FR2794594A1 - Authentication system for bank transactions uses two connected links as loop for verification of confidential information - Google Patents

Abstract

The authentication system sends a password from a terminal (11) on one network (10) which is verified so that confidential information can be sent from a terminal (21) on a second network (20) and sent back on the first network by the server (30) for verification.

Description

The present invention relates to an information transmission method and a computer server implementing this method. It ensures that a person communicating from a terminal is an authorized or authorized person. It applies, in particular, to the identity verification of the person who accesses a remote service, regardless of the terminal used. It also allows to authenticate the identity of the user, issue a transaction certificate, complete the transaction certificate with a transaction amount, verify the integrity of a transaction and make the payment of goods. or services, online, that is, during a communication between remote computer systems.

Areas of application of the invention are, for example, access control, delivery of confidential information by hand, certification of transactions or payment of goods or services on a network.

The implementation of the remote network transaction poses, independently of the encryption, the problem of the authentication of the person who realizes it, the integrity of the transaction and its confidentiality. In many applications (e-commerce, remote banking, teleworking, internal security of companies, secure pay databases, for example) and on all media (local or remote computer networks, for example, respectively, networks commonly called "intranet" or "internet", voice servers, for example), this problem is crucial. The security devices and methods known in the prior art such as those illustrated in US-A-5,442,704, which use a memory card, impose significant software and hardware constraints and expensive. The present invention intends to overcome these disadvantages. For this purpose, the present invention proposes the combined use of at least two communication networks. In other words, the present invention proposes the exchange of confidential information to a user of a first information carrier which identifies with the aid of a password, using a second information carrier, preferably secure, via a mechanism for real-time synchronization of information and information transfer media from one medium to another. For this purpose, the present invention aims, in a first aspect, a method of transmitting information on a first transmission medium, characterized in that it comprises

an operation of opening a communication session with a means of communication situated at a distance, on said first transmission medium, and during said session

. a transmission operation of a password on the first transmission medium,

. a password verification operation by the remote communication means,

. an operation for receiving confidential information on a single address terminal on a second transmission medium, and

. a transmission operation, on the first transmission medium, of a confidential message representative of said confidential information.

The present invention aims, according to a second aspect, a method of transmitting information on a first transmission medium, characterized in that it comprises

an opening operation, via a first terminal, of a communication session with a remote communication means, on said first transmission medium,

a transmission operation of a password on said first transmission medium,

a verification operation of the password by the remote communication means,

an operation of opening, via a second terminal, a communication session with a communication means situated at a distance, on a second transmission medium,

when the two sessions are open, an operation for receiving confidential information on one of said transmission media on which one of the terminals has a unique address, and

a transmission operation, on the other of said transmission media, of a confidential message representative of said confidential information.

Thanks to these provisions, the user is very securely identified, on the one hand, share the password, static, dynamic, disposable and / or single-use it transmits on the first transmission medium and, d on the other hand by the receipt of confidential information and the return of a confidential message representative of the confidential information.

According to particular features of each of the aspects of the invention set out above:

during the operation of receiving confidential information on a single address terminal on a second transmission medium, a transaction amount is also received, and / or

during the transmission operation of a confidential message representative of the confidential information, a transaction amount is furthermore transmitted.

Thanks to each of these provisions, the invention allows transactions involving financial amounts, such as purchases, rentals, exchanges, loans, pledges, sureties ... According to a third aspect, the The present invention relates to a method of transmitting information on a first transmission medium forming part of a communication network, characterized in that it comprises

a reception operation, on the part of a first terminal, of a first representative message

. a password,

. the amount of a contemplated transaction,. an identifier of a debtor,

- a password verification operation,

a transmission operation, on a second transmission medium, to a banking server, of a second representative message

. said amount,

. an identifier of the debtor

. an application for a debit authorization,

a reception operation or not of said bank server, of a third message representative of a debit authorization,

when the authorization is granted, a transmission operation, to a second terminal having a unique address on a second communication network, of a fourth message representative of confidential information,

a reception operation, on behalf of said first terminal, of a fifth message representative of said confidential information,

a correspondence check operation between the confidential message and the confidential information.

This third aspect of the present invention has the same advantages as the first and second aspects. These benefits are therefore not recalled here.

According to particular features of the third aspect of the invention, after the correspondence verification operation, in case of correspondence, it comprises an operation of incrementing an account at the debit of said debtor.

Thanks to these provisions, an invoice corresponding to each transaction amount made by the debtor can be sent to him.

According to other particular features of the third embodiment, the latter comprises, after the operation of receiving the first message, a read operation, in a database, of the unique address of the second terminal on the second network. .

Thanks to these provisions, the debtor does not have to provide this address, on the one hand, and this address is certified, on the other hand.

According to other particular features of the third embodiment, it comprises, after the operation of receiving the first message, a read operation, in a database, an identifier of said bank server.

Thanks to these provisions, the debtor does not have to provide this identifier or a credit card, on the one hand, and this identifier can be preliminarily verified, on the other hand. According to a fourth aspect, the present invention provides a method of transmitting information on a first transmission medium forming part of a communication network, characterized in that it comprises

a reception operation, on the part of a first terminal, of a first representative message

. a password,

. the amount of a contemplated transaction,. an identifier of a debtor,

- a password verification operation,

- an authorization operation, or not, debiting a bank account,

when the authorization is granted, a transmission operation, to a second terminal having a unique address on a second communication network, of a second message representative of the confidential information,

a reception operation, on behalf of said first terminal, of a third message representative of said confidential information,

a correspondence check operation between the confidential message and the confidential information and

- In the case where the correspondence is verified, an operation of debiting said amount on said bank account.

The present invention is further directed to a computer server, characterized in that it is adapted to implement the transmission method as succinctly set forth above.

This fourth aspect and this server having the same advantages as the methods briefly described above, these advantages are not recalled here.

Other advantages, aims and features of the invention will emerge from the description which follows, made with reference to the accompanying drawings in which:

FIG. 1 is an example of a schematic diagram of the method of the present invention;

FIG. 2 represents an exemplary implementation diagram of the present invention;

FIG. 3 represents a hardware and software architecture capable of supporting the implementation of the present invention;

FIG. 4 represents a succession of generic operations implemented by the elements illustrated in FIGS. 2 and 3;

FIG. 5 represents a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in the context of an application of the present invention to authentication;

FIG. 6 represents a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in the context of an application of the present invention to the certification of messages;

FIG. 7 represents a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in the context of an application of the present invention to online electronic payment, in the case of a service without subscription; FIG. 8 represents a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in the context of an application of the present invention to online electronic payment, in the case of a subscription service;

FIG. 9 represents a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in the context of an application of the present invention to payment with a known electronic payment terminal.

In FIG. 1 are represented - a first network 10,

a first terminal of first network 11,

a second network terminal, also subsequently called a data and message server 40,

a second network 20,

a third terminal of second network 21, and an information server 30.

According to the embodiment of the present invention illustrated in FIG. 1, the user of the first terminal 11 is doubly identified, on the one hand, by the password, static, dynamic, disposable and / or disposable, that it transmits on one, at least networks and on the other hand, by its unique address on the second network 20.

It can be observed here that the password can come from, for example, a memory card reader device or an authentication device known as "authenticator" or "token", which calculates from data received during a transaction and a secret key that it keeps in memory, a dynamic password. These devices make it possible to authenticate the electronic equipment (memory card or token, respectively) but do not guarantee that the user of this equipment is authorized to use it.

The second network is preferably secure, that is to say that each address is certified by a trusted third party, and in addition, the information transmitted is encrypted. The third party considered is preferably a telephone operator.

The first network terminal 11 may be, for example, a telephone, a computer terminal, a fax machine, a telematic terminal, a television equipped with a box adapted to receive and transmit computer data (box commonly called a TV decoder). , an electronic payment terminal (Figure 2).

The second network terminal 21 may be, for example, a telephone, a fax machine, a telematic terminal, a TV decoder, a mobile phone or a message receiver ("pager") or a digital personal assistant (commonly called "PDA"). ).

In a first embodiment of the present invention, in a first step, the user uses the terminal 11 of the first network 10 to communicate with the information server 30. It thus opens a communication session between the terminal 11 and the second network terminal 40. Next, the user identifies himself by transmitting, on one or the other of the networks, a static, dynamic, disposable and / or disposable password. The information server then checks the transmitted password. Then, the information server 30 provides confidential information to the user, via the data and message server 40, of the second network 20, and

the second network terminal 21.

Finally, the user transmits to the information server 30, a confidential message representative of the confidential information, during the same session, through

- First network terminal 11 and <B> - </ B> of the first network 10.

The data and message server 40 then checks the correspondence of the confidential message and the confidential information, that is to say if the confidential message is representative of the confidential information, and, in case of correspondence, it gives access to specific, paid or confidential services.

Because both sessions are open simultaneously on both networks, there is no risk of being taken over by a third party. In addition, the loopback (that is to say here the transmission on the first network of a confidential message representative of the confidential information) ensures the proximity of the two terminals and therefore the identification of the user by his address on the second network, in addition to the identification by the password transmitted at the beginning of the authentication procedure.

Preferably, the password is transmitted by the user on the first network from the opening of the first communication session.

In figure 2 are represented

a first "user" terminal 100 connected to a first communication medium 101 forming part of a communication network;

an information server 103 connected to the first information medium 101;

a data server 105 connected by a telecommunication line 106 and / or a computer line 106 to the information server 103;

a message server 109, connected by a second communication medium 110 to a receiver 111 and by a third communication medium 113, to the data server 105; and a subscriber database 107 connected to the message server 109 and to the data server 105.

In the embodiment described and shown here, the user terminal 100 is a personal computer (commonly called PC) or a network computer (commonly called NC), or a Minitel (registered trademark) which includes a modem connected to a network wired telephone, such as the switched telephone network. The first communication medium 101 is a channel of this telephone network. The user terminal 100 implements communication software of known type, which enables it to communicate remotely with the information server 103, via the communication medium.

The information server 103 connected to the first information carrier 101 is a computer server of known type, which is here adapted to implement a specific software according to the invention (illustrated in one of FIGS. 10). The data server 105 is a computer server of known type which operates as indicated below, in relation to the information server 103, via the line 106, also of known type.

The message server 109 is a known type of computer system that manages one or more communication networks of known types, a channel of one of these networks constituting a second communication medium. A dedicated channel provides the third support 113 for communication between the information server 103 and the message server 109.

The subscriber database 107 is a known type of memory register.

The second communication medium 110 is a known type of communication network. On this second network, each receiver has a unique address that is certified at the time of the assignment of the receiver 111 address.

The receiver 111 is, in the embodiment described and shown here, a mobile phone (commonly called "mobile") or a message receiver (commonly called wager), a fax machine or a landline telephone or a terminal equipped with a modem . It is adapted to receive a confidential message and make it available to the user, for example by display, voice transmission or printing on paper. In a variant, the information servers 103 and the message server 109 are combined.

We observe here that

in the case where the receiver 111 only serves the user to receive confidential information without transmitting the confidential message, it is not necessary for it to transmit on the network 110,

on the other hand, when, in accordance with certain variants of the present invention, the receiver 111 serves on the one hand to receive the confidential information and, on the other hand, to transmit the confidential message, it is necessary that it allow the transmission on the network 110.

FIG. 3 shows, in a hardware and software architecture that makes it possible to implement the present invention

a computer terminal 301, a computer network 302, an information server 103, a local network 304,

a data server 105, a database 107,

a message server 109, a network 308,

a broadcasting means 309,

a radiotelephone network 310,

a cellular telephone network 311,

an alphanumeric message receiver 312 (called a wager), a mobile phone 313,

a switched network 314, and

- A telephone or fax 315. The computer terminal 301 is, for example a microcomputer known as "PC". It includes a modem for communication in transmission and reception, with the computer network 302. The computer network 302 is here the global computer network known as the "Internet". The information server 103 is of known type for the implementation of service provider sites on the network 302.

The local network 304 is of known type. It's a corporate network.

The data server 105 and the message server 109 are of known types. The database 107 is of known type.

The network 308 is of known type.

The broadcasting means 309 is a radio transmitter, of known type for the implementation of the mobile communication network 310. It is, for example cellular or satellite.

In the embodiment described and shown in FIG. 3, at least one of the following three communication networks is used.

the radiotelephone network 310 which only allows communication in the direction of broadcasting from a transmitter to alphanumeric message receivers such as the receiver 312, without these being able to transmit signals remotely,

a mobile telephone network 311, enabling communication in particular with mobile telephones, such as the telephone 313, and

- A switched network 314 here for communication with a fixed telephone or a fixed fax 315.

These three networks operate by subscription, with certification of the identity of the subscriber. On each of these networks, each receiver has a unique address, that is to say that the address assigned to it is not assigned to another receiver (except in certain cases of group subscriptions requested by the receiver). user). This unique address is similar to a phone number.

In the case illustrated in FIG. 3, it is preferentially the same user who implements the computer terminal 301, on the one hand, and the alphanumeric receiver 312, the mobile telephone 313, the fixed fax machine or the fixed telephone, somewhere else.

Figures 4 to 9 which illustrate different applications of the present invention, use the same formalism: in each of these figures, the operations are represented from top to bottom, in the order of their chronological sequence. In these figures, are represented

on the leftmost vertical column and in the form of rectangles, the operations performed by the user, by implementing either the terminal connected to the first communication medium ("terminal A") or the terminal connected to the second medium of communication ("terminal B"), the terminal used being inscribed in a rhombus to which the rectangle representing the operation in question is superimposed; on a central column, successive information transmissions on one or the other communication medium (A for 302 or B, for 308, 310, 311 and / or 314), in the form of arrows whose direction corresponds in the sense of communication, that is to say that the direction from left to right corresponds to the user-to-server direction and that the right-to-left direction corresponds to the server-to-user direction. It is observed here that for each transmission of information, several signals can be exchanged between the electronic systems implemented (synchronization, selection of communication protocol, information, redundancies, transmission acknowledgment, retransmission in the event of a transmission error,. ..). In these arrows, the server "A" corresponds to the first network and the server "B" to the second network; on a vertical column further to the right than the two preceding ones (the rightmost one in FIGS. 4 to 6 and 9), in the form of rectangles, the operations carried out by the data server 105 and - in FIGS. 7 and 8 on a column rightmost vertical, a server placed in communication with the data server 105. In FIG. 4, a succession of operations implemented by the elements illustrated in FIGS. 2 and 3 in at least one embodiment of FIG. the present invention:

during an operation 200, the user of the user terminal 101 communicates with the information server 103 via the first communication medium. During this operation 200, it provides a unique identifier (for example a subscriber number, a name or a physical address) and a static password, dynamic, disposable and / or disposable, in a known manner. Preferably, when the password is entered, whether automatically, from a memory card reader, for example, or manually, by the user, it is not displayed in clear on the screen of the user terminal 101 to increase the confidentiality of this password (compared to the case where it would be displayed in clear);

in the course of the operation 201, the information server 103 verifies the password in a known manner and assigns a unique session number upon connection of the "user" terminal 100 to the information server 103. operation 201, the information server 103 transmits the identifier to the data server 105;

in the course of the operation 202, the data server 105 calculates confidential information also called "secret" subsequently, to the message server 109. For this purpose, the data server 105 calculates the secret as equal to the result of a mathematical function acting on an invariant (the identifier, for example), a variant to avoid repetitions (session number, for example) and a temporal marker (for example the value of a clock) in order to limit the use of a secret in time. Preferably, it implements a computation function confidential information (or "secret") irreversible, that is to say, we can not find the input information when we know the output. For the implementation of the operation 202, the reader will be able to refer to books of well-known security algorithms, and in particular to the descriptions of the functions known under the names of "hashing", "Message Digest", and " SHA ";

- The operation 203 takes several different forms depending on whether the identifier is already in the database or not: if so, the unique address is read, if not, it is appealed to a third party certifier who is, here, the operator of the second network;

in the course of the operation 204, the unique address of the receiver 111 is determined: it is representative, in the database 107, of the identifier transmitted by the information server 103 to the message server 109, during operation 203; during the operation 204, the message server 109 transmits, via the network 110, the confidential information transmitted during the operation 203 to the receiver 111 which has said unique address;

during the operation 207, the confidential information, also called here "secret" is provided to the user, either by being displayed on the display of the receiver 111, or by being given voice or fax;

during the operation 208, the user supplies the information server 103, which itself retransmits it to the data server 105, a confidential message representative of the confidential information (for example identical to this information confidential or "secret"), via the keyboard of the user terminal 100; during the operation 205, the information server 103 receives this confidential message; during the test 210, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 202, or not; when the result of the test 210 is positive, the data server 105 gives the user access to the protected resources;

when the result of the test 210 is negative, the data server 105 transmits, to the user, an error message, possibly specifying a cause of failure (too much time elapsed between the transmission of the confidential information and its reception, ...) and access to protected resources is denied to the user.

Finally, the end of the open session on the first communication medium is of known type, but, thanks to the implementation of the present invention, with a secure identification of the user. It is observed here that even if the secret was disclosed to a third party, because this secret corresponds to the unique session number dynamically allocated by the information server 103 and the fact that the session remains open (connected mode) up to sending the secret, this third party could not abuse the secret to carry out fraudulent operations. Indeed, any session that the third party would open, would be assigned another secret. FIG. 5 shows a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in an application of the invention to authentication, for access to protected data - during an operation 500 the user of the user terminal 101 communicates with the information server 103 via the first communication medium. During this operation 500, it provides a unique identifier (for example a subscriber number, a name, or a physical address) and a static password, dynamic, disposable and / or disposable, in a known manner. Preferably, when the password is entered, whether automatically, from a memory card reader, for example, or manually, by the user, it is not displayed in clear on the screen of the user terminal 101 to increase the confidentiality of this password (compared to the case where it would be displayed in clear); in the course of the operation 501, the information server 103 assigns a unique session number upon connection of the user terminal to the information server 103. During this operation 501, the information server 103 transmits the identifier to the data server 105;

in the course of the operation 502, the data server 105 calculates confidential information, also hereinafter referred to as a "disposable password", to the message server 109. For this purpose, the data server 105 calculates the confidential information from an invariant (the identifier, for example), a variant to avoid repetitions (session number, for example) and a time marker (the clock) to limit the use of a secret in time. Preferably, it implements a computation function irreversible confidential information, that is to say, we can not find the input information when we know the output. For the implementation of the operation 502, the reader can refer to the books mentioned above;

in the course of the operation 504, the unique address of the receiver 111 is determined: it is representative, in the database 107, of the identifier transmitted by the information server 103 to the message server 109, during Operation 503

in the course of the operation 505, the message server 109 transmits, via the network 110, the confidential information also called here "disposable password", during the operation 503 to the receiver 111 which possesses said unique address;

during the operation 507, the confidential information, also called here "disposable password" is provided to the user, either by being displayed on the display of the receiver 111, or by being given in a voice or faxed;

during the operation 508, the user supplies the information server 103, which itself transmits it to the data server 105, a confidential message representative of the confidential information (for example identical to this information confidential, or "disposable password"), via the keyboard of the user terminal 100;

during operation 509, the information server 103 receives this confidential message;

during the test 510, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 503, or not;

when the result of the test 510 is positive, the data server 105 validates the access to the protected information;

when the result of the test 510 is negative, the data server 105 transmits an access error and invalidation message, possibly specifying a cause of failure (too much time passed between the transmission of the confidential information and its receipt, ...) and access to protected information is denied.

Finally, the end of the session is of known type.

FIG. 6 shows a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in an application of the invention to the message certification

after a login operation, not shown, between the user terminal 100 and the information server 103, during the operation 601, the user provides a static, dynamic password disposable and / or disposable, in a known manner. Preferably, when the password is entered, whether automatically, from a memory card reader, for example, or manually, by the user, it is not displayed in clear on the screen of the user terminal 101 to increase the confidentiality of this password (compared to the case where it would be displayed in clear); when he has verified the password, the information server 103 assigns a secret unique session number;

during an operation 600, the user of the "user" terminal 100 initiates, on the first communication medium, a transaction procedure (for example transfer from account to account, order or stock market order) (see above next to Figure 4);

during operation 603, the data server 105 calculates confidential information also called, subsequently, "message certificate" from an invariant (the identifier, for example), a variant for avoid repetitions (session number, for example) and a time marker (the clock) to limit the use of a secret over time. Preferably, it implements a computation function irreversible confidential information, that is to say, we can not find the input information when we know the output. For the implementation of operation 603, the reader may refer to the books mentioned above;

during the operation 604, the unique address of the receiver 111 is determined: it is representative, in the database 107, of the identifier transmitted by the information server 103 to the message server 109, during operation 603;

in the course of the operation 605, the message server 109 transmits, via the network 110, the confidential information also called here "message certificate", transmitted during the operation 603 to the receiver 111 which possesses said unique address;

during the operation 607, the confidential information, also called here "message certificate" is provided to the user, either by being displayed on the display of the receiver 111, or by being given by voice or by fax ;

during operation 608, the user supplies the information server 103, which itself transmits it to the data server 105, a confidential message representative of the confidential information (for example identical to this confidential information , or "message certificate"), through the keyboard of the user terminal 100; during operation 609, the information server 103 receives this confidential message; during the test 610, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 603, or not; when the result of the test 610 is positive, the data server 105 validates the transaction made, then resumes; when the result of the test 610 is negative, the data server 105 transmits a transaction error and invalidation message, possibly specifying a cause of failure (too much time elapsed between the transmission of the confidential information and its receipt, ...) and does not complete the transaction. Finally, the end of the session is of known type. According to a variant not shown

in the course of operation 603, the "message certificate" is also determined by the data server 105 from a transfer amount and / or issuer bank account number and / or a receiving bank account number,

during the operation 605, the message server 109 transmits, via the network 110, the confidential information and the amount of the transfer, in the clear; and

- During operation 607, the confidential information as well as the amount are provided to the user who verifies the integrity of the amount of the transfer in progress.

FIG. 7 shows a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in an application of the invention to online electronic payment, in the case of a non-subscription service.

after a login operation, not shown, between the user terminal 100 and the information server 103, the user provides a static, dynamic, disposable and / or single-use password, in a known manner via the user terminal 100. Preferably, when the password is entered, whether automatically, from a memory card reader, for example, or manually, by the user, it is not displayed in clear on the screen of the user terminal 101 to increase the confidentiality of this password (compared to the case where it would be displayed in clear);

during operation 700, the information server 103 checks the password and assigns a unique secret session number;

during an operation 701, the information server 103 receives from the user terminal 100 an identifier;

during an operation 702, the user of the user terminal 101 chooses a good or a service to which he wishes to have access, and then initiates a payment procedure (see above with reference to FIG. 4);

during the operation 703, the data server 105 receives the payment request from the user terminal 100;

during the operation 704, the user provides the information server 103 with confidential information concerning his payment card;

during operation 705, the data server 105 makes a bank authorization request to the server 706 of a bank where the user has the account to which the payment card concerned by the operation 704 is attached. data server 105 provides the amount of the transaction envisaged to the bank server 706. The information server 103 receives, in return, from the bank server 706, a payment authorization, according to bank terms of known type that depend, in particular, the amount available on the bank account in question and the possible authorization of overdraft on said account;

in the course of an operation 707, the unique address of the receiver 111 is determined, it is representative, in the database 107, of the identifier transmitted by the information server 103 to the message server 109, in the course of operation 701; during an operation 708, the information server 103 calculates confidential information also called, thereafter "transaction certificate" from

. an invariant (the identifier, for example),

. a variant to avoid repetition (session number, for example),. the amount of the transaction and

. a time marker (the clock) to limit the use of a secret over time.

Preferably, it implements a computation function irreversible confidential information, that is to say, we can not find the input information when we know the output. For the implementation of operation 708, the reader will be able to refer to the books mentioned above. During this operation 708, the transaction certificate and the amount of the contemplated transaction are broadcast, via the network 110, to the receiver 111 which has said unique address;

during the operation 709, the confidential information, also called here "transaction certificate" is made available to the user, together with the amount of the transaction, in clear, or by being displayed on the display of the receiver 111, either by being given voice or fax, which allows the control, by the user, the integrity of the transaction it performs;

during the operation 710, the user supplies the information server 103, which itself retransmits it to the data server 105, a confidential message identical to (or, alternatively, representative of) the confidential information constituted by the transaction certificate, via the keyboard of the user terminal 100;

during operation 711, the information server 103 receives this confidential message;

during the test 712, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 708, or not;

when the result of the test 712 is positive, the data server 105 validates the payment made, this payment being actually made between the banking organizations according to known techniques, then resumes the operation of presentation of commercial offers;

when the result of the test 712 is negative, the data server 105 transmits to the user an error and invalidation of the payment message, possibly specifying a cause of failure (too much time elapsed between the transmission of the confidential information and its receipt, ...) and payment is not made.

Finally, the end of the session is of known type.

As an alternative to the embodiment illustrated in FIG. 7, the operation 705 is performed after all the other operations, but before the end of the session.

FIG. 8 shows a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in an application of the invention to online electronic payment, in the case of a subscription service.

after a login operation, not shown, between the user terminal 100 and the information server 103, the user provides a static, dynamic, disposable and / or single-use password, in a known manner via the user terminal 100. Preferably, when the password is entered, whether automatically, from a memory card reader, for example, or manually, by the user, it is not displayed in clear on the screen of the user terminal 101 to increase the confidentiality of this password (compared to the case where it would be displayed in clear);

during operation 800, the information server 103 checks the password and assigns a unique secret session number;

during an operation 801, the information server 103 receives from the user terminal 100 an identifier;

during an operation 802, the user of the user terminal 101 chooses a good or a service from which he wishes to have the benefit, and then initiates a payment procedure (see above with reference to FIG. 4);

during operation 803, the data server 105 receives the payment request from the user terminal 100;

during operation 805, the data server 105 performs, preferably in a secure manner, a bank authorization request to the server 706 of a bank where the user has the account to which the payment card concerned is attached. operation 804. It provides the amount of the transaction envisaged to the bank server 806 as well as data concerning the payment card, this data being kept by the information server 103 as from the subscription of the user to the service. considered. The information server 103 receives, in return, from the bank server 806, a payment authorization, according to banking terms which depend on the amount available on the bank account in question and the possible authorization of overdraft on said account ;

in the course of an operation 807, the unique address of the receiver 111 is determined, it is representative, in the database 107, of the identifier transmitted by the information server 103 to the message server 109, in the course of operation 801;

in the course of an operation 808, the information server 103 calculates confidential information also called, thereafter, "transaction certificate" (see FIG. 7);

- During operation 809, the confidential information, also called here "transaction certificate" is provided to the user, together with the amount of the transaction, in clear, or being displayed on the display of the receiver 111 either by being given voice or fax, which allows the control of the integrity of the transaction by the user;

during operation 810, the user supplies the information server 103, which itself retransmits it to the data server 105, a confidential message identical to, or, alternatively, representative of, the confidential information constituted by the transaction certificate, via the keyboard of the user terminal 100;

during operation 811, the information server 103 receives this confidential message;

during the test 812, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 808, or not; when the result of the test 812 is positive, the data server 105 validates the payment made, this payment being then effectively made between the banking organizations according to known techniques, then resumes the operation of presentation of commercial offers

when the result of the test 812 is negative, the data server 105 transmits to the user a message of error and invalidation of the payment, specifying possibly a cause of failure (too much time elapsed between the transmission of the confidential information and its receipt, ...) and payment is not made.

Finally, the end of the session is of known type.

As a variant of the embodiment illustrated in FIG. 8, the operation 805 is performed after all the other operations, but before the end of the session.

FIG. 9 shows a succession of operations implemented by the elements illustrated in FIGS. 2 and 3, in an application of the invention to payment with an electronic payment terminal.

during an operation 915, the user enters his payment card into an electronic payment terminal ('TPE') which constitutes the so-called 'user' terminal and provides a static password;

in the course of an operation 916, the merchant enters the amount of the transaction on said TPE;

during an operation 900, a log-in is performed between the TPE 100 and the information server 103 and a unique and secret session number is assigned by the communication server 103;

in the course of an operation 901, the information server 103 receives from the TPE 100 information carried by the payment card, the password and the amount of the transaction in progress, and, if the password is verified, the information server transmits a request for the identifier of the consumer to the bank 906 and receives this identifier in return;

in the course of an operation 907, the unique address of the receiver 111 is determined; it is representative, in the database 107, of the identifier transmitted during the operation 901;

in the course of an operation 908, the information server 103 calculates confidential information also called, thereafter, "transaction certificate" (see FIG. 7);

during operation 909, the confidential information, also called here "transaction certificate" is provided to the user, together with the amount of the transaction, in the clear, or by being displayed on the display of the receiver 111 or by being given voice, which allows the control of the integrity of the transaction by the user;

during the operation 910, the user supplies the information server 103, which itself retransmits it to the data server 105, a confidential message identical to, or, alternatively, representative of, the confidential information constituted by the transaction certificate, via the keyboard of the TPE 100;

during operation 911, the information server 103 receives this confidential message; during the test 912, the data server 105 determines whether this confidential message is representative of the confidential information generated by the data server 105, during the operation 908, or not;

when the result of the test 912 is positive, the data server 105 validates the payment made, this payment being subsequently made between the banking organizations according to known techniques;

when the result of the test 912 is negative, the data server 105 transmits to the user a message of error and invalidation of the payment, possibly specifying a cause of failure (too much time elapsed between the transmission of the confidential information and its receipt, ...) and payment is not made.

A variant of the operation 916 is the entry by the user of his personal code also called "PIN", before the launch of the operation 900.

Finally, the end of the session is of known type and the customer retrieves his credit card and a printed ticket bearing the amount of the payment made.

The various embodiments of the present invention (authentication, message certification and online electronic payment) can be combined to achieve specific applications corresponding to the requirements of the service operator.

The invention applies in particular

- access control on a computer site (for the internal security of a company, for teleworking in a company, etc.),

- the delivery of confidential information by hand (for e-mail, secure fax and / or recommended, for the certification of quotation or purchase order ...),

- online payment (for electronic commerce, for the distribution of information and or software, etc.),

- the message certification (for the remote declaration, for the home bank, ...), - the delivery of personalized commercial propositions (for the secure mailboxes, ...), - the taking of betting, on-line (for lotteries or casinos, racing bets, etc.), - on ordering and booking a television program (for billing television of the only shows seen),

Some of these applications are detailed below, by way of example.

For an access control application, the network used may be a network known as an "intranet" or a global network known as the "internet". The purpose of this application of the invention is to ensure that the user is an authorized person.

In this application

- the user gets in touch with the service,

- it is correct by providing a static identifier and password,

it receives, via a second transmission medium (for example mobile phone or pager), a disposable password, it types this disposable password on the keyboard of its terminal, then

- if the authentication is carried out, it accesses the resource considered (for internal security in a company, for telecommuting ...).

For a recommended email or fax transmission application, the network used may be a switched network. The objectives of this application of the invention are

- to ensure that the person to whom the secure message is addressed (the "recipient") receives it by hand and

delivering a message certificate to the sender and the recipient of the secure message.

In this application

the user sending the secure message dials the number of a specialized service for the implementation of this application,

- it identifies itself by providing a static identifier and password,

- It types the contact details of the recipient user (telephone number, preferentially cell phone, address, fax, ...), then

- it delivers its secure message (oral, written and / or via a fax machine). it receives, via a second transmission medium (for example mobile phone or pager), a message certificate,

- he types this message certificate on the keyboard of his terminal, on the first network, - this message certificate is verified,

Then the recipient user

- is informed that a secure message is waiting for him (this operation is carried out by any known means (telephony, fax, mail, pager, electronic mail ...),

- he dials the number of the specialized service for the implementation of this application,

- he identifies himself by providing an identifier,

it receives, via a second transmission medium (for example mobile phone or pager), a message certificate, and

- he types this message certificate on the keyboard of his terminal, on the first network, - this message certificate is verified,

the user receiving the secure message receives the latter,

- The sending user is informed that the secure message has been removed by the recipient.

The specialized service keeps a record of each of the certificates thus issued.

For an application of the invention to remote declaration (that is, remote declaration), the first network used may be a global network known as the "internet". The purpose of this application of the invention is to allow an immediate official administrative declaration, to issue a receipt to the user and to verify the identity of the applicant.

In this application - the user issuing the declaration connects to an administrative service adapted to this application (see above),

- he identifies himself by providing a username and a static password, - he makes the said declaration or completes an administrative form,

it receives, via a second transmission medium (for example mobile phone or pager), a message certificate, and

- he types this message certificate on the keyboard of his terminal.

For an application of the invention to the purchase and / or online payment, the network used is the global network known as the "internet" and software implemented by the computer of the user allows to encrypt an account or credit card number (for example with encryption of a type known as "Secure Socket Level" or "SSL"). The purpose of this application of the invention is to pay online by authenticating the person who performs the transaction.

In this application

- the user connects with a "shopping mall", that is to say a site gathering merchants providing goods, services or information,

- it identifies itself by providing a static identifier and a password, - it chooses a transaction that it wishes to carry out,

- it indicates a method of payment (bank card, for example),

- it sends to the server of the shopping mall its card number and the expiry date of this card, under SSL encryption protocol,

the server generates a transaction certificate to which it associates the transaction amount, in the clear,

the user receives, via a second transmission medium (for example mobile phone or pager), this transaction certificate and the amount of the transaction in clear,

* - it verifies the integrity of the amount,

- he types these elements on the keyboard of his terminal, and

the transaction is then carried out according to known banking procedures.

For an application of the invention in which information (text, images, graphics, sounds) and / or software is provided on demand, the network used is the global network known as the "internet". The purpose of this application of the invention is to charge the act to the person who accesses a value-added resource and to provide the requested service (transmission of information or software) in real time.

In this application,

the user contacts the service provider,

- he identifies himself by providing a static identifier and a password, - he chooses an information or a software which interests him,

- the service provider indicates the price of the service in question, - the user confirms his willingness to purchase, - the user receives, via a second transmission medium (for example mobile phone or pager), a transaction certificate with the amount of the transaction in clear, and

- it verifies the integrity of the payment,

- he types the transaction certificate on the keyboard of his terminal, - the transaction certificate is verified,

- he receives the information or software considered, and

- it is invoiced by monthly statement by its telecommunication operator.

For an application of the invention to remote wagering, the network used is the global network known as the "internet". The purpose of this application of the invention is to ensure that the person betting on a game or taking a remote bet is entitled to do so and that it has paid the prior rights for this game.

In this application

- the user opens and provision his account at the service operator, either by depositing a sum on his account from any point of sale or by check, or by using the same method as in the applications of the invention detailed herein above for online payment,

- then, when the user wants to participate in a game or take a bet

- it identifies itself by providing an identifier, and / or a subscriber number, and a static password,

- he selects the game he wants to bet on,

the user receives, via a second transmission medium (for example mobile phone or pager), a transaction certificate accompanied by the bet and bet, in clear, and

- he checks the bet and bet

- he types the transaction certificate on the keyboard of his terminal,

- the transaction certificate is verified (bet, bet, digits, combination).

For an application of the invention to the provision of personalized offers, the network used is the global network known as the "internet". The purpose of this application is to identify the consumer's requests upstream of the act of purchase and to make personalized offers corresponding to his request.

In this application, during its first connection - the consumer gets in touch with the service,

- it identifies itself by providing an identifier and / or a subscriber number, and a static password,

it receives, via a second transmission medium (for example mobile phone or pager), a disposable password,

- he types the disposable password on the keyboard of his terminal, and

- he completes a marketing questionnaire to define the types of commercial proposals to send him. When a commercial proposal corresponding to his request is addressed to him, the consumer receives an "alert" message via the second transmission medium. During the second connection

- the consumer then gets in touch with the service,

- it identifies itself by providing an identifier and / or a subscriber number and a static password,

it receives, via a second transmission medium, a message certificate,

- he types the message certificate on the keyboard of his terminal,

- he accesses the personal and confidential mailbox which contains the commercial proposal,

- he consults the proposal.

Claims (9)

1. A method of transmitting information on a first transmission medium, characterized in that it comprises - an operation of opening a communication session with a communication means situated at a distance, on said first transmission medium, and during the said session. a transmission operation of a password on the first transmission medium,. a password verification operation by the remote communication means,. an operation for receiving confidential information on a single address terminal on a second transmission medium, and. a transmission operation, on the first transmission medium, of a confidential message representative of said confidential information. 2. A method of transmitting information on a first transmission medium, characterized in that it comprises - an operation of opening, via a first terminal, a communication session with a communication means remote, on said first transmission medium, - a transmission operation of a password on said first transmission medium, - a password verification operation by the remote communication means, - an operation opening, via a second terminal, a communication session with a remote communication means, on a second transmission medium, - when the two sessions are open, a reception operation of confidential information on one of said transmission media on which one of the terminals has a unique address, and - a transmission operation, on the other of said transmitted mediums of a confidential message representative of said confidential information. 3. Method according to any one of claims 1 or 2, characterized in that - during the operation of receiving confidential information on a single address terminal on a second transmission medium, it receives, in addition , a transaction amount, and / or - during the transmission operation of a confidential message representative of the confidential information, a transaction amount is further transmitted. 4. A method of transmitting information on a first transmission medium forming part of a communication network, characterized in that it comprises a reception operation, by a first terminal, of a first message. representative. a password,. the amount of a contemplated transaction,. an identifier of a debtor, - a password verification operation, - a transmission operation, on a second transmission medium, to a bank server, a second representative message. the said amount,. an identifier of said debtor. a request for a debit authorization, - an operation for receiving or not from said bank server, a third message representative of a debit authorization, - when the authorization is granted, a transmission operation, a second terminal having a unique address on a second communication network, a fourth message representative of confidential information, - a reception operation, on the part of said first terminal, a fifth message representative of said confidential information a check operation of correspondence between the confidential message and the confidential information. 5. Method according to claim 4, characterized in that, after the correspondence verification operation, in case of correspondence, it comprises an operation of incrementing an account at the rate of said debtor. 6. Method according to any one of claims 4 or 5, characterized in that it comprises, after the reception operation of the first message, a read operation, in a database, the unique address of the second terminal on the second network. 7. Method according to any one of claims 4 to 6, characterized in that it comprises, after the operation of receiving the first message, a read operation, in a database, an identifier of said bank server . 8. A method of transmitting information on a first transmission medium forming part of a communication network, characterized in that it comprises: a reception operation, on the part of a first terminal, of a first message; representative. a password,. the amount of a contemplated transaction,. an identifier of a debtor, - a verification operation of the password, - an authorization operation, or not, debiting a bank account, - when the authorization is granted, a transmission operation, a second terminal having a unique address on a second communication network, a second message representative of the confidential information, - a reception operation, on the part of said first terminal, a third message representative of said confidential information - a correspondence verification operation between the confidential message and the confidential information and - in the case where the correspondence is verified, an operation of debiting said amount on said bank account. 9. Computer server, characterized in that it is adapted to implement the method according to any one of claims 1 to 8.