FR3053549B1 - Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. - Google Patents
Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. Download PDFInfo
- Publication number
- FR3053549B1 FR3053549B1 FR1656240A FR1656240A FR3053549B1 FR 3053549 B1 FR3053549 B1 FR 3053549B1 FR 1656240 A FR1656240 A FR 1656240A FR 1656240 A FR1656240 A FR 1656240A FR 3053549 B1 FR3053549 B1 FR 3053549B1
- Authority
- FR
- France
- Prior art keywords
- communication terminal
- user device
- authentication
- message
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title abstract 5
- 230000005540 biological transmission Effects 0.000 abstract 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/352—Contactless payments by cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0873—Details of the card reader
- G07F7/0893—Details of the card reader the card reader reading the card in a contactless manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Finance (AREA)
- Algebra (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
L'invention se rapporte à un procédé d'authentification d'au moins une donnée, procédé mis en œuvre lors d'une transaction de paiement intervenant entre un terminal de communication d'un commerçant et un dispositif d'utilisateur, procédé du type comprenant l'authentification par le terminal de communication d'au moins un message m générée par le dispositif d'utilisateur, par l'intermédiaire d'une liaison de données sans fils en champs proche. Un tel procédé comprend, au sein du dispositif d'utilisateur : - une étape d'obtention (10), à partir du message m, d'une donnée aléatoire t et d'une fonction de hachage H, d'un code d'authentification S1 ; - une étape d'obtention (20), à partir du message m, de la donnée aléatoire t, d'une clé publique Z du terminal de communication, d'une première clé privée x du dispositif d'utilisateur et du code d'authentification S1, d'un premier composant de signature S2 ; une étape d'obtention (30), à partir du message m, de la donnée aléatoire t, de la clé publique de Z du terminal de communication, d'une deuxième clé privée y du dispositif d'utilisateur et du code d'authentification S1, d'un deuxième composant de signature s3; - une étape de transmission (40), au terminal de communication, du code d'authentification S1, et des deux composants de signature S2 et S3.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1656240A FR3053549B1 (fr) | 2016-06-30 | 2016-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. |
US16/314,174 US10922679B2 (en) | 2016-06-30 | 2017-06-30 | Method for authenticating payment data, corresponding devices and programs |
EP17733483.6A EP3479518A1 (fr) | 2016-06-30 | 2017-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants |
PCT/EP2017/066365 WO2018002351A1 (fr) | 2016-06-30 | 2017-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants |
CA3029154A CA3029154A1 (fr) | 2016-06-30 | 2017-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1656240 | 2016-06-30 | ||
FR1656240A FR3053549B1 (fr) | 2016-06-30 | 2016-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. |
Publications (2)
Publication Number | Publication Date |
---|---|
FR3053549A1 FR3053549A1 (fr) | 2018-01-05 |
FR3053549B1 true FR3053549B1 (fr) | 2018-07-27 |
Family
ID=57583156
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR1656240A Active FR3053549B1 (fr) | 2016-06-30 | 2016-06-30 | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. |
Country Status (5)
Country | Link |
---|---|
US (1) | US10922679B2 (fr) |
EP (1) | EP3479518A1 (fr) |
CA (1) | CA3029154A1 (fr) |
FR (1) | FR3053549B1 (fr) |
WO (1) | WO2018002351A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347635A (zh) * | 2018-11-14 | 2019-02-15 | 中云信安(深圳)科技有限公司 | 一种基于国密算法的物联网安全认证系统及认证方法 |
CN111639187B (zh) * | 2019-03-01 | 2023-05-16 | 上海数眼科技发展有限公司 | 一种基于知识图谱的知识问答验证码生成系统及方法 |
US20230065643A1 (en) * | 2021-09-01 | 2023-03-02 | Capital One Services, Llc | Devices and techniques to perform entropy-based randomness via a contactless card |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8700729B2 (en) * | 2005-01-21 | 2014-04-15 | Robin Dua | Method and apparatus for managing credentials through a wireless network |
US8290433B2 (en) * | 2007-11-14 | 2012-10-16 | Blaze Mobile, Inc. | Method and system for securing transactions made through a mobile communication device |
US20140032345A1 (en) * | 2012-07-30 | 2014-01-30 | Bank Of America Corporation | Authentication Using Transaction Codes on a Mobile Device |
FR3030828A1 (fr) * | 2014-12-22 | 2016-06-24 | Orange | Procede de securisation de transactions sans contact |
-
2016
- 2016-06-30 FR FR1656240A patent/FR3053549B1/fr active Active
-
2017
- 2017-06-30 US US16/314,174 patent/US10922679B2/en active Active
- 2017-06-30 EP EP17733483.6A patent/EP3479518A1/fr not_active Ceased
- 2017-06-30 CA CA3029154A patent/CA3029154A1/fr active Pending
- 2017-06-30 WO PCT/EP2017/066365 patent/WO2018002351A1/fr unknown
Also Published As
Publication number | Publication date |
---|---|
FR3053549A1 (fr) | 2018-01-05 |
CA3029154A1 (fr) | 2018-01-04 |
US20190228402A1 (en) | 2019-07-25 |
WO2018002351A1 (fr) | 2018-01-04 |
EP3479518A1 (fr) | 2019-05-08 |
US10922679B2 (en) | 2021-02-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200177583A1 (en) | Enhanced authentication based on secondary device interactions | |
CN111079103B (zh) | 一种身份认证方法和设备 | |
MY192318A (en) | Data sending method and apparatus | |
FR2959896A1 (fr) | Procede d'authentification d'un utilisateur requerant une transaction avec un fournisseur de service | |
RU2011145814A (ru) | Способ и система электронных платежей, в частности, с использованием бесконтактных платежных средств | |
EP2989601B1 (fr) | Transactions vocales sécurisées | |
MX2017012298A (es) | Sistema de procesamiento de pagos utilizando informacion de pago codificada y metodo para el procesamiento de los mismos. | |
PE20060898A1 (es) | Metodo y sistema para proporcionar comunicaciones seguras entre un dispositivo de computo del cliente y un servidor acoplados a una red | |
FR3053549B1 (fr) | Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants. | |
JP2017525058A (ja) | 認証コードエントリシステム及び方法 | |
KR20160119803A (ko) | 인증 시스템 및 방법 | |
KR20170092679A (ko) | 보안 인증을 가능하게 하는 시스템 및 방법 | |
CN105447715A (zh) | 用于与第三方合作的防盗刷电子优惠券的方法和装置 | |
MX2013014618A (es) | Metodo y aparato para la utenticacion de usuarios de terminales hibridos. | |
JP2015201844A5 (fr) | ||
JP2017513159A (ja) | O2o安全決済方法及びo2o安全決済システム | |
CN105813060A (zh) | 一种获取虚拟用户身份的方法及装置 | |
CN106027560A (zh) | 一种面向智能终端的安全传输方法及系统 | |
CN104955029A (zh) | 通讯录保护方法、装置及通信系统 | |
FR3052283B1 (fr) | Procede de fourniture de donnees relatives a une transaction de paiement, dispositif et programme correspondant | |
CN102624892B (zh) | 一种防止外挂客户端模拟http请求的方法 | |
CN105828324A (zh) | 一种获取虚拟用户身份的方法及装置 | |
US20170070882A1 (en) | Method and system for securing bank account access | |
FR3041132B1 (fr) | Procede de transmission de donnees, dispositifs et programmes d'ordinateur correspondants | |
CN111967047B (zh) | 基于大数据匹配的个人信息保护方法、装置及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PLFP | Fee payment |
Year of fee payment: 2 |
|
PLSC | Publication of the preliminary search report |
Effective date: 20180105 |
|
PLFP | Fee payment |
Year of fee payment: 3 |
|
PLFP | Fee payment |
Year of fee payment: 5 |
|
PLFP | Fee payment |
Year of fee payment: 6 |
|
TP | Transmission of property |
Owner name: BANKS AND ACQUIRERS INTERNATIONAL HOLDING, FR Effective date: 20211202 |
|
PLFP | Fee payment |
Year of fee payment: 7 |
|
PLFP | Fee payment |
Year of fee payment: 8 |
|
PLFP | Fee payment |
Year of fee payment: 9 |