[go: up one dir, main page]

WO2017055695A1 - Platform and method for securing the verification of personal identity without physical presence - Google Patents

Platform and method for securing the verification of personal identity without physical presence Download PDF

Info

Publication number
WO2017055695A1
WO2017055695A1 PCT/FR2016/052132 FR2016052132W WO2017055695A1 WO 2017055695 A1 WO2017055695 A1 WO 2017055695A1 FR 2016052132 W FR2016052132 W FR 2016052132W WO 2017055695 A1 WO2017055695 A1 WO 2017055695A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital
terminal
identifier
ini
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FR2016/052132
Other languages
French (fr)
Inventor
Eric GOURVEST
Luc BREGEAULT
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to EP16770060.8A priority Critical patent/EP3356982A1/en
Publication of WO2017055695A1 publication Critical patent/WO2017055695A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates to the field of securing digital exchanges and more particularly solutions and technical platforms for verifying the identity of a person without physical presence.
  • the French patent application FR3007929 describes a method for authenticating a user of several terminals connected to a server of an operator connected to an operator database comprising personal identity data associated with data.
  • terminal said terminals and / or said server of an operator being connected to a server of an administrative trusted third party connected to an administrative database comprising personal identity data associated with administrative identity data
  • a derived digital identity is generated from user authentication data including personal identity data of the user, administrative identity data of the user terminal data specific to said mobile terminal, transmitted by a terminal of the user, then the digital identity of is transmitted to a mobile terminal of the user for storage, said generation being conditioned by a comparison by at least one of the servers of the trusted administrative third party and the operator of said authentication data with the data stored in the administrative and operator databases, and wherein during a verification phase, the server of the operator authenticates the from said derived digital identity transmitted by said mobile terminal.
  • identification information including a photograph, a photograph of a user, and a signature of the user.
  • the server compares the user's photograph on the included photograph with the credentials. Then, the server verifies the identity of the user based on the identification information and the photograph by comparing the signatory's photograph for the included photograph with the identification information. The server then applies the signature and an indication of the legalization of the document designated for legalization to create a notarized version of the document. The server stores the notarized version of the document, the photograph, and the identification document in a secure data packet, and provides the notarized version of the document to the user. Disadvantage of the prior art
  • the object of the invention is to propose a method for delivering a certified digital identity from a mobile terminal, a method for transferring the certified digital identity of a mobile terminal to another mobile terminal, a method for setting alert a certified digital identifier, a method for interrogating a mobile terminal with a certified digital identifier from any third party system.
  • the invention relates, in its most general sense, to a platform for securing the verification of personal identity, comprising:
  • a server for recording in a secure memory, for each terminal Ti, at least one digital unique identifier INi of said terminal Ti associated with at least one unique identifier IDUi of an identity document of a user of said terminal Ti, each terminal executing an application controlling the acquisition and transmission of image acquired by the terminal, and transmission to said server by a communication session associated with said digital unique identifier INi
  • a processor for carrying out a treatment :
  • said processing further comprises, in case of analysis or negative comparison, a step of recording the digital identifier INi in a specific memory of suspicious terminals.
  • said processing further comprises, in case of analysis or negative comparison, a step of transmitting a digital report comprising said digital image IMi of the identity document and said digital photograph Pi to a third terminal, said terminal comprising means for conditionally transmitting secure information controlling the recording, in relation to the digital identifier INi, said digital image IMi of the identity document and said digital photograph Pi.
  • the platform also comprises at least one third terminal Cj comprising means for acquiring digital information INj constituted by at least a part of the digital identifier INi and / or said digital image IMi of the identity document and transmitting said digital information INj, to the server carrying out a processing consisting of searching in the memory containing the table constituted by the N-tuples comprising the digital identifier INi, said digital image IMi of the identity document, for calculating the identifier INi corresponding to the information INi, and transmitting to the corresponding terminal Ti a digital message Mij.
  • the server carrying out a processing consisting of searching in the memory containing the table constituted by the N-tuples comprising the digital identifier INi, said digital image IMi of the identity document, for calculating the identifier INi corresponding to the information INi, and transmitting to the corresponding terminal Ti a digital message Mij.
  • said digital message Mij furthermore comprises an acceptance code whose activation controls the transmission by the terminal Ti of a digital message controlling the transmission by the platform of a digital message comprising digital data associated with said INi and / or acceptance information.
  • said processor also executes a processing for recording the substitution of a terminal Tii for the terminal Ti of a user, consisting of:
  • said processor also executes a processing for recording the substitution of a terminal Tii at the terminal Ti of a user, consisting of:
  • Figure 1 shows a schematic functional view of the invention.
  • the purpose of the invention is to allow a person to certify his identity from a dedicated mobile application on his mobile terminal, without face to face.
  • the dedicated mobile application For this, she photographs her identity document, then takes her face in photography using the camera of her mobile terminal via the dedicated mobile application.
  • the photographs of his identity document and his photograph are transmitted to the dedicated server which carries out an automatic technical verification and / or a human verification assisted by anti-fraud experts.
  • the identity data of the individual is associated with the individual's mobile terminal, and a certified digital identity is assigned to him, which allows him to access services, while by justifying his identity and protecting himself against identity theft.
  • a certified digital identity is understood to mean an N-plet (in English "tuple") of unique identifiers protected by a secret and connected to a mobile terminal.
  • This tuple consists of a set of unique identifiers whose acquisition has been obtained from the application installed on the mobile terminal.
  • the application installed on the mobile terminal includes a communication channel with a server enabling it to send or receive secure messages, a photographic module, a geolocation module and a dating module.
  • the certified digital identity is composed of at least: -a unique identifier generated by the server during the installation of the application on the mobile terminal
  • IMEI code IMEI code, Mac address, reference and version provided by the manufacturer of the mobile phone, version of the installed OS or a combination thereof
  • the identity of the owner of the mobile terminal consisting of his name, first names, date and place of birth, nationality and gender.
  • Identity document means a secure document issued by a regal administration comprising a Machine Readable Zone (MRZ): national identity card, passport, residence permit, seafarer's permit, driving license, hunting permit, including a unique document number, a photograph of the bearer and his civil status information: name, first names, date and place of birth, nationality, gender.
  • MMRZ Machine Readable Zone
  • a unique identifier can only be attached to one and only one certified digital identifier.
  • the secret provided by the owner of the mobile terminal secures the certified digital identifier on the server. No modification of the certified digital identifier is possible without the secret.
  • a unique digital identifier is generated on the server and connected to this instance of the mobile application.
  • Each reinstallation of the application on the same mobile terminal causes the generation of a new unique identifier, different from the previous one.
  • the application installed on the mobile terminal extracts from the mobile terminal a unique identifier of the terminal (IMEI code, Mac address, reference and version provided by the manufacturer of the mobile phone, version of the installed OS or a combination of 'between them).
  • IMEI code IMEI code, Mac address, reference and version provided by the manufacturer of the mobile phone, version of the installed OS or a combination of 'between them.
  • the identifier of the terminal is recalculated and transmitted to the server to check that there has been no change in the mobile terminal.
  • the user defines a secret that secures the certified digital ID.
  • the secret can secure access to the application located on the mobile terminal.
  • the user enters his secret, it is transmitted via a secure message to the server for verification.
  • the user takes a photo of the front and back of his identity document which are transmitted to the server by secure message for control, as well as the photograph of his portrait (in English "Selfie").
  • Each photograph is geolocated by the localization module and timestamped by the dating module before being transmitted to the server.
  • the images are transmitted to the processing processor which is responsible for verifying their authenticity and extracting the document number and the identity data contained therein.
  • image data is transmitted to another processing process which is at the expense of complementary operation. This ensures that the identity data is valid and that the photograph of the owner of the mobile terminal corresponds to the portrait on the image of the identity document.
  • the identity document number and the identity data are added to the certified digital identifier protected by the user's secret, and the certified digital identifier is activated.
  • the certified digital identifier once activated, can be extended, after verifying the secret of the user, by other unique identifiers extracted from images acquired by the photographic module of the application installed on the mobile terminal and after checking that the identity data are in conformity with those registered in the certified active digital identity: number of the other identity documents in the possession of the user, RIB / IBAN, credit card number, tax identifier, social security number, the postal address extracted from a proof of address, etc.
  • Second process mobile terminal change The following method makes it possible to transfer the certified digital identifier from one terminal to another.
  • the user From the mobile application installed on his mobile terminal and after his secret has been verified on the server, the user declares that he is carrying out a mobile terminal transfer.
  • the mobile application transmits a secure message to the server that will place the certified digital identifier in a temporary secure memory waiting for change of the identifier of the terminal and the numerical identifier of the application instance, which identifier will be generated during the installation of the application on the new mobile terminal.
  • the mobile application receives a secure single-use code protected by the secret of the certified digital identifier that the user can insert into his new mobile terminal, along with the old secret.
  • the server When he installs the mobile application on his new mobile terminal, the server saves it with a new unique digital identifier, records the unique identifier of the mobile terminal and a new secret.
  • the user On its new mobile terminal, the user informs the secure single use code that was provided to him in the previous step and provided his old secret. These two pieces of information are transmitted by the mobile application to the new mobile terminal via a secure message to the server. If the one-time secure code has not been consumed and the secret is valid, the certified digital identifier is modified by the unique identifier of the mobile terminal, the unique identifier of the mobile application and is found protected by the new secret.
  • the user If the user lost or had their mobile device stolen or uninstalled / reinstalled the app mobile, it must make a prior request for transfer of mobile terminal on a web console made available. For this, he must download the double-sided image of his identity document, the image of his portrait and provide his secret.
  • the server Upon receipt of the request by the server, it sends to the processor the document verification operations and extraction of the document number and personal data from image to find the certified digital identity in its secure memory. If an active certified digital identifier is identified, the personal data checked, the secret of the user is verified. If everything is confirmed, the certified digital identifier is placed in a temporary secure memory waiting for the change of the digital identifier of the application and / or the identifier of the terminal and will present to the user a secure code to single use protected by the user's secret on his old mobile terminal.
  • the certified digital identifier is removed from the secure temporary memory of the server and put on the alert for attempted spoofing. It is then obligatory to restart the procedure since its beginning.
  • the method allows the user to alert his certified digital identity from his mobile terminal or from a web console provided for this purpose in the case of theft / loss of his identity documents without or with his mobile terminal or temporarily put his digital identity certified dormant. If the user lost or was stolen his identity documents, he can in the application of his mobile terminal to alert his digital identity certified after his secret has been verified.
  • the method allows a third party to query the active certified digital identifier to verify the identity of the user.
  • the requesting party transmits to the server, one of the unique identifiers registered in the active certified digital identifier or the image of the original part making it possible to extract it. If this identifier exists, a notification is transmitted to the application of the mobile terminal to request, after verification of the secret, downloading from the server of the secure message asking the user if he is the author of the request and / or if he accepts the transmission of all or part of his personal data stored in the certified digital identifier. If the user agrees, a secure message is transmitted by the mobile application to the server so that its response is transmitted to the applicant, possibly supplemented by the personal data or part thereof, or by providing a pseudonym, authorized by the user and stored in the active digital ID.
  • a secure message is transmitted by the mobile application to the server so that his response is transmitted to the applicant with his refusal.
  • the certified digital identifier is on alert, following a declaration of loss / theft for example or the sleep requested by the user through its mobile application, or any other action causing the alerting of the identifier digital certificate, the applicant is then notified immediately.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a platform for securing the verification of personal identity comprising a server for recording in a secure memory, for each terminal Ti, at least one unique digital identifier INi of said terminal Ti associated with at least one unique identifier IDUi of an identity document of the user of said terminal Ti, each terminal executing an application controlling the acquisition and transmission of an image acquired by the terminal, and the transmission to said server by a communication session associated with said unique digital identifier INi, as well as a processor for carrying out a processing comprising: - extracting, from an image of an identity document acquired from said terminal Ti, at least one unique identifier IDIi and recording in relation to the unique digital identifier INi of said terminal Ti used for the acquisition of said image IMi - intrinsically analysing the image by application of at least one conformity model - comparing a photograph extracted from said image IMi of the identity document with a photograph Pi of a person acquired by the same terminal Ti, and, in the case where said analysis and comparison steps are positives, recording, in relation with the digital identifier INi, said digital image IMi of the identity document and said digital photograph Pi.

Description

Plateforme et procédé pour la sécurisation de la vérification de l'identité personnelle sans présence physique  Platform and method for securing the verification of personal identity without physical presence

Domaine de 1 ' invention Field of the invention

La présente invention concerne le domaine de la sécurisation des échanges numériques et plus particulièrement les solutions et plateformes techniques destinées à une vérification de l'identité d'une personne sans présence physique. The present invention relates to the field of securing digital exchanges and more particularly solutions and technical platforms for verifying the identity of a person without physical presence.

Etat de la technique State of the art

On connaît dans l'état de la technique différentes solutions pour la sécurisation de la vérification d'une identité personnelle. In the state of the art, various solutions are known for securing the verification of a personal identity.

Par exemple, la demande de brevet français FR3007929 décrit un procédé d ' authentification d'un utilisateur de plusieurs terminaux connectés à un serveur d'un opérateur relié à une base de données d'opérateur comprenant des données d'identité personnelle associées à des données de terminal, lesdits terminaux e /ou ledit serveur d'un opérateur étant connectés à un serveur d'un tiers de confiance administratif relié à une base de données administratives comprenant des données d'identité personnelle associées à des données d'identité administrative, dans lequel, - lors d'une phase d'enrôlement, une identité numérique dérivée est générée à partir de données d ' authentification de l'utilisateur comprenant des données d'identité personnelle de l'utilisateur, des données d'identité administrative de l'utilisateur et des données de terminal propres audit terminal mobile, transmises par un terminal de l'utilisateur, puis 1 ' identité numérique dérivée est transmise à un terminal mobile de l'utilisateur pour y être stockée, ladite génération étant conditionnée par une comparaison par l'un au moins des serveurs du tiers de confiance administratif et de l'opérateur desdites données d ' authentification avec les données stockées dans les bases de données administratives et d'opérateur, et dans lequel lors d'une phase de vérification, le serveur de l'opérateur authentifie l'utilisateur à partir de ladite identité numérique dérivée transmise par ledit terminal mobile . For example, the French patent application FR3007929 describes a method for authenticating a user of several terminals connected to a server of an operator connected to an operator database comprising personal identity data associated with data. terminal, said terminals and / or said server of an operator being connected to a server of an administrative trusted third party connected to an administrative database comprising personal identity data associated with administrative identity data, in which, during an enrollment phase, a derived digital identity is generated from user authentication data including personal identity data of the user, administrative identity data of the user terminal data specific to said mobile terminal, transmitted by a terminal of the user, then the digital identity of is transmitted to a mobile terminal of the user for storage, said generation being conditioned by a comparison by at least one of the servers of the trusted administrative third party and the operator of said authentication data with the data stored in the administrative and operator databases, and wherein during a verification phase, the server of the operator authenticates the from said derived digital identity transmitted by said mobile terminal.

On connaît aussi la demande de brevet US2015026478 décrivant une solution prévoyant un serveur recevant un paquet de données comprenant: Also known is the patent application US2015026478 describing a solution providing a server receiving a data packet comprising:

- un document désigné pour la légalisation,  - a document designated for legalization,

- les informations d'identification comprenant une photographie, la photographie d'un utilisateur, et une signature de l'utilisateur.  identification information including a photograph, a photograph of a user, and a signature of the user.

Le serveur compare la photographie de l'utilisateur sur la photographie incluse avec les informations d'identification. Ensuite, le serveur vérifie l'identité de l'utilisateur en se basant sur les informations d'identification et la photographie en comparant la photographie du signataire pour la photographie incluse avec les informations d'identification. Le serveur applique ensuite la signature et une indication de la légalisation du document désigné pour la légalisation de créer une version notariée du document. Le serveur stocke la version notariée du document, la photographie, et le document d'identification dans un paquet de données sécurisé, et fournit la version notariée du document à l'utilisateur. Inconvénient de l'art antérieur  The server compares the user's photograph on the included photograph with the credentials. Then, the server verifies the identity of the user based on the identification information and the photograph by comparing the signatory's photograph for the included photograph with the identification information. The server then applies the signature and an indication of the legalization of the document designated for legalization to create a notarized version of the document. The server stores the notarized version of the document, the photograph, and the identification document in a secure data packet, and provides the notarized version of the document to the user. Disadvantage of the prior art

La solution présentée dans le brevet français FR3007929 ne permet pas d'assurer un protocole d'identification numérique certifiée et de transfert de l'identité numérique entre deux terminaux mobiles. Par ailleurs cette solution ne permet pas d'apporter une réponse aux risques de fraude par attaque du serveur. The solution presented in the French patent FR3007929 does not provide a certified digital identification protocol and transfer of the digital identity between two mobile terminals. By elsewhere this solution does not provide a response to the risk of fraud by attacking the server.

La demande de brevet US2015026478 présente les mêmes inconvénients .  The patent application US2015026478 has the same disadvantages.

But de 1 ' invention Purpose of the invention

L'objet de l'invention est de proposer un procédé permettant de délivrer une identité numérique certifiée depuis un terminal mobile, un procédé pour transférer l'identité numérique certifiée d'un terminal mobile vers un autre terminal mobile, un procédé pour mettre en alerte un identifiant numérique certifié, un procédé pour interroger un terminal mobile doté d'un identifiant numérique certifié depuis tout système tiers. The object of the invention is to propose a method for delivering a certified digital identity from a mobile terminal, a method for transferring the certified digital identity of a mobile terminal to another mobile terminal, a method for setting alert a certified digital identifier, a method for interrogating a mobile terminal with a certified digital identifier from any third party system.

Solution apportée par l'invention Solution provided by the invention

L'invention concerne selon son acception la plus générale une plateforme pour la sécurisation de la vérification de l'identité personnelle comprenant : The invention relates, in its most general sense, to a platform for securing the verification of personal identity, comprising:

- un serveur pour l'enregistrement dans une mémoire sécurisé, pour chaque terminal Ti, d'au moins un identifiant unique numérique INi dudit terminal Ti associé à un moins un identifiant unique IDUi d'un document d'identité d'un utilisateur dudit terminal Ti, chaque terminal exécutant une application commandant l'acquisition et la transmission d'image acquise par le terminal, et de transmission audit serveur par une session de communication associée audit identifiant unique numérique INi  a server for recording in a secure memory, for each terminal Ti, at least one digital unique identifier INi of said terminal Ti associated with at least one unique identifier IDUi of an identity document of a user of said terminal Ti, each terminal executing an application controlling the acquisition and transmission of image acquired by the terminal, and transmission to said server by a communication session associated with said digital unique identifier INi

- un processeur pour réaliser un traitement :  a processor for carrying out a treatment:

d'extraction, à partir d'une image d'un document d'identité acquise à partir dudit terminal Ti, d'au moins un identifiant unique IDIi et d'enregistrement en relation avec identifiant unique numérique INi dudit terminal Ti utilisé pour l'acquisition de ladite image IMi extracting, from an image of an identity document acquired from said terminal Ti, at least one unique identifier IDIi and registration in relationship with digital unique identifier INi of said terminal Ti used for acquisition of said IMi image

d'analyse intrinsèque de l'image par application d'au moins un modèle de conformité  intrinsic image analysis by applying at least one compliance model

- de comparaison d'une photographie extraite de ladite image IMi du document d'identité avec une photographie Pi d'une personne acquise par le même terminal Ti,  comparing a photograph taken from said image IM i of the identity document with a photograph Pi of a person acquired by the same terminal Ti,

- dans le cas où lesdites étapes d'analyse et de comparaison sont positives, d'enregistrement, en relation avec l'identifiant numérique INi, ladite image numérique IMi du document d'identité et ladite photographie numérique Pi.  in the case where said analysis and comparison steps are positive, of recording, in relation with the digital identifier INi, said digital image IMi of the identity document and said digital photograph Pi.

Avantageusement, ledit traitement comporte en outre, en cas d'analyse ou de comparaison négative, une étape d'enregistrement de l'identifiant numérique INi dans une mémoire spécifique de terminaux suspects. Advantageously, said processing further comprises, in case of analysis or negative comparison, a step of recording the digital identifier INi in a specific memory of suspicious terminals.

De préférence, ledit traitement comporte en outre, en cas d'analyse ou de comparaison négative, une étape de transmission d'un rapport numérique comprenant ladite image numérique IMi du document d'identité et ladite photographie numérique Pi à un terminal tiers, ledit terminal comportant des moyens pour transmettre conditionnellement une information sécurisée commandant l'enregistrement, en relation avec l'identifiant numérique INi, ladite image numérique IMi du document d'identité et ladite photographie numérique Pi. Preferably, said processing further comprises, in case of analysis or negative comparison, a step of transmitting a digital report comprising said digital image IMi of the identity document and said digital photograph Pi to a third terminal, said terminal comprising means for conditionally transmitting secure information controlling the recording, in relation to the digital identifier INi, said digital image IMi of the identity document and said digital photograph Pi.

Selon une réalisation particulière, la plateforme comporte en outre au moins un terminal tiers Cj comportant des moyens pour acquérir une information numérique INj constituée par au moins une partie de l'identifiant numérique INi et/ou ladite image numérique IMi du document d'identité et transmettre ladite information numérique INj , au serveur réalisant un traitement consistant à rechercher dans la mémoire contenant la table constituée par les N-uplets comprenant l'identifiant numérique INi, ladite image numérique IMi du document d'identité, pour calculer l'identifiant INi correspondant l'information INi, et à transmettre au terminal Ti correspondant un message numérique Mij . According to a particular embodiment, the platform also comprises at least one third terminal Cj comprising means for acquiring digital information INj constituted by at least a part of the digital identifier INi and / or said digital image IMi of the identity document and transmitting said digital information INj, to the server carrying out a processing consisting of searching in the memory containing the table constituted by the N-tuples comprising the digital identifier INi, said digital image IMi of the identity document, for calculating the identifier INi corresponding to the information INi, and transmitting to the corresponding terminal Ti a digital message Mij.

Selon une variante particulière, ledit message numérique Mij comprenant en outre un code d'acceptation dont l'activation commande la transmission par le terminal Ti d'un message numérique commandant la transmission par la plateforme d'un message numérique comprenant des données numériques associées audit INi et/ou une information d'acceptation.  According to a particular variant, said digital message Mij furthermore comprises an acceptance code whose activation controls the transmission by the terminal Ti of a digital message controlling the transmission by the platform of a digital message comprising digital data associated with said INi and / or acceptance information.

Selon un mode de réalisation particulier, ledit processeur exécute en outre un traitement pour l'enregistrement de la substitution d'un terminal Tii au terminal Ti d'un utilisateur, consistant à : According to a particular embodiment, said processor also executes a processing for recording the substitution of a terminal Tii for the terminal Ti of a user, consisting of:

transmettre un message numérique à partir du terminal Ti commandant la dissociation, dans la mémoire du serveur, de l'identifiant numérique INi d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part  transmit a digital message from the terminal Ti controlling the dissociation, in the memory of the server, of the digital identifier INi on the one hand, and of said digital image IMi of the identity document and said digital photograph Pi on the other hand

- enregistrer dans une mémoire tampon ladite image numérique IMi du document d'identité et ladite photographie numérique Pi, en association avec un identifiant unique temporaire de transfert IUT à usage unique  recording in a buffer memory said digital image IMi of the identity document and said digital photograph Pi, in association with a temporary unique transfer identifier IUT for single use

- transmettre par le serveur audit terminal Ti d'un message codé MIUT avec ledit code IUT associé à un code d'activation associé au terminal Ti  transmitting by the server to said terminal Ti an encrypted message MIUT with said IUT code associated with an activation code associated with the terminal Ti

- transmettre ledit message codé MIUT depuis ledit terminal Ti audit terminal Tii  transmitting said coded message MIUT from said terminal Ti to said terminal Tii

- transmettre ledit message codé MIUT depuis ledit transmitting said coded message MIUT from said

Tii audit serveur pour commander l'association de l'identifiant numérique INii d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part. Selon une variante, ledit processeur exécute en outre un traitement pour l'enregistrement de la substitution d'un terminal Tii au terminal Ti d'un utilisateur, consistant à : Tii audit server to control the association of the digital identifier INii on the one hand, and said digital image IMi of the identity document and said digital photograph Pi on the other hand. According to a variant, said processor also executes a processing for recording the substitution of a terminal Tii at the terminal Ti of a user, consisting of:

- transmettre un message numérique codé en fonction du code secret de l'utilisateur, à partir d'un équipement informatique de l'utilisateur commandant la dissociation, dans la mémoire du serveur, de l'identifiant numérique INi d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part  transmitting a coded digital message according to the secret code of the user, from a computer equipment of the user controlling the dissociation, in the memory of the server, of the digital identifier INi on the one hand, and said digital image IMi of the identity document and said digital photograph Pi of the other part

- enregistrer dans une mémoire tampon ladite image numérique IMi du document d'identité et ladite photographie numérique Pi, en association avec un identifiant unique temporaire de transfert IUT à usage unique  recording in a buffer memory said digital image IMi of the identity document and said digital photograph Pi, in association with a temporary unique transfer identifier IUT for single use

- transmettre par le serveur audit terminal de l'utilisateur d'un message codé MIUT avec ledit code IUT associé à un code d'activation associé audit équipement informatique de l'utilisateur  transmitting by the server to said user's terminal a coded MIUT message with said IUT code associated with an activation code associated with said user's computer equipment

- transmettre ledit message codé MIUT depuis ledit équipement informatique de l'utilisateur audit terminal Tii  transmitting said MIUT coded message from said user's computer equipment to said terminal Tii

- transmettre ledit message codé MIUT depuis ledit Tii audit serveur pour commander l'association de l'identifiant numérique INii d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part.  transmitting said MIUT coded message from said TII to said server to control the association of the digital identifier INi on the one hand, and of said digital image IMi of the identity document and said digital photograph Pi on the other hand.

Description détaillée d'un exemple non limitatif de Detailed description of a non-limiting example of

1 ' invention  The invention

La présente invention sera mieux comprise à la lecture de la description qui suit, se référant à un exemple non limitatif de réalisation illustré par la figure 1 représente une vue schématique fonctionnelle de l'invention. Le but de 1 ' invention est de permettre à une personne de certifier son identité depuis une application mobile dédiée sur son terminal mobile, sans face à face. The present invention will be better understood on reading the description which follows, referring to a non-limiting example of embodiment illustrated in Figure 1 shows a schematic functional view of the invention. The purpose of the invention is to allow a person to certify his identity from a dedicated mobile application on his mobile terminal, without face to face.

Pour cela, elle photographie son document d'identité, puis prend son visage en photographie en utilisant la caméra de son terminal mobile via l'application mobile dédiée. Les photographies de son document d'identité et de sa photographie sont transmises au serveur dédié qui effectue une vérification technique automatique et/ou une vérification humaine assisté d'experts anti-fraude. Une fois la vérification effectuée et si le document d'identité est conforme, les données d'identité du particulier sont associées au terminal mobile du particulier, et une identité numérique certifiée lui est attribuée, laquelle lui permet d'accéder à des services, tout en justifiant son identité et en se protégeant contre l'usurpation d'identité.  For this, she photographs her identity document, then takes her face in photography using the camera of her mobile terminal via the dedicated mobile application. The photographs of his identity document and his photograph are transmitted to the dedicated server which carries out an automatic technical verification and / or a human verification assisted by anti-fraud experts. Once the verification is done and the identity document is compliant, the identity data of the individual is associated with the individual's mobile terminal, and a certified digital identity is assigned to him, which allows him to access services, while by justifying his identity and protecting himself against identity theft.

Définition des termes On entend par identité numérique certifiée, un N- plet (en anglais « tuple ») d'identifiants uniques protégé par un secret et relié à un terminal mobile. Definition of terms A certified digital identity is understood to mean an N-plet (in English "tuple") of unique identifiers protected by a secret and connected to a mobile terminal.

Ce N-uplet est composé d'un ensemble d'identifiants uniques dont l'acquisition a été obtenue depuis l'application installée sur le terminal mobile. This tuple consists of a set of unique identifiers whose acquisition has been obtained from the application installed on the mobile terminal.

L'application installée sur le terminal mobile comprend un canal de communication avec un serveur lui permettant d'émettre ou de recevoir des messages sécurisés, un module photographique, un module de géolocalisation et un module de datation. The application installed on the mobile terminal includes a communication channel with a server enabling it to send or receive secure messages, a photographic module, a geolocation module and a dating module.

L'identité numérique certifiée est composé au minimum de : -un identifiant unique généré par le serveur lors de l'installation de l'application sur le terminal mobile The certified digital identity is composed of at least: -a unique identifier generated by the server during the installation of the application on the mobile terminal

- un identifiant unique extrait du terminal mobile (code IMEI, adresse Mac, référence et version fournis par le constructeur du téléphone mobile, version de l'OS installée ou une combinaison d'entre eux)  a unique identifier extracted from the mobile terminal (IMEI code, Mac address, reference and version provided by the manufacturer of the mobile phone, version of the installed OS or a combination thereof)

- l'identité du propriétaire du terminal mobile composée de son nom, prénoms, date et lieu de naissance, nationalité et genre.  - the identity of the owner of the mobile terminal consisting of his name, first names, date and place of birth, nationality and gender.

- le numéro du document d'identité à partir duquel l'identité du propriétaire du terminal mobile a été extraite  - the number of the identity document from which the identity of the owner of the mobile terminal has been extracted

- l'image du document d'identité et le portrait du propriétaire du terminal mobile acquis par le module photographique de l'application installée sur le terminal mobile et les résultats des traitements d'authentification afférents .  the image of the identity document and the portrait of the owner of the mobile terminal acquired by the photographic module of the application installed on the mobile terminal and the results of the corresponding authentication processes.

D'un secret fourni par l'utilisateur depuis l'application installée sur le terminal mobile et connu de lui seul .  A secret provided by the user from the application installed on the mobile terminal and known only to him.

On entend par document d'identité un document sécurisé remis par une administration régalienne comportant une bande MRZ (Machine Readable Zone) : carte nationale d'identité, passeport, titre de séjour, titre de marin, permis de conduire, permis de chasse, comportant un numéro de document unique, une photographie du porteur et ses informations d'état civil : nom, prénoms, date et lieu de naissance, nationalité, genre. Un identifiant unique ne peut être rattaché qu'à un seul et unique identifiant numérique certifié. Identity document means a secure document issued by a regal administration comprising a Machine Readable Zone (MRZ): national identity card, passport, residence permit, seafarer's permit, driving license, hunting permit, including a unique document number, a photograph of the bearer and his civil status information: name, first names, date and place of birth, nationality, gender. A unique identifier can only be attached to one and only one certified digital identifier.

Le secret fourni par le propriétaire du terminal mobile sécurise l'identifiant numérique certifié sur le serveur. Aucune modification de l'identifiant numérique certifiée n'est possible sans le secret. The secret provided by the owner of the mobile terminal secures the certified digital identifier on the server. No modification of the certified digital identifier is possible without the secret.

Premier procédé : déliyrance d'une identité numérique First process: deliyrance of a digital identity

certifiée  certified

A l'installation de l'application sur le terminal mobile, un identifiant numérique unique est généré sur le serveur et relié à cette instance de l'application mobile. Chaque ré installation de l'application sur le même terminal mobile provoque la génération d'un nouvel identifiant unique, différent du précédent. When the application is installed on the mobile terminal, a unique digital identifier is generated on the server and connected to this instance of the mobile application. Each reinstallation of the application on the same mobile terminal causes the generation of a new unique identifier, different from the previous one.

A l'installation, l'application installée sur le terminal mobile extrait du terminal mobile un identifiant unique du terminal (code IMEI, adresse Mac, référence et version fournis par le constructeur du téléphone mobile, version de l'OS installée ou une combinaison d'entre eux).  Upon installation, the application installed on the mobile terminal extracts from the mobile terminal a unique identifier of the terminal (IMEI code, Mac address, reference and version provided by the manufacturer of the mobile phone, version of the installed OS or a combination of 'between them).

Lors de chaque échange entre l'application mobile et le serveur, l'identifiant du terminal est recalculé et transmis au serveur pour vérifier qu'il n'y pas eu de modification au niveau du terminal mobile.  During each exchange between the mobile application and the server, the identifier of the terminal is recalculated and transmitted to the server to check that there has been no change in the mobile terminal.

L'utilisateur définit un secret qui sécurise l'identifiant numérique certifiée.  The user defines a secret that secures the certified digital ID.

Avantageusement, le secret peut sécuriser l'accès à l'application située sur le terminal mobile. Lorsque l'utilisateur entre son secret, il est transmis via un message sécurisé au serveur pour vérification. Advantageously, the secret can secure access to the application located on the mobile terminal. When the user enters his secret, it is transmitted via a secure message to the server for verification.

Avec le module photographique de l'application installée sur le terminal mobile, l'utilisateur prend en photo le recto-verso de sa pièce d'identité qui sont transmis au serveur par message sécurisé pour contrôle, ainsi que la photographie de son portrait (en anglais « Selfie »). Chaque photographie est géolocalisée par le module de localisation et horodaté par le module de datation avant d'être transmise au serveur. A réception des images sur la plate-forme, les images sont transmises au processeur de traitement qui se charge de vérifier leur authenticité et d'en extraire le numéro de document et les données d'identité s'y trouvant En cas d'échec les données images sont transmises à un autre processus de traitement qui à la charge d'opération complémentaire. Sont ainsi vérifiés que les données d'identité sont valides et que la photographie du propriétaire du terminal mobile correspond au portrait situé sur l'image de la pièce d'identité. With the photographic module of the application installed on the mobile terminal, the user takes a photo of the front and back of his identity document which are transmitted to the server by secure message for control, as well as the photograph of his portrait (in English "Selfie"). Each photograph is geolocated by the localization module and timestamped by the dating module before being transmitted to the server. On receipt of the images on the platform, the images are transmitted to the processing processor which is responsible for verifying their authenticity and extracting the document number and the identity data contained therein. image data is transmitted to another processing process which is at the expense of complementary operation. This ensures that the identity data is valid and that the photograph of the owner of the mobile terminal corresponds to the portrait on the image of the identity document.

Si 1 ' authentification est confirmée, le numéro de document d'identité et les données d'identité sont ajoutés à l'identifiant numérique certifiée protégée par le secret de l'utilisateur, et l'identifiant numérique certifié est activé. If authentication is confirmed, the identity document number and the identity data are added to the certified digital identifier protected by the user's secret, and the certified digital identifier is activated.

L'identifiant numérique certifié, une fois activé, peut être étendu, après vérification du secret de l'utilisateur, par d'autres identifiants uniques extraits depuis des images acquises par le module photographique de l'application installée sur le terminal mobile et après vérification que les données d'identité sont conformes à celles enregistrées dans l'identité numérique certifiée active: numéro des autres documents d'identité en possession de l'usager, RIB/IBAN, numéro de carte bancaire, identifiant fiscal, numéro de sécurité sociale, l'adresse postale extrait d'un justificatif de domicile, etc. The certified digital identifier, once activated, can be extended, after verifying the secret of the user, by other unique identifiers extracted from images acquired by the photographic module of the application installed on the mobile terminal and after checking that the identity data are in conformity with those registered in the certified active digital identity: number of the other identity documents in the possession of the user, RIB / IBAN, credit card number, tax identifier, social security number, the postal address extracted from a proof of address, etc.

Deuxième procédé : changement de terminal mobile Le procédé suivant permet de transférer l'identifiant numérique certifié d'un terminal à un autre. Second process: mobile terminal change The following method makes it possible to transfer the certified digital identifier from one terminal to another.

Depuis l'application mobile installée sur son terminal mobile et après que son secret est été vérifié sur le serveur, l'utilisateur déclare qu'il procède à un transfert de terminal mobile. L'application mobile transmet un message sécurisé au serveur qui va placer l'identifiant numérique certifiée dans une mémoire sécurisée temporaires en attente de changement de l'identifiant du terminal et de l'identifiant numérique de l'instance applicative, identifiant qui sera générée lors de l'installation de l'application sur le nouveau terminal mobile. En retour, l'application mobile reçoit un code sécurisé à usage unique protégé par le secret de l'identifiant numérique certifié que l'utilisateur pourra insérer dans son nouveau terminal mobile, accompagné de l'ancien secret.  From the mobile application installed on his mobile terminal and after his secret has been verified on the server, the user declares that he is carrying out a mobile terminal transfer. The mobile application transmits a secure message to the server that will place the certified digital identifier in a temporary secure memory waiting for change of the identifier of the terminal and the numerical identifier of the application instance, which identifier will be generated during the installation of the application on the new mobile terminal. In return, the mobile application receives a secure single-use code protected by the secret of the certified digital identifier that the user can insert into his new mobile terminal, along with the old secret.

Lorsqu'il installe l'application mobile sur son nouveau terminal mobile, le serveur l'enregistre avec un nouvel identifiant numérique unique, enregistre l'identifiant unique du terminal mobile et un nouveau secret. When he installs the mobile application on his new mobile terminal, the server saves it with a new unique digital identifier, records the unique identifier of the mobile terminal and a new secret.

Sur son nouveau terminal mobile, l'utilisateur renseigne le code sécurisé à usage unique qu'il lui a été fourni à l'étape précédente et fourni son ancien secret. Ces deux informations sont transmises par l'application mobile sur le nouveau terminal mobile via un message sécurisé au serveur. Si le code sécurisé à usage unique n'a pas été consommé et que le secret est valide, l'identifiant numérique certifié se voit modifié par l'identifiant unique du terminal mobile, l'identifiant unique de l'application mobile et se retrouve protégé par le nouveau secret. On its new mobile terminal, the user informs the secure single use code that was provided to him in the previous step and provided his old secret. These two pieces of information are transmitted by the mobile application to the new mobile terminal via a secure message to the server. If the one-time secure code has not been consumed and the secret is valid, the certified digital identifier is modified by the unique identifier of the mobile terminal, the unique identifier of the mobile application and is found protected by the new secret.

Si l'utilisateur a perdu ou s'est fait voler son terminal mobile ou désinstallé/ré-installé l'application mobile, il doit procéder à une demande préalable de transfert de terminal mobile sur une console web mis à disposition. Pour cela, il doit télécharger l'image recto-verso de sa pièce d'identité, l'image de son portrait et fournir son secret. If the user lost or had their mobile device stolen or uninstalled / reinstalled the app mobile, it must make a prior request for transfer of mobile terminal on a web console made available. For this, he must download the double-sided image of his identity document, the image of his portrait and provide his secret.

A réception de la demande par le serveur, celui-ci lance auprès du processeur de traitement les opérations de vérification documentaire et d'extraction du numéro de document et des données personnelles depuis image afin de retrouver l'identité numérique certifiée dans sa mémoire sécurisée. Si un identifiant numérique certifié actif est identifié, les données personnelles contrôlées, le secret de l'utilisateur est vérifié. Si tout est confirmé, l'identifiant numérique certifié est placé dans une mémoire sécurisée temporaire en attente du changement de l'identifiant numérique de l'application et/ou de l'identifiant du terminal et va présenter à l'utilisateur un code sécurisé à usage unique protégé par le secret de l'utilisateur sur son ancien terminal mobile. Upon receipt of the request by the server, it sends to the processor the document verification operations and extraction of the document number and personal data from image to find the certified digital identity in its secure memory. If an active certified digital identifier is identified, the personal data checked, the secret of the user is verified. If everything is confirmed, the certified digital identifier is placed in a temporary secure memory waiting for the change of the digital identifier of the application and / or the identifier of the terminal and will present to the user a secure code to single use protected by the user's secret on his old mobile terminal.

Si le transfert est refusé car les informations ne correspondent pas, l'identifiant numérique certifié est supprimé de la mémoire temporaire sécurisé du serveur et mis en alerte de tentative d'usurpation. Il est alors obligatoire de relancer la procédure depuis son début.  If the transfer is refused because the information does not match, the certified digital identifier is removed from the secure temporary memory of the server and put on the alert for attempted spoofing. It is then obligatory to restart the procedure since its beginning.

Troisième procédé : Mise en alerte de l'identité numérique Third process: Alerting the digital identity

certifiée  certified

Le procédé permet à l'usager de mettre en alerte son identité numérique certifiée depuis son terminal mobile ou depuis une console web prévu à cet effet dans le cas de vol/perte de ses documents d'identité sans ou avec son terminal mobile ou mettre temporairement son identité numérique certifiée en sommeil. Si l'utilisateur a perdu ou s'est fait voler ses documents d'identité, il peut dans l'application de son terminal mobile mettre en alerte son identité numérique certifiée après que son secret ait été vérifié. The method allows the user to alert his certified digital identity from his mobile terminal or from a web console provided for this purpose in the case of theft / loss of his identity documents without or with his mobile terminal or temporarily put his digital identity certified dormant. If the user lost or was stolen his identity documents, he can in the application of his mobile terminal to alert his digital identity certified after his secret has been verified.

Si l'utilisateur a perdu ou s'est fait voler ses documents d'identité en même temps que son terminal mobile, il peut via une console web prévue à cet effet, déclarer le vol de son terminal et de ses données personnelles, en déclinant son état civil : nom, prénoms, date et lieu de naissance, nationalité, genre, et fournir son secret. If the user lost or was stolen his identity documents together with his mobile terminal, he can via a web console provided for this purpose, declare the theft of his terminal and his personal data, declining his marital status: name, first names, date and place of birth, nationality, gender, and provide his secret.

L'identifiant numérique certifié sera alors directement mis en alerte. De même il peut souhaiter mettre temporairement en sommeil son identité afin d'interdire tout accès à son identité numérique certifiée par des tiers, après vérification de son secret. Quatrième procédé : Vérification de l'identité par un tiers  The certified digital ID will then be directly alerted. Similarly, he may wish to put his identity temporarily dormant in order to prevent any access to his digital identity certified by third parties, after verification of his secret. Fourth method: third-party verification of identity

Le procédé permet à un tiers d'interroger l'identifiant numérique certifié actif en vue de vérifier l'identité de l'utilisateur. The method allows a third party to query the active certified digital identifier to verify the identity of the user.

Le tiers demandeur transmet au serveur, un des identifiants uniques enregistrés dans l'identifiant numérique certifié actif ou l'image de la pièce originale permettant de l'extraire. Si cet identifiant existe, une notification est transmise à l'application du terminal mobile pour demander, après vérification du secret, le téléchargement depuis le serveur du message sécurisé demandant à l'utilisateur s'il est bien l'auteur de la demande et/ou s'il accepte que soit transmise tout ou partie de ses données personnelles enregistrées dans l'identifiant numérique certifiée. Si l'utilisateur donne son accord, un message sécurisé est transmis par l'application mobile au serveur afin que sa réponse soit transmis au demandeur, éventuellement complété par les données personnelles ou une partie de celles- ci, ou en fournissant un pseudonyme, autorisées par l'utilisateur et enregistrées dans l'identifiant numérique certifiée actif. The requesting party transmits to the server, one of the unique identifiers registered in the active certified digital identifier or the image of the original part making it possible to extract it. If this identifier exists, a notification is transmitted to the application of the mobile terminal to request, after verification of the secret, downloading from the server of the secure message asking the user if he is the author of the request and / or if he accepts the transmission of all or part of his personal data stored in the certified digital identifier. If the user agrees, a secure message is transmitted by the mobile application to the server so that its response is transmitted to the applicant, possibly supplemented by the personal data or part thereof, or by providing a pseudonym, authorized by the user and stored in the active digital ID.

Si l'utilisateur n'acquiesce pas, un message sécurisé est transmis par l'application mobile au serveur afin que sa réponse soit transmise au demandeur avec son refus .  If the user does not agree, a secure message is transmitted by the mobile application to the server so that his response is transmitted to the applicant with his refusal.

Si l'identifiant numérique certifié est en alerte, suite à une déclaration de perte/vol par exemple ou la mise en sommeil demandée par l'utilisateur au travers de son application mobile, ou toute autre action provoquant la mise en alerte de l'identifiant numérique certifié, le demandeur est alors prévenu immédiatement. If the certified digital identifier is on alert, following a declaration of loss / theft for example or the sleep requested by the user through its mobile application, or any other action causing the alerting of the identifier digital certificate, the applicant is then notified immediately.

Claims

Revendications claims 1 - Plateforme pour la sécurisation de la vérification de l'identité personnelle comprenant un serveur pour l'enregistrement dans une mémoire sécurisé, pour chaque terminal Ti, d'au moins un identifiant unique numérique INi dudit terminal Ti associé à au moins un identifiant unique IDUi d'un document d'identité d'un utilisateur dudit terminal Ti, chaque terminal exécutant une application commandant l'acquisition et la transmission d'image acquise par le terminal, et de transmission audit serveur par une session de communication associée audit identifiant unique numérique INi ainsi qu'un processeur pour réaliser un traitement : 1 - Platform for securing the verification of personal identity, comprising a server for recording in a secure memory, for each terminal Ti, at least one digital unique identifier INi of said terminal Ti associated with at least one unique identifier IDUi of an identity document of a user of said terminal Ti, each terminal executing an application controlling the acquisition and transmission of image acquired by the terminal, and transmission to said server by a communication session associated with said unique identifier digital INi and a processor to perform a treatment: - d'extraction, à partir d'une image d'un document d'identité acquise à partir dudit terminal Ti, d'au moins un identifiant unique IDIi et d'enregistrement en relation avec identifiant unique numérique INi dudit terminal Ti utilisé pour l'acquisition de ladite image IMi  extracting, from an image of an identity document acquired from said terminal Ti, at least one unique identifier IDIi and registration in relation to a digital unique identifier INi of said terminal Ti used for acquisition of said IMi image - d'analyse intrinsèque de l'image par application d'au moins un modèle de conformité  - intrinsic image analysis by applying at least one conformance model - de comparaison d'une photographie extraite de ladite image IMi du document d'identité avec une photographie Pi d'une personne acquise par le même terminal Ti,  comparing a photograph taken from said image IM i of the identity document with a photograph Pi of a person acquired by the same terminal Ti, et, dans le cas où lesdites étapes d'analyse et de comparaison sont positives, d'enregistrement, en relation avec l'identifiant numérique INi, ladite image numérique IMi du document d'identité et ladite photographie numérique Pi.  and, in the case where said analysis and comparison steps are positive, of recording, in relation to the digital identifier INi, said digital image IMi of the identity document and said digital photograph Pi. 2 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication2 - Platform for securing the verification of personal identity according to the claim 1 caractérisée en ce que ledit traitement comporte en outre, en cas d'analyse ou de comparaison négative, une étape d'enregistrement de l'identifiant numérique INi dans une mémoire spécifique de terminaux suspects. 3 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication 1 caractérisée en ce que ledit traitement comporte en outre, en cas d'analyse ou de comparaison négative, une étape de transmission d'un rapport numérique comprenant ladite image numérique IMi du document d'identité et ladite photographie numérique Pi à un terminal tiers, ledit terminal comportant des moyens pour transmettre conditionnellement une information sécurisée commandant l'enregistrement, en relation avec l'identifiant numérique INi, ladite image numérique IMi du document d'identité et ladite photographie numérique Pi. 1 characterized in that said processing further comprises, in case of analysis or negative comparison, a step of recording the digital identifier INi in a specific memory of suspicious terminals. 3 - Platform for securing the verification of personal identity according to claim 1 characterized in that said processing further comprises, in case of analysis or negative comparison, a step of transmitting a digital report comprising said image digital IMi of the identity document and said digital photograph Pi to a third-party terminal, said terminal comprising means for conditionally transmitting secure information controlling the recording, in relation with the digital identifier INi, said digital image IMi of the document of identity and said digital photograph Pi. 4 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication 1 caractérisée en ce qu'elle comporte en outre au moins un terminal tiers Cj comportant des moyens pour acquérir une information numérique INj constituée par au moins une partie de l'identifiant numérique INi et/ou ladite image numérique IMi du document d'identité et transmettre ladite information numérique INj, au serveur réalisant un traitement consistant à rechercher dans la mémoire contenant la table constituée par les N-uplets comprenant l'identifiant numérique INi, ladite image numérique IMi du document d'identité, pour calculer l'identifiant INi correspondant l'information INi, et à transmettre au terminal Ti correspondant un message numérique Mij . 4 - platform for securing the verification of personal identity according to claim 1 characterized in that it further comprises at least one third terminal Cj comprising means for acquiring digital information INj constituted by at least a part of the digital identifier INi and / or said digital image IMi of the identity document and transmit said digital information INj, to the server carrying out a processing consisting of searching in the memory containing the table constituted by the N-tuplets comprising the digital identifier INi, said digital image IMi of the identity document, to calculate the identifier INi corresponding to the information INi, and to transmit to the corresponding terminal Ti a digital message Mij. 5 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication 4 caractérisée en ce que ledit message numérique Mij comprenant en outre un code d'acceptation dont l'activation commande la transmission par le terminal Ti d'un message numérique commandant la transmission par la plateforme d'un message numérique comprenant des données numériques associées audit INi et/ou une information d'acceptation. 6 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication 1 caractérisée en ce que ledit processeur exécute en outre un traitement pour l'enregistrement de la substitution d'un terminal Tii au terminal Ti d'un utilisateur, consistant à : 5 - Platform for securing the verification of personal identity according to claim 4 characterized in that said digital message Mij further comprising an acceptance code whose activation controls the transmission by the terminal Ti of a digital message controlling the transmission by the platform of a digital message comprising digital data associated with said INi and / or acceptance information. 6 - Platform for securing the verification of personal identity according to claim 1 characterized in that said processor also executes a processing for recording the substitution of a terminal Tii to the terminal Ti of a user, consisting of at : transmettre un message numérique à partir du terminal Ti commandant la dissociation, dans la mémoire du serveur, de l'identifiant numérique INi d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part  transmit a digital message from the terminal Ti controlling the dissociation, in the memory of the server, of the digital identifier INi on the one hand, and of said digital image IMi of the identity document and said digital photograph Pi on the other hand - enregistrer dans une mémoire tampon ladite image numérique IMi du document d'identité et ladite photographie numérique Pi, en association avec un identifiant unique temporaire de transfert IUT à usage unique  recording in a buffer memory said digital image IMi of the identity document and said digital photograph Pi, in association with a temporary unique transfer identifier IUT for single use - transmettre par le serveur audit terminal Ti d'un message codé MIUT avec ledit code IUT associé à un code d'activation associé au terminal Ti  transmitting by the server to said terminal Ti an encrypted message MIUT with said IUT code associated with an activation code associated with the terminal Ti - transmettre ledit message codé MIUT depuis ledit terminal Ti audit terminal Tii  transmitting said coded message MIUT from said terminal Ti to said terminal Tii - transmettre ledit message codé MIUT depuis ledit transmitting said coded message MIUT from said Tii audit serveur pour commander l'association de l'identifiant numérique INii d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part. Tii audit server to control the association of the digital identifier INii on the one hand, and said digital image IMi of the identity document and said digital photograph Pi on the other hand. 7 - Plateforme pour la sécurisation de la vérification de l'identité personnelle selon la revendication 1 caractérisée en ce que ledit processeur exécute en outre un traitement pour l'enregistrement de la substitution d'un terminal Tii au terminal Ti d'un utilisateur, consistant à : 7 - Platform for securing the verification of personal identity according to claim 1 characterized in that said processor also executes a processing for recording the substitution of a terminal Tii to the terminal Ti of a user, consisting of at : - transmettre un message numérique codé en fonction du code secret de l'utilisateur, à partir d'un équipement informatique de l'utilisateur commandant la dissociation, dans la mémoire du serveur, de l'identifiant numérique INi d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part transmitting a coded digital message according to the secret code of the user, from a computer equipment of the user controlling the dissociation, in the memory of the server, of the digital identifier INi of a part, and of said digital image IMi of the identity document and said digital photograph Pi of the other part - enregistrer dans une mémoire tampon ladite image numérique IMi du document d'identité et ladite photographie numérique Pi, en association avec un identifiant unique temporaire de transfert IUT à usage unique  recording in a buffer memory said digital image IMi of the identity document and said digital photograph Pi, in association with a temporary unique transfer identifier IUT for single use transmettre par le serveur audit terminal de l'utilisateur d'un message codé MIUT avec ledit code IUT associé à un code d'activation associé audit équipement informatique de l'utilisateur  transmitting by the server to said user's terminal a coded message MIUT with said IUT code associated with an activation code associated with said user's computer equipment - transmettre ledit message codé MIUT depuis ledit équipement informatique de l'utilisateur audit terminal Tii  transmitting said MIUT coded message from said user's computer equipment to said terminal Tii - transmettre ledit message codé MIUT depuis ledit Tii audit serveur pour commander l'association de l'identifiant numérique INii d'une part, et de ladite image numérique IMi du document d'identité et ladite photographie numérique Pi d'autre part.  transmitting said MIUT coded message from said TII to said server to control the association of the digital identifier INi on the one hand, and of said digital image IMi of the identity document and said digital photograph Pi on the other hand.
PCT/FR2016/052132 2015-09-28 2016-08-26 Platform and method for securing the verification of personal identity without physical presence Ceased WO2017055695A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP16770060.8A EP3356982A1 (en) 2015-09-28 2016-08-26 Platform and method for securing the verification of personal identity without physical presence

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1559112A FR3041793B1 (en) 2015-09-28 2015-09-28 PLATFORM AND METHOD FOR SECURING THE VERIFICATION OF PERSONAL IDENTITY WITHOUT A PHYSICAL PRESENCE
FR1559112 2015-09-28

Publications (1)

Publication Number Publication Date
WO2017055695A1 true WO2017055695A1 (en) 2017-04-06

Family

ID=55299581

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2016/052132 Ceased WO2017055695A1 (en) 2015-09-28 2016-08-26 Platform and method for securing the verification of personal identity without physical presence

Country Status (3)

Country Link
EP (1) EP3356982A1 (en)
FR (1) FR3041793B1 (en)
WO (1) WO2017055695A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113766487A (en) * 2021-09-01 2021-12-07 北京百度网讯科技有限公司 Cloud mobile phone information acquisition method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3007929A1 (en) * 2013-06-27 2015-01-02 France Telecom METHOD FOR AUTHENTICATING A USER OF A MOBILE TERMINAL
US20150026478A1 (en) * 2013-07-16 2015-01-22 Eingot Llc Electronic document notarization

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3007929A1 (en) * 2013-06-27 2015-01-02 France Telecom METHOD FOR AUTHENTICATING A USER OF A MOBILE TERMINAL
US20150026478A1 (en) * 2013-07-16 2015-01-22 Eingot Llc Electronic document notarization

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113766487A (en) * 2021-09-01 2021-12-07 北京百度网讯科技有限公司 Cloud mobile phone information acquisition method, device, equipment and medium
CN113766487B (en) * 2021-09-01 2023-11-14 北京百度网讯科技有限公司 Cloud mobile phone information acquisition methods, devices, equipment and media

Also Published As

Publication number Publication date
EP3356982A1 (en) 2018-08-08
FR3041793B1 (en) 2017-10-20
FR3041793A1 (en) 2017-03-31

Similar Documents

Publication Publication Date Title
CN103841108B (en) The authentication method and system of user biological feature
EP3690686B1 (en) Authentication procedure, server and electronic identity device
EP3547270A1 (en) Method for verifying a biometric authentication
WO2009083518A1 (en) Generation and use of a biometric key
CN109359601A (en) Authentication and identification method, electronic device and computer-readable storage medium
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
TW201816648A (en) Business implementation method and device
CN112328989A (en) Network identity authentication method, system and storage medium based on biological characteristics
EP2614458A2 (en) Method of authentification for access to a website
FR3029665A1 (en) METHOD IMPLEMENTED IN IDENTITY DOCUMENT AND ASSOCIATED IDENTITY DOCUMENT
CN110995661B (en) Network card platform
CN109815669A (en) Authentication method and server based on face recognition
CN113259136B (en) Multi-client collaborative authentication method, device, device and medium for feature identification
CN111970122A (en) Official APP identification method, mobile terminal and application server
KR101927336B1 (en) APPARATUS AND METHOD FOR IDENTIFY TERMINAL DEVICE USER and FALSIFICATION OR TEMPERING
EP3356982A1 (en) Platform and method for securing the verification of personal identity without physical presence
EP3262553B1 (en) Method of transaction without physical support of a security identifier and without token, secured by the structural decoupling of the personal and service identifiers
JP2006277028A (en) User registration method and proxy authentication system using biometric information
CN110519061A (en) A kind of identity identifying method based on biological characteristic, equipment and system
FR2913551A1 (en) User authenticating method for use in Internet network, involves authenticating authentication server by token and vice versa for each of web pages requested by user, by executing control script e.g. java script, in computer
FR3060168B1 (en) BIOMETRIC IDENTIFICATION METHOD AND SYSTEM
RU2787577C2 (en) Signing device and signing method
WO2018029564A1 (en) System and method for authentication of a user of an application system by a central server, without using a password
WO2023001845A1 (en) Method for enrolling a user by an organisation on a blockchain
EP4241190A1 (en) Authentication method secured by structural decoupling of personal and service identifiers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16770060

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016770060

Country of ref document: EP