• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method of identifying a user for access to a good or a service. According to the invention, such a method comprises: a step of presentation to a terminal, by the user to be identified, of a payment card; a step of execution, by the terminal, of a payment transaction whose amount is zero; - When said payment transaction is executed without error, a step of issuing an identification assertion leading to access to the good or service.
    公开号:FR3021799A1
    申请号:FR1454863
    申请日:2014-05-28
    公开日:2015-12-04
    发明作者:Michel Leger
    申请人:Compagnie Industrielle et Financiere dIngenierie Ingenico SA;
    IPC主号:
    专利说明:

    [0001] FIELD OF THE INVENTION The invention relates to the field of identification. More particularly, the invention relates to the identification of individuals via an identification element. Such an identification element, in the context of the invention, is understood as a payment card, a credit card or a payment card. Such cards are widely available and used by many people around the world to carry out payment transactions. They are usually distributed by banking institutions or payment service providers. A card is usually issued to a cardholder. This is usually the customer of the bank. This holder, a customer of the bank or the payment service provider, also receives a personal identification code which he / she can or must use with the payment card (depending on the authorization constraints and / or the country in which the map is used). These cards are issued after a relatively thorough examination of the identity of the applicant (eg the bank's client): provision of identity documents, proof of address, etc. 2. Prior Art Difference is made here between identification systems (to obtain identity verification) and authentication systems (which certify identity). Indeed, a verification of an identity does not implement the same techniques as an authentication of an identity: the authentication is generally strong whereas the identification is comparatively relatively weak. There are many situations in which it is necessary to identify a person or an individual. A common situation is for example to decline his identity when we go to an appointment. As a general rule, the fact of declining one's identity is very strong proof of identity and this type of identification is in practice used only in cases where identification is not very important. This is different for example for access to a protected site or access to sensitive data. This is for example the case in a company. Access to the premises of a company is usually limited to a limited number of people. For example, they are employees of the company and to a lesser extent customers and suppliers of the company. Often employees are identified with a badge that serves as access keys to the premises of the company. Customers and suppliers, meanwhile, must go to the reception of the company and provide a piece of identification. As such, verification of a person's ID can only be done through a natural person, who is responsible for verifying the identity of the persons. In situations where a natural person is not dedicated to verification of identity, automated systems are implemented (access code to enter on a keyboard, badge readers, ...). Automated identification systems are numerous and often expensive. When it comes to performing authentication, systems exist and are even more expensive. They often implement a biometric recognition (fingerprint for example). Such systems are reserved for access to extremely sensitive premises or data or devices of the same type. SUMMARY OF THE INVENTION The invention does not pose these problems of the prior art. More particularly, the invention provides a simple and inexpensive solution to allow access to goods or services while using an existing identification architecture. The invention relates to a method of identifying a user for access to a good or a service. According to the invention, such a method comprises: a step of presentation to a terminal, by the user to be identified, of a payment card; a step of execution, by the terminal, of a payment transaction whose amount is zero; when said payment transaction is executed without error, a step of issuing an identification assertion leading to access to the good or service.
    [0002] Thus, the proposed technique makes it possible to authorize access to a good or a service from an existing payment card belonging to the user. This technique avoids resorting to the manufacture of new cards to manage these accesses. According to a particular characteristic, the execution step of a zero-sum payment transaction is adapted, in types of checks carried out jointly between the payment card and the terminal, according to a degree of access sensitivity. . Thus, the application that is implemented within the terminal, which is substantially identical to a payment application, is adapted to the sensitivity of the information or goods or services to which it is necessary to access, and without it is necessary to provide for a physical modification of the terminal. According to a particular embodiment, the step of executing a zero amount payment transaction comprises a step for the user to enter a personal identification code on a keypad of the terminal. Thus, the user can not repudiate his access to the good or service: indeed, the entry of the personal identification code provides a virtual certainty of the identification of the user. According to one particular characteristic, the step of executing a zero amount payment transaction comprises a step of transmitting an authorization request to a server connected to said terminal via a communication network. Thus, although of a zero amount, this transaction is subject to online acceptance via a server in charge, thereby ensuring that the card has not been reported as stolen. . The invention also relates, in at least one embodiment, to a device for identifying a user for access to a good or a service. According to a particular characteristic, such a device comprises: means of presentation, by the user to be identified, of a payment card; means of execution, of a payment transaction the amount of which is zero; means for issuing an identification assertion leading to access to the good or service. Such a device is of course, in its most common form, as a terminal. Such a terminal takes advantage of an existing infrastructure, which is the infrastructure forming the interbank card payment system. The terminal may advantageously be connected to such a system in order to be able to implement at least some of the steps of the method proposed elsewhere. According to a preferred implementation, the various steps of the methods according to the invention are implemented by one or more software or computer programs, comprising software instructions intended to be executed by a data processor of a relay module. according to the invention and being designed to control the execution of the various steps of the processes. Accordingly, the invention is also directed to a program, capable of being executed by a computer or a data processor, which program includes instructions for controlling the execution of the steps of a method as mentioned above. This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form. another desirable form. The invention also provides a data carrier readable by a data processor, and including instructions of a program as mentioned above. The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording means, for example a floppy disk or a Hard disk. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can be downloaded in particular on an Internet type network. Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
    [0003] According to one embodiment, the invention is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document to a software component as well as to a hardware component or to a set of hardware and software components. A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software capable of implementing a function or a set of functions, as described below for the module concerned. Such a software component is executed by a data processor of a physical entity (terminal, server, gateway, router, etc.) and is capable of accessing the hardware resources of this physical entity (memories, recording media , communication buses, I / O boards, user interfaces, etc.).
    [0004] In the same way, a hardware component corresponds to any element of a hardware set (or hardware) capable of implementing a function or a set of functions, as described below for the module concerned. It may be a hardware component that is programmable or has an integrated processor for running software, for example an integrated circuit, a smart card, a memory card, an electronic card for executing a firmware (firmware), etc. Each component of the previously described system naturally implements its own software modules. The various embodiments mentioned above are combinable with each other for the implementation of the invention. 4. Drawings Further features and advantages of the invention will appear more clearly on reading the following description of a preferred embodiment, given by way of a simple illustrative and nonlimiting example, and the appended drawings, among which: Figure 1 shows an architecture on which the proposed technique is based; Figure 2 presents a synoptic of the proposed technique; Figure 3 describes a device for implementing the proposed technique. 5. Description 5.1. Reminders 25 The general principle of the proposed technique relies on the use of a payment terminal for identification purposes. In particular, the proposed technique is to use the general architecture of the payment card payment system for identification purposes. In connection with FIG. 1, an architecture of a payment system 30 as implemented at present is described. Such a system (S1) comprises at least one payment terminal (POS) (a single terminal shown in the figure), a bank server (BS) (or a payment service provider server). This payment terminal (POS) and this bank server (BS) are connected firstly via a communication network (NTWK) (either a 3G wireless network or a wired network). and possibly by a first intermediate server (IS1). Depending on the systems, the payment terminal is not directly connected to the bank server. It is for example connected to an intermediate server, which acts as a proxy / buffer / accreditor (this intermediate server may be the bank server corresponding to the bank of the merchant). The intermediate server (IS1) may itself be connected to at least one other intermediate server (IS2), which is for example the server corresponding to the issuing body of the payment card (Visa, Mastercard, American Express, etc. .). It is then these second-line intermediary servers that are connected to banking servers. The intermediate server (IS1) can be directly connected to the other bank servers (other banks and / or payment service providers). When a transaction has to be carried out from the payment terminal (POS), the payment terminal (POS) connects for example to the first intermediate server (IS1), especially when it is necessary to request a payment authorization. Depending on the amount of the transaction, the intermediate server (IS1) may itself provide the necessary authorization or require authorization from another server. The intermediate server (IS1) selects, from the set of servers to which it has access (IS2, BS, etc.), the appropriate server according to the payment card (CB) which is presented in the payment terminal ( POS) and requires authorization from this server. Of course, these transmissions are encrypted using cryptographic materials distributed between the various stakeholders to ensure the absence of fraud and the authenticity of information exchanged.
    [0005] Furthermore, a set of protocols, called "EMV" is implemented in order to obtain, from the payment card, data necessary for the transaction. The proposed technique is based on this architecture. The proposed technique, described with reference to FIG. 2, comprises the following steps: a presentation step (10) at a terminal (Term), by the user to be identified (Usr), a credit card (CB); An execution step (20), by the terminal (Term), of a payment transaction (TrP) whose amount is zero; when said payment transaction is executed without error, a step of issuing (30) an assertion of identification (AssertlD) leading to access to the good or service. The presentation of the payment card may consist of the insertion of the payment card in a payment card reader or the use of a communication mode without contact with the payment card (NFC) or other method of payment. presentation of a payment card. More particularly, at least two embodiments of the proposed technique can be implemented. A first embodiment is to perform a user identification by generating a fictitious transaction with a zero amount (0E). The implementation of such a transaction, which is simple, makes it possible to ensure that the user of the payment card, on which is registered the name of the holder is in possession of the information relating to the code 15 of personal identification necessary to validate the transaction (when the personal identification code is used). A priori therefore, when the personal identification code is correct, the user of the payment card is supposed to be the person he claims. When it is not necessary to enter the personal identification code, only the validity of the card is ensured. This variant is particularly well suited for example to replace the use of magnetic cards, RFID cards or temporary codes. Indeed, for example to access a hotel room, it is common that it provides a magnetic card to the customer. This card is plugged into a reader on the door of the room and allows the opening of it. With the aid of the technique of the invention, it is not necessary to use an additional card: the user's payment card is used in place of the magnetic card to allow access to the card. bedroom. When inserting the card, a bank transaction amounting to zero euro is built by the card reader (for example, integrated into the door of the hotel room). This transaction is transmitted either to the first intermediate server or to the second intermediate server. This validates the transaction and in return transmits data representative of the validation to the terminal. When the latter receives the validation, it authorizes the requested action (for example to open the door 3021799). Alternatively, the terminal requires no validation: a transaction with a zero amount is built. When it is possible to build this transaction (ie when the terminal is in the presence of a valid credit or debit card), then the simple fact of being able to build the transaction allows access to the product 5 or the desired service. Of course, in addition to the construction of this transaction, the terminal verifies that the identifier of the payment card corresponds to an expected identifier (the identifier being for example the number of the payment card). If we refer to an access to a hotel room for example, we note that this identifier is necessarily known; indeed, to be able to pay the hotel room, the user must present a valid credit card or credit card upon receipt thereof: the number of the payment card is already known. Thus, in this embodiment, greatly simplifies the hotel room management system since it is not necessary to have a complementary system of magnetic access card editions. This embodiment is of course derivable from other types of access to goods or services. When it is necessary to enter the personal identification code, additional security is provided compared to existing systems: indeed, it is verified that access to the good or service is possible only to the bearer of the card which also has the personal identification code of this card. This is of interest in the case where access to the good or service has to be tightly controlled. For example, this type of operation can be adapted to a registered mail retrieval device, which can be set up in the stations. The user who receives a notice indicating the availability of registered mail can then go to the post office and use a robotic device to recognize the payment card holder, identify the registered mail waiting for this carrier, require , through the terminal, entering the personal identification code and perform a transaction with a zero amount. When the terminal receives authorization from the server, it instructs the robotic device to deliver the registered mail to the user. Therefore, it becomes possible to obtain goods and services in a much safer and faster way than before. More particularly, the present technique can be implemented in situations of access to goods and / or services in an unattended manner. This is any type of distributor for which an identification or authentication of a user (or a customer) is necessary, without however a financial transaction being necessary: access to a parking space, opening a door, access to a workplace, etc. In another embodiment, complementary to the previously presented embodiments, a transaction is performed with each use of the payment card to perform an identification operation. As explained previously, in a basic embodiment, the transaction has an amount set to 0. Moreover, in this basic embodiment the transaction also includes the identity of the "merchant", that is to say the supplier. access to the thing or service. In the example of the hotel, this is the name of the hotel. The transaction also includes a label, built according to the action performed. In the example of the hotel, it is for example the time of use. In this embodiment, although it is presented as a basic embodiment, a subtlety is introduced at the level of the application that handles the identification / authentication transactions (application installed within the terminal). It is recalled that the principle of the invention consists in using an architecture of a general payment system to perform identifications / authentications. Depending on the situation, and more particularly depending on what you wish to offer access to using the payment card, the application installed within the terminal will not necessarily work in the same way. Thus, in the case of a "simple" access the transaction can be conducted without requiring authorization from a server (offline transaction): this is for example the case of access to a hotel room . In this case, the risk management phase on the terminal side is not implemented. The appropriate bit of the EMV "Terminal Verification Results" is set to O.
    [0006] 25 In the case of "sensitive" access (that is to say that the goods or services to which one wishes to access are considered sensitive, such as for example registered mail), the transaction is always conducted "online ", That is to say by requiring authorization from a server (for example a bank server). In this case, bit 4 of octet 4 of the EMV "terminal verification results" is set to 1, in order to force an online transaction. Corollary, the fact of generating a transaction allows the user to have, on his statement of account, all uses of his card 3021799 10 payment, either to make a payment or to obtain access to a good or a service. From then on, the statement of account is transformed into a statement of actions. In a more complex embodiment, the payment terminal is used not to allow access to a good or service, but to authenticate an action of the payment card holder. In such an embodiment, the transaction carried out by the payment terminal represents an identified thing. This is for example a data. 5.2. Other features and advantages With reference to FIG. 3, a device implemented to identify a user is described according to the method described previously. For example, the device comprises a memory 31 consisting of a buffer memory, a processing unit 32, equipped for example with a microprocessor, and driven by the computer program 33, implementing an identification method. At initialization, the code instructions of the computer program 33 are for example loaded into a memory before being executed by the processor of the processing unit 32. The processing unit 32 receives as input a data item. activation (for example pressing a button or a digital activation command). The microprocessor of the processing unit 32 implements the steps of the identification method, according to the instructions of the computer program 33 to require the presentation of a payment card (either by insertion in a card reader, or by contactless transmission), to perform a financial transaction of a zero amount and to issue an identification assertion when the transaction is executed correctly. For this, the device comprises, in addition to the buffer memory 31, communication means, such as network communication modules, data transmission means and an encryption processor. These means may be in the form of a particular processor implemented within the device, said processor being a secure processor. According to a particular embodiment, this device implements a particular application which is in charge of carrying out the transactions, this application being for example provided by the manufacturer of the processor in question in order to allow the use of said processor. To do this, the processor comprises unique identification means. These unique identification means make it possible to ensure the authenticity of the processor. Furthermore, the device further comprises means for authorizing access to a good or a service such as opening tripping means (doors for example). These various means are also presented as communication interfaces for exchanging data on communication networks, interrogation means and database update, ... 10
    权利要求:
    Claims (6)
    [0001]
    REVENDICATIONS1. A method of identifying a user for access to a good or a service, characterized in that it comprises: a step of presentation to a terminal, by the user to be identified, of a payment card; a step of execution, by the terminal, of a payment transaction whose amount is zero; when said payment transaction is executed without error, a step of issuing an identification assertion leading to access to the good or service.
    [0002]
    2. Identification method according to claim 1, characterized in that the step of executing a zero-sum payment transaction is adapted, in types of checks carried out jointly between the payment card and the terminal, according to a degree of access sensitivity.
    [0003]
    3. Identification method according to claim 1, characterized in that the step of executing a zero amount payment transaction comprises a step of input by said user, a personal identification code on a keyboard of the terminal.
    [0004]
    4. Identification method according to claim 1, characterized in that the step of executing a zero amount payment transaction comprises a step of transmitting an authorization request to a server connected to said terminal by the user. intermediary of a communication network.
    [0005]
    5. Device for identifying a user for access to a good or a service, characterized in that it comprises: means for presentation, by the user to be identified, of a payment card; means of execution, of a payment transaction the amount of which is zero; 3021799 13 means of issuing an identification assertion leading to access to the good or service.
    [0006]
    6. Computer program product downloadable from a communication network and / or stored on a computer readable medium and / or executable by a microprocessor, characterized in that it comprises program code instructions for the execution of an identification method according to claim 1 when executed on a computer. 10
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3113099B1|2021-01-13|Payment container, creation method, processing method, devices and programs therefor
    EP3243177B1|2021-11-17|Method for processing an authorisation to implement a service, devices and corresponding computer program
    EP2950256A1|2015-12-02|Identification method, device and corresponding program
    FR3051579A1|2017-11-24|METHOD FOR SECURING AN ELECTRONIC DEVICE, AND CORRESPONDING ELECTRONIC DEVICE
    FR3051064A1|2017-11-10|METHOD FOR SECURING AN ELECTRONIC DEVICE, AND CORRESPONDING ELECTRONIC DEVICE
    WO2016097650A1|2016-06-23|Method of dispatching an item of security information and electronic device able to implement such a method
    WO2018011322A1|2018-01-18|Method for processing at least one piece of payment means data, payment terminal and corresponding computer program
    EP2824625B1|2021-02-17|Method for conducting a transaction, corresponding terminal and computer program
    EP3358493A1|2018-08-08|Method for protecting an electronic operation
    WO2015028435A2|2015-03-05|Method for processing transactional data, corresponding devices and computer programmes
    EP1354288B1|2006-03-29|Method using electronic banking cards for making secure transactions
    EP2407920A1|2012-01-18|Server, terminal and secured transaction method
    EP3570238A1|2019-11-20|Method for conducting a transaction, terminal, server and corresponding computer program
    EP3588418A1|2020-01-01|Method for conducting a transaction, terminal, server and corresponding computer program
    EP3343487A1|2018-07-04|Method for checking usage habits and electronic device capable of implementing such a method
    WO2020064890A1|2020-04-02|Method for processing a transaction, device, system and corresponding program
    CA2946145A1|2015-10-22|Methods for processing transactional data, and corresponding devices and programs
    WO2020128240A1|2020-06-25|Processing of an electronic ticket service
    EP3391316A1|2018-10-24|Method for securing a transaction from a mobile terminal
    FR3031608A1|2016-07-15|METHOD FOR PROCESSING AUTHORIZATION TO IMPLEMENT A SERVICE, DEVICES AND CORRESPONDING COMPUTER PROGRAM
    EP3371760A1|2018-09-12|Method for verifying identity during virtualization
    FR3008516A1|2015-01-16|TRANSACTION METHOD, TERMINAL AND CORRESPONDING COMPUTER PROGRAM.
    FR2994006A1|2014-01-31|Method for conducting bank payment between e.g. mobile phone, and vending machine delivering e.g. food products, or services, involves generating control command to execute request for control of goods or services on standby state
    同族专利:
    公开号 | 公开日
    CA2892647A1|2015-11-28|
    FR3021799B1|2017-10-13|
    EP2950256A1|2015-12-02|
    BR102015012253A2|2015-12-29|
    US20150348043A1|2015-12-03|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20010034723A1|2000-02-11|2001-10-25|Subramaniam Arun K.|System and method for providing anonymous internet transactions|
    US20120143768A1|2010-09-21|2012-06-07|Ayman Hammad|Device Enrollment System and Method|
    WO2014093390A1|2012-12-10|2014-06-19|Visa International Service Association|Authenticating remote transactions using a mobile device|
    US5614703A|1995-01-05|1997-03-25|Martin; Jay R.|Hotel check-in system with wireless communication|
    US11138605B2|2013-07-02|2021-10-05|Visa International Service Association|Online authentication in access transactions|WO2013169926A1|2012-05-08|2013-11-14|Visa International Service Association, Inc.|System and method for authentication using payment protocol|
    FR3061975B1|2017-01-17|2019-10-18|Ingenico Group|METHOD FOR PROCESSING A PAYMENT TRANSACTION, PAYMENT TERMINAL AND CORRESPONDING PROGRAM.|
    CN108986353A|2017-05-31|2018-12-11|广州云移信息科技有限公司|A kind of POS terminal unlocking method and system|
    US20210158374A1|2019-11-26|2021-05-27|Jpmorgan Chase Bank, N.A.|System and method for applying image recognition and invisible watermarking to mitigate and address fraud|
    法律状态:
    2015-05-26| PLFP| Fee payment|Year of fee payment: 2 |
    2015-12-04| PLSC| Publication of the preliminary search report|Effective date: 20151204 |
    2016-05-26| PLFP| Fee payment|Year of fee payment: 3 |
    2017-05-29| PLFP| Fee payment|Year of fee payment: 4 |
    2017-10-13| CD| Change of name or company name|Owner name: INGENICO GROUP, FR Effective date: 20170912 |
    2018-05-28| PLFP| Fee payment|Year of fee payment: 5 |
    2019-05-28| PLFP| Fee payment|Year of fee payment: 6 |
    2020-05-26| PLFP| Fee payment|Year of fee payment: 7 |
    2021-05-21| PLFP| Fee payment|Year of fee payment: 8 |
    2022-01-07| TP| Transmission of property|Owner name: BANKS AND ACQUIRERS INTERNATIONAL HOLDING, FR Effective date: 20211202 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1454863A|FR3021799B1|2014-05-28|2014-05-28|IDENTIFICATION METHOD, DEVICE AND PROGRAM THEREOF|FR1454863A| FR3021799B1|2014-05-28|2014-05-28|IDENTIFICATION METHOD, DEVICE AND PROGRAM THEREOF|
    CA2892647A| CA2892647A1|2014-05-28|2015-05-22|Method of identification, corresponding device and program|
    BR102015012253A| BR102015012253A2|2014-05-28|2015-05-27|corresponding identification method, device and program|
    EP15169497.3A| EP2950256A1|2014-05-28|2015-05-27|Identification method, device and corresponding program|
    US14/724,044| US20150348043A1|2014-05-28|2015-05-28|Method of identification, corresponding device and program|
    [返回顶部]