancaire. Dans cet exemple, l’espace numérique sécurisé 6 est stocké sur un serveur distant géré par l’organisme bancaire. Comme décrit précédemment, l’espace numérique sécurisé 6 est accessible à distance au travers des moyens de télécommunication courant (internet, téléphonie mobile). [0075] Le procédé d’authentification comporte une étape de vérification des données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 renseignées de la carte de paiement 1. Cette étape est notée c). L’étape de vérification c) est effectuée par comparaison des données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 renseignées avec des données de références stockées sur l’espace numérique sécurisé 6. Lorsque cette étape est un succès le procédé selon l’invention appelle une seconde authentification afin de valider l’opération relative à des données personnelles du porteur 100 de la carte de paiement 1 . As illustrated in Figures 5 and 6, the authentication method includes a step of requesting a secure transaction relating to the personal data of the bearer 100 of the payment card 1. The request step is denoted b) . According to the invention, the request is made to a secure digital space 6 linked to the bank account of the payment card 1. This bank account is of course opened with a banking organization. In this example, the secure digital space 6 is stored on a remote server managed by the banking organization. As described above, the secure digital space 6 is accessible remotely through current telecommunication means (internet, mobile telephony). The authentication process includes a step of verifying the security data 20, 21, 22, 23, 24, 200, 201, 203 entered on the payment card 1. This step is denoted c). The verification step c) is performed by comparing the security data 20, 21, 22, 23, 24, 200, 201, 203 filled in with reference data stored in the secure digital space 6. When this step is successful the method according to the invention calls for a second authentication in order to validate the operation relating to the personal data of the bearer 100 of the payment card 1 .
[0076] A ces fins, le procédé d’authentification comporte une seconde étape d’authentification de la carte de paiement et du porteur de la carte paiement. Cette seconde étape d’authentification est notée d). Selon l’invention, la seconde étape d’authentification est opérée par reconnaissance du cryptogramme d’authentification 3 propriétaire de la carte de paiement 1. For these purposes, the authentication process includes a second step of authentication of the payment card and of the bearer of the payment card. This second authentication step is denoted d). According to the invention, the second authentication step is carried out by recognition of the authentication cryptogram 3 owner of the payment card 1.
[0077] Dans cet exemple, l’étape d) est réalisée au travers d’un module de reconnaissance 50 numérique disponible ou accessible par le terminal numérique 5 appartenant au porteur 100 de la carte de paiement 1 . En pratique, la seconde étape d’authentification d), est opérée par une ouverture d’un canal de communication sécurisé entre l’espace numérique sécurisé 6 et le terminal numérique 5 du porteur 100 de la carte de paiement 1 . Un tel canal de communication sécurisé peut utiliser un système PSP décrit précédemment. En pratique, l’espace numérique sécurisé 6 du compte bancaire appelle l’ouverture du module de reconnaissance 50 numérique sur le terminal numérique 5 du porteur 100 de la carte de paiement 1 . In this example, step d) is performed through a digital recognition module 50 available or accessible by the digital terminal 5 belonging to the bearer 100 of the payment card 1. In practice, the second authentication step d) is carried out by opening a secure communication channel between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1 . Such a secure communication channel can use a PSP system described above. In practice, the secure digital space 6 of the bank account calls for the opening of the digital recognition module 50 on the digital terminal 5 of the bearer 100 of the payment card 1.
[0078] Comme illustré à la figure 3, à l’ouverture du module de reconnaissance 50, le procédé peut comprendre une opération d’authentification biométrique et/ou codifiée du porteur 100 de la carte de paiement 1 . Dans cet exemple, une authentification biométrique par reconnaissance d’une empreinte digitale 51 est demandée. En cas de succès de l’authentification du porteur 100 de la carte de paiement 1 , le module de reconnaissance 50 donne accès à une caméra du terminal numérique 5 pour permettre une capture numérique du cryptogramme d’authentification 3 propriétaire de la carte de paiement 1 (voir la figure 4). Ici, le module de reconnaissance 50 comprend un cadre 52 dans la carte de paiement 1 doit être placé au travers de l’écran du terminal numérique 5. Il est à noter que le module de reconnaissance 50 demande de scanner la carte de paiement 1. As illustrated in Figure 3, when the recognition module 50 is opened, the method may include a biometric and/or encoded authentication operation of the bearer 100 of the payment card 1 . In this example, biometric authentication by recognition of a fingerprint 51 is requested. In the event of successful authentication of the bearer 100 of the payment card 1, the recognition module 50 gives access to a camera of the digital terminal 5 to allow digital capture of the authentication cryptogram 3 owner of the payment card 1 (see figure 4). Here, the recognition module 50 includes a frame 52 in the payment card 1 must be placed through the screen of the digital terminal 5. It should be noted that the recognition module 50 asks to scan the payment card 1.
[0079] La seconde étape d’authentification comprend une opération de comparaison du cryptogramme d’authentification 3 apposé sur la carte de paiement 1 , avec une image numérique de référence du cryptogramme d’authentification. Cette image de référence est stockée dans l’espace numérique sécurisé 6 du compte bancaire. Lorsque l’image de référence correspond au cryptogramme 3 apposé sur la carte de paiement, la seconde étape de d’authentification est considérée comme réussie. The second authentication step comprises a comparison operation of the authentication cryptogram 3 affixed to the payment card 1, with a reference digital image of the authentication cryptogram. This reference image is stored in the secure digital space 6 of the bank account. When the picture of reference corresponds to cryptogram 3 affixed to the payment card, the second authentication step is considered successful.
[0080] En cas d’échec de la seconde étape d’authentification, l’opération sécurisée peut être avortée immédiatement, toutefois, le procédé peut permettre au porteur 100 de la carte de paiement de bénéficier d’un nombre déterminé d’essais de reconnaissance. Par exemple, il est possible de proposer trois essais de reconnaissance du cryptogramme d’authentification 3 avant que l’opération sécurisée ne soit interrompue par échec de la double authentification de la carte de paiement 1 et de l’identité de son porteur 100. En cas d’un premier échec, il est également possible de basculer vers des méthodes d’authentification plus classique tel que le système 3D sécure présenté en introduction de ce document. [0080] In the event of failure of the second authentication step, the secure operation can be aborted immediately, however, the method can allow the bearer 100 of the payment card to benefit from a determined number of attempts to acknowledgement. For example, it is possible to offer three recognition attempts of the authentication cryptogram 3 before the secure operation is interrupted by failure of the double authentication of the payment card 1 and the identity of its bearer 100. In the event of a first failure, it is also possible to switch to more classic authentication methods such as the 3D secure system presented in the introduction to this document.
[0081] Cependant en cas de succès de la seconde étape d’authentification d), le procédé d’authentification comprend une étape de finalisation de l’opération sécurisée relative aux données personnelles du porteur 100 de la carte de paiement 1. L’étape de finalisation est notée e). En pratique, l’étape de finalisation transmet les autorisations pour procéder à ladite opération sécurisée. However, if the second authentication step d) is successful, the authentication method includes a step for finalizing the secure operation relating to the personal data of the bearer 100 of the payment card 1. The step of finalization is denoted e). In practice, the finalization step transmits the authorizations to proceed with said secure operation.
[0082] De manière additionnelle, le procédé d’authentification peut comporter une étape de géolocalisation du terminal numérique 5 du porteur 100 de la carte de paiement 1. La localisation du porteur 100 de la carte de paiement 1 peut donner une information quant à une tentative de fraude. En effet, si le terminal numérique 5 est localisé dans un Etat différent de celui dans lequel le compte bancaire a été ouvert, cela peut générer une alerte à l’attention du porteur 100. En pratique, le module de reconnaissance 50 est paramétré pour avoir accès aux données de localisation du terminal numérique 5. Alternativement, l’adresse IP du terminal de numérique 5 peut permettre de donner des informations sur la géolocalisation du porteur 100 de la carte de paiement 5. [0082] Additionally, the authentication method may include a step of geolocation of the digital terminal 5 of the bearer 100 of the payment card 1. The location of the bearer 100 of the payment card 1 can give information as to a attempted fraud. Indeed, if the digital terminal 5 is located in a State different from that in which the bank account was opened, this can generate an alert for the attention of the bearer 100. In practice, the recognition module 50 is configured to have access to the location data of the digital terminal 5. Alternatively, the IP address of the digital terminal 5 can make it possible to provide information on the geolocation of the bearer 100 of the payment card 5.
[0083] En somme, cette géolocalisation a pour but de s’assurer que l’entrée des données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 de la carte de paiement 1 et la reconnaissance du cryptogramme d’authentification 3, en particulier du « QR code® » sont réalisées depuis le même endroit. [0083] In short, this geolocation is intended to ensure that the entry of the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1 and the recognition of the cryptogram of authentication 3, in particular of the "QR code®" are carried out from the same place.
[0084] Selon un premier exemple de réalisation illustré à la figure 5, lorsque la première étape d’authentification a) est opérée à la suite d’une connexion à espace numérique sécurisé d’un portail en ligne 7 sécurisé distinct de l’espace numérique sécurisé 6, Cette possibilité est très courante, elle correspond à un achat réalisé par le porteur 100 de la carte de paiement 1 sur le portail en ligne 7 d’un site marchand. Selon cet exemple, le porteur 100 renseigne les données sécuritaires 20, 21 , 22, 23, 24, 200, 201 , 203 directement dans l’espace numérique sécurisé du portail en ligne 7. [0085] L’étape de requête b) est réalisée au travers d’un canal de communication sécurisé qui est ouvert entre le portail en ligne 7 et l’espace numérique sécurisé 6. Ce canal peut être celui déjà utilisé entre un prestataire de service de paiement et une banque. According to a first exemplary embodiment illustrated in FIG. 5, when the first authentication step a) is performed following a connection to a secure digital space of a secure online portal 7 separate from the space secure digital 6, This possibility is very common, it corresponds to a purchase made by the bearer 100 of the payment card 1 on the online portal 7 of a merchant site. According to this example, the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 directly into the secure digital space of the online portal 7. The request step b) is carried out through a secure communication channel which is open between the online portal 7 and the secure digital space 6. This channel may be the one already used between a service provider payment and a bank.
[0086] Dans cette situation, l’étape de finalisation e) s’opère également au travers de ce canal de communication sécurisé. Lorsque le portail en ligne 7 est un portail de paiement d’un site web marchand, l’étape de finalisation e) consiste à transmettre les autorisations de prélèvement entre l’organisme bancaire de la carte de paiement 1 et un organisme bancaire auquel est rattaché le portail de paiement. Le portail en ligne 7 peut également demander une signature numérique qui sera apportée au travers du procédé d’authentification de l’invention. Dans ce cas, l’étape de validation e) transmet une autorisation ou une signature numérique. In this situation, the finalization step e) also takes place through this secure communication channel. When the online portal 7 is a payment portal of a merchant website, the finalization step e) consists in transmitting the direct debit authorizations between the banking organization of the payment card 1 and a banking organization to which is attached the payment portal. The online portal 7 can also request a digital signature which will be provided through the authentication process of the invention. In this case, the validation step e) transmits an authorization or a digital signature.
[0087] Selon un second exemple de réalisation du procédé illustré à la figure 6, la première étape d’authentification a) est opérée à la suite d’une connexion à l’espace numérique sécurisé 6 relié au compte bancaire de la carte de paiement 1 . Selon cet exemple, le porteur 100 s’identifie auprès de l’espace numérique sécurisé 6. En pratique, le porteur 100 s’authentifie en renseignant son identité, via un identifiant. Cet identifiant est vérifié à l’aide d’un mot de passe et/ou par reconnaissance biométrique (digitale ou faciale). According to a second exemplary embodiment of the method illustrated in FIG. 6, the first authentication step a) is carried out following a connection to the secure digital space 6 linked to the bank account of the payment card 1 . According to this example, the bearer 100 identifies himself to the secure digital space 6. In practice, the bearer 100 authenticates himself by entering his identity, via an identifier. This identifier is verified using a password and/or by biometric recognition (digital or facial).
[0088] Selon cet exemple, l’étape de requête b) est effectuée au sein de l’espace numérique sécurisé 6. Dans cette situation, l’étape de finalisation e) s’opère directement auprès de l’organisme bancaire, par exemple pour effectuer un mouvement bancaire interne, c’est- à-dire, entre deux comptes bancaires ouverts auprès du même organisme. Ces deux comptes bancaires peuvent appartenir au même porteur 100 ou à deux entités différentes. Alternativement, lorsqu’il s’agit d’une transaction financière entre deux organismes bancaires, l’étape de finalisation consiste à transférer les autorisations de prélèvement sur le compte bancaire du porteur 100 de la carte de paiement 1 , vers un organisme bancaire bénéficiaire. According to this example, the request step b) is performed within the secure digital space 6. In this situation, the finalization step e) takes place directly with the banking institution, for example to carry out an internal banking transaction, that is to say, between two bank accounts opened with the same organisation. These two bank accounts can belong to the same bearer 100 or to two different entities. Alternatively, when it comes to a financial transaction between two banking organizations, the finalization step consists in transferring the direct debit authorizations from the bank account of the bearer 100 of the payment card 1 , to a beneficiary banking organization.

Claims

Revendications Claims
[Revendication 1] Carte de paiement (1) comprenant une face recto (10) et une face verso (11), la carte de paiement (1) intégrant une puce électronique (12), la face recto (10) comprenant des données sécuritaires (2) qui incluent, au moins, un numéro PAN (20), une identité (22) du porteur de la carte de paiement (1) et une date limite de validité[Claim 1] Payment card (1) comprising a front face (10) and a back face (11), the payment card (1) incorporating an electronic chip (12), the front face (10) comprising security data (2) which include, at least, a PAN number (20), an identity (22) of the bearer of the payment card (1) and an expiry date
(23) de la carte de paiement (1), la face verso (11) possédant un cryptogramme CW(23) of the payment card (1), the back side (11) having a CW cryptogram
(24) de préférence constitué de trois chiffres, la carte étant caractérisée en ce qu’elle comporte sur une face (10, 11) au moins un cryptogramme d’authentification (3) unique et propriétaire de la carte de paiement (1), le cryptogramme d’authentification (3) étant apposé sur la carte de paiement (1), ce cryptogramme d’authentification (3) constituant un moyen d’identification de la carte de paiement (1) par reconnaissance optique, ce moyen d’identification étant lié à un compte bancaire auquel la carte de paiement (1) est liée. (24) preferably consisting of three digits, the card being characterized in that it comprises on one side (10, 11) at least one authentication cryptogram (3) unique and owner of the payment card (1), the authentication cryptogram (3) being affixed to the payment card (1), this authentication cryptogram (3) constituting a means of identification of the payment card (1) by optical recognition, this identification means being linked to a bank account to which the payment card (1) is linked.
[Revendication 2] Carte de paiement (1) selon la revendication 1 , caractérisée en ce que le cryptogramme d’authentification (3) est un code matriciel constitué d’un nombre déterminé de modules noirs disposés dans un fond blanc de manière à former un motif unique, chaque module noir constituant un caractère du cryptogramme d’authentification (3). [Claim 2] Payment card (1) according to claim 1, characterized in that the authentication cryptogram (3) is a matrix code consisting of a determined number of black modules arranged in a white background so as to form a unique pattern, each black module constituting a character of the authentication cryptogram (3).
[Revendication 3] Carte de paiement (1) selon l’une des revendications 1 ou 2, caractérisée en ce que le numéro PAN (20) est constitué de quatre séries de quatre chiffres, la carte de paiement (1) comprenant un cryptogramme PAN (21) substituant au moins une série de quatre chiffres du numéro PAN (20). [Claim 3] Payment card (1) according to one of Claims 1 or 2, characterized in that the PAN number (20) consists of four series of four digits, the payment card (1) comprising a PAN cryptogram (21) substituting at least one series of four digits of the PAN number (20).
[Revendication 4] Carte de paiement (1) selon la revendication 3, caractérisée en ce que le cryptogramme PAN (21) comprend entre 16 et 100 caractères, de préférence, le cryptogramme PAN (21) comprend entre 36 et 64 caractères. [Claim 4] Payment card (1) according to claim 3, characterized in that the PAN cryptogram (21) comprises between 16 and 100 characters, preferably, the PAN cryptogram (21) comprises between 36 and 64 characters.
[Revendication 5] Carte de paiement (1) selon l’une des revendications 3 ou 4, caractérisée en ce que le cryptogramme PAN (21) est une grille de Cardan. [Claim 5] Payment card (1) according to one of Claims 3 or 4, characterized in that the PAN cryptogram (21) is a Cardan grid.
[Revendication 6] Carte de paiement (1) selon l’une des revendications 1 à 5, caractérisée en ce que le cryptogramme CW (24) est substitué par un cryptogramme possédant un nombre de caractères supérieur à trois. [Revendication 7] Carte de paiement (1) selon l’une des revendications 1 à 6, caractérisée en ce que le cryptogramme d’authentification (3) comprend un nombre de caractères compris entre 200 et 10 000. [Claim 6] Payment card (1) according to one of Claims 1 to 5, characterized in that the CW cryptogram (24) is substituted by a cryptogram having a number of characters greater than three. [Claim 7] Payment card (1) according to one of Claims 1 to 6, characterized in that the authentication cryptogram (3) comprises a number of characters between 200 and 10,000.
[Revendication 8] Procédé d’authentification d’une carte de paiement (1 ) définie selon l’une des revendications 1 à 7, et du porteur (100) de cette carte de paiement (1), ceci en vue de réaliser une opération sécurisée relative à des données personnelles du porteur (100) de la carte de paiement (1), caractérisé en ce que le procédé d’authentification comprend au moins : a) une première étape d’authentification de la carte de paiement (1 ) par renseignement des données sécuritaires (2, 20, 200, 201 , 203, 22, 23) de la carte de paiement (1) et/ou une première authentification du porteur (100) de la carte paiement (1), le porteur (100) de la carte de paiement (1) renseignant son identité et/ou un identifiant ; b) une étape de requête d’une opération sécurisée relative à des données personnelles du porteur (100) de la carte de paiement (1), la requête effectuée auprès d’un espace numérique sécurisé (6) lié au compte bancaire de la carte de paiement (1) ouvert auprès d’un organisme bancaire, l’espace numérique sécurisé (6) étant stocké sur un serveur distant géré l’organisme bancaire ; c) une étape de vérification des données sécuritaires renseignées de la carte de paiement (1), cette étape étant effectuée par comparaison des données sécuritaires (2, 20, 200, 201 , 203, 22, 23) renseignées avec des données de références stockées sur l’espace numérique sécurisé (6) ; d) une seconde étape d’authentification de la carte de paiement (1 ) et du porteur (100) de la carte paiement (1), la seconde étape d’authentification étant opérée par reconnaissance du cryptogramme d’authentification (3) propriétaire de la carte de paiement (1), cette étape étant réalisée au travers d’un module de reconnaissance (50) numérique disponible ou accessible via un terminal numérique (5) appartenant au porteur (100) de la carte de paiement (1 ), et e) une étape de finalisation de l’opération sécurisée relative aux données personnelles du porteur (100) de la carte de paiement (1 ). [Claim 8] Method for authenticating a payment card (1) defined according to one of claims 1 to 7, and the bearer (100) of this payment card (1), in order to carry out an operation relating to the personal data of the bearer (100) of the payment card (1), characterized in that the authentication method comprises at least: a) a first step of authentication of the payment card (1) by information of the security data (2, 20, 200, 201, 203, 22, 23) of the payment card (1) and/or a first authentication of the bearer (100) of the payment card (1), the bearer (100 ) the payment card (1) providing their identity and/or an identifier; b) a step of requesting a secure transaction relating to the personal data of the bearer (100) of the payment card (1), the request made to a secure digital space (6) linked to the bank account of the card payment (1) opened with a banking organization, the secure digital space (6) being stored on a remote server managed by the banking organization; c) a step of verifying the entered security data of the payment card (1), this step being carried out by comparing the entered security data (2, 20, 200, 201, 203, 22, 23) with stored reference data on the secure digital space (6); d) a second step of authentication of the payment card (1) and of the bearer (100) of the payment card (1), the second authentication step being carried out by recognition of the authentication cryptogram (3) owner of the payment card (1), this step being carried out through a digital recognition module (50) available or accessible via a digital terminal (5) belonging to the bearer (100) of the payment card (1), and e) a step for finalizing the secure operation relating to the personal data of the bearer (100) of the payment card (1).
[Revendication 9] Procédé d’authentification selon la revendication 8, caractérisé en ce que, la seconde étape d’authentification d), est opérée par une ouverture d’un canal de communication sécurisé entre l’espace numérique sécurisé (6) du compte bancaire et le terminal numérique (5) du porteur (100) de la carte de paiement (1), l’espace numérique sécurisé (6) du compte bancaire appelant alors l’ouverture du module de reconnaissance (50) numérique. [Revendication 10] Procédé d’authentification selon l’une des revendications 8 ou 9, caractérisé en ce qu’il comporte, à l’ouverture du module de reconnaissance (50), une opération d’authentification biométrique et/ou codifiée du porteur (100) de la carte de paiement (1), en cas de succès de l’authentification du porteur (100) de la carte de paiement (1), le module de reconnaissance donne accès à une caméra du terminal numérique (5) pour permettre une capture numérique du cryptogramme d’authentification (3) de la carte de paiement (1). [Claim 9] Authentication method according to claim 8, characterized in that the second authentication step d) is performed by opening a secure communication channel between the secure digital space (6) of the account bank and the digital terminal (5) of the bearer (100) of the payment card (1), the secure digital space (6) of the bank account then calling for the opening of the digital recognition module (50). [Claim 10] Authentication method according to one of Claims 8 or 9, characterized in that it comprises, on opening the recognition module (50), a biometric and/or codified authentication operation of the bearer (100) of the payment card (1), in the event of successful authentication of the bearer (100) of the payment card (1), the recognition module gives access to a camera of the digital terminal (5) to allow digital capture of the authentication cryptogram (3) of the payment card (1).
[Revendication 11] Procédé d’authentification selon l’une des revendications 8 à 10, caractérisé en ce qu’il comporte une comparaison du cryptogramme d’authentification (3) apposé sur la carte de paiement (1), avec une image numérique de référence du cryptogramme d’authentification (3) stockée dans l’espace numérique sécurisé (6) du compte bancaire. [Claim 11] Authentication method according to one of Claims 8 to 10, characterized in that it comprises a comparison of the authentication cryptogram (3) affixed to the payment card (1), with a digital image of reference of the authentication cryptogram (3) stored in the secure digital space (6) of the bank account.
[Revendication 12] Procédé d’authentification selon l’une des revendications 8 à 11 , caractérisé en ce que, lorsque l’étape de connexion a) est opérée sur un portail en ligne (7) sécurisé distinct de l’espace numérique sécurisé (6), un canal de communication sécurisé est ouvert entre le portail en ligne (7) sécurisé et un espace numérique sécurisé (6) et relié au compte bancaire de la carte de paiement (1). [Claim 12] Authentication method according to one of Claims 8 to 11, characterized in that, when the connection step a) is carried out on a secure online portal (7) distinct from the secure digital space ( 6), a secure communication channel is opened between the secure online portal (7) and a secure digital space (6) and linked to the bank account of the payment card (1).
[Revendication 13] Procédé d’authentification selon l’une des revendications 8 à 12, caractérisé en ce qu’il comporte une étape de géolocalisation du terminal numérique (5) du porteur (100) de la carte de paiement (1 ). [Claim 13] Authentication method according to one of Claims 8 to 12, characterized in that it comprises a step of geolocation of the digital terminal (5) of the bearer (100) of the payment card (1).
[Revendication 14] Utilisation du procédé d’authentification défini selon l’une des revendications 8 à 12, pour opérer une validation de paiement à distance et notamment d’un paiement à distance réalisé via un site internet, le paiement à distance étant opéré au travers d’une carte de paiement (1) définie selon l’une des revendications 1 à 7. [Claim 14] Use of the authentication method defined according to one of Claims 8 to 12, to carry out a validation of remote payment and in particular of a remote payment carried out via a website, the remote payment being carried out at the through a payment card (1) defined according to one of claims 1 to 7.
EP22706329.4A 2021-02-24 2022-02-21 Payment card, authentication method and use for a remote payment Pending EP4298580A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR2101800A FR3120149B1 (en) 2021-02-24 2021-02-24 Payment card, authentication method and use for remote payment
PCT/EP2022/054274 WO2022179986A1 (en) 2021-02-24 2022-02-21 Payment card, authentication method and use for a remote payment

Publications (1)

Publication Number Publication Date
EP4298580A1 true EP4298580A1 (en) 2024-01-03

Family

ID=75539552

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22706329.4A Pending EP4298580A1 (en) 2021-02-24 2022-02-21 Payment card, authentication method and use for a remote payment

Country Status (8)

Country Link
EP (1) EP4298580A1 (en)
JP (1) JP2024507012A (en)
CN (1) CN117178283A (en)
BR (1) BR112023017020A2 (en)
CA (1) CA3209526A1 (en)
FR (1) FR3120149B1 (en)
IL (1) IL305443A (en)
WO (1) WO2022179986A1 (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3574619A (en) 1968-04-10 1971-04-13 Eastman Kodak Co Concentrated liquid color developers containing benzyl alcohol
US20050103837A1 (en) * 2003-11-13 2005-05-19 Boyer Charles E. High-security card and system
FR2985344B1 (en) * 2011-12-30 2019-06-21 Idemia France BANK CARD AND METHOD OF RESPONSE TO A TRANSACTION REQUEST.
KR101512001B1 (en) * 2014-10-08 2015-04-14 주식회사 한국엔에프씨 System and method for user authentication by using a physical financial card and mobile communication terminal
FR3038256B1 (en) * 2015-07-02 2020-03-06 Francois Gilles Pierre Gonzalez Rivero SELF-ADHESIVE SAFETY LABEL COMPRISING A SPECIFIC HOLOGRAM CONTAINING THE VISUAL CRYPTOGRAM (CVV)
US20170228722A1 (en) * 2016-02-05 2017-08-10 At&T Intellectual Property I, L.P. Real-time valuation display for transaction cards
US9830756B1 (en) * 2016-05-25 2017-11-28 Bank Of America Corporation Resolving card malfunctions using card information access control
CN113207305A (en) 2018-12-11 2021-08-03 Ccs 12公司 Device and method for protecting safety data of bank payment card

Also Published As

Publication number Publication date
FR3120149A1 (en) 2022-08-26
BR112023017020A2 (en) 2023-09-26
IL305443A (en) 2023-10-01
JP2024507012A (en) 2024-02-15
FR3120149B1 (en) 2023-07-21
CN117178283A (en) 2023-12-05
CA3209526A1 (en) 2022-09-01
WO2022179986A1 (en) 2022-09-01

Similar Documents

Publication Publication Date Title
EP3690686B1 (en) Authentication procedure, server and electronic identity device
EP2619941B1 (en) Method, server and system for authentication of a person
EP2591463B1 (en) Secure system and method for the identification and recording of an identity
EP1153376A1 (en) Telepayment method and system for implementing said method
FR2779018A1 (en) System for undertaking secure electronic transactions via the internet using public telephone networks
EP1255178B1 (en) Security device for on-line transactions
EP2826005B1 (en) Securing a data transmission
FR2901079A1 (en) METHOD FOR SECURING A CHIP CARD TRANSACTION, WRITE TERMINAL FOR SECURING SUCH TRANSACTION, AND SECURED CHIP CARD
EP4298580A1 (en) Payment card, authentication method and use for a remote payment
EP2075726A1 (en) Tool that can be used to authenticate documents, methods of using the tool and documents produced by the method or methods
FR2810759A1 (en) Method for purchasing and distributing digital goods, comprises secure encoded communication over a communication system between a users smartcard and terminal and a furnisher's server
EP1490851A1 (en) Method and system of securing a credit card payment
EP1749415A2 (en) Methods of securing devices such as mobile terminals, and secured assemblies comprising such devices
US20240135359A1 (en) Payment card, authentication method and use for a remote payment
FR3111206A1 (en) Process for the digital disclosure of at least one security data item of a smart card and uses of this process
CA2325895C (en) Process for secure payments
FR3011111A1 (en) SECURING A TRANSMISSION OF IDENTIFICATION DATA
FR2820915A1 (en) METHOD FOR SECURING A COMMERCIAL TRANSACTION USING A MEMORY CARD
FR2796742A1 (en) Security data exchange supports and system for payments and tele-payments
EP3223219A1 (en) Transaction transfer method, transaction method and terminal using at least one of same
FR2790854A1 (en) Device for securing computer data exchanges of payment or remote payment has inaccessible area in secret memory in which primary codes of list may be used as preference for secure exchange
FR2788620A1 (en) Storage and transaction systems for secure remote payment systems
FR2790891A1 (en) Device for protecting computer confidential data exchanges for permitting remote payment via communication media; requires secondary device to use of support before or during exchange of data
FR2814622A1 (en) Message exchange payment transactions having coupons forming transaction client agreement with server receiving validation and multiple validations carried out with transaction passwords.
WO2007048839A1 (en) Method for securing payments by cutting out amounts

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230920

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR