FR3031609A1 - METHOD OF PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL - Google Patents

Abstract

A method of processing, by a transaction processing server, a transaction initiated at least partially from a communication terminal connectable to said server via a communication network, characterized in that it comprises a step of creating (10) a secure communication channel with the communication terminal; an instantiation step (11), within an execution server on said communication network, of a virtual payment terminal (VPOI) able to exchange information with said communication terminal via said channel; secure communication; a transaction processing step (12) between the communication terminal and the virtual payment terminal (VPOI) implementing at least one security module of the communication terminal, said security module being configured to exchange an identifier of the type of service and / or a personal identification number with said virtual payment terminal (VPOI).

Description

A method of processing a transaction from a communication terminal. 1. Domain The proposed technique relates to the processing of online transactions. The proposed technique relates more particularly to the processing of transactions from a communication terminal, in a secure form. 2. Prior Art Two modes of transactions coexist when a user wishes to make a payment transaction from a bank card: - "card present" mode: the bank card is physically used. For example, it is inserted in a payment terminal, and the information it contains is read directly from the chip or magnetic strip integrated in the card. Alternatively, the bank card is approached from a payment terminal, and the information is transmitted via contactless technology type NFC (Near Field Communication); the "card not present" mode: the credit card is not used physically, but the user enters the information present on this card (card number, visual cryptogram, expiry date, bearer name) to perform a transaction . This is the solution today mainly used for online payment on the Internet for example. Many manufacturers of mobile communication terminals (typically smartphones or tablets) are now seeking to develop payment solutions directly integrated with the mobile terminal, allowing the user to avoid having to bring his credit card when he wants to make a transaction. The solutions currently proposed for this purpose are essentially based on an implementation based on the "card not present" type of transaction mode described above: in a first service initialization phase 3031609 2, the user is invited to enter, in a dedicated application installed on its communication terminal, the information associated with his bank card (s) (for example the type of card, the card number, the visual cryptogram, the expiry date, etc.). This information is then recorded within the communication terminal. Once this initialization phase has been completed, the user can then use the dedicated application to make certain payments without having to obtain his credit card and having to manually re-enter the information indicated therein: this information is then directly transmitted by the communication terminal to the payment server. This solution is nevertheless limited. On the one hand, the possibilities of transactions accessible from a limited mobile communication terminal and concerns only online transactions based on a "card not present" mode, and the solution proposed is then essentially aimed at preventing the user to have to enter himself the data associated with his bank card every time he wants to make a payment from a communication terminal (often tedious input). On the other hand, this solution raises security problems: all the data useful for carrying out a transaction being stored within the communication terminal itself, a user who has lost or has been robbed of his mobile device (his mobile phone by example) is not immune to a malicious person who has recovered his property accesses this sensitive information and carries out financial transactions on his behalf (if the communication terminal or the application that contains them are insufficiently secured) .

This problem of security which arises for the execution of payment transactions from a communication terminal is also encountered in the realization of transactions of other types: since an authorization is required for the realization of a transaction from a communication terminal, it is risky to store within the same communication terminal 30 the information likely to give access to such a 3031609 3 authorization. There is therefore a need for a solution that makes it possible to integrate within a communication terminal means for obtaining an authorization for carrying out transactions, and that does not present at least some of these problems. prior art. 3. Summary According to a preferred implementation, the various steps of the methods according to the proposed technique are implemented by one or more software or computer programs, comprising software instructions intended to be executed by a data processor of a module. relay according to the proposed technique and being designed to control the execution of the different steps of the processes. Accordingly, the proposed technique is directed to a program that can be executed by a computer or a data processor, which program includes instructions for controlling the execution of the steps of a method as mentioned above. This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any another desirable form. The proposed technique is also aimed at a data carrier readable by a data processor, and including instructions of a program as mentioned above. The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a diskette (floppy disc) or a disk hard. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be routed via an electrical or optical cable, by radio or by other means. The program according to the proposed technique can be downloaded in particular on an Internet type network. Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question. According to one embodiment, the proposed technique is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document to both a software component, a hardware component or a set of hardware and software components. A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software capable of implementing a function or a set of functions, as described below for the module concerned. Such a software component is executed by a data processor of a physical entity (terminal, server, gateway, router, etc.) and is capable of accessing the hardware resources of this physical entity (memories, recording media, bus communication boards, 20 electronic input / output cards, user interfaces, etc.). In the same way, a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions, as described below for the module concerned. It may be a programmable hardware component or an integrated processor for software execution, for example an integrated circuit, a smart card, a memory card, an electronic card for executing a firmware (firmware), etc. Each component of the previously described system naturally implements its own software modules.

The various embodiments mentioned above are combinable with each other for the implementation of the proposed technique. 4. Figures Other features and advantages of the proposed technique will become more apparent upon reading the following description of a preferred embodiment, given by way of example only and not by way of limitation, and the appended drawings, among which: : - Figure 1 presents a synoptic of the proposed technique; The method proposed does not present at least some of these problems of the prior art. Indeed, it is proposed here a method of processing a transaction made from a communication terminal. The term "transaction" in the broad sense is understood here: it may be a financial transaction (for example a payment transaction), or a transaction of any other nature, such as publication or publication. deleting comments on an online social network, or any other transaction that requires authorization to be performed. The general principle of the proposed technique is to rely on the same 20 authentication mechanisms as those implemented in the context of the realization of a payment transaction from a bank card in a "present card" mode. And to resume these mechanisms in order to obtain authorization for carrying out any transaction (not just payment transactions) from a communication terminal. A communication terminal according to the proposed technique comprises a secure processor having access to a secure memory. It is important to note here that this secure processor and this secure memory are dedicated to the execution of transactions, and that they are separate from the central processor and the central memory which govern the current operation of the communication terminal. in charge of calling, sending messages, browsing the Internet, etc.). This processor and this secure memory - which therefore form a secure space within the communication terminal - can for example be integrated within a secure execution environment which is delivered to the communication terminal manufacturer. This secure execution environment (TEE) can also be completed with a security module (SE) whose function in the context of the present technique is to interact with a virtual payment terminal. Several types of service requiring authorization for the execution of associated transactions are predefined within this security module (for example in the form of specific applications, also called applets). Examples of such types of services are: Visa® payment, Mastercard® payment, service linked to a given online social network, etc. Each type of service predefined within a security module is associated with a unique identifier (PAN_S), built on the same format as a bank card number (or PAN, of the "Primary Account Number"). . Each of these identifiers is not only unique within the same security module, but it is also unique within all the security modules marketed. Thus, such a security module provided to a manufacturer of communication terminals contains, for each type of service that is predefined therein, an identifier which acts as a unique and unalterable signature and which is constructed on the same format as a number. credit card. Within this security module, each type of service is stored in the same form as are the data contained in a bank card type of memory card (a type of service then behaves vis-à-vis the outside, like a virtual bank card with its own number (PAN_S)). When a user takes possession of a communication terminal incorporating such a transaction security module, he has the possibility, in a so-called provisioning phase, of activating some of these types of services, for which he wishes to be able to able to perform a transaction associated with the medium of its communication terminal. For example, if the user wishes to use his phone to make payment transactions, he will activate the type of payment service corresponding to the type of card in his possession (for example "VISA® payment" or "Mastercard® payment"). ). If the user wishes to use his telephone to benefit from increased security during certain operations performed on a social network, he will activate the type of service associated with this social network. In the rest of the document, we are interested (but this choice is given for illustrative purposes only and is not limiting) to the type of service corresponding to a VISA® payment.

Once the choice of a type of service to be activated has been made, the provisioning phase includes a step of providing the data associated with the particular service for which authorization is required when a transaction is performed. Thus, if the user wishes to be able to make VISA® payments from his communication terminal, he must provide in this phase of provisioning the data associated with his VISA® bank card which are necessary for the realization of a transaction: credit card number, expiry date, name of the bearer, visual cryptogram, etc. This step can be carried out by means of a manual entry of the information present on the bank card, or automatically, for example by means of a photograph of the bank card made by means of the communication terminal (the virtual one). All mass-market communication terminals today include means to take a photograph). Additional data, referred to as "index" (IDX) is automatically generated by the communication terminal, in order to be able to distinguish different data sets specific to the same type of service (a user who has several VISA credit cards ® must be able to provision each of these cards: the unique identifier of the type of service (PAN _S) makes it possible to identify not only a VISA® payment but also the user who requests it (this identifier being unique within 30 l set of security modules), and the index makes it possible to identify the set of data associated with the VISA® bank card that the user actually wants to use at the time of a payment from his communication terminal) . These sensitive data associated with a service and provided by the user 5 are not stored within the communication terminal: they are transmitted to a authorization processing server which stores them within a data structure, called a data structure. transaction data (StrTrs), where they are associated with the unique identifier of the type of service considered (in our example considered, the PAN_S of the "VISA® payment" service for the communication terminal considered), and at the index generated automatically when provided. The only information that remains stored in the communication terminal (in addition to the unique identifiers PAN_S already predefined within the security module) are the index, as well as a representation of the VISA® bank card provisioned (for example a photograph , an image, and / or the last digits of its number) which will be useful later to allow the user to more easily identify the card he wishes to use (especially if he has provisioned several bank cards of the same type) . The provisioning of a service by data entry and transmission of this data to an authorization processing server is carried out under the at least partial control of the secure execution environment (TEE) and / or the security module (SE). The data is transmitted after establishing a secure channel between the communication terminal and the processing server. When a request for activation of a given type of service is transmitted to a authorization processing server, the latter generates and then transmits to the user via a secure transmission channel (for example directly via secure channel or other means such as the postal channel), a personal identification number (PIN_S) (or PIN, of the English "Personal Identification Number") specifically related to the unique identifier 30 of the type of service activated (PAN_S) (this personal identification number 3031609 9 is not particularly that which is associated with the actual bank card of the user). The association between the unique identifier of the activated service type (PAN S) and the corresponding personal identification number (PIN_S) is _ _ stored within a data structure, called authorization data structure 5 ( StrAut), from this authorization processing server. Alternatively, all predefined service types within the same security module can be associated with the same personal identification number (PIN_S). This makes it possible to define a global personal identification number associated with the communication terminal, and the user then has only one personal identification number to memorize (rather than one per type of service activated). In the latter case, the personal identification number associated with the communication terminal is for example generated and transmitted to the user during his first activation of an available type of service. This completes the provisioning phase. We then enter a phase of use, and the method of processing a transaction from a communication terminal can then be implemented. According to the proposed technique, such a method comprises, at the level of the authorization processing server, at the moment when the user wishes to carry out a transaction requiring the obtaining of an authorization: a step of creation of a communication channel secure (eg a virtual private network - VPN) with the communication terminal (TC); a step of instantiating a virtual payment terminal (VPOI) capable of exchanging information with said communication terminal via said secure communication channel, according to the same communication protocol as that used for the exchange of data between a physical bank card and a physical payment terminal during an "application protocol data unit" (APDU) payment transaction encapsulated in the SCP protocol; A step of obtaining, by means of said virtual payment terminal 3031609 (VPOI), the identifier of the type of service (PAN_S) corresponding to the transaction to be carried out from said communication terminal, and the index (IDX) corresponding to the data set to be used, said index being contained in an available field defined in said communication protocol (for example the field "9F10", able to accommodate data specific to the issuer of a card) ; A step of transmitting a request to enter a personal identification number to the communication terminal; A step of receiving a personal identification number (PIN) entered, in encrypted form; A step of verifying the adequacy between the entered personal identification number (PIN) and the expected personal identification number (PIN S) for the type of service considered, by means of the authorization data structure ( StrAut); when said verification is positive, a data obtaining step (JD) necessary for the continuation of the transaction, by means of the transaction data structure (StrTrs), as a function of the identifier of said type of service (PAN_S) corresponding to the transaction to be performed from said communication terminal, and said index (IDX) corresponding to the data set to be used; The communication protocol established between the security module present in the communication terminal, for a given type of service, and the virtual terminal instantiated by the authorization processing server is therefore similar to that implemented during exchanges between a card. 25 physical bank and a physical payment terminal. The process of obtaining an authorization for the completion of a transaction from a communication terminal is then similar to that which is performed during a payment transaction in "present card" mode (the module The security of the communication terminal then serves as a bank card, and the virtual payment terminal behaves like a conventional payment terminal). At the level of the communication terminal, the method described is only managed at the level of the security module, in order to guarantee maximum security of the transaction. Thus, it protects against the action of possible malicious software (eg keyloggers) that could be installed on the operating system 5 of the communication terminal. The conventional functions of the communication terminal (reception and transmission of calls, messages, internet browsing, etc.) are also deactivated as long as the transaction is not completed, and it is the secure processor that manages the input devices. and rendering the communication terminal (including displaying the personal identification number, or PIN code, request screen associated with the type of service for which the transaction is requested, and retrieving the code entered by the user). In a particular embodiment of the proposed technique, in case of negative verification of the match between the personal identification number entered and the expected personal identification number (PIN_S) for the type of service considered, it may be possible to the user to make a predetermined number of new attempts to enter a correct personal identification number before definitively rejecting the transaction, if multiple erroneous entries are repeated.

In a particular embodiment of the proposed technique, the personal identification number entered by the user is encrypted or is transformed by a hash function within the communication terminal or the virtual payment terminal, before being forwarded to the authorization processing server. The verification of the adequacy between the personal identification number entered and the expected personal identification number (PIN_S) for the type of service considered is then performed after decryption of the encrypted personal identification number received (encryption case). , or on the basis of a comparison of fingerprints (case of hashing). In the example previously developed throughout this document - the realization of a payment transaction from a communication terminal - it is interesting to note that the proposed technique allows the implementation of a hybrid transaction involving both part of the mechanisms implemented in the context of a "card present" payment transaction and a portion of those implemented in the context of a "card" mode transaction. not present ": - Obtaining the authorization to carry out a transaction is obtained according to mechanisms similar to those implemented during the completion of a" card present "mode transaction; nevertheless, once this authorization has been obtained, the same mechanisms 10 as those implemented when carrying out a "card not present" mode transaction are used to finalize the transaction, namely the transmission of the information as written on a credit card (card number, expiry date, visual cryptogram, name of the holder) to a payment server. This information is retrieved from the transaction processing data structure (StrTrs) of the authorization processing server, from the service type identifier (PAN_S) for which a transaction is desired, and the index (IDX). ) used to identify the dataset to use to finalize this transaction. According to another aspect of the proposed technique, a communication terminal such as that described here - which includes a security module in which service types, and in particular types of payment services, are predefined - corresponds to payment schemes. bank cards, able to be provisioned - can be used for carrying out a contactless payment transaction in connection with a physical payment terminal (and no longer a virtual payment terminal) (In this case, the The communication terminal and the payment terminal must comprise contactless communication means adapted to this type of use, for example near-field communication means (NFC), the example developed mainly in the present document (embodiment of a payment transaction) is given purely by way of illustration 3031609 13 and it is obvious that the present method of processing a transaction p could be implemented for any type of service (including services unrelated to the financial field) requiring authorization to carry out an associated transaction.

5 Implementing Devices With reference to FIG. 2, a processing server is described comprising means for executing the previously described method. For example, the processing server comprises a memory 41 consisting of a buffer memory, a processing unit 42, equipped for example with a microprocessor, and driven by the computer program 43, implementing the steps necessary to authorization processing for the implementation of services or access to goods. At initialization, the code instructions of the computer program 43 are for example loaded into a memory before being executed by the processor of the processing unit 42. The processing unit 42 receives as input for example a set of initial lexemes or existing dictionary data. The microprocessor of the processing unit 42 implements the steps of the method, according to the instructions of the computer program 43 to allow access to the good or service. For this, the processing server comprises, in addition to the buffer memory 41, means for obtaining information external to the device, such as a set of data accessible in base; these means may be in the form of an access module to a communication network such as a network card. The device also comprises processing means, these data for delivering data allowing access to a communication terminal; these processing means comprise for example a processor specialized in this task; the device also comprises one or more means for accessing one or more databases. The device 30 also comprises means for updating authorization and / or access to goods or services, in particular means for weighting relations between the lexical and / or grammatical forms making up the dictionary. These means can be controlled by the processor of the processing unit 42 according to the computer program 43.

With reference to FIG. 3, a communication terminal is described comprising means for executing the previously described method. For example, the communication terminal comprises a memory 51 consisting of a buffer memory, a processing unit 52, equipped for example with a microprocessor, and controlled by the computer program 53, implementing the necessary to implement performing verification functions. At initialization, the code instructions of the computer program 53 are for example loaded into a memory before being executed by the processor of the processing unit 52. The processing unit 52 receives input 15 for example a notification. The microprocessor of the processing unit 52 implements the steps of the processing method, according to the instructions of the computer program 53 to allow the entry of an authorization code (a PIN code for example). For this, the device comprises, in addition to the buffer memory 51, display and input means; these means can be in the form of a processor or a set of secure resources to secure the entry of authorization. The device also comprises cryptographic processing means; these processing means comprise for example a dedicated encryption processor and encryption keys, such as session keys derived from an initial key. These means can be controlled by the processor of the processing unit 52 according to the computer program 53.

Claims (2)

REVENDICATIONS1. A method of processing, by a transaction processing server, a transaction initiated at least partially from a communication terminal connectable to said server via a communication network, characterized in that it comprises a step of creating (10) a secure communication channel with the communication terminal; an instantiation step (11), within an execution server on said communication network, of a virtual payment terminal (VPOI) able to exchange information with said communication terminal via said communication channel; secure communication; a transaction processing step (12) between the communication terminal and the virtual payment terminal (VP01) implementing at least one security module of the communication terminal, said security module being configured to exchange an identifier of the type of service and / or a personal identification number with said virtual payment terminal (VPOI). 2. Processing method according to claim 1, characterized in that said transaction processing step comprises at least one data exchange in the form of an APDU between the security module and the virtual payment terminal.