• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method for processing transactional data representative of a payment made by a user from a communication terminal (TC). According to the invention, such a method comprises: a loading step (10) of a virtual payment terminal (vPos), within a first secure memory space (SecSpace1) of the communication terminal (TC), said terminal virtual machine (vPos) in the form of a software module registered within a secure storage space of the communication terminal (TC); a loading step (20), within a second secure space (SecSpace2), of at least one virtual payment card (vCB); a processing step (30) by the virtual payment terminal (vPos) of a payment transaction using said at least one virtual payment card (vCB).
    公开号:FR3020165A1
    申请号:FR1453568
    申请日:2014-04-18
    公开日:2015-10-23
    发明作者:Pierre Quentin
    申请人:Compagnie Industrielle et Financiere dIngenierie Ingenico SA;
    IPC主号:
    专利说明:

    [0001] FIELD OF THE INVENTION The invention relates to the field of payment terminals. The technique relates more particularly to payment terminals that can be implemented using a user terminal (such as a smartphone, tablet, PDA or personal computer type communication terminal). The invention is part of a new paradigm for implementing a payment. More particularly, the invention is part of a payment system in which the user is provided with a payment device. This is to allow the user to make payments using a device in his possession to ensure a payment type "card present" even for payments made for online services. 2. Prior art Many solutions have been proposed to allow users to make payments using a communication terminal while physically using a payment card (ie using the information available on a chip or on a magnetic strip). Such a type of payment is called a "card present" payment, which differs from a "card not present" payment in which it is the information entered on the card (card number, no of the holder, date of validity). ) that are used. It is commonly accepted that payments (transactions) that are made using chip or magnetic stripe data have a greater degree of security than payments made using the information on the card itself. It is therefore preferable that any payment can be made in "card present" mode. The rise of online payments has highlighted a significant need. Indeed, the number of fraudulent payments made on the Internet made it possible to become aware of the need to secure this type of payment in order to curb fraud.
    [0002] Thus, for example, the payment device described in patent US2005 / 0236480 makes it possible to connect to a telephone type communication terminal. Such a device ensures in theory that the payment can not be repudiated. That is, the payment, insofar as it has been made using a bank card belonging to the user of the communication terminal and the auxiliary device, can not subsequently be contested by the from the user. Such a payment device is interesting from a theoretical point of view: it allows the user to connect a complementary device to his phone to turn it into a payment terminal. Unfortunately, in practice, such a device faces many problems. The first is that this device is adapted to a particular terminal model. It is necessary to provide a device model for each terminal model. Given a very large number of telephone models, such a solution is not economically viable. Second, such a device can be easily compromised. This means that it is relatively easy to temporarily steal such a device, to modify it (for example to introduce a fraud module) and to use subsequently the data obtained by the fraud module to clone a card. Thirdly, such a device is not suitable for contemporary use of the means of payment. Indeed, a device of this type requires a transmission of a payment transaction via an SMS (short message service) or another type of equivalent message (ie using a 2G telephony architecture). However, currently means for receiving and transmitting data based on web protocols are widely acclaimed, especially because of their universality.
    [0003] Thus, there is a need to provide a technique that makes it possible to make a "card present" payment while being adapted, on the one hand, to scalability requirements, to securing credit card data and to transactions. SUMMARY OF THE INVENTION The invention does not pose these problems of the prior art. More particularly, the invention provides a simple solution to the previously identified problem. The invention thus relates to an implementation, within a communication terminal of a user, of a virtual payment terminal. More specifically, the virtual payment terminal is implemented within a secure area of the communication terminal, which secure space includes a tamper-proof storage area that can be implemented to execute transactions, including payment transactions. More particularly, the invention relates to a method of processing transactional data representative of a payment made by a user from a communication terminal. According to the invention, such a method comprises: a step of loading a virtual payment terminal, within a first secure memory space of the communication terminal, said virtual terminal being in the form of a software module registered at the within a secure storage space of the communication terminal; a step of loading, within a second secure area, at least one virtual payment card; a processing step by the virtual payment terminal of a payment transaction using said at least one virtual payment card.
    [0004] According to a particular characteristic, the step of loading a virtual payment card comprises: a step of loading a virtual payment card emulation software module; a step of obtaining a payment card data structure an instantiation step, within the second secure space, of the virtual payment card using the emulation software module and the data structure payment card. Thus, the invention makes it possible to carry out transactions in a secure manner, while maintaining the non-repudiation principles specific to transactions carried out in "card present" mode and avoiding the need to have a physical terminal and a physical card. According to one particular characteristic, the step of loading a virtual payment card comprises: a step of displaying on a screen of the communication terminal, a set of virtual payment cards associated with the user; a selection step, a virtual payment card among the set of payment cards displayed. Thus, the user can have several virtual payment cards and make a payment transaction with the card that suits him. According to a particular embodiment, said method comprises, after the step of loading the virtual payment terminal, a step of displaying on a screen of the communication terminal, data representative of a passage in secure mode. According to a particular embodiment, the step of loading a virtual payment card comprises: a step of identification by said virtual payment terminal, the second secure space in which the virtual payment card must be loaded; and when the second secure space is located on a server connected to the communication terminal via a communication network, a step of loading, within the first secure memory space, an encapsulation module. Thus, the proposed technique makes it possible to guarantee the implementation of a payment even if the virtual card would not be recorded on the communication terminal itself, but on a remote server. According to a particular embodiment, the method comprises, when the second secure space is located on a server connected to the communication terminal, and for at least some of the data exchanged between said virtual payment terminal and said virtual payment card, at the least one step of transmitting a command to said server comprising: a step of creating a frame header comprising at least one identifier of the virtual payment terminal and an identifier of the virtual payment card; a step of filling a frame said header, said command, according to a given data exchange protocol, a step of transmitting the frame to said server. The invention also relates to a transactional data processing device representative of a payment made by a user from a communication terminal. According to the invention, such a device comprises: means for loading a virtual payment terminal, within a first secure memory space of the communication terminal, said virtual terminal being in the form of a software module registered at the within a secure storage space of the communication terminal; loading means, within a second secure space, of at least one virtual payment card; means for processing by the virtual payment terminal of a payment transaction using said at least one virtual payment card. The invention relates of course to a communication terminal which integrates a transactional data processing device as described above.
    [0005] According to a preferred implementation, the various steps of the methods according to the invention are implemented by one or more software or computer programs, comprising software instructions intended to be executed by a data processor of a relay module according to the invention. invention and being designed to control the execution of the various process steps. Accordingly, the invention is also directed to a program that can be executed by a computer or a data processor, which program includes instructions for controlling the execution of the steps of a method as mentioned above. This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape. The invention also provides a data carrier readable by a data processor, and including instructions of a program as mentioned above. The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a diskette (floppy disc) or a disk hard.
    [0006] On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can be downloaded in particular on an Internet type network. Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question. According to one embodiment, the invention is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document as well to a software component, a hardware component or a set of hardware and software components. A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software capable of implementing a function or a program. set of functions, as described below for the module concerned. Such a software component is executed by a data processor of a physical entity (terminal, server, gateway, router, etc.) and is capable of accessing the hardware resources of this physical entity (memories, recording media, bus communication cards, input / output electronic cards, user interfaces, etc.). In the same way, a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions, as described below for the module concerned. It may be a hardware component that is programmable or has an integrated processor for executing software, for example an integrated circuit, a smart card, a memory card, an electronic card for executing a firmware ( firmware), etc. Each component of the previously described system naturally implements its own software modules. The various embodiments mentioned above are combinable with each other for the implementation of the invention. 4. Drawings Other characteristics and advantages of the invention will appear more clearly on reading the following description of a preferred embodiment, given as a simple illustrative and nonlimiting example, and the appended drawings, among which: Figure 1 presents a synoptic of the proposed technique; Figure 2 presents a synoptic of the proposed technique, ...; Figure 3 describes a device for implementing the proposed technique; Figure 4 depicts a server comprising a plurality of virtual payment cards. 5. Description 5.1. Reminder of the general principle As previously explained, the general principle of the proposed technique is to introduce, within the communication terminal of the user, a virtual payment terminal (vPos). Such a virtual payment terminal differs from a physical payment terminal in that it implements the processor of the communication terminal assigned to it. In addition, the virtual payment terminal has access to a secure memory area in which it is able to perform cryptographic operations. Such a payment terminal comprises an interface for receiving commands from the communication terminal, for carrying out transactions. From this point of view, the communication terminal acts as a sort of cash register that is able to transmit, to the virtual payment terminal, orders for payment (for example a transaction amount).
    [0007] When receiving an activation order and a transaction amount, the virtual payment terminal (vPos) is able to implement a payment transaction, according to at least two embodiments described later. With reference to FIG. 1 and FIG. 2, the general steps of the method of the present technique are presented. Such a method of processing transactional data representative of a payment made by a user from a communication terminal (TC) comprises: a step of loading (10) a virtual payment terminal (vPos), within a first secure memory space (SecSpacel) of the communication terminal (TC), said virtual terminal (vPos) being in the form of a software module registered within a secure storage space (ESS) of the terminal of communication (TC); a loading step (20), within a second secure space (SecSpace2), of at least one virtual payment card (vCB); a processing step (30) by the virtual payment terminal (vPos) of a payment transaction (TrP) using said at least one virtual payment card (vCB).
    [0008] The step that the charging step (20) of a virtual payment card (vCB) comprises: a step of loading (25) a virtual payment card emulation software module (modEmul); a step of obtaining (26) a payment card data structure (StructCB) an instantiation step (27), within the second secure space (SecSpace2), the virtual payment card (vCB) to using the emulation software module (modEmul) and the payment card data structure (StructCB). In other words, according to the proposed technique, the virtual payment terminal is implemented as follows: the user uses his communication terminal to make a purchase from an online service (a website). It selects one or more items and starts the payment transactions (usually by using a "make payment" button in a web page or in a dedicated application (for example the Amazon (tm), alibaba, ebay, etc.), the service or application detects that the terminal has a virtual payment terminal instead of requiring the entry of data relating to a payment card (card numbers, name of the cardholder, date of validity), the service or application triggers the implementation of the virtual terminal according to the proposed technique, the virtual terminal is loaded into memory (preferably SecSpacel secure memory so that its operation is guaranteed). (If the virtual payment terminal is loaded at the start of the communication terminal or if the payment terminal has already been previously loaded.) Optionally, a warning message is addressed (15) to the user, informing him that a sensitive operation is about to be performed; the virtual terminal requires the entry of a personal identification code from the user; this personal identification code corresponds for example to the secret code of a payment card (also called PIN). Alternatively, this personal identification code may also correspond to a diagram to be drawn by the user or to a signature of a fingerprint to be produced (if the communication terminal comprises a fingerprint reader) or at a zone seizure; For the continuation one supposes that the code entered by the user is correct. In case of bad code, a maximum number of tests is allowed. When this number of tests is reached or exceeded (for example three), the virtual payment terminal goes off: this deactivation causes the erasure of the secure memory and the removal of the virtual payment terminal and / or the deletion of sensitive data from the virtual terminal. The communication terminal can then no longer operate a virtual payment terminal until this virtual payment terminal is again installed on the communication terminal. The virtual payment card is subsequently loaded into a second secure space. It may be a local space, present on the communication terminal (SecSpace2, FIG. 1) or a remote space, present on a server to which the communication terminal is connected (SecSpace2, FIG. 2). case, identification (21) and loading (22) steps of a network communication module are implemented in order to exchange control frames (APPDU) of the protocol 7816 on the communication network (for example encapsulated in IP frames). in a complementary manner, when this is conceivable, the virtual terminal requires the user to select a means of payment to be used (this is the case for example when several payment cards can be used by the user as a credit card for a first bank and a credit card for a second bank). Furthermore, it may be envisaged to require a new entry of a personal identification code specifically attached to the selected payment means, in order to strengthen the security (this is explained later in the context of an EMV implementation. ). Optionally, therefore, a warning message is displayed (23) to the user to select (24) a payment card from a plurality of available payment cards; a verification of the concordance of the personal identification code relative to the selected means of payment is carried out by a mechanism explained later. the virtual payment terminal then implements the payment by building a payment transaction, for example according to the set of SEPA and / or EMV protocols. There are two scenarios: the transaction is correctly conducted and a payment summary is displayed on the screen of the communication terminal and / or registered within the terminal; the transaction fails (for example following a refusal from the bank), and a transaction failure message is displayed on the screen and the virtual payment terminal is closed (or placed in a secure cache if possible) )). Thus, instead of using an additional terminal which must be paired with the communication terminal, a secure memory area of the communication terminal is used to execute a virtual payment terminal. As can be noted, two phases can be described in a complementary manner: the installation of this virtual payment terminal within the communication terminal and the use of a means of payment to perform a payment transaction. The installation of the virtual payment terminal within the communication terminal is linked to the presence, within this terminal, of a secure memory area. Such a secure memory area is remarkable in that it is accessible only from a secure portion of the operating system of the communication terminal, only authorized to access this area. The installation of this virtual payment terminal thus goes through a use of this portion of the operating system. It is not detailed further, this installation being dependent on the operating system as such and the technical characteristics of this secure memory area.
    [0009] On the other hand, the completion of the transaction from the selected payment means is fully part of the present technique. Such an embodiment is performed in at least two different ways: the use of a virtual payment card, accessible within the communication terminal; the use of a virtual payment card, accessible via a secure communication network. 5.2. Using a virtual payment card, accessible within the communication terminal In this embodiment, in conjunction with the use of a communication terminal comprising a virtual payment terminal, one or more virtual bank cards are set up. artwork. The general principle is to execute, in the secure storage area or using it, a virtual machine reproducing the behavior of a payment card. This virtual machine can be seen as an emulator, making it possible to reproduce the behavior of an EMV type smart card. In addition, the data needed to perform transactions are also placed in this secure memory area. This technique is presented in connection with FIG.
    [0010] The virtual machine of the bank card (MVC) is placed in a secure memory zone (ZMS) read-only to guarantee the absence of modification thereof. This secure memory area also includes (ZMS) a (Explicit architecture EMV bank card). Primarily, the organization of this secure memory area consists of reproducing an architecture of an EMV-standard bank card. The secure memory area is thus organized to allow a behavior identical or similar to a real EMV card, which would for example be inserted in the terminal. The virtual machine emulates the presence of an EMV type bank card. The personalization data of this EMV virtual card (Certificates, Applications, Carrier Authentication, etc.) is inserted using a specific insertion protocol.
    [0011] When a virtual card is instantiated within the secure memory area, the implementation technique of this virtual card is as follows: the virtual payment terminal (vPos) transmits EMV commands to the virtual payment card. These commands comply with the 7816 standard and are exchanged according to the APDU protocol. The payment card responds to the orders transmitted by the virtual payment terminal according to the same principle. The transaction is conducted between the virtual payment terminal and the virtual payment card using the following sequence: Selection of the EMV application of the virtual payment card (CB, VISA ...) Initialization of the application Reading of the application data Reading usage restrictions Offline data authentication Bearer identification (personal identification code entry) Risk management on the virtual payment terminal side Risk analysis by the virtual payment terminal and data transfer action virtual payment terminal (Payment accepted offline, declined offline, Authorization required) First risk analysis on the virtual payment card side Online authorization request (if applicable) Second risk analysis on the credit card side virtual payment Execution of the final script of the issuer of the virtual payment card (bank concerned) (update of the parameters The advantage of this embodiment is the following: unlike existing solutions, it is not necessary to build a particular card reading device (to be connected to the user's communication terminal). ) to be able to perform actions in Card Present mode from the terminal. Moreover, it is not necessary to modify the implementation of the existing protocols. The user can thus use his communication terminal to make purchases. At least two types of security subsystem internal to the communication terminal are used: TPM (English for "trusted platform module") for communication terminals of the personal computer type. TPM components may be present on such terminals. When a terminal has a component of this type, the proposed technique is implemented through this component; a dedicated security component: such a component can be inserted directly within the communication terminal to provide physical support for the implementation of the proposed technique; In a complementary embodiment, a SIM card inserted in the communication terminal is used instead of the secure memory area to contain the data of the virtual bank card. More particularly, in a first variant, the SIM card of the communication terminal (for example a smartphone or a tablet) is used to record the data of the virtual bank card. In this case, the secure memory area is that of the SIM card. In this first variant, the virtual bank card emulator remains executed on the communication terminal. Thus, a method of obtaining data stored on the SIM card is implemented, via the data exchange interface of the SIM card (It is also to exchange APDU). On the other hand, the exchange of these data is only intended to obtain the data necessary for the simulation of the bank card by the communication terminal: it is therefore a digital safe remotely on the SIM card. Thus, the virtual bank card emulator includes a data access module of the SIM card, this module being able to exchange data with this SIM card via the 7816-x protocols.
    [0012] In a second variant, the SIM card directly integrates a banking function and is therefore able to act as a bank card when requested by the virtual payment terminal. More particularly this SIM card works, when it is accessed in "banking" mode as a conventional bank card. However, unlike multi-tenant SIM cards, this one is not intended to offer a payment with any type of payment terminal. The "banking" mode of this card is accessible only through the virtual payment terminal installed within the communication terminal. Therefore, to access the "banking" mode of this SIM card, a specific access method is implemented (not detailed). This method requires the authentication of the virtual payment terminal, which must transmit, via a specific APDU, proof of its authentication to the SIM card operating in "banking" mode. More particularly, this proof of authentication may for example consist of a virtual terminal authentication datum obtained after an authentication phase performed with an authentication server to which the user's communication terminal was connected at the moment. of (or after) the installation of the virtual payment terminal. Moreover, the obtaining of such authentication data may be common to all the embodiments of the present technique. The method implemented is as follows: the virtual payment terminal transmits to the SIM card a flip-flop instruction in bank mode; to do this, the virtual payment terminal transmits its authentication data (it is for example an APDU command type BC, C0 with the authentication data parameter); depending on the application coded in the SIM card, such an APDU causes an implementation of a verification function in the SIM card and the transmission of a standardized response (fields SW1 and SW2 fields). 5.3. Using a virtual payment card, accessible via a secure communication network As previously explained, the 7816 protocols define the APDUs that are transmitted a card connected to a card reader in contact mode. In this embodiment, this implementation of the 7816 protocols is not deviated from, which makes it an interesting feature. As part of a virtual payment terminal and connected to a bank card farm, the virtual payment terminal must interrogate a card when carrying out a transaction. In this embodiment, it is therefore proposed to use a virtual bank card, the data of which is stored on a server. Furthermore, in this embodiment, the server can advantageously store and protect a plurality of virtual payment cards belonging to a plurality of cardholders. There is thus on this server, a "farm" of payment cards. This farm makes it possible to centralize the virtual payment cards. Thus, in this embodiment, the APDUs are transmitted via the communication network to which the communication terminal and the server are connected. It is assumed, as a prerequisite, that the communication terminal and the server have established a secure communication between them and that the exchanges can not be intercepted. The virtual payment terminal therefore comprises an APDU command transmission and reception module which operates in conjunction with an encapsulation module (also secure and operating in a secure memory area) in charge of the encapsulation and de-encapsulation of APDU commands. This encapsulation module makes it possible to generate frames (for example IP frames) comprising one or more data fields (the size of which varies according to the MTU). The server that manages the virtual payment card farm also includes a similar encapsulation module for performing similar operations from the server. Typically, a data field of an IP frame encapsulating APDU commands comprises three parts: - The first part, said header, comprises the following fields: Card Server ID: the identifier of the server at the origin of the transaction request; VPos ID: virtual terminal identification. This identifier must allow to go up to the software version, the operator of the vPos, etc. ; VPos frame number: The number of the frame sent by vPos, allowing the farm to process the frames in order. This number is incremented only by the vPos, and only copied in the frames coming from the farm; Identification card: token to identify the card on the farm; Firm frame number: The number of the frame exchanged from the farm, allowing the vPos to process the frames in order; Conversely, this number is incremented by the farm, and copied by the vPos in the return frames; Owner fields: Fields consisting of a length and a byte number for special purposes; Length: total length of the complete frame; The second part includes an iso7816 frame without modification, whether APDU or TPDU. The third part includes a frame end which consists of a specific end-of-frame character. The advantages of this embodiment are many. First, it is not necessary to have secure storage space on the communication terminal. This is advantageous because it prevents a compromise of the communication terminal causes a theft of banking data of the virtual card stored on the communication terminal. In the second place, this embodiment makes it possible to strongly secure the access to the server which centralizes the virtual payment cards. Moreover, this avoids having to operate a virtual machine simulating the operation of the virtual payment card on the communication terminal. Therefore, this virtual card operation simulation is performed on the server which is a safer place of treatment. 5.4. Other features and advantages With reference to FIG. 3, a device implemented for carrying out payment operations from a communication terminal while operating in "card present" mode, according to the method described previously, is described.
    [0013] For example, the device comprises a memory 31 constituted by a buffer memory, a processing unit 32, equipped for example with a microprocessor, and driven by the computer program 33, implementing a method for processing transactional data. . At initialization, the code instructions of the computer program 33 are for example loaded into a memory before being executed by the processor of the processing unit 32. The processing unit 32 receives as input at least one data representative of an identifier of a communication terminal. The microprocessor of the processing unit 32 implements the steps of the processing method, according to the instructions of the computer program 33 to perform a loading, in a secure memory area, of a virtual payment terminal (memory area to be used for execute the virtual payment terminal on the communication terminal: it is for example a TMP for a personal computer or an "Embedded secure element" within a telephone). For this, the device comprises, in addition to the buffer memory 31, communication means, such as network communication modules, data transmission means and possibly an encryption processor. These means may be in the form of a particular processor implemented within the device, said processor being a secure processor. According to a particular embodiment, this device implements a particular application which is in charge of carrying out the transactions, this application being for example provided by the manufacturer of the processor in question in order to allow the use of said processor. To do this, the processor comprises unique identification means. These unique identification means make it possible to ensure the authenticity of the processor. Furthermore, the device comprises the means for loading a virtual payment terminal (vPos), within a first secure memory space (SecSpacel) of the communication terminal (TC), said virtual terminal (vPos) appearing under the form of a software module registered within a secure storage space of the communication terminal (TC); the loading means, within a second secure space (SecSpace2), of at least one virtual payment card (vCB), when the virtual cards are also managed by the device; means for processing by the virtual payment terminal (vPos) of a payment transaction using said at least one virtual payment card (vCB). These means are also presented as communication interfaces for exchanging data on communication networks, database query and update means, etc. With reference to FIG. a server implemented to perform payment operations from a communication terminal while operating in "card present" mode, according to the previously described method. For example, the server comprises a memory 41 constituted by a buffer memory, a processing unit 42, equipped for example with a microprocessor, and driven by the computer program 43, implementing a method for processing transactional data. . At initialization, the code instructions of the computer program 43 are for example loaded into a memory before being executed by the processor of the processing unit 42. The processing unit 42 receives as input at least one data representative of an identifier of a virtual payment terminal and a virtual payment card to be used. The microprocessor of the processing unit 42 implements steps of the processing method, according to the instructions of the computer program 43 for loading, of a virtual payment card emulation software module (modEmul); obtain a payment card data structure (StructCB) according to the card identifier provided to it; instantiate within the second secure space (SecSpace2) the virtual payment card (vCB) and encapsulate and encapsulate the APDUs and the RPDUs destined for this virtual payment card in order to implement the transaction (using an encapsulation module). For this, the server comprises, in addition to the buffer memory 41, communication means, such as network communication modules, data transmission means and possibly an encryption processor. These means may be in the form of a particular processor implemented within the server, said processor being a secure processor. According to a particular embodiment, this server implements a particular application which is in charge of carrying out the transactions, this application being for example provided by the manufacturer of the processor in question in order to allow the use of said processor. To do this, the processor comprises unique identification means. These unique identification means make it possible to ensure the authenticity of the processor.
    权利要求:
    Claims (9)
    [0001]
    REVENDICATIONS1. A method of processing transactional data representative of a payment made by a user from a communication terminal (TC), characterized in that it comprises: a step of loading (10) a virtual payment terminal (vPos), within a first secure memory space (SecSpacel) of the communication terminal (TC), said virtual terminal (vPos) being in the form of a software module registered within a secure storage space the communication terminal (TC); a loading step (20), within a second secure space (SecSpace2), of at least one virtual payment card (vCB); a processing step (30) by the virtual payment terminal (vPos) of a payment transaction using said at least one virtual payment card (vCB).
    [0002]
    Transactional data processing method according to claim 1, characterized in that the step of loading (20) a virtual payment card (vCB) comprises: a step of loading (25) a software module virtual payment card emulation (modEmul); a step of obtaining (26) a payment card data structure (StructCB) an instantiation step (27), within the second secure space (SecSpace2), the virtual payment card (vCB) to using the emulation software module (modEmul) and the payment card data structure (StructCB).
    [0003]
    The transactional data processing method as claimed in claim 1, wherein the step of loading a virtual payment card (vCB) comprises: a display step (23) on a screen of the terminal; communication, a set of virtual payment cards associated with the user; a selection step (24), a virtual payment card among the set of payment cards displayed.
    [0004]
    4. Method according to claim 1, characterized in that it comprises, after the step of loading (10) of the virtual payment terminal (vPos), a display step (15) on a screen of the communication terminal , a data representative of a passage in secure mode.
    [0005]
    A method for processing transactional data according to claim 1, characterized in that the step of loading (20) a virtual payment card (vCB) comprises: a step of identification (21) by said payment terminal virtual (vPos), the second secure space (SecSpace2) in which the virtual payment card (vCB) must be loaded; and when the second secure space (SecSpace2) is located on a server (SrvVCB) connected to the communication terminal (TC) via a communication network (Ntwk), a charging step (22), within the first secure memory space (SecSpacel), an encapsulation module (ModEncaps).
    [0006]
    6. Transactional data processing method according to claim 5, characterized in that it comprises, when the second secure space (SecSpace2) is located on a server (SrvVCB) connected to the communication terminal (TC), and this for least some of the data exchanged between said virtual payment terminal (vPos) and said virtual payment card (vCB), at least one step of transmission of a command (APDU) to said server (SrvVCB) comprising: a creation step of a frame header comprising at least one identifier of the virtual payment terminal (vPos) and an identifier of the virtual payment card (vCB); a step of filling a frame said header, said command, according to a given data exchange protocol, a step of transmitting the frame to said server.
    [0007]
    7. Device for processing transactional data representative of a payment made by a user from a communication terminal (TC), characterized in that it comprises: means for loading a virtual payment terminal ( vPos), within a first secure memory space (SecSpacel) of the communication terminal (TC), said virtual terminal (vPos) being in the form of a software module registered within a secure storage space of the terminal communication (TC); loading means, within a second secure space (SecSpace2), of at least one virtual payment card (vCB); means for processing by the virtual payment terminal (vPos) of a payment transaction using said at least one virtual payment card (vCB).
    [0008]
    8. Communication terminal characterized in that it incorporates a transactional data processing device according to claim 7. 10
    [0009]
    9. Computer program product downloadable from a communication network and / or stored on a computer readable medium and / or executable by a microprocessor, characterized in that it comprises program code instructions for the execution of a transactional data processing method according to claim 1, when executed on a computer.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3243178B1|2021-04-28|Method for processing a transaction from a communication terminal
    CA2946143A1|2015-10-22|Method for processing transaction data, device and corresponding program
    FR2904741A1|2008-02-08|METHOD FOR ROUTING INPUT APPLICATION DATA IN AN NFC CHIPSET BY IDENTIFYING THE APPLICATION
    EP3221815A1|2017-09-27|Method for securing a payment token
    EP3273398B1|2021-12-15|Method for processing data by an electronic data-acquisition device, device and corresponding program
    EP3214564A1|2017-09-06|Method for running and processing data, terminal and corresponding computer program
    EP3095223B1|2022-03-16|Method of transmitting encrypted data, method of reception, devices and computer programs corresponding thereto
    FR2997205A1|2014-04-25|METHOD FOR MANAGING IDENTIFIERS IN AN INTEGRATED CIRCUIT BOARD AND CORRESPONDING INTEGRATED CIRCUIT BOARD
    EP1749415B1|2014-07-02|Methods of securing devices such as mobile terminals, and secured assemblies comprising such devices
    EP3358493A1|2018-08-08|Method for protecting an electronic operation
    WO2015028435A2|2015-03-05|Method for processing transactional data, corresponding devices and computer programmes
    EP2697952B1|2017-03-08|Message multiplexing method, device and corresponding program
    EP3588418A1|2020-01-01|Method for conducting a transaction, terminal, server and corresponding computer program
    EP3671519A1|2020-06-24|Transaction securisation using a smartcard
    FR3031609A1|2016-07-15|METHOD OF PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL
    FR3031610A1|2016-07-15|METHOD OF PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL
    FR3099272A1|2021-01-29|Securing method, and associated electronic device
    FR3104779A1|2021-06-18|PAYMENT METHOD AND SYSTEM, DEVICE AND TERMINAL USING PERSONAL DATA
    FR3081246A1|2019-11-22|METHOD FOR MAKING A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM
    FR3008516A1|2015-01-16|TRANSACTION METHOD, TERMINAL AND CORRESPONDING COMPUTER PROGRAM.
    FR2897705A1|2007-08-24|Electronic circuit`s e.g. integrated circuit, data updating method for e.g. bank card, involves sending execution control of updating program of prechraged programs in memory to circuit, where control has identification elements of program
    FR2992807A1|2014-01-03|SYSTEM FOR SECURE TRANSMISSION OF DIGITAL DATA.
    FR2980017A1|2013-03-15|SYSTEM AND METHOD FOR PROCESSING A FINANCIAL TRANSACTION
    同族专利:
    公开号 | 公开日
    US20170039549A1|2017-02-09|
    EP3132399A1|2017-02-22|
    FR3020165B1|2021-03-05|
    CA2946143A1|2015-10-22|
    WO2015158618A1|2015-10-22|
    US10915893B2|2021-02-09|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    EP1965596A1|2007-02-27|2008-09-03|Gemplus|A personal token having enhanced communication abilities for a hosted application|
    FR2945141A1|2009-05-04|2010-11-05|Bnp Paribas|Contactless payment application e.g. local payment application, management method for mobile telephone, involves finalizing payment session if verification indicator is informed, and resetting indicator when session is completed|
    US7908216B1|1999-07-22|2011-03-15|Visa International Service Association|Internet payment, authentication and loading system using virtual smart card|
    US20020162021A1|2001-04-30|2002-10-31|Audebert Yves Louis Gabriel|Method and system for establishing a remote connection to a personal security device|
    US6776339B2|2002-09-27|2004-08-17|Nokia Corporation|Wireless communication device providing a contactless interface for a smart card reader|
    SK50862008A3|2008-09-19|2010-06-07|Logomotion, S. R. O.|System for electronic payment applications and method for payment authorization|
    GB2506591A|2012-09-28|2014-04-09|Bell Identification Bv|Method of providing secure services using a mobile device|
    US20160189135A1|2013-11-27|2016-06-30|Ca, Inc.|Virtual chip card payment|US11049110B2|2011-06-17|2021-06-29|Zelis Payments, Llc|Healthcare transaction facilitation platform apparatuses, methods and systems|
    US20170200148A1|2016-01-07|2017-07-13|Vantiv, Llc|Point of interaction device emulation for payment transaction simulation|
    CN107368350B|2017-07-13|2020-04-21|上海携程商务有限公司|Cluster management method, system, storage medium and electronic device for virtual payment machine|
    FR3081246B1|2018-05-18|2020-11-06|Ingenico Group|PROCESS FOR CARRYING OUT A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM|
    KR20210066798A|2018-10-02|2021-06-07|캐피탈 원 서비시즈, 엘엘씨|System and method for cryptographic authentication of contactless card|
    法律状态:
    2016-04-26| PLFP| Fee payment|Year of fee payment: 3 |
    2017-04-27| PLFP| Fee payment|Year of fee payment: 4 |
    2017-10-13| CD| Change of name or company name|Owner name: INGENICO GROUP, FR Effective date: 20170912 |
    2018-04-25| PLFP| Fee payment|Year of fee payment: 5 |
    2019-04-25| PLFP| Fee payment|Year of fee payment: 6 |
    2020-04-21| PLFP| Fee payment|Year of fee payment: 7 |
    2021-04-27| PLFP| Fee payment|Year of fee payment: 8 |
    2022-01-07| TP| Transmission of property|Owner name: BANKS AND ACQUIRERS INTERNATIONAL HOLDING, FR Effective date: 20211202 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1453568A|FR3020165B1|2014-04-18|2014-04-18|TRANSACTIONAL DATA PROCESSING PROCESS, DEVICE AND CORRESPONDING PROGRAM|FR1453568A| FR3020165B1|2014-04-18|2014-04-18|TRANSACTIONAL DATA PROCESSING PROCESS, DEVICE AND CORRESPONDING PROGRAM|
    US15/304,331| US10915893B2|2014-04-18|2015-04-10|Method for processing transaction data, device and corresponding program|
    PCT/EP2015/057836| WO2015158618A1|2014-04-18|2015-04-10|Method for processing transaction data, device and corresponding program|
    EP15714526.9A| EP3132399A1|2014-04-18|2015-04-10|Method for processing transaction data, device and corresponding program|
    CA2946143A| CA2946143A1|2014-04-18|2015-04-10|Method for processing transaction data, device and corresponding program|
    [返回顶部]