[go: up one dir, main page]

WO2000074008A1 - Telepayment system for payment card made secure by digital signature - Google Patents

Telepayment system for payment card made secure by digital signature Download PDF

Info

Publication number
WO2000074008A1
WO2000074008A1 PCT/FR1999/001231 FR9901231W WO0074008A1 WO 2000074008 A1 WO2000074008 A1 WO 2000074008A1 FR 9901231 W FR9901231 W FR 9901231W WO 0074008 A1 WO0074008 A1 WO 0074008A1
Authority
WO
WIPO (PCT)
Prior art keywords
keyboard
security
elements
card
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FR1999/001231
Other languages
French (fr)
Inventor
Thierry Taieb Baillie
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to FR9714663A priority Critical patent/FR2771533B1/en
Application filed by Individual filed Critical Individual
Priority to EP99920923A priority patent/EP1254439A1/en
Priority to PCT/FR1999/001231 priority patent/WO2000074008A1/en
Priority to AU38321/99A priority patent/AU3832199A/en
Publication of WO2000074008A1 publication Critical patent/WO2000074008A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/07701Constructional details, e.g. mounting of circuits in the carrier the record carrier comprising an interface suitable for human interaction
    • G06K19/07703Constructional details, e.g. mounting of circuits in the carrier the record carrier comprising an interface suitable for human interaction the interface being visual
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/07749Constructional details, e.g. mounting of circuits in the carrier the record carrier being capable of non-contact communication, e.g. constructional details of the antenna of a non-contact smart card
    • G06K19/07773Antenna details
    • G06K19/07786Antenna details the antenna being of the HF type, such as a dipole
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • G06Q20/3415Cards acting autonomously as pay-media
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication

Definitions

  • the present invention relates to credit card payment systems and, more particularly in such systems, means for securing the payment made by the credit card.
  • Cards are used to make purchases of products or services and the validation of the corresponding payments is obtained by the entry of a confidential code by the holder of the credit card.
  • the card holder only indicates their number and expiration date, so that anyone who knows this number and this date can make these purchases.
  • the purpose of the present invention is to secure payment by credit card.
  • This goal is achieved by the use of a security card which determines a security code for each transaction to be carried out.
  • This security code is obtained by an algorithm determined from invariant elements of the credit card and variable elements linked to the transaction to be carried out, such as the amount of the transaction, its date and its time.
  • Validation is generally carried out by a specialized center with an inverse algorithm and invariant elements of the credit card. This center authorizes or prohibits the transaction.
  • each transaction will be assigned a security code which can only be indicated by someone holding both the card as a physical object and the security code.
  • This security code is different from every transaction. Only a recipient who has both variable transaction data (transaction amount, date, time) of the invariant elements of the credit card and the predetermined algorithm or rather its inverse can reconstitute the invariant elements of the card from the security code.
  • a security card for secure payment by credit card comprises at least: - a keyboard with numeric keys associated with a screen for viewing the selected figures on the keyboard, said keyboard comprising in addition to at least three function keys,
  • a device for memorizing the invariant elements of the credit card - an encryption device implementing a predetermined algorithm for calculating and displaying on the screen a security code from said invariant elements of the credit card and variable elements introduced via the numeric and function keys of the keyboard, and - an electrical supply device for supplying electrical energy to the keyboard, the screen, the storage device and the encryption device.
  • the security card further comprises an electronic clock device giving the date and time, so as to use them as other additional variable elements to determine the security code.
  • the storage device, the encryption device and the electronic clock device are produced by a suitably programmed microprocessor.
  • the invention also relates to a code reader allowing the reconstitution of the invariant elements of the security card, described above comprising:
  • FIG. 1 is a top view of a particular embodiment of the front face of a security card according to the invention.
  • FIG. 1 is a block diagram of the security card according to the invention.
  • a security card 10 according to the invention has a front face
  • This front panel has a numeric keypad 12 of ten numeric keys each carrying one of the digits 0 to 9.
  • This keypad is completed by three function keys, a first 14 for powering up, a second 16 to enter the amount M of the transaction and a third 18 to confirm the amount M.
  • a display screen 20 is associated with this keyboard, in particular for viewing the numbers of the selected numeric keys.
  • Photovoltaic cells are also provided on this front face
  • These electronic devices comprise at least: a device 24 for memorizing the invariant elements of the credit card, such as its number and its expiration date, an internal confidential code which is not accessible and
  • a crypting device 26 for determining, by predetermined algorithmic calculation, a security code from the invariant elements of the credit card contained in the storage device 24 and other so-called variable elements which are entered by the card holder. security, via keyboard 12.
  • variable elements are a secret code, different from that of the credit card of the same holder, and the amount of the transaction.
  • variable elements can be supplemented by other elements, such as the date and time of the algorithmic calculation provided by an electronic clock device 28. The result of the algorithmic calculation is displayed on the screen 20.
  • the holder performs the following operations on the security card keypad: (a) press function key 14 (ON) to switch on the security card,
  • step (e) The security code that appears on screen 20 at the end of step (e) is communicated to the seller so that the latter indicates it to the holder when the payment is validated.
  • the invention has been described by indicating only the elements necessary for its implementation, but it can also be implemented using a commercial electronic arithmetic calculator having all the usual arithmetic functions and to which the functions performed by the storage device 24, the encryption device 26, the electronic clock device 28 and the function key 16 (M).
  • the functional elements 24, 26 and 28 are produced by a microprocessor 30 suitably programmed for this purpose.
  • a microprocessor can be programmed to also perform the arithmetic operations of an electronic pocket calculator, in which case the keyboard 12 will be identical to the keyboard of such a calculator with, in addition, a key corresponding to the amount input function (M ) of the transaction.
  • the holder of the credit card has the assurance that only the amount of the transaction corresponding to the security code will be debited from his bank account.
  • the use of the security card is advantageously protected by an external confidential code, so called because it is known to the user: only the prior entry of an external confidential code recognized by the security card allows its use such that indicated above. In case of fraudulent use of the credit card, the transaction cannot be validated for lack of confidentiality code.
  • the seller of the product or service has the assurance that the transaction is carried out by the credit card holder and is certain to be paid because the latter will not be able to denounce the transaction or claim the loss of the credit card. .
  • the seller receiving the transaction, contacts a specialized center (such as, for example, the GIE CARTE BLEUE in France) equipped with decoder equipment containing the inverse algorithm of the predetermined encryption algorithm as well as the permanent data of the card used by this algorithm to create the security code.
  • a specialized center such as, for example, the GIE CARTE BLEUE in France
  • decoder equipment containing the inverse algorithm of the predetermined encryption algorithm as well as the permanent data of the card used by this algorithm to create the security code.
  • This code reader also receiving the variable data of the transaction (amount, date, time %) reconstructs the invariant elements of the card. It thus allows authentication of the origin of the transaction.
  • the functions of this card can also be implemented in a larger machine for making electronic payments, as is practical for certain companies or certain banks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Credit Cards Or The Like (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention concerns payment systems by credit card and, more particularly, a security card supplying a security code identifying the transaction carried out with a credit card. The invention is characterised in that it consists in producing a security card comprising a keyboard (12) associated with a display (20), a storage device (24) for invariant elements of the credit card and an encrypting device for computing and displaying a security code based on the invariant elements and variable elements, such as a secret code and the value of the transaction input through the keyboard (12).

Description

SYSTEME DE TELE-PAIEMENT SECURISE PAR SIGNATURE NUMERIQUE POUR CARTE DE PAIEMENTSECURE TELEPHONE PAYMENT SYSTEM WITH DIGITAL SIGNATURE FOR PAYMENT CARD

La présente invention concerne les systèmes de paiement par carte de crédit et, plus particulièrement dans de tels systèmes, des moyens pour sécuriser le paiement effectué par la carte de crédit.The present invention relates to credit card payment systems and, more particularly in such systems, means for securing the payment made by the credit card.

Les cartes de crédit sont utilisées pour effectuer des achats de produits ou de services et la validation des paiements correspondants est obtenue par l'entrée d'un code confidentiel par le détenteur de la carte de crédit.Credit cards are used to make purchases of products or services and the validation of the corresponding payments is obtained by the entry of a confidential code by the holder of the credit card.

Cependant, dans le cas de certains achats effectués à distance par les réseaux télématiques comme Internet ou même par téléphone par exemple, le titulaire de la carte n'indique que son numéro et sa date d'expiration, de sorte que quiconque connaissant ce numéro et cette date peut effectuer ces achats.However, in the case of certain purchases made remotely by telematic networks such as the Internet or even by telephone for example, the card holder only indicates their number and expiration date, so that anyone who knows this number and this date can make these purchases.

Il en serait de même pour quiconque qui détiendrait frauduleusement une carte et connaîtrait le code confidentiel associé, ce qui lui permettrait de valider les paiements.The same would apply to anyone who fraudulently holds a card and knows the associated confidential code, which would allow them to validate payments.

Le but de la présente invention est de sécuriser le paiement par carte de crédit.The purpose of the present invention is to secure payment by credit card.

Ce but est atteint par l'utilisation d'une carte de sécurité qui détermine un code de sécurité pour chaque transaction à effectuer. Ce code de sécurité est obtenu par un algorithme déterminé à partir d'éléments invariants de la carte de crédit et d'éléments variables liés à la transaction à effectuer, tels que le montant de la transaction, sa date et son heure.This goal is achieved by the use of a security card which determines a security code for each transaction to be carried out. This security code is obtained by an algorithm determined from invariant elements of the credit card and variable elements linked to the transaction to be carried out, such as the amount of the transaction, its date and its time.

C'est ce code de sécurité qui est transmis au vendeur de produits ou de services pour valider la transaction et le paiement. La validation étant généralement effectuée par un centre spécialisé disposant d'un algorithme inverse et des éléments invariants de la carte de crédit. Ce centre autorise ou interdit la transaction.It is this security code that is sent to the seller of products or services to validate the transaction and payment. Validation is generally carried out by a specialized center with an inverse algorithm and invariant elements of the credit card. This center authorizes or prohibits the transaction.

Ainsi, chaque transaction sera affectée d'un code de sécurité qui ne pourra être indiqué que par quelqu'un détenant à la fois la carte en tant qu'objet matériel et du code de sécurité. Ce code de sécurité est différent à chaque transaction. Seul un destinataire disposant à la fois des données variables de la transaction (montant de la transaction, date, heure) des éléments invariants de la carte de crédit et de l' algorithme prédéterminé ou plutôt de son inverse peut reconstituer les éléments invariants de la carte à partir du code de sécurité.Thus, each transaction will be assigned a security code which can only be indicated by someone holding both the card as a physical object and the security code. This security code is different from every transaction. Only a recipient who has both variable transaction data (transaction amount, date, time) of the invariant elements of the credit card and the predetermined algorithm or rather its inverse can reconstitute the invariant elements of the card from the security code.

Il identifie ainsi l'origine de la transaction à partir d'éléments qui ne peuvent être accessibles à des tiers. La transaction est ainsi fiabilisée.It thus identifies the origin of the transaction from elements that cannot be accessed by third parties. The transaction is thus made more reliable.

Selon l'invention, une carte de sécurité pour paiement sécurisé par carte de crédit est caractérisée en ce qu'elle comprend au moins : - un clavier à touches numériques associé à un écran pour visualiser les chiffres sélectionnés sur le clavier, ledit clavier comportant en outre au moins trois touches de fonction,According to the invention, a security card for secure payment by credit card is characterized in that it comprises at least: - a keyboard with numeric keys associated with a screen for viewing the selected figures on the keyboard, said keyboard comprising in addition to at least three function keys,

- un dispositif de mémorisation des éléments invariants de la carte de crédit, - un dispositif de cryptage mettant en oeuvre un algorithme prédéterminé pour calculer et afficher sur l'écran un code de sécurité à partir desdits éléments invariants de la carte de crédit et d'éléments variables introduits par l'intermédiaire des touches numériques et de fonction du clavier, et - un dispositif d'alimentation électrique pour alimenter en énergie électrique le clavier, l'écran, le dispositif de mémorisation et le dispositif de cryptage.- a device for memorizing the invariant elements of the credit card, - an encryption device implementing a predetermined algorithm for calculating and displaying on the screen a security code from said invariant elements of the credit card and variable elements introduced via the numeric and function keys of the keyboard, and - an electrical supply device for supplying electrical energy to the keyboard, the screen, the storage device and the encryption device.

Selon une autre caractéristique de l'invention, la carte de sécurité comprend en outre un dispositif d'horloge électronique donnant la date et l'heure, de manière à les utiliser comme d'auties éléments variables additionnels pour déterminer le code de sécurité. Le dispositif de mémorisation, le dispositif de cryptage et le dispositif d'horloge électronique sont réalisés par un microprocesseur convenablement programmé.According to another characteristic of the invention, the security card further comprises an electronic clock device giving the date and time, so as to use them as other additional variable elements to determine the security code. The storage device, the encryption device and the electronic clock device are produced by a suitably programmed microprocessor.

L'invention concerne encore un lecteur de code permettant la reconstitution des éléments invariants de la carte de sécurité, ci avant décrite comprenant :The invention also relates to a code reader allowing the reconstitution of the invariant elements of the security card, described above comprising:

- des moyens de lecture du code de sécurité,- means of reading the security code,

- des moyens d'acquisition des éléments variables,- means of acquiring variable elements,

- des moyens d'application d'un algorithme inverse de l'algorithme prédéterminé,means for applying an algorithm which is the reverse of the predetermined algorithm,

- des moyens de visualisation des éléments invariants reconstitués. D'autres caractéristiques et avantages de la présente invention apparaîtront à la lecture de la description suivante d'un exemple particulier de réalisation, ladite description étant faite en relation avec les dessins joints dans lesquels :- means for displaying the reconstituted invariant elements. Other characteristics and advantages of the present invention will appear on reading the following description of a particular embodiment, said description being made in relation to the accompanying drawings in which:

- la figure 1 est une vue de dessus d'un exemple particulier de réalisation de la face avant d'une carte de sécurité selon l'invention, etFIG. 1 is a top view of a particular embodiment of the front face of a security card according to the invention, and

- la figure 2 est un schéma fonctionnel de la carte de sécurité selon l'invention. Une carte de sécurité 10 selon l'invention présente une face avant- Figure 2 is a block diagram of the security card according to the invention. A security card 10 according to the invention has a front face

(figure 1) similaire à celle d'une calculatrice électronique extra-plate, mais pour mettre en oeuvre l'invention, il n'est pas nécessaire que son clavier comporte toutes les touches des fonctions inhérentes à une calculatrice extraplate. Ainsi, sur la figure 1, on n'a représenté que les éléments nécessaires à l'invention.(Figure 1) similar to that of an extra-flat electronic calculator, but to implement the invention, it is not necessary for its keyboard to include all the keys of the functions inherent in an extra-flat calculator. Thus, in Figure 1, only the elements necessary for the invention have been shown.

Cette face avant présente un clavier numérique 12 de dix touches numériques portant chacune un des chiffres 0 à 9. Ce clavier est complété par trois touches de fonction, une première 14 pour la mise sous tension, une deuxième 16 pour entrer le montant M de la transaction et une troisième 18 pour valider le montant M.This front panel has a numeric keypad 12 of ten numeric keys each carrying one of the digits 0 to 9. This keypad is completed by three function keys, a first 14 for powering up, a second 16 to enter the amount M of the transaction and a third 18 to confirm the amount M.

A ce clavier, est associé un écran de visualisation 20 pour visualiser notamment les chiffres des touches numériques sélectionnées. Sur cette face avant, il est également prévu des cellules photovoltaïquesA display screen 20 is associated with this keyboard, in particular for viewing the numbers of the selected numeric keys. Photovoltaic cells are also provided on this front face

22 qui fournissent l'énergie électrique, non seulement au clavier, à l'écran et aux touches de fonction qui viennent d'être décrits, mais aussi aux dispositifs électroniques qui seront décrits en relation avec la figure 2.22 which supply electrical energy, not only to the keyboard, to the screen and to the function keys which have just been described, but also to the electronic devices which will be described in relation to FIG. 2.

Ces dispositifs électroniques comprennent au moins : - un dispositif de mémorisation 24 des éléments invariants de la carte de crédit, tels que son numéro et sa date d'expiration, un code confidentiel interne non accessible etThese electronic devices comprise at least: a device 24 for memorizing the invariant elements of the credit card, such as its number and its expiration date, an internal confidential code which is not accessible and

- un dispositif de ciyptage 26 pour déterminer par calcul algorithmique prédéterminé un code de sécurité à partir des éléments invariants de la carte de crédit contenus dans le dispositif de mémorisation 24 et d'autres éléments dits variables qui sont entrés par le titulaire de la carte de sécurité, par l'intermédiaire du clavier 12.a crypting device 26 for determining, by predetermined algorithmic calculation, a security code from the invariant elements of the credit card contained in the storage device 24 and other so-called variable elements which are entered by the card holder. security, via keyboard 12.

Ces autres éléments variables sont un code secret, différent de celui de la carte de crédit du même titulaire, et le montant de la transaction. Ces éléments variables peuvent être complétés par d'autres éléments, tels que la date et l'heure du calcul algorithmique fournies par un dispositif d'horloge électronique 28. Le résultat du calcul algorithmique est affiché sur l'écran 20.These other variable elements are a secret code, different from that of the credit card of the same holder, and the amount of the transaction. These variable elements can be supplemented by other elements, such as the date and time of the algorithmic calculation provided by an electronic clock device 28. The result of the algorithmic calculation is displayed on the screen 20.

Pour obtenir le code de sécurité, le titulaire effectue les opérations suivantes sur le clavier de la carte de sécurité : (a) appuyer sur la touche de fonction 14 (ON) pour mettre sous tension la carte de sécurité,To obtain the security code, the holder performs the following operations on the security card keypad: (a) press function key 14 (ON) to switch on the security card,

(b) entrer le code secret de la carte de sécurité à l'aide des touches numériques du clavier, (c) appuyer sur la touche de fonction 16 (M),(b) enter the secret code of the security card using the numeric keys on the keyboard, (c) press the function key 16 (M),

(d) entrer le montant de la transaction à l'aide des touches numériques du clavier,(d) enter the transaction amount using the numeric keys on the keyboard,

(e) appuyer deux fois sur la touche 18 (E) pour valider le montant et lancer le calcul algorithmique.(e) press twice on key 18 (E) to validate the amount and start the algorithmic calculation.

Le code de sécurité qui apparaît sur l'écran 20 à la fin de l'étape (e) est communiqué au vendeur pour que ce dernier l'indique au titulaire lors de la validation du paiement.The security code that appears on screen 20 at the end of step (e) is communicated to the seller so that the latter indicates it to the holder when the payment is validated.

L'invention a été décrite en n'indiquant que les éléments nécessaires à sa mise en œuvre, mais elle peut aussi être mise en œuvre à partir d'une calculatrice arithmétique électronique du commerce présentant toutes les fonctions arithmétiques habituelles et à laquelle seraient ajoutées les fonctions réalisées par le dispositif de mémorisation 24, le dispositif de cryptage 26, le dispositif d'horloge électronique 28 et la touche de fonction 16 (M). En pratique, les éléments fonctionnels 24, 26 et 28 sont réalisés par un microprocesseur 30 convenablement programmé à cet effet. Un tel microprocesseur peut être programmé pour réaliser également les opérations arithmétiques d'une calculatrice électronique de poche, auquel cas le clavier 12 sera identique au clavier d'une telle calculatrice avec en plus une touche correspondant à la fonction d'entrée du montant (M) de la transaction.The invention has been described by indicating only the elements necessary for its implementation, but it can also be implemented using a commercial electronic arithmetic calculator having all the usual arithmetic functions and to which the functions performed by the storage device 24, the encryption device 26, the electronic clock device 28 and the function key 16 (M). In practice, the functional elements 24, 26 and 28 are produced by a microprocessor 30 suitably programmed for this purpose. Such a microprocessor can be programmed to also perform the arithmetic operations of an electronic pocket calculator, in which case the keyboard 12 will be identical to the keyboard of such a calculator with, in addition, a key corresponding to the amount input function (M ) of the transaction.

Par l'utilisation d'une telle carte de sécurité calculant un code de sécurité, le détenteur de la carte de crédit a l'assurance que seul le montant de la transaction correspondant au code de sécurité sera prélevé sur son compte bancaire. L'utilisation de la carte de sécurité est avantageusement protégée par un code confidentiel externe, ainsi dénommé car il est connu de l'utilisateur : seule la saisie préalable d'un code confidentiel externe reconnu par la carte de sécurité permet son utilisation telle qu'indiquée plus haut. En cas d'utilisation frauduleuse de la carte de crédit, la transaction ne pourra pas être validée faute de code de confidentialité.By the use of such a security card calculating a security code, the holder of the credit card has the assurance that only the amount of the transaction corresponding to the security code will be debited from his bank account. The use of the security card is advantageously protected by an external confidential code, so called because it is known to the user: only the prior entry of an external confidential code recognized by the security card allows its use such that indicated above. In case of fraudulent use of the credit card, the transaction cannot be validated for lack of confidentiality code.

Le vendeur du produit ou du service a l'assurance que la transaction est effectuée par le titulaire de la carte de crédit et est certain d'être payé car ce dernier ne pourra pas dénoncer la transaction, ni invoquer la perte de la carte de crédit.The seller of the product or service has the assurance that the transaction is carried out by the credit card holder and is certain to be paid because the latter will not be able to denounce the transaction or claim the loss of the credit card. .

Le vendeur, recevant la transaction s'adresse à un centre spécialisé (tel que par exemple la GIE CARTE BLEUE en France) équipé d'un matériel décodeur contenant l' algorithme inverse de l' algorithme prédéterminé de cryptage ainsi que les données permanentes de la carte utilisé par cet algorithme pour créer le code de sécurité.The seller, receiving the transaction, contacts a specialized center (such as, for example, the GIE CARTE BLEUE in France) equipped with decoder equipment containing the inverse algorithm of the predetermined encryption algorithm as well as the permanent data of the card used by this algorithm to create the security code.

Ce lecteur de code recevant par ailleurs les données variables de la transaction (montant, date, heure...) reconstitue les éléments invariants de la carte. Il permet ainsi l'authentification de l'origine de la transaction. Les fonctions de cette carte peuvent aussi être implantées dans une machine plus importante pour réaliser des télépaiements, tels que pratiques par certaines entreprises ou certaines banques. This code reader also receiving the variable data of the transaction (amount, date, time ...) reconstructs the invariant elements of the card. It thus allows authentication of the origin of the transaction. The functions of this card can also be implemented in a larger machine for making electronic payments, as is practical for certain companies or certain banks.

Claims

REVENDICATIONS 1. Carte de sécurité pour paiement sécurisé d'une transaction par carte de crédit comprenant :1. Security card for secure payment of a credit card transaction comprising: - un clavier à touches numériques (12) associé à un écran (20) pour visualiser les chiffres sélectionnés sur le clavier,- a keypad with numeric keys (12) associated with a screen (20) for viewing the figures selected on the keyboard, - un dispositif de mémorisation (24) des éléments invariants de la carte de crédit,- a storage device (24) of the invariant elements of the credit card, - un dispositif de cryptage (26) mettant en oeuvre un algorithme prédéterminé pour calculer et afficher sur l'écran (20) un code de sécurité à partir desdits éléments invariants de la carte de crédit et d'éléments variables introduits par l' intermédiaire des touches numériques et de fonction du clavier (12), et- an encryption device (26) implementing a predetermined algorithm for calculating and displaying on the screen (20) a security code from said invariant elements of the credit card and of variable elements introduced via numeric and function keys on the keyboard (12), and - un dispositif d'alimentation électrique (22) pour alimenter en énergie électrique le clavier (12), l'écran (20), le dispositif de mémorisation (24) et le dispositif de cryptage (26), caractérisés en ce que ledit clavier comporte en outre au moins trois touches de fonction (14, 16, 18), lesdites trois touches de fonction comprenant :- an electrical supply device (22) for supplying electrical energy to the keyboard (12), the screen (20), the storage device (24) and the encryption device (26), characterized in that said keyboard furthermore comprises at least three function keys (14, 16, 18), said three function keys comprising: - une première touche (14) pour la mise sous tension,- a first key (14) for powering up, - une deuxième touche (16) pour entrer le montant (M) de la transaction, et- a second key (16) to enter the amount (M) of the transaction, and - une troisième touche (18) pour valider le montant (M) et lancer le cryptage.- a third key (18) to validate the amount (M) and start encryption. 2. Carte de sécurité selon la revendication 1, caractérisée en ce qu'elle comprend en outre un dispositif d'horloge électronique (28) donnant la date et l'heure du cryptage qui sont utilisées comme éléments variables dans le dispositif de cryptage (26).2. Security card according to claim 1, characterized in that it further comprises an electronic clock device (28) giving the date and time of the encryption which are used as variable elements in the encryption device (26 ). 3. Carte de sécurité selon l'une des revendications 1 ou 2, caractérisée en ce que le dispositif de mémorisation (24), le dispositif de cryptage (26) et le dispositif d'horloge électronique (28) sont réalisés par un microprocesseur (30) convenablement programmé.3. Security card according to one of claims 1 or 2, characterized in that the storage device (24), the encryption device (26) and the electronic clock device (28) are produced by a suitably programmed microprocessor (30). 4. Carte de sécurité selon la revendication 3, caractérisée en ce que le clavier (12) comprend en outre des touches de fonction pour réaliser des opérations arithmétiques d'une calculatrice électronique de poche, et en ce que le microprocesseur (30) est programmé pour effectuer en outre lesdites opérations arithmétiques.4. Security card according to claim 3, characterized in that the keyboard (12) further comprises function keys for performing arithmetic operations of an electronic pocket calculator, and in that the microprocessor (30) is programmed to further perform said arithmetic operations. 5. Lecteur de code permettant la reconstitution des éléments invariants de la carte de sécurité, objet de l'une des revendications 1 à 4, caractérisé en ce qu'il comprend : \5. Code reader allowing the reconstitution of the invariant elements of the security card, object of one of claims 1 to 4, characterized in that it comprises: \ - des moyens delecture du code de sécurité,- means of reading the security code, - des moyens d'acquisition des éléments variables,- means of acquiring variable elements, - des moyens d'application d'un algorithme inverse de l'algorithme prédéterminé, - des moyens de visualisation des éléments invariants reconstitués. - means for applying an inverse algorithm to the predetermined algorithm, - means for viewing the reconstituted invariant elements.
PCT/FR1999/001231 1997-11-21 1999-05-26 Telepayment system for payment card made secure by digital signature Ceased WO2000074008A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
FR9714663A FR2771533B1 (en) 1997-11-21 1997-11-21 SECURITY CARD FOR SECURE PAYMENT BY CREDIT CARD
EP99920923A EP1254439A1 (en) 1999-05-26 1999-05-26 Telepayment system for payment card made secure by digital signature
PCT/FR1999/001231 WO2000074008A1 (en) 1997-11-21 1999-05-26 Telepayment system for payment card made secure by digital signature
AU38321/99A AU3832199A (en) 1999-05-26 1999-05-26 Telepayment system for payment card made secure by digital signature

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9714663A FR2771533B1 (en) 1997-11-21 1997-11-21 SECURITY CARD FOR SECURE PAYMENT BY CREDIT CARD
PCT/FR1999/001231 WO2000074008A1 (en) 1997-11-21 1999-05-26 Telepayment system for payment card made secure by digital signature

Publications (1)

Publication Number Publication Date
WO2000074008A1 true WO2000074008A1 (en) 2000-12-07

Family

ID=26233943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1999/001231 Ceased WO2000074008A1 (en) 1997-11-21 1999-05-26 Telepayment system for payment card made secure by digital signature

Country Status (2)

Country Link
FR (1) FR2771533B1 (en)
WO (1) WO2000074008A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002067211A1 (en) * 2001-02-23 2002-08-29 Infineon Technologies Ag Method for securely handling a data communication concerning a financial transaction
WO2003038742A1 (en) * 2001-11-02 2003-05-08 Oberthur Card Systems Sa Contact-free microcircuit card incorporating a keyboard and method for using same
CN108596605A (en) * 2013-02-06 2018-09-28 天地融科技股份有限公司 Smart card with electronic signature functionality

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2771533B1 (en) * 1997-11-21 2003-01-31 Taib Thierry Baillie SECURITY CARD FOR SECURE PAYMENT BY CREDIT CARD
GB9920502D0 (en) * 1999-09-01 1999-11-03 Ncr Int Inc Portable terminal
NL1015976C2 (en) * 2000-08-22 2002-02-25 Everardus Joannes Mari Vlijmen Smart credit card or debit card has additional facility for enabling keying in of PIN number and has built-in LCD numerical display
FR2827411B1 (en) * 2001-07-11 2003-12-12 Jean Patrice Ubertini METHOD FOR AUTHORIZING A CHIP CARD ELECTRONIC PAYMENT OPERATION
JP2009510955A (en) * 2005-10-05 2009-03-12 プリヴァスヒア アーゲー User authentication method and device
CN108234110B (en) * 2017-12-29 2019-07-12 飞天诚信科技股份有限公司 Credit cards and how they work

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3222288A1 (en) * 1982-06-14 1983-12-22 Weise, Gustav, 8000 München Identification means with microprocessor and input keypad
EP0174016A2 (en) * 1984-09-07 1986-03-12 Casio Computer Company Limited Identification card and authentication system therefor
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
US5317636A (en) * 1992-12-09 1994-05-31 Arris, Inc. Method and apparatus for securing credit card transactions
FR2771533A1 (en) * 1997-11-21 1999-05-28 Taib Thierry Baillie Secure card for secure credit card payment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3222288A1 (en) * 1982-06-14 1983-12-22 Weise, Gustav, 8000 München Identification means with microprocessor and input keypad
EP0174016A2 (en) * 1984-09-07 1986-03-12 Casio Computer Company Limited Identification card and authentication system therefor
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
US5317636A (en) * 1992-12-09 1994-05-31 Arris, Inc. Method and apparatus for securing credit card transactions
FR2771533A1 (en) * 1997-11-21 1999-05-28 Taib Thierry Baillie Secure card for secure credit card payment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002067211A1 (en) * 2001-02-23 2002-08-29 Infineon Technologies Ag Method for securely handling a data communication concerning a financial transaction
WO2003038742A1 (en) * 2001-11-02 2003-05-08 Oberthur Card Systems Sa Contact-free microcircuit card incorporating a keyboard and method for using same
FR2831977A1 (en) * 2001-11-02 2003-05-09 Oberthur Card Syst Sa NON-CONTACT MICROCIRCUIT CARD INCORPORATING A KEYBOARD AND METHOD FOR USING SUCH CARD
US7357328B2 (en) 2001-11-02 2008-04-15 Oberthur Technologies Contact-free microcircuit card incorporating a keyboard and method for using same
CN108596605A (en) * 2013-02-06 2018-09-28 天地融科技股份有限公司 Smart card with electronic signature functionality

Also Published As

Publication number Publication date
FR2771533B1 (en) 2003-01-31
FR2771533A1 (en) 1999-05-28

Similar Documents

Publication Publication Date Title
EP0055986B1 (en) Security system and apparatus for the three-way communication of confidential data
EP0671712B1 (en) Method and device to authenticate a data carrier, intended to approve a transaction or the access to a service or a place; and corresponding data carrier
EP0998731B1 (en) Method and system for payment by electronic cheque
EP0409701B1 (en) Hard-wired micro-circuit card and transaction method between a respective hard-wired micro-circuit card and a terminal
CH679346A5 (en)
FR2574963A1 (en) IDENTIFICATION DEVICE
WO2003056750A2 (en) Cryptographic system for group signature
FR2625013A1 (en) RELIABLE DOCUMENT AUTHENTICATION SYSTEM AND METHOD
WO2003061193A1 (en) Method and device for anonymous signature with a shared private key
CA2046289C (en) Method for generating random numbers in a data processing system and system using said method
EP2082364A1 (en) Biometric electronic payment terminal and transaction method
WO2000074008A1 (en) Telepayment system for payment card made secure by digital signature
WO2001054085A2 (en) System and method for making secure data transmissions
EP0683582B1 (en) Method for performing secure electronic transactions using digital signature verification
EP0456548B1 (en) Device for treating high-security data with two operational states
EP1791292A1 (en) Personalisation of an electronic circuit
FR2788649A1 (en) METHOD FOR THE SECURE LOADING OF DATA BETWEEN SECURITY MODULES
EP1254439A1 (en) Telepayment system for payment card made secure by digital signature
FR2835078A1 (en) Credit card security system for secure credit card payments, uses an encryption unit which calculates a secure code from the invariant elements of the credit card and variable elements keyed in
US7676438B2 (en) Personal digital assistant as smart card
CA1243738A (en) Method and system for enciphering and deciphering information between a transmitting device and a receiving device
FR2864286A1 (en) ELECTRONIC MODULE, IN PARTICULAR FOR AN ELECTRONIC PAYMENT TERMINAL
FR2742285A1 (en) Electronic transaction implementation method for smart cards
CA2285642A1 (en) Rollup certification in a reader
Kashyap et al. Cryptocurrencies as Financial Assets A CrossSection

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 1999920923

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999920923

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999920923

Country of ref document: EP