WO2003071400A2 - Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers - Google Patents
Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers Download PDFInfo
- Publication number
- WO2003071400A2 WO2003071400A2 PCT/FR2003/000529 FR0300529W WO03071400A2 WO 2003071400 A2 WO2003071400 A2 WO 2003071400A2 FR 0300529 W FR0300529 W FR 0300529W WO 03071400 A2 WO03071400 A2 WO 03071400A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- entity
- personal
- sensitive data
- party
- personal electronic
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Definitions
- the invention relates to the management of sensitive data in data exchange systems.
- An example of such systems is based on the realization of electronic contracts between two parties or entities, for example a user and a service provider, using a third party entity. The latter then acts as a representative of the user, being able to negotiate on his behalf with service providers, while protecting his personal data.
- the trusted intermediary 2 keeps in memory the data characteristic of a contract concluded between two entities, such as a user and a commercial entity for example.
- the trusted intermediary provides electronic proof of the contract signed.
- the operating principle of such an organization is presented schematically in FIG. 1.
- the trusted intermediary 2 has two interfaces: a so-called “service provider agent” 4 which dialogues with the service providers FS, and a so-called “agent staff "6 who dialogues with U users. These two agents 4 and 6 interact with each other via a dedicated link 8.
- the user U is connected to the personal agent 6 by the Internet network 10, for example by means of a personal computer PC 12.
- a disadvantage of this system is that the trusted third party 2 needs to know all of the user's personal data in order to carry out the transactions in place of the latter, and that this personal data is vulnerable in two respects of view: they are stored on a computer which is not by nature secure, and they escape the control of ' their owner.
- the invention provides technical security means which can be integrated functionally in such a system. These means are based on a personal electronic medium held by a user and which can dialogue with the personal agent or other trusted organization.
- the support manages, under the own control of its holder user, the disclosure of certain sensitive data for which this user judges it undesirable to leave the management of the disclosure to his personal agent. Sensitive data as well are selected by the user.
- the invention provides, according to a first aspect, a method of representing a first entity by a third entity to which a second entity is addressed to request sensitive data from the first entity, characterized in that it involves the following steps:
- - the third party entity dialogues with the second entity and with the first entity using a personal agent interface;
- - the first entity controls the communication of at least part of the sensitive data from the third entity to the second entity by means of a personal electronic medium, via the following steps: - a security agent of the electronic medium personnel ensures dialogue with the personal agent; the security agent of the personal electronic support ensures the reading of at least the part of the sensitive data and / or of the criteria for the inhibition of their disclosure.
- control can be carried out by interfacing with the user in order to obtain his authorization or prohibition, ensured by the security agent of the personal electronic medium, or by secure storage of at least part of the data. sensitive in the personal electronic medium, outside the third party entity.
- the invention provides a system for exchanging data between a first and a second entity via a third entity, the system being characterized by a means of communication in the third entity and a support. electronics in the first entity with the characteristics described below.
- the invention provides a personal electronic medium intended for the method according to the first aspect, comprising:
- the invention provides a communicating terminal allowing a first entity to communicate with a third entity which represents it, characterized in that it implements a support according to the third aspect.
- the invention provides a third-party entity representing a first entity, characterized in that it comprises means for dialogue with a personal electronic medium according to the third aspect, making it possible to transmit at least one data item belonging to the first entity under control of said medium.
- This third-party entity can store in memory the characteristics of a contract concluded between the first entity and a second entity.
- FIG. 1 is a simplified diagram showing the operation of a trusted third party organization forming a link between service providers and users; and - Figure 2 is a diagram which reproduces that of Figure 1 by adding the elements allowing the implementation of the invention according to a • preferred embodiment.
- a user U of the trusted third party organization 2 has a personal electronic medium which ensures the management of his sensitive data. These are the data for which he wishes to retain a right of control as to their disclosure by the trusted organization 2 to a service provider for example.
- the latter can be a commercial enterprise offering online services or wishing to prospect online, an institutional body allowing remote exchanges, etc.
- the personal electronic medium is a smart card 14 of the SIM or USIM type (English acronym for “(universal) subscriber identification module”) integrated into a mobile telephone terminal 16 of the user U, thus conferring a new function to this card.
- a SIM chip card in itself contains enough basic technical resources to perform this function: microprocessor 15, memories: RAM of the "RAM” type 18, frozen of the "ROM” type 20, electrically programmable of the "EEPROM” type 22, communication interface (by contacts), communication programs, means of loading data and programs , etc.
- Card 14 - which constitutes the personal electronic medium - intervenes in management in two possible ways:
- the sensitive data or data DS in its own memory (for example the EEPROM memory 22), these data then not being stored with the personal agent 6, and / or
- the card 14 can selectively exercise one or the other of these ways of intervening as a function of the sensitive data in question.
- Management at the level of the card 14 is carried out by application software, called "security agent application" 24, contained in the support (for example in the EEPROM memory 22 of the card 14).
- the security application ensures in particular: i) the dialogue with the personal agent 6, ii) the reading of the memory 22 storing the sensitive data DS and / or of the criteria CD for 1 inhibition of their disclosure and iii) 1 interfacing with the user.
- the personal agent 6 has software 26 for dialog with the security agent application 24.
- the security agent application 24 presents the user with a request for authorization to transmit (with indication of the data item and its disclosure condition).
- the security agent application 24 extracts in response the sensitive data in question from the memory 22 and transmits it to the personal agent 6.
- the security agent application 24 blocks the sensitive data in its memory 22. 2.
- the personal agent 6 has the sensitive data, but in association with an indication not to disclose it to a third party only with the user's prior agreement to each request. Two possibilities are then taken into account: - 2.1. .
- the security guard application 24 in the card 14 includes an indication of the disclosure condition.
- the personal agent 6 indicates on the card, with his request, the disclosure condition (for example the name of the requesting third party).
- the security guard application 24 first determines whether it is able to pass judgment on the condition transmitted by the agent. If the answer is negative, it goes to the possibility presented in section 2.2 below; if the answer is positive, it compares the condition indicated by the agent with that (s) recorded for this data.
- the security agent application 24 sends a validation signal to the personal agent 6, allowing the latter to disclose the data to the requesting third party (for example a service provider FS).
- a service provider FS for example a service provider FS
- the security application 24 sends an inhibition signal to the personal agent 6, preventing the latter from extracting the data from its memory.
- the security guard application 24 in the card 14 has not recorded conditions for disclosing the sensitive data, or is confronted with a condition indication of a type not listed among its possible conditions (for example the name of a new third party).
- the security agent application 24 presents the user U with a request for authorization to disclose (with indication of the data item and its disclosure condition).
- the security application 24 sends a validation signal to the personal agent 6, allowing the latter to disclose the data to the requesting third parties. If he expresses his refusal, the security agent application sends an inhibition signal to the personal agent, preventing the latter from extracting the data from his memory.
- the safety officer applying • 24 is in the form of an applet (called "Applet security agent") loaded into the card 14 is in personalization, either postpersonnalisation.
- the security agent applet 24 also manages the interface with the user U on the mobile telephone terminal 16, in particular to communicate to him a request for authorization to transmit sensitive data or to accept a validation or inhibition signal. access by the personal agent 6.
- This interface advantageously uses the display 16a of the mobile terminal to present the conditions and the keyboard 16b to receive a response from the user U.
- the communication between the applet security guard 24 and the personal agent 6 is carried out on the wireless channel used by the mobile telephone terminal 16, for example according to the GSM protocol. In the example, this communication passes through a mobile telephone network operator 28 and the communications are advantageously made by SMS messages.
- MMS (acronym for "multimedia messaging service”).
- the security agent applet 24 can respond to the personal agent 6, via the dialogue software 26, also by SMS messages, the latter serving to transmit sensitive data, a validation signal or a signal inhibition.
- the security agent applet 24 can respond to the personal agent 6, via the dialogue software 26, also by SMS messages, the latter serving to transmit sensitive data, a validation signal or a signal inhibition.
- the dialogue between the card 14 and the personal agent 6 can be secured by any known means (encryption, etc.).
- the recipient of sensitive data (or inhibition / validation signals) emitted by the medium this recipient can be any centralized private or public management system; - the personal electronic medium held by the user, this medium being able to be a smart card of any type, an electronic token, an electronic badge, or any other personal electronic object making it possible to communicate via a platform or by himself, terminal on the user side, this terminal can be any mobile telephone, landline telephone, communicating personal digital assistant, personal computer, etc., of the link connecting the material medium held by the user or his terminal with the recipient of sensitive data , this link can be based on any wireless or wired communication protocol,
- the security agent applet 24 (or the like) can be provided for transmitting a secure data item not in return to the personal agent 6 (or the like) having made the request, but directly to the final recipient (for example the service provider FS), by calling the connection number of the latter.
- the hardware support 14, 16 held by the user can also allow an update or a controlled loading of sensitive data from the personal agent 6 (or any other authorized third party).
- the security agent applet 24 will then ensure the validation of the loading or modification under control of the user, either by presenting the request for loading or updating with the possibility of accepting or refusing, or by performing automatic filtering on the basis of criteria fixed beforehand by the user.
- the invention is suitable for financial transactions, in particular for processing electronic payment in the context of electronic commerce.
- the bank details will be stored on the smart card of the personal electronic medium and used as described above in section 1.2.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2003222576A AU2003222576A1 (en) | 2002-02-18 | 2003-02-18 | Device and method for making secure sensitive data, in particular between two parties via a third party entity |
JP2003570227A JP2005518039A (ja) | 2002-02-18 | 2003-02-18 | 第三者を経由しての2者間で機密データ通信を保護するための装置と方法 |
US10/504,977 US20050177729A1 (en) | 2002-02-18 | 2003-02-18 | Device and method for making secure sensitive data, in particular between two parties via a third party entity |
EP03717408A EP1483645A2 (fr) | 2002-02-18 | 2003-02-18 | Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0202028A FR2836251B1 (fr) | 2002-02-18 | 2002-02-18 | Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers |
FR02/02028 | 2002-02-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003071400A2 true WO2003071400A2 (fr) | 2003-08-28 |
WO2003071400A3 WO2003071400A3 (fr) | 2003-11-13 |
Family
ID=27636271
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2003/000529 WO2003071400A2 (fr) | 2002-02-18 | 2003-02-18 | Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers |
Country Status (6)
Country | Link |
---|---|
US (1) | US20050177729A1 (fr) |
EP (1) | EP1483645A2 (fr) |
JP (1) | JP2005518039A (fr) |
AU (1) | AU2003222576A1 (fr) |
FR (1) | FR2836251B1 (fr) |
WO (1) | WO2003071400A2 (fr) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070073889A1 (en) * | 2005-09-27 | 2007-03-29 | Morris Robert P | Methods, systems, and computer program products for verifying an identity of a service requester using presence information |
US7788499B2 (en) * | 2005-12-19 | 2010-08-31 | Microsoft Corporation | Security tokens including displayable claims |
US8117459B2 (en) | 2006-02-24 | 2012-02-14 | Microsoft Corporation | Personal identification information schemas |
US8104074B2 (en) | 2006-02-24 | 2012-01-24 | Microsoft Corporation | Identity providers in digital identity system |
US20070208750A1 (en) * | 2006-03-01 | 2007-09-06 | International Business Machines Corporation | Method and system for access to distributed data |
US20070220009A1 (en) * | 2006-03-15 | 2007-09-20 | Morris Robert P | Methods, systems, and computer program products for controlling access to application data |
US8078880B2 (en) | 2006-07-28 | 2011-12-13 | Microsoft Corporation | Portable personal identity information |
CA2571666A1 (fr) * | 2006-12-12 | 2008-06-12 | Diversinet Corp. | Stockage et transfert de donnees d'identite et de renseignements personnels proteges |
US8407767B2 (en) | 2007-01-18 | 2013-03-26 | Microsoft Corporation | Provisioning of digital identity representations |
US8087072B2 (en) | 2007-01-18 | 2011-12-27 | Microsoft Corporation | Provisioning of digital identity representations |
US8689296B2 (en) | 2007-01-26 | 2014-04-01 | Microsoft Corporation | Remote access of digital identities |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0951158A2 (fr) * | 1998-04-14 | 1999-10-20 | Citicorp Development Center, Inc. | Système et méthode de control de la transmission d'information mémorisée vers des sites Web |
WO2001050299A2 (fr) * | 1999-12-29 | 2001-07-12 | Pango Systems B.V. | Systeme et procede pour la divulgation incrementielle d'informations personnelles a des fournisseurs de contenus |
WO2001055921A1 (fr) * | 2000-01-28 | 2001-08-02 | Fundamo (Proprietary) Limited | Systeme d'enregistrement de donnees concernant des informations personnelles et ses utilisations |
US20010011250A1 (en) * | 1997-11-12 | 2001-08-02 | Cris T. Paltenghe | Distributed network based electronic wallet |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1397054A (zh) * | 2000-01-28 | 2003-02-12 | 梵达摩(私人)有限公司 | 具有增强功能的银行系统 |
-
2002
- 2002-02-18 FR FR0202028A patent/FR2836251B1/fr not_active Expired - Fee Related
-
2003
- 2003-02-18 WO PCT/FR2003/000529 patent/WO2003071400A2/fr not_active Application Discontinuation
- 2003-02-18 AU AU2003222576A patent/AU2003222576A1/en not_active Abandoned
- 2003-02-18 EP EP03717408A patent/EP1483645A2/fr not_active Ceased
- 2003-02-18 JP JP2003570227A patent/JP2005518039A/ja not_active Withdrawn
- 2003-02-18 US US10/504,977 patent/US20050177729A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010011250A1 (en) * | 1997-11-12 | 2001-08-02 | Cris T. Paltenghe | Distributed network based electronic wallet |
EP0951158A2 (fr) * | 1998-04-14 | 1999-10-20 | Citicorp Development Center, Inc. | Système et méthode de control de la transmission d'information mémorisée vers des sites Web |
WO2001050299A2 (fr) * | 1999-12-29 | 2001-07-12 | Pango Systems B.V. | Systeme et procede pour la divulgation incrementielle d'informations personnelles a des fournisseurs de contenus |
WO2001055921A1 (fr) * | 2000-01-28 | 2001-08-02 | Fundamo (Proprietary) Limited | Systeme d'enregistrement de donnees concernant des informations personnelles et ses utilisations |
Also Published As
Publication number | Publication date |
---|---|
AU2003222576A1 (en) | 2003-09-09 |
EP1483645A2 (fr) | 2004-12-08 |
WO2003071400A3 (fr) | 2003-11-13 |
FR2836251B1 (fr) | 2004-06-25 |
JP2005518039A (ja) | 2005-06-16 |
US20050177729A1 (en) | 2005-08-11 |
FR2836251A1 (fr) | 2003-08-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0932317B1 (fr) | Procédé de transfert d'information chiffrée entre un module d'identification d'abonné et un terminal mobile radio | |
EP1253504B1 (fr) | Procédé d'utilisation de logiciels et systeme informatique pour mettre en oeuvre le procédé | |
WO1998013991A2 (fr) | Procede et systeme pour securiser les centres de gestion d'appels telephoniques | |
FR2821225A1 (fr) | Systeme de paiement electronique a distance | |
WO2003071400A2 (fr) | Dispositif et procede de securisation de donnees sensibles, notamment entre deux parties via un organisme tiers | |
WO2016034810A1 (fr) | Gestion de ticket électronique | |
FR2809260A1 (fr) | Procede d'approvisionnement d'un compte prepaye | |
WO2001030093A1 (fr) | Systeme et procede de transmission de messages, et utilisation du systeme de transmission pour l'investigation de services fournis | |
FR2810433A1 (fr) | Systeme et procede de couponnage electronique | |
WO2002052389A2 (fr) | Methode anti-clonage d'un module de securite | |
WO2002059845A1 (fr) | Carte a circuit(s) integre(s) ou carte a puce(s) integrant une couche logicielle de securisation et dispositif de communication cooperant avec une telle carte | |
FR2867650A1 (fr) | Procede et terminaux communicants pour l'identification d'eligibilite d'un utilisateur par un code a barres | |
EP0172047B1 (fr) | Procédé et système pour chiffrer et déchiffrer des informations transmises entre un dispositif émetteur et un dispositif récepteur | |
EP1912182A1 (fr) | Autorisation d'une transaction entre un circuit électronique et un terminal | |
EP0817144B1 (fr) | Procédé de contrôle de l'utilisation d'un messageur, messageur fonctionnant selon ce procédé et carte à puce pour l'accès conditionné à un messageur | |
WO1997031343A1 (fr) | Carte de gestion de comptes multiples et procede de mise en ×uvre | |
EP0831434A1 (fr) | Procédé de fermeture, notamment de mise en opposition, d'une pluralité de services, et serveur de fermeture, terminal d'acceptation et dispositifs portatifs associés | |
EP1479255A1 (fr) | Procede de controle d'acces a au moins certaines fonctions d'un terminal telephonique mobile | |
FR3042374A1 (fr) | Aide a l'etablissement d'une communication telephonique par provision d'informations sur l'utilisateur appelant | |
FR2752977A1 (fr) | Dispositif portatif de mise en opposition d'une carte de transaction, terminal d'acceptation et procede correspondant | |
BE1019350A3 (fr) | Usage d'une carte d'identite electronique en tant que carte d'affiliation. | |
EP1400935A1 (fr) | Système pour opérer un transfert d'informations, simplifié par l'utilisation d'une relation pré-établie et applications | |
WO2003065181A1 (fr) | Procede de controle de l'exploitation de contenus numeriques par un module de securite ou une carte a puce comprenant ledit module | |
EP1588252B1 (fr) | Procede et systeme de transfert de donnees entre des bornes publiques interactives et des terminaux personnels | |
WO2002075674A2 (fr) | Systeme et methode de renouvellement de donnees d'identification sur un dispositif de transaction portatif |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003570227 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003717408 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2003717408 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10504977 Country of ref document: US |
|
WWR | Wipo information: refused in national office |
Ref document number: 2003717408 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2003717408 Country of ref document: EP |