FR3007921A1 - METHOD FOR VALIDATING A TRANSACTION - Google Patents

Abstract

The invention relates to a validation method, respectively a processing method, of a transaction between a terminal (T) and a first server (ST) via a first communication link (L1). The validation process is adapted to establish a second communication link (L2) with a second server (SG), said establishment causing a break of the first link, to be received via a messaging service, a validation code, to restore the first link by means of an address received in a message, and to transmit via the first link restored, the validation code received. The processing method is adapted to transmit, via a messaging service, an address associated with the first server and to receive, following a break followed by a restoration of said first link, a validation code. The invention also relates to a processing server (ST) implementing the method of processing a transaction.

Description

The invention relates to a method for validating a transaction. More specifically, the invention relates more particularly to the realization of a transaction performed between a terminal and a processing server hosting a website. The invention finds a particularly interesting application in mobile payment applications (the term usually used for these applications is the English term "mobile wallet") that allow users to pay for goods, bills, using their phone. mobile.

Following the evolution of technology, there are now mobile devices equipped with web browsers that allow access to online services, also called "web services". Among the services offered, online shopping services propose to a connected user to choose one or more products. Some of these services offer payment for products using the "Certicode" (registered trademark) service offered by "La Banque Postale". The "Certicode" service allows a user subscribed to the "Certicode" service to receive a unique validation code for each online purchase. More specifically, when the user wishes to validate a transaction, he confirms the choice of products and then enters a credit card number via a web browser interface.

The supply of the credit card number to the online purchasing service entails the connection of the online purchase service to a server dedicated to the "Certicode" service which orders the sending of an SMS containing a validation code to a service provider. mobile terminal whose number has been provided to the service during a subscription phase of the service. The user then communicates this validation code to the purchasing service via the interface of the web browser.

This service is only available to users who have a credit card. It can not be used by unbanked populations. One of the aims of the invention is to remedy the shortcomings / disadvantages of the state of the art and / or to make improvements thereto. To this end, the invention proposes a method for validating a transaction between a terminal of a user and a first server able to communicate with each other via a first communication link. According to the invention, the validation method comprises the following steps, implemented by said terminal: reception, via the first link, of a request for a validation code for said transaction; establishing a second communication link with a second server, said establishment causing a break in the first link; transmission via said second communication link of a validation code request; receiving, following the transmission of said request, via a first messaging service, a message containing a validation code from said second server; receiving, via a second messaging service, a message containing an address associated with the first server; - Restoring the first link by means of said received address, and - transmission via said restored first link, said received validation code. The validation process allows the validation of a transaction between a terminal and a first server, for example a web server. The validation of the transaction is carried out by means of a validation code requested from a second server by the user's terminal and received in a message from a messaging service. Providing a validation code is a means of validating a transaction that is simple for the user. The validation process does not require the provision of a credit card number. During the validation code request, the communication link between the terminal and the first server is interrupted. Receiving a message containing an address associated with the first server allows the user to easily restore the link established between the terminal and the processing server. The restoration of this first link makes it possible to terminate the transaction started by using the validation code received following the establishment of the second link.

The validation code is proof that the customer has agreed to the transaction. Through the process, the user can make a transaction, even if he does not hold a credit card. According to a particular embodiment of the validation method, the first and / or the second messaging service are of the SMS type (for "Short Message Service"). Sending an SMS is a simple method for sending information to a terminal. In addition, when receiving an SMS, the message, and consequently the information transmitted in the message, is stored in a memory of the terminal. The user can then access the information at any time. The information remains accessible until the user has deliberately deleted the message from the terminal's memory.

According to a particular embodiment of the validation method, said first link is a Web type link. A web link is a communication link adapted to carry out a transaction. It allows the reception of web pages concerning a large number of data that can be consulted by a user. It also makes it possible to offer simple graphical interfaces adapted to the input of information necessary for a transaction. According to a particular embodiment of the validation method, the validation code request received is a web page and said received address is the address of said page. Thanks to the received address, it is easy for the user to connect again to the website and find a screen similar to the one he saw at the time of the cut of the link. The address also allows the terminal, and the user, to retrieve the information relating to the current transaction. According to a particular embodiment of the validation method, said second link is a USSD type link (for "Unstructured Supplementary Service Data").

A USSD link is a simple and available means on all mobile terminals for exchanging information with a server. According to a particular embodiment of the validation process, said validation code is a password of "One Time Password" type. A "One Time Password" password is a one-time identifier. It can only be associated with one transaction. This helps to secure the system. The invention also relates to a method of processing a transaction between a terminal of a user and a first server able to communicate with each other via a first communication link. The processing method comprises the following steps, implemented by said first server: transmission via the first communication link, of a request for a validation code for said transaction; transmission to said terminal, via a messaging service, of a message containing an address associated with the first server; following a cut followed by a restoration of said first link by said terminal by means of said address, reception, via said restored first link, of a validation code, said validation code being transmitted to said terminal by a second management server. According to a particular embodiment, the processing method comprises, following said restoration of the first link, a step of retransmission via the first communication link, of said request of a validation code and the validation code is received in a response to said retransmitted request. According to a particular embodiment of the processing method, said request is not retransmitted if the time calculated between the transmission of said request and the restoration of the first link is greater than a predetermined threshold value. The invention also relates to a processing server adapted to communicate with a terminal via a first communication link, said server comprising: a transmission module, via a messaging service, for said terminal, of a message containing an address associated with said server; a communication module adapted to transmit to the terminal, via said first communication link, a request for a validation code for a transaction in progress and to receive following a cut followed by a restoration of said first link by said terminal; by means of said address, via said restored first link, a validation code, said validation code being transmitted to said terminal by a second management server. The invention finally relates to a computer program product comprising instructions for implementing the steps of the method of processing a transaction as described above, when it is loaded and executed by a processor.

Other features and advantages of the present invention will appear in the following description of embodiments given as non-limiting examples, with reference to the accompanying drawings, in which: - Figure 1 is a diagram illustrating a system according to a mode embodiment of the invention, - Figure 2 is a flowchart illustrating the various steps of a method of validating a transaction and a method of processing a transaction according to one embodiment of the invention. The invention is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document to a software component, to a hardware component or to a set of hardware and / or software components, capable of implementing a function or set of functions, as described below for the module concerned. A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software. Such software component is stored in memory then loaded and executed by a data processor of a physical entity (terminal, server, gateway, settop-box, router, etc.) and is likely to access the hardware resources of this physical entity (memories, recording media, communication bus, input / output electronic boards, user interfaces, etc.). In the same way, a material component corresponds to any element of a material set (or hardware). It may be a programmable hardware component or with an integrated processor for running software, for example an integrated circuit, a smart card, an electronic card for executing a firmware, etc.

An embodiment of a method for validating a transaction and a process for processing a transaction will now be described with reference to FIGS. 1 and 2. Referring to FIG. 1, a SYS system comprises a terminal T of a user U, a management server SG and a processing server ST.

The terminal T is for example a mobile terminal. More generally, the terminal TA is a device able to communicate via a first communication link with the processing server ST, to communicate via a second communication link with the management server SG and to receive messages from remote entities.

The terminal T comprises, in a known way, in particular a processing unit MT equipped with a microprocessor, a read-only memory ROM, a random access memory of the RAM type. The terminal T may include in a conventional and non-exhaustive manner the following elements: a microphone, a speaker, a disk drive, a storage means ... The terminal T contains an NV browser.

The NV Browser is a web browser, that is, software designed to consult the World Wide Web. The terminal T also comprises a keyboard, an ECR display screen and an AFF display module for displaying on the ECR display screen. The terminal T also comprises a first communication module COM1, a second communication module COM2, a message receiving module RCM and a user interface INT. The processing unit UT is able to receive instructions from the user interface INT, for example the keyboard or any other means of selection by the user.

The processing server ST is for example a server and comprises, in a known manner, in particular a processing unit UT equipped with a microprocessor, a read-only memory ROM, a random access memory of the RAM type. The read-only memory ROM comprises registers storing a computer program PG including program instructions adapted to implement a method of processing a transaction according to an embodiment of the invention described later with reference to FIG. 2. The processing server ST also comprises a communication module COM, an EVM message sending module and a processing module TT.

An embodiment of a method for validating a transaction and a process for processing a transaction, implemented in the SYS system, will now be described with reference to FIG. prior EO, carried out for example following an action of the user U for the one hand, start the browser NV and secondly, enter an ADS address of the processing server ST, the terminal T establishes a first communication link Ll with the ST processing server. The first communication link L1 is a Web type link. It is established in a known manner by the sending by the first communication module COM1 of the terminal T of a web type request containing the address ADS. Typically, the ADS address is a URL (for "Uniform Resource Locator") for addressing a SW website hosted by the processing server ST. The sending of the ADS address causes the opening of a communication session between the terminal T and the processing server ST, via the first communication link L1.

The SW website contains a plurality of web pages in which a user can browse. The SW website is for example a site offering to purchase a plurality of products. It allows for example the selection of products by a user and the purchase of selected products. The ADS address is the address of one of the pages of the SW site, for example a home page.

The sent request is received by the communication module COM of the processing server ST and transmitted to the processing module TT of the processing server ST. The processing module TT of the processing server ST sends back a response to the terminal T in the form of a web page. The received web page is displayed on the ECR screen of the T terminal.

The web page contains one or more icons displayed on the ECR screen. At least some of these icons are associated with a hyperlink and are selectable by the user via the INT user interface of the terminal T. The selection of an icon causes the sending of a new request containing the associated hyperlink to this icon, via the first link L1, to the processing server ST and the reception by the terminal T of a new web page. The user U can thus navigate from page to page in the SW website. During a step E2, the user U wishing to perform a transaction, chooses one or more products Pl, P2 ... among the products presented in the pages of the website SW.

Each product is associated with a reference identifier of the product. The reference identifiers associated with the chosen products Pl, P2 ... are stored in a temporary memory of the processing server ST. This temporary memory is generally called "basket". Following an action of the user U to confirm the choice of the products Pl, P2 ..., for example by clicking on an icon proposing the purchase of the selected products, the terminal T sends, during a step E4, via the first communication link L1, a request for validation of the transaction DVA to the processing server ST. The DVA validation request is transmitted in a web request The DVA validation request is here a payment request by mobile terminal.

The DVA validation request contains an identifier of the terminal T, for example the MSISDN number (for "Mobile Station International Subscriber Directory Number"). The MSISDN number of a mobile terminal is the number known to the public, through which a user can be reached on his mobile terminal. As an alternative, the DVA validation request also contains an identifier of the user, for example, a name or a customer reference. Step E4 is followed by a step E6 in which the processing server ST receives the validation request DVA. As an alternative, the MSISDN identifier is inserted into the DVA validation request by an entity of the network.

Step E6 is followed by a step E8 in which the processing module TT of the processing server ST controls the sending by the communication module COM of the processing server ST of a web page WP1 containing a request for a validation code. The WP1 web page is transmitted via the first communication link L1. The WP1 page is received and displayed by the display module AFF of the terminal T during a step E10.

The sending step E8 of the WP1 page is followed by a step E12 in which the processing server ST sends via an SM2 messaging service, an MS2 message to the terminal T. The SM2 messaging service represents a second service messaging. The SM2 messaging service is an SMS type message (for "Short Message Service") and the message MS2 is an SMS type message. The MS2 message contains the AD address of the WP1 web page. The AD address is for example a URL to access the WP1 page. The message MS2 is sent to the terminal T by the EVM message sending module of the processing server ST.

As an alternative, the SM2 messaging service is an instant messaging service or an email service type (or mail in English). As an alternative, the step E12 for sending the message MS2 is performed before the sending step E8 of the page WP1. The message MS2 is received by the receiver module RCM T terminal in a step E14. In a step E16, the processing module TT of the processing server ST records one or more PSES parameters of the current session and transmits them to the terminal T via the first communication link L1. A PSES parameter of the session is for example an identifier of the terminal T, for example the MSIDDN or a session identifier assigned to the current session by the processing server ST. During a step E20, the processing server ST stores one or more transaction parameters PTR in association with an identifier of the terminal T. A transaction parameter PTR is for example a reference identifier of a product selected during the transaction. In progress. As an alternative, the transaction parameters are recorded in association with an identifier of the user U. This assumes that the user U is identified during the current session, that is to say for the transaction. . During a step E22, the processing server ST triggers a counter CPT (or "timer" in English) for counting or counting a time T from a time when the counter is triggered. The counter CPT is for example triggered following step E20. As an alternative, the CPT counter is triggered as soon as the DVA request is received or when the WP1 page is sent.

In a step E24, the second communication module COM2 of the terminal T establishes a second communication link L2 with the management server SG. The second link L2 is established following the entry by the user U, for example by means of the keyboard of the terminal T, a USSD code (for "Unstructured Supplementary Service Data") allowing access to the management server SG. The USSD code entered is for example the code "# 140 #" which allows access to the "Orange Money" service offered by France Telecom Orange. The "Orange Money" service, deployed in several emerging countries, enables unbanked populations to carry out financial transactions using their mobile terminal. Mobile device users who subscribe to this service are assigned an associated account, on which they can perform different operations. The second link L2 is a USSD channel. The USSD channel is a basic feature of the GSM standard (for "Global System for Mobile Communications"). It allows to convey information above the signaling channels of the GSM network. The USSD channel requires only basic GSM access and the services that use this channel are accessible from any mobile terminal, without adding specific code on the terminal The advantage of this channel is to always be available and very responsive. It is also accessible from GPRS or UMTS channels. The establishment of the second link L2 causes the break of the first link L1.

The sending of the USSD code "# 140 #" causes the opening of an interactive USSD session between the terminal T and the management server SG. It causes in particular the reception and display on the ECR screen of the terminal T of a text message proposing the features of the service "Orange Money" and inviting the user to enter a choice, or to provide information, for example a identification code or PIN ("for" Personal Identification Number "). For example, sending the USSD code "# 140 #" causes a menu to be sent with several options for the service, including an option to obtain a validation code. The step E24 is indifferently performed before or after the reception of the SMS type message MS2 transmitted during the step E12. During a step E26, the user U chooses, in the menu received by the terminal T, the option to obtain a validation code, validates his choice and the terminal T sends via the second communication module COM2 and the second communication link L2, a request DId validation code.

The request DId validation code is in the embodiment described, a value entered by the user. The value entered corresponds to the value associated with the validation code request function in the menu displayed on the ECR screen of the terminal T. The validation code request DId is received by the management server SG during a step E28. In the embodiment described, the step E28 is followed by a step E30 during which the management server SG requests an identification code from the terminal T via the second communication link L2 and receives back a code d CC identification of user U.

The management server SG then checks whether the identification code received CC corresponds to the identification code previously registered in association with the MSISDN identifier of the terminal T. Alternatively, the step E30 is not performed. In the case where the identification code CC does not correspond to the previously registered identification code, the process stops. In the case where the identification code CC corresponds to the previously registered identification code, the management server SG generates and sends in a step E32, via a messaging service SM1, a message MS1 to the terminal T. The service SM1 is a first messaging service.

The SM1 messaging service is an SMS messaging service and the MS1 message is an SMS message. As an alternative, the SM1 messaging service is an instant messaging service or an email messaging service. The message MS1 is an SMS containing an IdS validation code generated by the management server SG. The validation code IdS is for example a password of the type "One Time Password". The message MS1 is received by the receiver module RCM T terminal in a step E34.

During a step E36, the terminal T restores the first communication link L1 by sending a request RQ. The request RQ contains the address AD received in the SMS message MS2 received during the step E14. The sending of the request RQ makes it possible to request the restoration of the session in progress when the first communication link L1 is broken.

More precisely, the user copies, for example by using a "copy / paste" function, the address AD received in the message MS2, in a specific window of the browser NV. This action causes the NV browser to send a request from the PW1 web page.

In the described embodiment, the request also includes one or more of the PSES session parameters received in step E18. Step E36 is followed by a step E38 in which the processing server ST, having received the request RQ, checks whether the time T elapsed since the triggering of the counter CPT is less than a predefined threshold value VS.

If the time T elapsed since the triggering of the counter CPT is greater than the threshold value VS predefined, the process stops. For example, the processing server ST transmits to the terminal T, via the first communication link L1, a page indicating that the time allowed for entering a validation code has expired and offering a return to the home page of the website SW .

If the time T elapsed since the triggering of the counter CPT is less than or equal to the predefined threshold value VS, the processing server ST retrieves the recorded transaction parameters PTR in association with an identifier of the terminal T during the step E20 and transmits, in response to the request RQ, via the first link L1, the web page WP1 completed with the transaction parameters PTR (step E40).

As an alternative, the PTR transaction parameters are transmitted, for example in encoded form, to the terminal T with the PSES session parameters in the step E16. The PTR transaction parameters are then received in the RQ request and used by the processing server ST to complete the WP1 page. The terminal T receives during a step E42, the WP1 web page as received in step E10. The user thus finds the communication session with the processing server ST as it was at the time of the cut of the communication link L1. If the second communication link L2 has not been cut off by the user, the restoration of the first communication link L1 causes the breaking of the second communication link L2.

The step E42 is followed by a step E44 in which the user U enters the validation code IdS received in the SMS message MS1 by means of the user interface INT, and then validates the input, thus causing the sending the IdS validation code to the processing server ST via the first communication link L1. The validation code IdS is received by the processing server ST during a step E46.

Thanks to the validation code IdS received and the MSISDN number of the terminal T, the processing server ST can contact the management server SG to obtain the transfer of a sum of an account of the user U to an associated account to the SW website. The steps E4, E10, E14, E18, E24, E26, E34, E36, E42 and E44 implemented by the terminal T represent the steps of the process of validating a transaction. The steps E6, E8, E12, E16, E20, E22, E38, E40 and E46 implemented by the processing server ST represent the steps of the method of processing a transaction. 15

Claims (10)

REVENDICATIONS1. Method for validating a transaction between a terminal (T) of a user (U) and a first server (ST) able to communicate with each other via a first communication link (L1), the method comprising the following steps, implemented implemented by said terminal (T): - receiving (E10) via the first link (L1), a request (WP1) of a validation code for said transaction; establishing (E24) a second communication link (L2) with a second server (SG), said establishment causing a break in the first link (L1); transmitting (E26) via said second communication link (L2) a request (DId) for a validation code; reception (E34), following transmission of said request (DId), via a first messaging service (SM1), of a message (MS1) containing a validation code (IdS) from said second server (SG) ; receiving (E14), via a second message service (SM2), a message (MS2) containing an address (AD) associated with the first server (ST); - restoring (E36) the first link (L1) by means of said received address (AD), and - transmitting (E44), via said restored first link (L1), said received validation code (IdS). 2. Validation method according to claim 1 wherein the first and / or the second mail service are of the SMS type (for "Short Message Service"). 3. Validation method according to one of the preceding claims wherein said first link (L1) is a Web type link. 4. Validation method according to one of the preceding claims wherein the validation code request received is a web page (WP1) and wherein said received address (AD) is the address of said page. 5. Validation method according to one of the preceding claims wherein said second link (L2) is a USSD type connection (for "Unstructured Supplementary Service Data"). 6. Validation method according to one of the preceding claims wherein said validation code is a password type "One Time Password". 7. A method of processing a transaction between a terminal (T) of a user (U) and a first server (ST) able to communicate with each other via a first communication link (L1), the method comprising the following steps implemented by said first server (ST): transmission (E8) via the first communication link (L1) of a request (WP1) of a validation code for said transaction; - transmitting (E12) to said terminal (T), via a message service (SM2), a message (MS2) containing an address (AD) associated with the first server (ST); - following a cut followed by a restoration of said first link (L1) by said terminal (T) by means of said address (AD), reception (E46), via said restored first link (L1), a code validation code (IdS), said validation code (IdS) being transmitted to said terminal (T) by a second management server (SG). 8. Treatment method according to claim 7, characterized in that it comprises, following said restoration of the first link (L1), a retransmission step (E40) via the first communication link (L1) of said request (WP1). ) a validation code and wherein the validation code (IdS) is received in a response to said retransmitted request. 9. Processing method according to claim 8 wherein said request is not retransmitted if the time calculated between the transmission of said request and the restoration of the first link is greater than a predetermined threshold value. 10. Processing server (ST) able to communicate with a terminal (T) via a first communication link (L1), said server comprising: a transmission module (EVM), via a messaging service (SM2), at destination of said terminal, a message (MS2) containing an address (AD) associated with said server (ST); a communication module (COM) adapted to transmit to the terminal (T), via said first communication link (L1), a request (WP1) of a validation code for a transaction in progress and to receive following a cutoff followed by a restoration of said first link by said terminal (T) by means of said address (AD), via said first link restored (L1), a validation code (IdS), said validation code being transmitted to said terminal by a second management server (SG) .5