法国专利FR3080934A1 METHOD AND SYSTEM FOR PERFORMING SECURE DATA EXCHANGE

专利PDF首页>>法国专利

专利附录

专利说明

权利要求

类似技术

同族专利

引用文献

法律状态

优先权

专利摘要:
A method for performing at least one secure exchange within a system comprising first and second electronic devices (20A, 20B) and a dual reader (10) having connection means for each of the devices and preferably a human machine interface, and at least one server (30) to which exchange information may be communicated, which method comprises the steps of: a) entering, in the reader (10), at the interface of its interface or an external device connected to it, information relating to an exchange to be made between the first and second devices (20A, 20B), b) register in the first device (20A), using the reader (10), a information relating to the exchange, c) register in the second device (20B), in particular with the aid of the reader (10), information relating to the exchange, and failing this, cancel the exchange, d) transmit the data relating to the the transaction to the server (30).
公开号:FR3080934A1
申请号:FR1853789
申请日:2018-05-02
公开日:2019-11-08
发明作者:Bruno SANGLE FERRIERE
申请人:Marbeuf Conseil Et Rech；
IPC主号:

专利说明:

The present invention relates to methods and systems for performing secure data exchanges.
State of the art
Payment cards are widely used today to make secure payments. It is possible to debit or credit a bank account associated with a card using a reader in which the card is inserted or to which it is reconciled in the case of contactless communication. This reader must most often communicate with a remote server during the transaction, which sometimes blocks it if no network is available.
In addition, currently, when a certain amount of money must be debited from an account associated with a payment card for the benefit of that of another person, the latter must, in order to be able to use the amount received with his credit card. payment, more often than not wait until the corresponding amount has actually been transferred.
Cash payments are thus encouraged in the absence of a network and in many situations where people wish to be able to quickly re-use the money received, with the disadvantages associated with holding cash, in particular the risk of loss or false denominations. .
summary
There is a need to remedy all or part of these drawbacks, and more generally, to find a new way to encourage financial transactions and, more generally, to securely transmit any computer file or any quantity entered in the minus a register linked to such a file, or independent.
The invention aims to meet this need and it achieves this, according to one of its aspects, by means of a method for carrying out at least one secure exchange within a system comprising first and second electronic devices and a double reader. comprising means for connection to each of the devices and preferably a man-machine interface and at least one server to which information relating to the exchange can be communicated, this method comprising the steps consisting in:
a) Optionally establish a first secure connection to the first device using the reader,
b) possibly establishing a second secure connection to the second device using the reader,
c) enter, in the reader, using its interface or an external device connected to it, information relating to an exchange to be carried out between the first and second devices,
d) write in the first device, using the reader, information relating to the exchange,
e) enter in the second device, in particular with the help of the reader, information relating to the exchange, and failing this, cancel the exchange,
f) possibly confirm in the first device, in particular using the reader, information relating to the exchange,
g) transmit the data relating to said transaction to said server.
By "exchange" should be understood a transfer or a copy between the two devices of a computer file or one or more quantities entered in one or more registers of said devices, this transfer can then be partial or total. This exchange can correspond to an exchange or transfer of documents but also to a payment or any other transaction, financial or not.
There are preferably several servers. In what follows, what is described for a server also applies when there are several servers.
Preferably, the method comprises steps a) and / or b). The first and / or second devices can communicate information to the reader, in particular information relating to an inventory of the documents saved in the devices so that the reader can integrate them into a menu.
Steps a) and b) can be omitted, in particular if the list of files and transferable quantities is known to the reader independently of the electronic devices, for example if the system is restricted to the transfer of certain types of files or quantities or if the user can assume the presence of said files or quantities on electronic devices.
If in step e) the registration cannot take place, then the double reader will detect it, for example for having waited for a set time in the system, such as 1 min for example, without being presented with a second device electronic. It will then cancel the transaction which will be transmitted to the first electronic device if it is connected to the double reader or approached again from the double reader, or, if subsequently, via another dual reader and from the server, the second electronic device is synchronized to the server after the first double reader has transmitted, directly or indirectly, the cancellation information to this server. The dual reader can also write the cancellation information on other electronic devices without affecting them other than by their use as a vector of information, this cancellation information can be passed to the servers during their subsequent use. Thus the validity of the registration on the first device is conditional on the registration on the second device of the information relating to the exchange; the validity of the registration on the first device can be communicated, after the registration on the second device, to the first device via the double reader, or subsequently, via the server and then another double reader .
Preferably, the method includes step f).
If step f) is omitted when the first device receives a file or a certain amount representing part or all of a quantity entered in a register, it will be credited with said file or said amount during a subsequent connection to the same double reader, or via a connection to the server and the same or other double readers. Finally, if the first device is inserted in the dual reader, steps a), d) and f) can be performed automatically, without requiring manual intervention.
Step g) can take place immediately after the transaction, for example less than 5 minutes after, or longer after.
If step g) does not take place immediately after the transaction, the information relating to the exchange can be communicated to the server through the dual readers which, subsequently, will enter into communication with the second electronic device, or with the first or second electronic device if step f) has taken place, or with an electronic device to which the file or another amount derived from the quantity debited from the first device will have been transferred later.
By "double reader" is meant a reader capable of implementing the invention and therefore of exchanging simultaneously and / or successively with two electronic devices according to the invention.
Whether the secure exchange is a financial transaction or the transmission of a single file, thanks to the double reader and according to the invention, connection to a remote server at the time of the transaction is not necessary, which, while allowing a secure transaction, facilitates it.
Transaction
By "transaction" is meant the transmission of an electronic file or one or more amounts from quantities entered in registers linked to said file, or independent.
The transaction can consist of a transfer from one electronic device to another, with deletion of the file or adjustment of the quantity transferred from the source electronic device of the transferred amount, or simply of a communication of a file or of quantities linked to the file, or independent, for consultation by the dual reader, by a server or by another electronic device connected to the reader, the file or the quantity then remaining on the electronic device where it is originally present and its communication to the second electronic device can only aim to allow the latter to recover the corresponding information.
The file or the quantities can represent a number of points, or a document to be presented in certain circumstances, in the event of control, such as an identity or reduction card, or a transport ticket. In this case, the file can be kept or not on the electronic device after the transaction, for a new control. It may also be a document with or without an expiry date, such as a reduction voucher, a fixed price for access to ski lifts or other equipment or installations, an audio, video recording, a book or other, for example borrowed rented or purchased.
It may also be confidential information, an electronic key or a memo requiring to be revealed or transferred a biometric accreditation or the entry of a code, such as a password. 'act of money, but the invention also covers the exchange of bearer shares, CO2 emission rights, or any type of bonus or penalty, for example points distributed during an examination, during a game, or certain attributes of an official document, such as driver's license points.
Each electronic device is associated with an account, the management of which is ensured by one or more servers external to the dual reader.
The server (s) record all transactions linked to the account but also the files and quantities entered in the registers of electronic devices. These transactions are reported to them at the time of the transactions, or later. The operations affecting a file or a quantity are validated by the servers and recorded as such on these as soon as the servers know all the transactions which link a file or a quantity transferred to an electronic device which contained the initial file or quantities. ', themselves previously registered and validated by the servers following other transactions or modified by an external application authorized for this purpose; this makes it possible to ensure on the one hand that each transaction debits or credits an account only once, and on the other hand that any credit of an amount of an account is compensated by the debit of a quantity of '' another account if the transaction corresponds to a transfer, and not to a consultation. For example if an electronic device A transmits a file or a quantity to an electronic device B which transmits it to an electronic device C, the presence of the file or the value of the quantity entered on the electronic device C will not be validated by the servers before they have been informed of the two transactions: from A to B and from B to C (chaining). This information process can be implemented during the synchronization of the electronic device carrying the last transaction, the intermediate transactions being recorded on it during this last transaction. The files and quantities can also be updated by the intervention of a computer system external to the system and empowered to do this. For example, the computer system of a company issuing discount cards can connect to servers to deposit on the account of an electronic device a file corresponding to one of its discount cards. The servers will communicate this file to the electronic device concerned when they are connected to the electronic device, through a double reader itself connected to the servers.
A transaction may be subject to certain constraints, depending for example on the nature of what is transferred; thus, a quantity can be forced to vary within a predefined range of values, with the possibility of variation in predefined increments if necessary. Typically a currency account will have a balance which will vary with a multiple increment of hundredths of a unit, a minimum of 0 and a fixed maximum. The double reader can thus operate the transfer of quantities entered in a register of a first electronic device from or to the register of other electronic devices, ensuring that at the end of each transfer certain rules present in the double readers at the time of transfer are respected for each of the initial values of said registers incremented by the quantities received and from which the quantities sent have been subtracted; these rules can notably be to remain greater than or equal to zero and less than a maximum. The system can be designed to associate a quantity with any file which would not otherwise be associated with any quantity, assigning it an increment of 1, a minimum of zero and a maximum of 1; the system can thus allow the transmission of the file while ensuring that said file is present at all times on only one of the electronic devices of the system by using validation procedures designed for the transfer of quantities.
The authenticity on an electronic device of a file or a quantity subject to transactions is preferably ensured by the fact that this file or this quantity can be made unavailable on an electronic device as soon as this is transferred to another electronic device, or that, if the transaction is partial, the amount transferred from the quantity of a first electronic device to a second is subtracted from the quantity of the first device before or at the same time being added to the entered quantity on the register of the second electronic device; moreover, a control can be installed so that this transferred amount is not greater than the quantity initially registered in the register of the first electronic device.
It is possible, for example, to ensure that the object of the transfer consists of virtual tickets of value, the total quantities of which through the system correspond to a balance on a bank account. The file can represent the virtual currency, and the quantity can represent the value of the ticket. The transaction can take place on these virtual tickets. The owner of the bank account issuing these virtual tickets may, through its external application, authorize the system to increase the quantity associated with the file of an electronic device by a certain amount against credit by the same amount but in real currency in said bank account , by the holder of the electronic device; and conversely, will undertake to credit the bank account of a third person against the debit of the amount associated with said virtual tickets, recorded on an electronic device held by the third person. To transfer a sum of money from a first electronic device to a second, a user can transfer all or part of the quantity associated with this virtual ticket present on his electronic device as well as the computer file associated with this virtual tickets -s' it is not already there - to a second device. Preferably, the issuer of virtual tickets will only credit the third party's bank account if the amount to be debited has been validated by the servers.
The same electronic device can be arranged to carry out transactions relating at the same time and conditionally to different files and quantities. For example, a file and a quantity of the electronic device stores a number of transportation tickets available on the device, while another file and another quantity stores a sum of money available on the device.
The files and quantities (electronic files and / or associated quantities entered in registers) can come from and be updated, through the servers, by a third-party external application, belonging for example to a company issuing the file or the quantity entered. , such as a ticket vendor or a bank.
The issuer will be able to - assign to the files or quantities that it sends information that allows a certain fungibility with virtual notes issued by other banks; the dual reader is then authorized to display the total sum of the quantities associated with the same currency and to receive global transfer instructions on this currency so that the user does not have to mention the issuing banks linked to the virtual tickets , the double reader responsible for breaking down each global transfer into transfers corresponding to the various virtual tickets present on the debited electronic device.
The transaction between the two electronic devices via the dual reader can take place without connection to a remote server. It is however possible, in particular to ensure immediate synchronization with the servers of the operations carried out and / or a check, to connect the dual reader to the servers during the transaction. In this case, the dual reader can be connected to a cellular data network such as 3G, or to an external device, for example a microcomputer, a telephone or a dedicated terminal, connected to the internet. To carry out a transaction with a third party external application, the user will therefore be able to use an external device connected to the double reader thanks to which he will be able to choose the one of the two electronic devices connected to the double reader with which he wants to interact, and also select the file and / or the any quantity he wishes to send or receive.
Before each transaction, an `` available '' quantity equal to the recorded quantity increased by credit transactions and reduced by previous debit transactions can be calculated, and any transaction aimed at debiting this account beyond this available balance may be refused. A `` safe available '' quantity can also be calculated corresponding to the quantity, minus previous debit transactions for this same quantity. This calculated quantity can be qualified as safe insofar as it does not take into account credit transactions which have not yet been validated by the servers.
The dual reader can generate transactions by recording them on each of the electronic devices debited or credited and, if necessary, copying the file subject to transfer to the credited device if it is not already there.
The dual reader, to carry out a transfer of quantities, will be able to decompose this transfer into sub-transfers associated • with the quantity present on the electronic device, • or with credits written on it from previous transactions, while checking for each sub - item debited, quantity or previous transaction, that the amount debited does not exceed the safe quantity, or for previous transactions, the amount of the initial credit transaction minus the amounts of the debit transactions that may have been associated with it in the past .
It is possible to provide functionalities aimed at limiting transactions; for example imposing a maximum quantity limit, or transaction amount.
The transactions, files and quantities recorded on electronic devices can be communicated to the servers each time they are connected long enough via the internet.
The dual readers can serve as a relay to inform the servers which list the transactions coming from electronic devices with which they will have communicated, but without necessarily having generated said transactions.
When, or after a connection from an electronic device to a server, the latter can uniquely validate transactions and calculate new files and quantities for the device as well as:
- a list of transactions which can be deleted during the next connection, - a list of transactions which must be made or which must be deleted when updating the balance, - a list of transactions reported to the servers by d '' other electronic devices and readers but not yet present on the electronic device in question, in particular if a transaction has created a debit on an electronic device but the corresponding credit transaction has not been communicated to the credited device, for example if its user failed to attach his card to the reader one last time during the transaction, or if the debit transaction with unknown counterparty noted on the card could not be replaced by the same transaction but containing the counterparty identifier.
During a new connection of the device or during the same connection if it lasts long enough, the actions related to each of these lists mentioned above as well as the possible update of files and quantities can be carried out.
The system can be configured so that, when necessary, the updates of certain transactions and certain quantities and files are concomitant. For example if the update consists in integrating into a quantity a transaction representing a contribution of 1, this transaction will be deleted from the device at the same time as the register containing the quantity will be incremented by 1.
Electronic device
The electronic device according to the invention is preferably compatible with existing payment terminals.
Preferably, the electronic device is in the standardized format of a credit card, as defined by the ISO 7810 standard. It can alternatively be a mobile phone or a SIM card type pluggable into a cellphone.
When in the form of a card, the device advantageously has a chip provided with a connector enabling it to be inserted into the double reader and to communicate with the latter.
The electronic device can also be equipped with a system making it possible to communicate with the double reader by a contactless link, for example an RFID system.
The electronic device can contain a protected private key and a memory, for example flash memory encrypted using the device's private key, and possibly a processor. The memory containing the private key is preferably physically protected so that its physical access leads to its own destruction before the information therein is extracted. The holder of the device will no longer be able to use it and will have to contact the operator of a central server which, if the latter can identify the electronic device and has the appropriate procedures adapted to the use of the system, may possibly recover , from the server, files and quantities present on the electronic device and place them on a new electronic device.
The electronic device may include an electrical energy source, for example a battery, an induction system, or a capacity, super-capacity or accumulator, which is recharged when connected to a reader or otherwise.
The electronic device can optionally have an interface allowing direct, unidirectional or bidirectional communication with a remote server, for example by using a wireless network with low energy consumption such as BLE (Bluetooth Low Energy), Sigfox, Lora , 4G LTE, etc ... This communication with the server can be used, when available, to speed up the synchronization of data between the electronic device and the server.
The electronic device can be arranged to carry out all or part of the following operations:
- check before any communication with a reader that it is one of the authorized readers,
- accept only encrypted information from which it is intended,
- encrypt and sign any outgoing information intended for a reader or a server.
The information recorded on the electronic device can be all or part of the following information:
• Copy of computer files and quantities, • history of the last transactions not yet validated by the server (s), • list of transactions carried out by the device with other electronic devices not yet recorded on the remote servers, allowing the servers to chain each transaction on the device to a quantity or a file of another electronic device, even if these transactions have not otherwise been communicated to the servers, • PIN code to possibly authorize transactions when the electronic device is plugged in twice reader or otherwise communicates with it, • electronic device identifier number, • private key of the electronic device not available outside said device.
We can also record within the electronic device for each file and quantity or type of file and type of quantity a minimum, a maximum and an authorized increment as well as possible rules constraining their transfer.
Double reader
The dual reader, which can also be called a “reader”, is suitable for establishing a secure connection with the electronic devices according to the invention for carrying out a transaction. It thus has means of communicating with these electronic devices.
This connection may involve physical contact between each of the electronic devices and the dual reader. As a variant, this connection can be made without contact, by a radio link, in particular of the NFC type. The double readers can be arranged to be able to allow secure exchanges with electronic devices in different places through two double readers linked by a computer connection. We could then possibly restrict this type of use to cases where one of the electronic devices has an owner whose identity will be revealed to the holder of the second electronic device before the latter makes the transaction.
The dual reader may have the possibility of being controlled by a computer, a telephone or an electronic system designed for this purpose. This can be particularly useful if the computer or the telephone functions as a cash register, a cash machine, or a train ticket vendor, for example. The dual reader can also integrate one of the electronic devices, the functionality of the integrated electronic device being able to remain effective when the lorsque dual reader ’functionality is switched off.
In an exemplary implementation of the invention, one of the electronic devices is a card which is inserted into a card reader corresponding to the double reader; the connection with the other electronic device, which can also be a card, can be carried out without contact while the first card is engaged in the reader. In this example therefore, the first connection is by contact and the second is contactless.
The dual reader can be arranged to allow the simultaneous exchange of information with the two electronic devices while the latter are connected to it, by contact or without contact.
As a variant, the exchange of information is asynchronous, and the double reader is arranged to exchange information only with one electronic device at a time; in this case, successive connections are made with the electronic devices to carry out the transaction.
The dual reader can be arranged to connect to an external server, while a transaction is carried out between two electronic devices, or outside such a transaction.
The dual reader can be in the form of a payment terminal such as those used today to make a payment using a bank card in a store, or else in the form of a reader having '' a keyboard similar to personal card readers used to certify a connection to a banking interface, but allowing entry of information relating to the exchange. The dual reader can have both a contact card reader and a contactless card reader, in particular of the NFC type.
The dual reader can have an interface allowing its connection to a computer network, for example the Internet via a 3G, 4G or Wifi network, if necessary via a computer or a telephone. The human machine interface of the dual reader may include a keyboard, preferably with keys, and at least one screen; the system then makes it possible to display two messages intended for the carriers of the first and second devices respectively.
Alternatively, the man-machine interface of the dual reader has a voice interface. The interface of the dual reader can also include means of identifying holders of electronic devices, such as the possibility of entering a PIN code or a biometric system which, after taking into account documents identifying said holders carried by said electronic devices , validate the suitability of an electronic device and its holder.
The human machine interface of the dual reader can be used to:
validate the connection to an electronic device inserted in the reader or connected to it otherwise,
- possibly select the file or the quantity to transfer,
- possibly enter a quantity relating to the transaction, for example a sum of money to be transferred, and indicate whether it is a sending or a reception for the corresponding electronic device,
- display messages, possibly head to tail, intended for the respective users of the two electronic devices,
- allow users to display the balance and / or one or more quantities, associated or not with a file, of their electronic devices,
- allow the PIN code to be changed,
- possibly allow to change the content of a file if this is authorized for this file,
- possibly allow the creation of files and associated quantities.
The human machine interface can be used to display one or more quantities associated with the transfer before confirmation of the transaction; the file relating to the transaction can also be displayed or played, in particular if it is an audio or video file; instructions for users can also be displayed or read.
If necessary, the man-machine interface is deported to another device with which the dual reader communicates by a wired or wireless link, such as for example a computer, a cash register, an electronic lock or a mobile phone.
The dual reader preferably has the means necessary to carry out the transactions described above and therefore to sign messages with the computer key which identifies it, the ability to calculate available quantities and in particular safe available quantities, to create messages representing, for example, transactions or instructions which will be recorded in electronic devices and means enabling servers to write, read and delete at will on electronic devices quantities entered in registers, transactions and lists of authorized readers.
Preferably, the dual reader has all or some of the following:
a connection for wired connection with a microcomputer or other terminal, for example of the USB type, a wireless connection with a microcomputer or telephone, for example of the Bluetooth type, a wireless connection for establishing a connection with an electronic device according to the invention , for example of Bluetooth type, or RFID a connector by contact for communicating with an electronic device according to the invention if it is inserted in the reader, an internal clock synchronized with each connection with the server and allowing the time stamping of transactions and balances, this clock being preferably precise, for example +/- 5 seconds per month, a physically protected memory, comprising the private key of the double reader and of which, preferably, physical access leads to its own destruction before the information can not be copied, at least one memory whose content is encrypted by its own private key and in which all or part of the following information may be recorded:
a code identifying the dual reader, a list of the latest transactions carried out via the dual reader and the corresponding files, a buffer list of transactions carried out by other readers, fraudulent transactions or balances or any other data that servers want to communicate to electronic devices or that electronic devices want to communicate to servers, shared or public lists and keys of servers and electronic devices.
The double reader can be arranged to carry out all or part of the following operations:
Read a PIN code and an identifier of the electronic device connected to it, calculate the quantities available, delete, write or keep transactions, have messages signed by the electronic device connected to it, update lists on the electronic device authorized readers and servers, depending on the security system adopted.
The invention also relates to the dual reader, considered as such.
servers
These are remote computer systems which contain accounts associated with each electronic device and dual reader on the basis of transactions carried out by the associated electronic devices, or on the basis of instructions from an authorized external application which could add or remove files and edit quantities.
The server or servers include at least one memory on which all or part of the following information is recorded:
1. for each electronic device;
a copy of the transactions that have not yet given rise on this device to a change in the quantity or the file to which the transaction relates, and their associated files, another copy being saved on the corresponding electronic device; each transaction that has been validated by the server will be marked as such;
• quantities and files saved on electronic devices;
• information making it possible to identify the lists of keys present on the electronic device;
2. for each double reader • information allowing the identification of the key lists present on the double reader.
3. server private key, preferably physically protected.
4. list of public keys for dual readers,
5. list of public keys for electronic devices,
6. list of public keys of other servers.
The servers communicate with each other and can for example distribute information by electronic device and by double reader; this can make it possible to store information relating to such or such double reader or to such or such electronic device, on such or such server; this can also allow the server to which any double reader connects to read and modify or have this information modified when necessary. The system may have only one server, reducing the complexity of the system.
The servers can be arranged to refuse any transaction aimed at debiting an amount in excess of it and mark such a transaction as fraudulent; this information may be communicated to the electronic device during the next connection. The transaction marked as fraudulent will no longer be taken into account. Transactions dependent on fraudulent transactions may also be canceled or marked as fraudulent.
The servers will be able to mark the transactions as valid as soon as in particular the following verifications have been made:
• that they relate to electronic devices and double readers valid during said transaction;
• either they debit a quantity resulting from a transaction itself having been validated by the servers before this verification, or they debit quantities or files previously registered by the servers on an electronic device, or they debit files created ex-nihilo using a double player and not yet transmitted;
• that they comply with the rules imposed on such a transaction at the time of this transaction, such as for example:
o the impossibility of debiting a quantity entered in a register by an amount which is greater if this rule is applicable to this quantity;
o the impossibility of debiting an amount greater than a quantity entered in the register of an electronic device adjusted by amounts from other transactions prior to the verified transaction and which this amount would debit, if this rule is applicable to this quantity;
o The impossibility of carrying out the transaction if other linked transactions are not carried out at the same time and these transactions have not all been carried out, one of these linked transactions may, for example, require biometric verification.
The transaction information may include information concerning the quantity present in the credited electronic device that may be necessary for the validation of the transaction by the servers.
The servers can be arranged to calculate and update a quantity only if they are aware of all the transactions marked as validated from device to device which link each credit to a debit of an amount already validated. In this way, no transaction coming from a reader or an electronic device not registered in the servers can give rise to variations in quantities. In addition, this will allow servers to credit quantities to electronic devices based on the same transactions linked to debits on other electronic devices, thereby ensuring the sustainability across all electronic devices of the total value of quantities, adjusted for all transactions validated but not yet taken into account by the quantities entered on the electronic devices. The servers can also be arranged to calculate and update the quantities debited and credited by the same transaction simultaneously. The servers will then keep in memory on the one hand the quantity registered on the electronic device, and on the other hand by the quantity updated by the server but not yet registered on said electronic device, to which will be linked the transaction which will have been used for the update and which will have to be deleted from said electronic device when copying the newly calculated quantity onto said device.
To facilitate this chaining, electronic devices may contain a copy of the other transactions having been carried out before the debit of a quantity or a file, these transactions making it possible to link this debit to initial files or quantities already validated by the servers, until these transactions are otherwise reported to the servers.
During a transaction with an external entity, the servers can start by calculating the quantity concerned, taking into account all the transactions related to the said quantity present on the device.
For a modification of document represented by a file or a quantity registered in a register of the electronic device, if the electronic device contains transactions on this document which have not yet been validated by the server, the double reader can follow the procedure below. - below provided for transactions with an external entity and therefore requiring synchronization with the server, then authorize and implement the modification of said file or quantity on the electronic device. The device will also be able to restrict file modifications to files that only have a register in which a quantity can be registered and of which this quantity would be forced to be only 0 yes.
The servers being accessible by connection to a data network, they can allow synchronization of data from at least one of the electronic devices with the said servers, via a computer or a telephone. An example of the synchronization process is described below with reference to FIG. 4.
The system for implementing the invention may include several private keys per server, which will be used interchangeably if this is necessary so that each server can respond quickly to dual readers and electronic devices.
In an exemplary implementation of the invention, the electronic devices comprising SIM type smart cards and an RFID connection, the system is arranged to allow transactions involving two dual readers remote from each other. The system will then be able to write down the identifiers of each of the two readers in the transaction record. A mechanism for pairing the two readers can be organized. This mechanism may include a means of displaying the identity of the holder of the remote electronic device and may also restrict transactions to transactions in which at least one of the electronic devices involved has an identifiable holder. The pairing mechanism may also include a means for one or each of the two paired readers to indicate the location of the other reader.
Security of files and quantities
By 'secure' we mean that the information cannot circulate or be modified in the system apart from the procedures specific to this one and cannot leave or enter it without authorization of the user in accordance with the procedures of the system which can depend on the type of each document.
The data present on the electronic devices according to the invention and the readers or servers are preferably secure: These data recorded in memory can only be interpreted in the presence of the electronic device or of the double reader which carries them, for example by encryption with using a key residing on this electronic device or dual reader.
Mechanisms for protecting software carried by electronic devices and dual readers are preferably present, so as to prevent fraudulent software being introduced into it. These softwares can be signed and their signature verified during their loading. These signatures can also be verified before any transaction.
Preferably, all communications between the various elements of the system are made in such a way that they can only be understood by the elements of the system and cannot come from third party elements outside the systems accredited for this purpose and linked to the servers, or ordering the dual reader instead of a user.
Each element of the system, i.e. each server, dual reader or electronic device, may have a private key which it is the only one to know but whose public key is associated with its identifier.
Advantageously, none of these private keys, whether servers, each dual reader or each electronic device, never leaves its support, and is advantageously physically protected by appropriate electronic technology.
A mechanism can be provided to allow the renewal of the keys of the servers and of each double reader.
Fraud detection
Since the dual reader includes a clock, the information entered in the first and second devices will be time-stamped from the time of the exchange.
The server may cancel transactions recorded on electronic devices if the chain of transactions to any transaction reveals that any rule associated with the transaction and configured in the server (s) has not been observed.
Preferably, the transactions are not erased from the double readers until they have been reported to the servers. The dual readers will advantageously have an indicator or other indicator showing their inability to function for new transactions if all their memory is used.
Any anomaly, for example of chaining, signature or date, is preferably marked as fraudulent.
Any balance, any transaction, any list detected as fraudulent, for example bearing a fraudulent signature, is reported to the servers and marked as invalid.
Fraud handling
The servers can be arranged to detect fraud and mark any transaction, list, balance or electronic device as fraudulent.
Their invalidation and possible rectification is transmitted to the electronic device.
An electronic device or reader can be marked as fraudulent, made inoperable, removed from the list of authorized electronic devices or dual readers, and marked as such. A list of fraudulent electronic devices may be communicated to the dual readers so that they deactivate the fraudulent electronic devices that connect to them.
Data integrity
Certain operations for recording quantities and transactions or others must be consistent with each other. The conversion of transactions into modification of quantity or file cannot be done without the two elements that are the transactions and the quantity or the file being updated or deleted together. A process can be used to ensure that electronic device update blocks are not validated until these information blocks have been correctly entered in full. We could for example assign to the information of these writing blocks a reference, this reference being marked as valid only when all the elements of the block have been written correctly. For the erasure of information which has become useless, we can in the same way write referenced erasure instructions, a procedure which subsequently genuinely erases these entries.
Communications security
Various techniques can ensure the security of communications between the various servers, electronic devices and dual readers. The description which follows is not intended to be exhaustive but only illustrative of techniques allowing such security.
List security
Each element of the system, that is to say each server, each double reader, each electronic device, can have a private key which is not duplicated anywhere but whose corresponding public key is known to the system and gathered in a list. . This key can be the same or different from the private key associated in any case with any element of the system (servers, electronic devices and dual readers) and used for updating its software, for its own updating and encryption of data within its memory.
These lists are therefore lists of public keys associated with each element. Thus, there is a list of public keys for servers, a list of public keys for readers, and a list of public keys for electronic devices.
The servers keep each of these lists, the double-readers too; all electronic devices have a list of public keys from servers and public keys from dual readers.
The lists are updated as soon as the elements of the system are connected long enough (double reader with servers, electronic device with reader, or electronic device with servers).
All data is sent only to an item listed on one of these lists, and encrypted so that only the recipient item can read it, and signed so that the recipient can verify the authenticity of the sender of the message. .
The system can allow, at the request of the server, the renewal of private keys and their associated public keys.
With this system, it can be ensured that each electronic device communicates only with a reader or a server of the same system. Likewise, it can be ensured that each reader communicates only with a server or an electronic device in the system, and this in an encrypted manner.
List security has the disadvantage of requiring a backup and an update of important lists on each electronic device and reader, but has the advantage on the one hand of making it possible to protect against the theft of private keys, these these being physically located on each material support and not being designed to leave it, which implies securing fewer technologies, and on the other hand ensuring their multiplicity, the theft of a key affecting a reader or an electronic device compromising only these.
Security by shared keys
The key lists of electronic devices, or the list of keys for dual readers or the list of keys for servers, can each be replaced by small lists of shared keys from dual readers, electronic devices or servers. These keys are said to be shared insofar as, even if they are secret and must not leave the system, they are found on several elements of the system. This replacement may be partial, for example only affecting the list of electronic devices, or the list of readers, or else the list of electronic devices and the list of readers, or else a list of certain readers and electronic device and servers. In these cases, the list of electronic devices, for example, no longer exists but is replaced by a shared key of electronic devices; the elements of the system must then use this shared key to communicate, which will avoid communicating with an element foreign to the system. These keys could be asymmetrical: private key / public key system, the private key of the elements of a list found on each of the elements inscribed on the list and the public key on each of the elements of the system that can enter into communication with the elements of said list, or symmetrical, this same key being found both on the elements inscribed on said list and on the elements of the system which can communicate with the elements inscribed on said list. These keys may be updated regularly to prevent two recently updated items from communicating with keys that may have been stolen. This update will be done by the server which, knowing the public key of each electronic device and each double reader, will confidentially transmit the new shared keys to it. Whether using list or shared key security, two elements of the system can thus be authorized to communicate with each other if they each have the public key corresponding to a private key located on the other element. , this private key being either unique and only placed on the element or shared by various elements of the system and then being located on several elements of the system. System elements can also communicate with each other if they each know the same secret key shared between them or between them and other elements of the system.
In an exemplary implementation, the electronic devices and readers no longer contain lists of public keys of electronic devices and of double readers but only one key shared by the double readers and another key shared by the electronic devices. Each electronic device and each dual reader also has a private key, but only the servers have the list of their associated public keys. The servers can then change and update said shared keys.
In another example of implementation, the presence of shared keys of double readers avoids the need for lists of public keys of the readers on each electronic device.
In another example of implementation, the presence of shared keys of electronic devices makes it possible to avoid the need for lists of public keys of the electronic devices on each dual reader.
Additional security
Other security measures can be introduced, including:
• the association of the electronic device with a user, entered in the electronic device or in the servers, • the need for the holder of the electronic device (s) to identify themselves to validate a transaction, for example by entering a PIN code or by using a biometric device before attaching the electronic device to the dual reader. These means of identification can be located either on the dual reader or on electronic devices, or even accessible to the dual reader through the device to which it can be connected. The dual reader or the electronic devices can therefore include means for identifying the user, these means being able to be biometric.
• adding buttons to the electronic device for validating transactions, or entering a PIN, • adding screens to electronic devices to display messages, files or quantities.
Detailed description of the figures
The invention will be better understood on reading the detailed description which follows, examples of non-limiting implementation thereof, and on examining the appended drawing, in which:
- Figure 1 shows, schematically, an example of a system for implementing the invention,
FIG. 2 is a block diagram illustrating different steps of an example of a data exchange method according to the invention,
- Figure 3 is a view similar to Figure 2 of an alternative embodiment of the invention,
FIG. 4 is an example of a chronology of data flow between an electronic device, according to the invention, and third-party software connected to the server,
FIG. 5 illustrates different steps that can be implemented to synchronize data between an electronic device according to the invention and a server,
FIG. 6 represents different steps that can be implemented to update the lists and keys of an electronic device or of a reader,
FIG. 7 represents different steps that can be implemented to update the software of an electronic device or of a reader, and
- Figure 8 shows different steps that can be implemented to synchronize the readers with the servers.
Illustrated in Figure 1 is an example of a system for implementing a method according to the invention.
This system includes a double reader 10 according to the invention, arranged to exchange information with two electronic devices 20A and 20B according to the invention, in credit card format in the example illustrated.
The dual reader 10 and the electronic devices 20A and 20B can exchange information with at least one remote server 30, for example via an internet or radio link, and via an optional device such as a microcomputer 40 or a mobile phone 41.
We will now describe, with reference to FIG. 2, steps of an example method according to the invention, for carrying out a transaction between two electronic devices 20A and 20B. This transaction is said to be synchronous in this example, since the electronic devices 20A and 20B must be connected simultaneously to the double reader 10 for the transaction to take place; the first secure connection and the second secure connection overlapping in time; the first connection can be by contact and the second can be without contact.
The transaction thus takes place between a first user A, having the first electronic device 20A according to the invention, and a second user B having the second electronic device 20B according to the invention.
User A begins, at a step 201, by inserting his electronic device 20A into the double reader. User B can optionally add his electronic device to the reader in step 201bis, to inform the reader of the nature of the files and the quantities therein.
In a step 202, the user A selects the operation that he wishes to perform, for example: Make a transaction / Balance or Balance-Balance; the latter choice corresponds to the display of the balance of the two devices 20A and 20B.
Then, in step 203, it selects the direction (send or receive), the file or the amount of the transaction; and fill in the quantity, if applicable, the amount in the case of a financial transaction.
Step 203 can be repeated if several transactions are linked, that is to say that the exchange must consist of several files or quantities sent or received simultaneously.
In step 204, he possibly enters his PIN code (Personal Identification Number) to validate the operation.
User B can read in step 205, on the screen of the dual reader 10, information proposing the transaction or knowing his balance.
He can enter a PIN code if the operation requires it, in step 206 and then affix in step 207 his electronic device 20B on the double reader 10 to carry out the transaction.
At a step 208, the reader displays that the transaction is complete
User B can then withdraw his card in step 209, and user A can do the same in step 210.
In step 211 the reader sends the information relating to the exchange to the servers.
In the case of grouped transactions, the same code can be assigned to each transaction. The transactions are first registered on the first electronic device but identified as "conditional" and associated with the code. Conditionality allows the system to take into account debits written on the electronic device but not credits, which will only be taken into account when conditionality has been lifted. Then the transactions are entered on the second device, also conditionally, and associated with the same code; but in this case none of the transactions will be taken into account until the conditionality is lifted. This can be lifted at the end of writing by writing to the second device, within a reasonable time set in the system, a new line called lifting of conditionality. This last line, once transmitted to the reader, will be transmitted to the first device and this simple line, written on the first electronic device, will lift the conditionality of transactions associated with the same code on this device. The instruction will then be communicated to the servers. If the lifting of conditionality is not recorded in reasonable time on the second electronic device, the reader will create during this reading of the second card, or during a re-reading of the first card, or later, a writing of 'cancellation of the group transaction. This entry will be communicated to the first device if it has not already received it, or to the second device if this one has not already received it, and to the servers. All transactions associated with this code, credit or debit, will then be canceled. The servers may then be responsible for preparing the instructions for deleting these transactions written on the two electronic devices.
The transfer of a file or a quantity present in the system can also be constrained by other rules attached to said files and quantities such as for example making their transfer conditional on the transfer of a copy of identity card, it -even possibly conditional on a biometric identification of the holder of the electronic device. The transfer constraint can also, for example, for an invoice issued by a merchant, be the reciprocal transfer of money corresponding to the amount of the invoice or else the transfer of carbon emission credits requested by regulations during the purchase of an object.
We will now describe, with reference to FIG. 3, a variant implementation of the invention, in the case of an asynchronous transaction.
User A begins, at a step 301, by approaching his electronic device 20A to the double reader 10; user B does the same in step 301bis. These operations are used to transmit to the reader the list of files and quantities contained in each electronic device attached to it; they can be omitted if the reader, depending on its configuration, can do without knowing the files and quantities transferable to electronic devices.
In a step 302 the user A selects the operation he wishes to perform, for example: Link a transaction / Balance or Balance-Balance, this latter choice corresponding to the display of the quantities available on the two devices 20A and 20B.
Then, in step 303, it selects the direction (send or receive), the file or the amount of the transaction.
Step 303 can be repeated if several transactions are linked,
In step 304, user A can enter his PIN code to validate the operation.
The transactions are then prepared by the dual reader 10 with an "unknown" counterpart.
In step 305, the double reader displays the proposed transaction and invites user A to approach his card.
In step 306, user A approaches his device, for example in the form of a map. All debit transactions are checked so that each available quantity to be debited on this electronic device is at least equal to the amount to be debited. The reader makes a copy of the previous transactions linking the files and quantities to be debited from this electronic device to files and quantities that have already been recorded on an electronic device by the servers. If one or more available quantities are not sufficient, the operation is canceled; otherwise, in step 307, user B is possibly invited to enter his PIN code, and to approach his device.
In step 308, user B enters his PIN code.
In step 309, user B approaches his device 20B, for example in the form of a card. All debit transactions are checked so that each available quantity to be debited on this device is at least equal to the amount to be debited. If one or more available quantities are not sufficient, a transaction cancellation entry is generated and is recorded on this device. Otherwise, transactions are entered there. The previous transactions, collected in step 306 on the device 20A are copied to the electronic device 20B. Thus, the information relating to the exchange includes information relating to previous exchanges concerning the same register or the same file. The reader makes a copy of the previous transactions linking the files and quantities to be debited from this electronic device 20B to files and quantities having already been recorded on an electronic device by the servers. The registrations and copies are sanctioned by the writing of a transaction validation instruction, which makes these transactions valid on the device 20B.
In step 310, user B is asked to remove his device and user A is asked to approach his device.
In step 311, user A approaches his device. The validation or invalidation instruction is transmitted to the electronic device 20A. The transactions written on this device 20A are at the same time updated with the finally known identity of the device 20B. Previous transactions, collected in step 309, are copied to the electronic device 20A. If this step 311 is omitted, these operations will be carried out later during another synchronization with the servers, after the latter have received the validation instruction which will have been communicated to them by the same reader, or by another reader with which the device 20B will have communicated later.
In step 312, the reader displays that the transaction is complete and invites user A to remove his device.
In step 313, the transactions and validation instructions generated during this exchange are transmitted to the servers as well as the transactions copied from the devices 20A and 20B in steps 306 and 309.
Illustrated in FIG. 4 is an example of data exchange between a user, the associated electronic device, and an external website controlling the insertion (credit) or the removal (debit) of a file or the variation of 'an amount of the system assigned to an electronic device.
The electronic device 20A or 20B is for example in credit card format. It can communicate with a server via a dual reader 10 or a computer or telephone. The user can communicate with a website which itself communicates with the server 30.
In step 401 the user opens an assignment with the third-party site.
In step 402 the user optionally attaches the electronic device 20A to the reader. The latter being connected to the server synchronizes the device 20A and the server 30. The quantities are updated according to the last transactions, as illustrated in FIG. 5. This step is not necessary if the transfer does not involve the file or quantity transfer from the device to the third-party site.
In step 403, the user chooses the files or quantities and direction of the transaction on the third-party site, to be transferred to or from it. The instructions for updating the balances of the electronic device are prepared.
In step 404 the third-party site verifies that it can make the transaction. It can for example provisionally debit the user's bank account then send to the server any files and finally display the transaction and offer the user to validate it by bringing his electronic device 20A to the reader, or by clicking on an icon if the electronic device 20A is already communicating with the server.
In step 405, the user approaches his electronic device 20A to the reader 10 or presses the icon. The instructions for updating the quantities are then written to the device 20A. The files possibly transmitted from the third-party site in step 404 are copied to the device 20A and possibly to the servers of the system. If this step does not take place within a reasonable time, the transaction is canceled and the third-party site is informed and the possible files transmitted in step 404 deleted from the servers and from the device 20A. Otherwise, the third-party site is informed of the success of the operation. The files transmitted from the device 20A to the third party site are effectively transmitted from the server to the third party site and are possibly deleted from the servers; an instruction for erasing said files from the device 20A is then generated.
In step 406, the reader displays that the transaction is complete and invites the user to remove his device 20A.
In step 407 the user removes his device 20A.
FIG. 5 illustrates examples of synchronization exchanges that can take place between an electronic device, for example in credit card format, and a server. This exchange takes place when the electronic device communicates with the reader and the reader with the server. It therefore requires only the insertion of the card 20A in the reader or its shoulder on the reader for the necessary time. The steps below describe the exchanges between the electronic device 20A and the server 30, through the reader 10.
In step 501, the user approaches his electronic device 20A to the reader.
In step 5021st server 30 possibly sends to the device 20A the transaction clearing instructions which it had already prepared.
In step 503 all the instructions for deleting transactions present on the electronic device 20A are implemented.
In step 504 all the instructions, transactions and files present on the device 20A but not present on the servers are copied to the servers through the server 30.
In step 505 the server calculates or has calculated by one of the servers of the system the new quantities and prepares the lists of transactions to be copied to, or erased from, device 20A.
In step 506 all the erasure instructions, transactions and new Quantities present on the servers 30 but not present on the electronic device 20A but which should be, or calculated in step 505, are copied to the electronic device 20A.
In step 507, all of the instructions for deleting transactions present on the electronic device 20A are implemented.
In step 508 the user is asked to remove his electronic device.
FIG. 6 shows an example of an organization for updating the keys and the lists of keys present on the readers or the electronic devices.
This figure assumes the presence of the electronic device (ED) and a reader, but the following steps also apply to synchronization of the reader alone.
In step 601, the electronic device, or the reader, sends its identity to the server.
The server prepares crypt and signs:
at. updating keys,
b. updates to the key lists, so that only the electronic device, or the reader, can read them. He signs the encrypted files with one of his keys of which he knows that the public key is present on the electronic device, or the reader. These update files contain information about what to delete, replace, and add. They can be split into several files to allow updating in stages.
In step 602, the file, encrypted and signed, is sent to the electronic device, or the reader.
In step 603, the electronic device, or the reader, verifies the signature of the file and decrypts it.
In step 604, the electronic device, or the reader, installs the keys and lists of keys in its internal memory provided for this purpose, then triggers the taking into account of this update.
In step 605, the device, or the reader, informs the server of the taking into account of the update file.
In step 606, the electronic device, or the reader, erases obsolete information from its memory.
FIG. 7 shows an example of an organization for updating the software of the reader or of the electronic device.
This figure assumes the presence of the electronic device (ED) and a reader, but the following steps also apply to synchronization of the reader alone.
In step 701, the electronic device, or the reader, sends its identity to the server.
In step 702, the server encrypts the software to be installed so that only the electronic device, or the reader, can read it. He also signs the file thus encrypted with one of his keys of which he knows that the public key is present on the electronic device, or the reader.
In step 703, the encrypted and signed File is sent to the electronic device, or the reader.
In step 704, the electronic device, or the reader, verifies the signature of the file and decrypts it.
In step 705, the electronic device, or the reader, installs the software in their internal memory provided for this purpose, without erasing the software already installed.
In step 706, the electronic device, or the reader, verifies that the new software has indeed been copied and changes the instruction to start the electronic device (or the reader) so that the latter, when it restarts, restarts in using the new software.
In step 707, the electronic device, or the reader, is restarted.
On startup, in step 708, the old software of the electronic device, or of the reader, is erased if it is still present there.
Figure 8 describes an example of reader synchronization with servers
In step 801, an update of the certificates and the lists is carried out.
In step 802, there is a sending to the server and then deletion of the transactions carried out with the reader and stored on it.
In step 803, there is possible reception of the list of electronic devices to be marked as fraudulent or to be deactivated.

权利要求:
Claims (18)
[1" id="c-fr-0001]
1. Method for carrying out at least one secure exchange within a system comprising first and second electronic devices (20A, 20B) and a double reader (10) comprising means for connection to each of the devices and preferably a human interface machine, and at least one server (30) to which information relating to the exchange can be communicated, this method comprising the steps consisting in:
a) enter, in the reader (10), using its interface or an external device connected to it, information relating to an exchange to be carried out between the first and second devices (20A, 20B),
b) write in the first device (20A), using the reader (10), information relating to the exchange,
c) write in the second device (20B), in particular using the reader (10), information relating to the exchange, and failing this, cancel the exchange,
d) transmitting the data relating to said transaction to said server (30).
[2" id="c-fr-0002]
2. Method according to claim 1, in which the validity of the registration on the first device (20A) is conditional on the registration on the second device (20B) of the information relating to the exchange; said validity of the registration on the first device (20A) being communicated, after the registration on the second device (20B), to the first device (20A) via the double reader, or subsequently, via the server then another double reader.
[3" id="c-fr-0003]
3. Method according to claim 1, in which the information relating to the exchange comprises information relating to previous exchanges concerning the same register or the same file.
[4" id="c-fr-0004]
4. Method according to the preceding claim, the server (30) canceling a transaction recorded on the electronic devices (20A, 20B) if the chaining of this transaction to any transaction reveals that at least one rule associated with a transaction and configured in a server was not met.
[5" id="c-fr-0005]
5. Method according to any one of the preceding claims, in which two elements of the system chosen from electronic devices, the server or servers, and the dual readers, are authorized to communicate with each other if they each have the public key corresponding to a private key located on the other element, this private key being either unique and only arranged on said element or shared by other elements of the system, or if they each know the same secret key shared between them, or between them and other elements of the system ..
[6" id="c-fr-0006]
6. Method according to any one of the preceding claims, the double reader (10) comprising a clock the information entered in the first and second devices being time stamped from the time of the exchange.
[7" id="c-fr-0007]
7. Method according to any one of the preceding claims, in which the double reader operates the transfer of quantities recorded in a register of a first electronic device from or to the register of other electronic devices while ensuring that the outcome of each transfer certain rules present in the dual readers at the time of transfer are observed for each of the initial values of said registers incremented by the quantities received and from which the quantities sent have been subtracted; these rules may in particular be to remain greater than or equal to zero and less than a maximum.
[8" id="c-fr-0008]
8. Method according to any one of the preceding claims, the first secure connection and the second secure connection overlapping in time.
[9" id="c-fr-0009]
9. Method according to any one of the preceding claims, step a) being preceded by a step where the first device (20A) and / or the second device (20B) communicate information to the reader, in particular information relating to an inventory of documents saved in the devices so that the reader can integrate them into a menu.
[10" id="c-fr-0010]
10. Method according to any one of the preceding claims, the first connection being by contact and the second being without contact.
[11" id="c-fr-0011]
11. Method according to any one of the preceding claims, the human-machine interface of the double reader (10) comprising a keyboard making it possible to enter said information relating to the exchange.
[12" id="c-fr-0012]
12. Method according to any one of the preceding claims, the human-machine interface of the double reader (10) comprising a screen, the system making it possible to display two messages intended for the carriers of the first and second devices respectively.
[13" id="c-fr-0013]
13. Method according to any one of the preceding claims, the electronic devices (20A, 20B) being in credit card or SIM card format.
[14" id="c-fr-0014]
14. Method according to any one of claims 1 to 13, secure exchanges with electronic devices (20A, 20B) taking place in different places through two dual-readers linked by a computer connection.
[15" id="c-fr-0015]
15. System for implementing the method according to any one of the preceding claims, comprising:
- At least one double reader (10),
- at least two electronic devices (20A, 20B)
- at least one computer server (30), the double reader being arranged to establish a first secure connection to the first device (20A), establish a second secure connection to the second device (20B), allow entry of information relating to an exchange to be carried out between the first and second electronic devices (20A, 20B), enter in the first device (20A) information relating to the exchange, enter in the second device (20B) information relating to the exchange, then communicate the server exchange information (30).
[16" id="c-fr-0016]
16. System according to the preceding claim, the servers (30) being accessible by connection to a data network, and allowing data synchronization of at least one of the electronic devices (20A, 20B) via a computer or a telephone. .
[17" id="c-fr-0017]
17. System according to claims 15 and 16, the double reader being arranged to simultaneously allow communication by contact with one of the electronic devices and without contact with the other electronic device.
[18" id="c-fr-0018]
18. System according to one of claims 15 to 17, the double reader (10) or the electronic devices (20A, 20B) comprising means of identification of the user, in particular an identification means being biometric.

类似技术:

公开号 | 公开日 | 专利标题

US20140258110A1|2014-09-11|Methods and arrangements for smartphone payments and transactions

US20130087612A1|2013-04-11|Method and devices for the production and use of an identification document that can be displayed on a mobile device.

EP1899950B1|2013-07-24|Method for securing a transaction with a payment card and activation server for implementating the method

JP6448813B2|2019-01-09|Information processing apparatus and information processing method

FR2972830A1|2012-09-21|SYSTEM FOR CONTROLLING VALIDATION OF TRANSPORT TITLES

FR3080934A1|2019-11-08|METHOD AND SYSTEM FOR PERFORMING SECURE DATA EXCHANGE

FR2757661A1|1998-06-26|METHOD FOR SECURE DATA TRANSFER THROUGH A COMMUNICATION NETWORK

EP3163487A1|2017-05-03|Method, terminal, and computer program for securing the processing of transactional data

EP3564914A1|2019-11-06|Method and system for performing a secure data exchange

EP2824625B1|2021-02-17|Method for conducting a transaction, corresponding terminal and computer program

EP1983480A1|2008-10-22|Payment terminal, associated method and program

EP1749415B1|2014-07-02|Methods of securing devices such as mobile terminals, and secured assemblies comprising such devices

EP1451783A1|2004-09-01|Method, system and device for authenticating data transmitted and/or received by a user

EP1354288B1|2006-03-29|Method using electronic banking cards for making secure transactions

EP2724305B1|2017-08-09|Method of dematerialized transaction

US20080294557A1|2008-11-27|Data Processing System And Method

EP2812864B1|2016-10-12|Payment system, payment terminal of said system, and associated payment method

JP2008065644A|2008-03-21|Automated teller machine and system

JP5378496B2|2013-12-25|Automatic transaction apparatus and system

CA2434192A1|2002-09-26|System and method for replacing identification data on a portable transaction device

CA2285642A1|1998-10-08|Rollup certification in a reader

JP2010049418A|2010-03-04|Value-management server, value-management method, computer program, and value-management system

EP2518976A1|2012-10-31|System and method for face-to-face payment between bank accounts

EP1199864A1|2002-04-24|System to securely access a service

FR2828039A1|2003-01-31|Method enables a user to made a remote payment for goods or services with authentication of payment made using the user's mobile phone in a manner that can be executed entirely remotely and securely

同族专利:

公开号 | 公开日

US10643198B2|2020-05-05|

US20190340596A1|2019-11-07|

CA3042106A1|2019-11-02|

FR3080934B1|2021-06-11|

KR20190126730A|2019-11-12|

JP2019194858A|2019-11-07|

CN110443595A|2019-11-12|

引用文献:

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

GB2308001A|1995-12-08|1997-06-11|Hitachi Ltd|IC card reader/writer|

EP0778691A2|1995-12-08|1997-06-11|Hitachi, Ltd.|Telephone used for electronic money card transaction and method of operation of the same|

US20130036017A1|2011-08-05|2013-02-07|Ivason Galloway|Financial card for online fund transfer and method therefor|

WO2016190829A1|2015-05-28|2016-12-01|Mt Bilgi Teknolojileri Ve Diş Tic. A. Ş.|Id access device enabling any type of electronic payment functions including contact, contactless and biometric|

AU2017207312A1|2016-01-11|2018-07-19|Mastercard International Incorporated|Generating and sending encrypted payment data messages between computing devices to effect a transfer of funds|

AU2016100440A4|2016-04-21|2016-05-26|Mooch It Pty Ltd|Peer to peer loan system and process|

KR20180013061A|2016-07-28|2018-02-07|삼성전자주식회사|Method and device to pay remotely|

JP6983261B2|2017-05-16|2021-12-17|アップルインコーポレイテッドApple Inc.|User interface for peer-to-peer transfer|

US20180336553A1|2017-05-16|2018-11-22|Apple Inc.|Facilitating a fund transfer between user accounts|FR3110988A1|2020-05-29|2021-12-03|Bruno SANGLE-FERRIERE|Method and system for updating files|

FR3111452A1|2020-06-11|2021-12-17|Bruno SANGLE-FERRIERE|Process for the automatic protection of an object, a person or a piece of information or visual work against a risk of unwanted observation|

法律状态:
2019-03-25| PLFP| Fee payment|Year of fee payment: 2 |

2019-11-08| PLSC| Search report ready|Effective date: 20191108 |

2020-04-27| PLFP| Fee payment|Year of fee payment: 3 |

2021-04-28| PLFP| Fee payment|Year of fee payment: 4 |

优先权:

申请号 | 申请日 | 专利标题

FR1853789|2018-05-02|

FR1853789A|FR3080934B1|2018-05-02|2018-05-02|METHOD AND SYSTEM FOR PERFORMING A SECURE DATA EXCHANGE|FR1853789A| FR3080934B1|2018-05-02|2018-05-02|METHOD AND SYSTEM FOR PERFORMING A SECURE DATA EXCHANGE|

US16/171,427| US10643198B2|2018-05-02|2018-10-26|Method and system for performing a secure data exchange|

CN201811308240.2A| CN110443595A|2018-05-02|2018-11-05|For executing the method and system of security data exchange|

EP19172056.4A| EP3564914A1|2018-05-02|2019-04-30|Method and system for performing a secure data exchange|

CA3042106A| CA3042106A1|2018-05-02|2019-05-01|Process and system to carry out a secured data exchange|

KR1020190051500A| KR20190126730A|2018-05-02|2019-05-02|Method and system for performing a secure data exchange|

JP2019087763A| JP2019194858A|2018-05-02|2019-05-07|Method and system for performing secure data exchange|

[返回顶部]