• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method of encrypting a payment means data (CVVp), a method implemented by a payment means (MP) comprising a data processing processor (CPU). Such a method comprises at least one iteration of the following steps: obtaining (10), from a memory of the payment means (M, Msec), a current payment means data (CVVpx); - generation (20), according to the current payment means data (CVVpx) and according to a payment method encryption key (n), a next payment means data (CVVpx + 1) ; - replacing (30), within the memory of the means of payment (M, Msec), of the current payment means data (CVVpx) by the next payment means data (CVVpx + 1).
    公开号:FR3043483A1
    申请号:FR1560772
    申请日:2015-11-10
    公开日:2017-05-12
    发明作者:David Naccache;Remi Geraud;Hiba Koudoussi
    申请人:Ingenico Group SA;
    IPC主号:
    专利说明:

    Method of encrypting data of payment means, payment means, server and corresponding programs 1. Field The invention relates to securing means of payment. The invention relates more specifically to securing means of payment including personal data. The invention relates more particularly to the securing of bank cards.
    To make their purchases on the Internet, users are used to entering data from their credit card into an entry form. Some of this data is supposed to limit fraud. These data include the three-digit visual cryptogram on the back of the card. However it turns out that 80% of fraudulent transactions carried out remotely are with this code. 2. Prior Art
    To overcome the significant fraud experienced by this method of payment (especially when it comes to online payment), solutions have been proposed, such as the so-called "3D Secure" technique.
    This technique makes it possible to add an additional verification step during the payment on the Internet. "3D Secure" was developed by Visa © and MasterCard © to help merchants reduce the risk of Internet fraud related to identity theft attempts. It consists in making sure, during each online payment, that the card is used by its real holder. Thus, an additional entry step takes place at the time of payment. In addition to the credit card number, the expiry date of the card and the three digits of the security code (printed on the back of the card), the user must enter a password, such as his date of birth (simple authentication) or a dynamic single use code (strong authentication) received by SMS. The latter solution is more efficient because it ensures that the user who enters the data relating to the credit card also has a communication terminal for receiving a dynamically generated code. In other words, "3D Secure" uses the phone number of the cardholder in order to transmit to the latter a "challenge" proving the identity of the user who tries to pay by credit card (the challenge being a code to enter in a given field of a web page). Thus, the proposed technique consists in transmitting data representative of merchants' information (security messages, commercial messages, information messages), indirectly, to the users, using a data transmission service of its own. to a server of a banking establishment with which said user has a bank account. However, the "3D Secure" technique has its limits: the first is the need for both the bank and the online merchant to be equipped with a complementary architecture, which is not always the case; the second is that this additional input step is a significant factor of order abandonment for users. Indeed, having to have its communication terminal in order to read this dynamic code is binding.
    In order to overcome this problem of customer loss and architectural complexity, manufacturers have proposed a payment card comprising a dynamic code whose value changes over a specific time period (for example every hour or half hour) . This is a bank card, classic format, complying with the standards in force (especially in terms of size and thickness). This card has on the back, the traditional location of the verification code (CW), a screen type "E ink" (English for "electrophoretic ink") with three characters. This screen is connected by a data bus to a processor, which is connected to a sufficiently small and thin battery to fit into the payment card without changing the format. The processor is in charge of the regular modification of the verification code.
    The technique used to modify the verification code is as follows: on the basis of an original code, the processor calculates, at regular intervals, a new code directly derived from this original code. This calculation is performed by performing a cryptographic operation on the original code, which operation issuing the dynamic code which is for example displayed on the screen "E ink". For its part, the server also receives the original code associated with the user's card. When the user makes a payment, the server receives the dynamic code that has been entered by the user. On the basis of this dynamic code received, the server performs an inverse computation of the computation performed by the processor of the card to find the original code (and therefore compares the obtained code with the reference code that it owns) ; alternatively, on the basis of this dynamic code received, the server performs a calculation identical to that performed by the processor of the card, from the reference code, and verifies that it obtains the same verification code as that received. In a third variant, the processor of the card calculates a digital signature, the validity of which is then verified by the server.
    One understands, whatever the method used, that this one implements on the one hand a cryptographic material, in possession of the card and the server and on the other hand a temporal component: indeed, to be able to generate a code dynamically, for example every hour or every half hour, the processor of the bank card has a clock, clock on the basis of which the cryptographic calculation is performed. Alternatively, a new code can also be requested by the user himself, by pressing a button.
    It follows from this implementation that a recurring problem is that of the desynchronization of the clocks of the card and the server. This problem appears, for example, in the following scenario: the user's card generates a dynamic code (based on counters, on the date and time, etc.) that it transmits to the user (for example to means of a screen). This code is transmitted to the issuer of the card who must check the validity. For this, the issuer of the card must generate itself and with the same algorithms as the card a code in the conditions (time, etc.) of the transaction. If the code transmitted by the user and the code recalculated by the issuer coincide, the transaction is validated. This approach requires synchronization between the card and the issuer of the card.
    This synchronization is performed at the time of creation of the card by the manufacturer, and can occasionally be performed again (by a bank ATM for example), but these updates are only episodic.
    Apart from a desynchronization of the clock of the card can occur very frequently: such desynchronization can occur in the presence of an electromagnetic field of varying intensity. Such electromagnetic fields, likely to disturb the clock of the card meet in the usual manner: Wifi, bluetooth, GSM, 3G, 4G, but also security systems (for example safety gates of supermarkets or physical shops), even non-contact data reading devices that are faulty or improperly calibrated.
    As a result, a bad clock value on the card side significantly disrupts the dynamic code creation mechanism. On the same server side, other disturbances can occur.
    Thus, the code generated by the server may differ from the code generated by the card, and transactions are no longer accepted, unless an update and / or resynchronization is performed (resynchronization at the correct time does not occur). can be done only through a bank machine) since the payment terminals do not have the right to write on the card and are not necessarily connected to the bank at the time of the transaction.
    There is therefore a need to provide a code generation technique that is either insensitive to the desynchronization and thus to the disturbances experienced in the external environment. 3. Summary
    The proposed technique does not have the disadvantages of the prior art. The proposed technique makes it possible to reduce or even cancel the problems caused by desynchronization of the payment method and the server. Indeed, the proposed technique is based on the implementation of a particular linkage generation of payment data. This chaining also offers audibility of the generated codes.
    Thus, the present technique relates to a method for encrypting a payment method data item implemented by a payment means comprising a data processing processor. Such a method comprises at least one iteration of the following steps: obtaining, from a memory of the payment means, a current payment means data item; generating, according to the current payment means data and according to an encryption key of the payment means, a next payment means data; replacing, in the memory of the means of payment, the current payment means data with the next payment means data.
    According to a particular characteristic, said generation step comprises the implementation of an encryption function such that the data of the next payment means depends on the encryption function, said encryption function comprising obtaining: the square of the data current payment method; the modulus of this square with respect to the encryption key.
    According to a particular embodiment, said payment means data is a verification code.
    According to a particular characteristic, said method further comprises a step of displaying said next payment means data on a screen of said payment means.
    According to one particular characteristic, said encryption method further comprises a step of transmitting said next payment method data to a payment terminal.
    The technique also relates to a payment means comprising a data processing processor, payment means characterized in that it comprises encryption means operable iteratively. The encryption means of the payment means comprise: means for obtaining, from a secure memory of the payment means, a current payment means data; means for generating, according to the current payment means data and according to an encryption key of the payment means, a next payment means data; means for replacing, within the secure memory of the means of payment, the current payment means data with the next payment means data.
    In another aspect, the technique also relates to a method of verifying the validity of a payment means data, a method implemented by a processing server comprising a data processing processor. Such a method comprises: a step of obtaining reference payment method data; a step of obtaining, from the reference payment means data, at least one comparison payment means data as a function of a predetermined time period, delivering a set of reference data; a step of obtaining a current payment means data; and a step of comparing the current payment means data with the data of said reference data set, providing a validity assertion of said current payment means data when it is identical to one of the data of the set.
    In another aspect, the technique also relates to a processing server comprising a data processing processor, server comprising cryptographic processing means adapted to allow verification of the validity of a payment means data. The cryptographic processing means comprise: means for obtaining reference payment method data; means for obtaining, from the reference payment means data, at least one comparison payment means data as a function of a predetermined time period, delivering a set of reference data; means for obtaining a current payment means data; and means for comparing the current payment means data with the data of said reference data set, providing a validity assertion of said current payment means data when it is the same as one of the data of the set.
    According to a preferred implementation, the various steps of the methods according to the proposed technique are implemented by one or more software or computer programs, comprising software instructions intended to be executed by a data processor of a relay module according to the technique. proposed and being designed to control the execution of the different process steps.
    Accordingly, the proposed technique is also directed to a program that can be executed by a computer or a data processor, which program includes instructions for controlling the execution of the steps of a method as mentioned above.
    This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape.
    The proposed technique is also aimed at a data carrier readable by a data processor, and including instructions of a program as mentioned above.
    The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a floppy disk or a disk. hard. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the proposed technique can be downloaded in particular on an Internet type network.
    Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
    According to one embodiment, the proposed technique is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document as well to a software component, a hardware component or a set of hardware and software components.
    A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software capable of implementing a function or a program. set of functions, as described below for the module concerned. Such a software component is executed by a data processor of a physical entity (terminal, server, gateway, router, etc.) and is capable of accessing the hardware resources of this physical entity (memories, recording media, bus communication cards, input / output electronic cards, user interfaces, etc.).
    In the same way, a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions, as described below for the module concerned. It may be a hardware component that is programmable or has an integrated processor for executing software, for example an integrated circuit, a smart card, a memory card, an electronic card for executing a firmware ( firmware), etc.
    Each component of the previously described system naturally implements its own software modules.
    The various embodiments mentioned above are combinable with each other for the implementation of the proposed technique. 4. Figures Other features and advantages will appear more clearly on reading the following description of a particular embodiment of the disclosure, given as a simple illustrative and nonlimiting example, and the appended drawings, among which: Figure 1 is a sequence diagram of the general method according to the proposed technique; Figure 2 is a simplified representation of the technique implemented by a means of payment; Figure 3 is a simplified representation of the technique implemented by a processing server; Figure 4 briefly describes the hardware architecture of a means of payment adapted to implement the present technique; Figure 5 briefly describes the hardware architecture of a processing server adapted to implement the present technique; Figure 6 briefly describes the implementation of the technique with the calculation of a reduced value of a data of a means of payment; Figure 7 briefly describes two methods of auditing the value of codes of payment means data. 5. Description 5.1. Recall of the principle
    The general principle of the present technique consists in implementing a chaining for the calculation of different data of means of payment. Such chaining has many advantages including the ability to audit codes create (i.e. it is always possible, with the described method to check whether a given code is authentic or not). Another advantage is, as described below, to propose a method of creating code that is simple, not greedy in terms of resources.
    The technique described is divided into two different aspects: on the one hand a code generation technique, from an initial code, technique that is implemented within the means of payment; on the other hand a code verification technique (for payment transaction validation purposes and / or for audit purposes), a verification technique that is implemented within a processing server (such server may be a financial processing server, such as a bank server).
    Thus, the present technique also aims on the one hand a means of payment (such as for example a bank card) comprising code generation means on the basis of an initial code. The present technique also relates to a server, of the type of bank transaction data processing server, comprising code verification means.
    The general principle of the proposed technique is described in connection with FIG. 1. In this description of the general principle, the code used is a verification code (CW, for "Card Verification Value"). It is understood that the technique described can also be used for other data, from the moment these data enters the payment data of a payment means.
    A means of payment (PM) and a server (ServT) each have an identical code (CWO). This code is provided by means of payment at the initialization thereof by the entity (for example the bank) that manages the processing server. At the time of this initialization (t0), the server SevT and the payment means PM are synchronized. The payment means regularly generates (ΐ1; t2, ... tx_i, tx) codes (CVVpi, CVVp2, CWp ..., CVVpx_i, Cvvpx). Each generated code depends on the previously generated code. So the code CVVp2 depends on the code CWp !, ... the code Cvvpx depends on the code Cvvpx_i. For its part, the processing server can perform a similar operation (although this is not mandatory, as described below).
    Between time tx and time tx + i, the CVVpx code is used on the TermU user terminal to perform a payment transaction. The CVVpx code is therefore transmitted to the server ServT, which, given the desynchronization with the means of payment, receives this code at time tx + 1. In the prior art technique, this code would have been considered invalid. This is not the case for this technique.
    Indeed, upon receipt of this code, the processing server (ServT) determines a processing interval (IT). On the basis of a code in his possession (for example the current code CVVX + 1) and this processing interval, he determines, within a processing [A], at least one eligible code (that is say a code that should match the code provided by the user). Depending on the calculations made and the value transmitted, it then issues either a validity assertion of the verification code received or an assertion of invalidity of the verification code received.
    To chaining between the different code values and for this chaining to be effective in terms of security (ie so that it is not possible to deduce a previous value from a known value), one implements a encryption based on a public key (denoted "n") in possession of the means of payment and a private key (denoted "(p, q)") in the possession of the server. It will also be noted that the server may also have the public key of the card (it is assumed that the server is secure and that the possession of this key is not detrimental to the security scheme).
    The method implemented by the payment means is described in relation to FIG. 2. It is a method for encrypting a payment method data (CVVp), a method implemented by a means of payment (MP) comprising a data processing processor (CPU), characterized in that it comprises at least one iteration of the following steps: obtaining (10), from a memory of the payment means (M, Msec) , a current payment means data (CVVpx); generating (20), according to the current payment means data (CVVpx) and according to an encryption key of the payment means (n), a next payment means data (CVVpx + 1); replacing (30), within the memory of the means of payment (M, Msec), of the current payment means data (CVVpx) with the next payment means data (CWpx + i).
    Thus, the method implemented within the payment means makes it possible to define a payment means data iteratively, according to a predefined time period. This definition comprises generating the code from an encryption key and only the corresponding decryption key makes it possible to ensure the validity of a received data item.
    The generation of the next payment means data with respect to the current payment means data includes, for example, when the current data size and the encryption key size do not match (i.e. that the size of the current data is smaller than the size of the key): a step of filling an intermediate value to be coded according to a part of a size of the current data and the size of the encryption key for example for a current data equal to 457, the intermediate value will be filled with a size value making it possible to reach the size of the key minus three (the size of the value 457 being equal to three); a step of encrypting the intermediate value using the encryption key (n), delivering an encrypted intermediate value; and a step of selecting, within the encrypted intermediate value, a portion of the encrypted intermediate value whose size is equal to the size of the current value, delivering the next payment means data.
    Thus, using this method, on the one hand we have a data generation method that is robust (we can for example have significant key sizes) and we retain the ability to generate encrypted data that are consistent with the expected size for these data.
    Of course, the preceding explanations relate to the use of a verification code as dynamic data. It is also possible, in other embodiments, to focus this dynamic generation on other data, although this may pose interoperability problems. Similarly, it has been described an interaction between a payment means comprising means for dynamic data generation. Such a means of payment may, as has been explained above, be a bank card with an "eink" screen displaying a dynamic CW code. Alternatively, such a means of payment may also be in the form of a communication terminal embodying credit card data, and a (secure) processor is able to produce such a verification code dynamically. 5.2. Server side processing
    The server that receives data from a client terminal must be able to verify that this data is correct, that is to say that it corresponds to an expected data. Using the previous example, it is assumed that the server originally has the same code as the payment method (ie the same CW). When the server receives a code from a terminal, it does not necessarily know when this code has been transmitted: indeed, transmission hazards can occur, in addition to or instead of a possible desynchronization.
    There may be a more or less significant shift between the code received by the server and the code currently in the possession of the server (that is to say the code that is valid according to the server). Therefore, based on the predetermined processing interval (IT), the server recalculates a number of valid codes at different times. These codes must make it possible to verify, on the one hand, whether the code received corresponds to an authentic code (that is to say a code obtained using the public key of the means of payment) and, on the other hand, whether the code received corresponds to an acceptable code with respect to the interval of the predetermined processing interval.
    The processing implemented on the server side is described, in one embodiment, in relation to FIG. 3. More particularly, it is a description of the processing [A] referenced in FIG.
    The server obtains the current code (CVVX + 1), ie the code that corresponds to its own time configuration. Based on this current code (CVVX + 1) and using the public key of the card (n), the server calculates (200) a predetermined number of subsequent codes (CVVx + 2). The predetermined number of subsequent codes depends on the predetermined processing interval.
    On the basis of this current code (CVVX + 1) and using the private key of the card (p, q), the server calculates (210) a predetermined number of previous codes (CW ^, CVVX.2). The predetermined number of previous codes depends on the predetermined processing interval. The set of codes (previous codes, current code, following codes) is compared (220) with the code received from the card (CVVpx). If the received code (CVVpx) corresponds to a code of the set of codes (Y) then a validation assertion is issued (230). If the received code (CVVpx) does not correspond to a code of the set of codes (Y) then a non-validation assertion is issued (240).
    The non-correspondence of the received code to a calculated code can come from two (at least) different situations: the first corresponds to an erroneous code, which occurs for example when a malicious person tries to carry out a transaction without having the computed code correctly or when the legitimate holder mistakenly entered this code; the second situation corresponds to a code which although correct from the point of view of the calculations performed has reached the server too late or too early: the code received by the server is outside the predetermined processing interval.
    According to a variant not shown, the current code is determined by the processing server at the time of receiving the code from the terminal of the user. The operation of obtaining the current code (and therefore of all the codes) is thus performed somewhat differently. To do this, the processing server uses the time of the transaction, which it receives (or determines) at the time of receiving data from the user's terminal. The time of the transaction makes it possible to determine a theoretical number of iterations to be applied to the base code (CVVO) to obtain the theoretical current code. Depending on the predetermined processing interval (IT), a number of previous and subsequent codes as well as the theoretical current code are also obtained. They all constitute all the codes (previous codes, current code, following codes) to compare. 5.3. Description of a particular embodiment
    In the present embodiment, the previously presented methods are described more precisely on the basis of a combination of two particular encryption / signature techniques applied to the generation of verification codes on a bank card having dynamic generation means. verification codes.
    It is thus possible to generate CVV verification codes so that a reasonable (or "reasonable") offset is determined by the card issuer and materializes in the form of the predetermined processing interval (TI) between two clocks do not impact the code generation feature and allow the management entity (for example the bank) to restore synchronization. Auditability consists of the assurance that it is possible to check the validity of all the codes transmitted on all the transactions carried out by the user.
    In this embodiment, the technique relies on two cryptographic components: Rabin encryption and the hash chain / block chain concept. 5.3.1. Cryptosystem of Rabin
    The Rabin cryptosystem is an asymmetric encryption protocol that allows, by means of a public key-private key pair, to guarantee the confidentiality of the data. Its security is based on the difficulty of factoring large integers, namely given a large integer n, find integers p and q such that n = pq when p and q are large prime numbers.
    In the context of the present, the issuer of the card (the management entity, that is to say for example the bank) has a secret integer p and a secret integer q size sufficient (at least 1024 bits). The issuer registers the public key n = pq within a memory of the card.
    In order to encrypt a message, represented by an integer m between 0 and n-1, the encrypted message c is calculated by the formula c = m2 mod n.
    For example, to encrypt the verification code CVVX of value 123, we will first define the keys to use. In a simple example, we take n = 1007 and p = 53 and q = 19. During the encryption, the following calculation is performed: 1232 mod 1007 = 24.
    We can also consider a realistic case, where n is a true RSA module of 1024 bits and instead of directly decrypting 123, we write mt / (123) where mu is an RSA filling function that has the property of being OAEP ( "Optimal Asymmetric Encryption Padding" for "optimal padding with asymmetric encryption").
    For example, a real size example would be: p = 1213107243921127189732367153161244042847242763370141092563454 931230196437304208561932419736532241686654101705736136521417171 1713797974299334871062829803541; q = 1202752425547874888595622079373451212873338780368207543365389 998395517985098879789986914690080913161115334681705083209602216 0146366346391812470987105415233; n = 1459067680075833232301869393490706352924018723753571643995818 710198734387990053589383695714026701498021218180862924674228281 570229220767469065434012248896724724079269699871005812901031993 178587536637108623576565105078837142971156373427889114635351027 12032765166518411726859837988672111837205085526346618740053; m = 555041393701322474974042418655018073667244705292250070809611 365936546457272368823524112655554569916587224227633577622353825 683716403875365804390441097823138684337419760262196002386240763 067116427758255305285959053448073497936966273643969834143785184 6711473979473756400753049463122684609316625649987101531205; C = 7288778783102333058793784444715555411624245746064214929398770 643834382200958672717178994107835269267917670312422473013207243 424305061989730577743651481609571171826352798954519237333535266 040303700051178161909756618918006135378047598418666833648444458 7742195501262476807847210491098614841292100452980810558633;
    Only the entity with the private key (p, q) can decipher this message (that is to say the issuer of the card, for example the bank). For this, it calculates the square root of c modulo n, using its knowledge of the Euler function <p (ri) = (p - l) (q - 1) · 5.3.2. Hash chain
    A hash string is a sequence of numbers MlrM2, which satisfies the property Mi + 1 = f (M {) for a function / called "hash function". Conventional hash functions are MD4, MD5, SHA (1, 2 or 3), and can be obtained from any block cipher mechanism (eg AES) in an appropriate mode. The advantage of a hash chain is that it is computationally easy to obtain the following terms, but computationally difficult to obtain the previous terms of a given term (unless a secret data is known).
    In the context of the present technique, the function of hash / Rabin / (x) = x2 modn described above is used as a hash function. Rabin's interest is that his security is demonstrated mathematically and relies on the difficulty of factoring large integers. Moreover, the computation of the modular square of a number lends itself particularly well to an implementation for a verification code.
    Moreover, in the case of Rabin, it is actually possible to go up the chain, provided to have a secret: the decomposition of the number n in prime factors. Any hatch hash function could be used to fulfill the same functionality (eg RSA).
    5.3.3. Generation of the CW At a time of its use the card will generate a new CW. This moment can be determined by several events: user input, regular trigger based on a clock, command received by a terminal, etc.
    A new CW Ci + 1 is generated by the map from the last CW used Q, using the Rabin function: Ci + 1 = / (Q). It can then be communicated to the user by a variety of means (display, etc.) or directly transmitted (terminal, etc.) to the person who will verify the validity.
    Of course, in a real case, as shown in Figure 6, it is not the entire result of the function / is displayed (the length of 1024 bits would be too important). Thus, it is possible to display only a function D (Ci + 1) which depends, for example, on the last 8, 16, 24 or 32 bits of Ci + 1. Alternatively D can be a hash function. This conserves a size for user input reasonably short (3 to 5 characters, for example, with a maximum of ten characters so that this data can be entered in a simple way by a user).
    The verification can then be modified accordingly, to take into account only that portion of D (Ci + 1) communicated to the user. Of course, this method of reducing the length of the code value can be implemented regardless of the payment means data and is not limited to the verification code (CW).
    Once this new CW is used, it is memorized by the card. It will be used to generate a future CW.
    When making the card, it is equipped with a "first" CW C0 known to the transmitter, which will serve as a seed (that is to say starting value) to generate all the following CW . 5.3.4. CW check and resynchronization
    The processing server, in charge of verifying a received code, has in memory the last valid CW Cm used by the card. When the card transmits a new CW Ci + 1, the processing server performs the following operations: • If Ci + 1 = / (Cm) then the CW is valid, the transaction is accepted, and the new value of Cm becomes Ci + 1; • Otherwise: o For J between 2 and a given value jmax (for example 4), the verifier calculates r ° m + 7> o If Ci + 1 = Cm + j for a value of j then there was desynchronization, but the transaction is valid: the transaction is accepted, and the new value of Cm becomes Ci + 1; o Otherwise, the transaction is rejected.
    Moreover, when using the function D defined above, we actually compare D (Ci + 1) and D (f (Cm)) all things being equal.
    The value of jmax is the maximum offset accepted by the processing server and is representative of the IT processing interval. This value can be fixed in advance, or be adapted: for example, one can accept a large shift once, and require in the following that the offsets are smaller. In general, the resynchronization events may be recorded by the verifier for analysis, fraud detection or maintenance purposes. The transaction is transparent to the cardholder. 5.3.5. Auditability The set of CWs generated by a map can be verified in two ways: (1) directly, from the seed (from the starting value), by recalculating all CWs iteratively to the current point ( "Slow-rewind"), or (2) using the decomposition of the secret number n to directly perform a modular root ("fast-rewind") and reach any CW. These methods are presented in relation with FIG. 7, which presents on the one hand (A) the sequence of calculations that the card must perform (in this example the value Ck + 1 is already in the possession of the server because the server has already checked this value in the past and the server must check the value C,). To do this, two methods are possible (Ml and M2)
    The first method can be performed by any entity having the public key n but is relatively expensive, which limits it to the verification of a few successive transactions. This is the method Ml in which the server calculates iteratively from the last value in its possession (Ck + 1) all the intermediate codes (CW) until the desired value (Ci) is obtained. The advantage of this method is that all the successive intermediate values of the code are checked at the same time.
    The second method M2, reserved for an entity that has the secret key (eg server), immediately allows to check the entire code string (CW) in an arbitrary order: using the keys, the server can perform a direct calculation of the desired occurrence from the starting value of the code. This method of direct calculation is not the subject of the present technique and is therefore not described further. 5.3. Other features and benefits
    In connection with FIG. 4, a communication terminal is described comprising means enabling the previously described method to be executed in order to dynamically generate bank data.
    For example, the communication terminal comprises a memory 41 consisting of a buffer memory, a processing unit 42, equipped for example with a microprocessor, and driven by the computer program 43, implementing the steps necessary for obtaining, calculating and transmitting bank processing data (verification codes, validity date, etc.). At initialization, the code instructions of the computer program 43 are for example loaded into a memory before being executed by the processor of the processing unit 42. The processing unit 42 receives as input for example a current bank data (for example a current verification code). The microprocessor of the processing unit 42 implements the steps of the method, according to the instructions of the computer program 43 to allow the calculation of a next bank data item (for example a next verification code).
    For this, the processing device comprises, in addition to the buffer memory 41, computing and encryption means, including a processor for example secure and a memory as secure. These means can be controlled by the processor of the processing unit 42 according to the computer program 43.
    In connection with FIG. 5, a processing server is described comprising means enabling the previously described method to be executed.
    For example, the processing server comprises a memory 51 constituted by a buffer memory, a processing unit 52, equipped for example with a microprocessor, and driven by the computer program 53, necessary for the implementation of the functions verification of the transaction data and in particular the bank data received. At initialization, the code instructions of the computer program 53 are, for example, loaded into a memory before being executed by the processor of the processing unit 52. The processing unit 52 receives, for example, an input set of encrypted data, including for example a current bank data. The microprocessor of the processing unit 52 implements the steps of the processing method, according to the instructions of the computer program 53 to allow the verification of the current bank data with reference to a reference banking data, calculated in relation to at a predetermined time interval.
    For this purpose, the device comprises, in addition to the buffer memory 51, means for obtaining an encryption / decryption key; these means can be in the form of a processor or a set of secure resources to secure the entry of authorization. The device also comprises cryptographic processing means; these processing means comprise for example a dedicated encryption processor.
    These means can be controlled by the processor of the processing unit 52 according to the computer program 53.
    权利要求:
    Claims (10)
    [1" id="c-fr-0001]
    1. A method of encrypting a payment means data (CVVp), a method implemented by a payment means (MP) comprising a data processing processor (CPU), characterized in that it comprises at least an iteration of the following steps: obtaining (10), from a memory of the payment means (M, Msec), a current payment means data (CVVpx); generating (20), according to the current payment means data (CVVpx) and according to an encryption key of the payment means (n), a next payment means data (CVVpx + 1); replacing (30), within the memory of the means of payment (M, Msec), of the current payment means data (CVVpx) with the next payment means data (CVVpx + 1).
    [2" id="c-fr-0002]
    2. Encryption method according to claim 1, characterized in that said generating step comprises the implementation of an encryption function (f) such that the data of the next payment means (CWpx + 1) depends on the function encryption method (f), said encryption function (f) comprising obtaining: the square (CVVpx2) of the current payment means data (CVVpx); modulo of this square (CVVpx2) with respect to the encryption key (n).
    [3" id="c-fr-0003]
    3. Encryption method according to claim 1, characterized in that said payment means data is a verification code.
    [4" id="c-fr-0004]
    4. Encryption method according to claim 1, characterized in that it further comprises a step of displaying said next payment means data (CVVpx + 1) on a screen of said payment means.
    [5" id="c-fr-0005]
    5. Encryption method according to claim 1, characterized in that it further comprises a step of transmitting said next payment means data (CVVpx + 1) to a payment terminal.
    [6" id="c-fr-0006]
    6. Payment method (MP) comprising a data processing processor (CPU), payment means characterized in that it comprises encryption means operable iteratively, said encryption means comprising: obtaining, from a secure memory of the means of payment (Msec), a current payment means data (CVVpx); generating, according to the current payment method data (CWpx) and according to a payment method (n) encryption key, a next payment means data (CVVpx + 1); replacing, in the secure memory of the means of payment (Msec), the current payment method data (CVVpx) with the next payment means data (CVVpx + 1).
    [7" id="c-fr-0007]
    7. A method for verifying the validity of a payment means data (CVVp), a method implemented by a processing server comprising a data processing processor (CPU), characterized in that it comprises: a step of obtaining reference payment method data (CVVX + 1); a step of obtaining, from the reference payment method data (CVVX + 1), at least one data of comparison payment means (CVVX, CVVx + 2) as a function of a predetermined time period (PI), delivering a set of reference data; a step of obtaining a current payment means data (CVVpx); and a step of comparing the current payment means data (CVVpx) with the data of said reference data set, issuing a validity assertion of said current payment means data (CVVpx) when it is identical to one of the data of the set.
    [8" id="c-fr-0008]
    8. Processing server comprising a data processing processor (CPU), server comprising cryptographic processing means adapted to allow verification of the validity of a data of means of payment (CVVp), the cryptographic processing means comprising: means for obtaining reference payment method data (CVVX + 1); means for obtaining, from the reference payment method data (CVVX + 1), at least one comparison payment means data (CVVX, CVVx + 2) as a function of a predetermined time period (PI), delivering a set of reference data; means for obtaining a current payment means data (CVVpx); and means for comparing the current payment means data (CVVpx) with the data of said reference data set, delivering a validity assertion of said current payment means data (CVVpx) when it is identical to one of the data of the set.
    [9" id="c-fr-0009]
    9. Computer program product downloadable from a communication network and / or stored on a computer readable medium and / or executable by a microprocessor, characterized in that it comprises program code instructions for the execution of an encryption method according to claims 1 to 5, when executed by a processor of a payment means.
    [10" id="c-fr-0010]
    10. Computer program product downloadable from a communication network and / or stored on a computer-readable medium and / or executable by a microprocessor, characterized in that it comprises program code instructions for the execution of an encryption method according to claim 7, when executed by a processing server processor.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3168803B1|2021-10-13|Method for encrypting data of payment means, corresponding payment means, server and programs
    EP3221815A1|2017-09-27|Method for securing a payment token
    US20170178126A1|2017-06-22|Payment system
    EP1911194A1|2008-04-16|Method for controlling secure transactions using a single physical device, corresponding physical device, system and computer programme
    EP2509025A1|2012-10-10|Method for access to a protected resource of a trusted personal device
    EP2243106A2|2010-10-27|Method of reading an electronic tag by a terminal
    WO2001099337A1|2001-12-27|Method for secure biometric authentication/identification, biometric data input module and verification module
    WO2016207715A1|2016-12-29|Secure management of electronic tokens in a cell phone
    EP3095223B1|2022-03-16|Method of transmitting encrypted data, method of reception, devices and computer programs corresponding thereto
    EP3238150B1|2018-08-22|Method for making contactless transactions secure
    EP2954449A2|2015-12-16|Digitised handwritten signature authentication
    WO2017005644A1|2017-01-12|Method and system for controlling access to a service via a mobile media without a trusted intermediary
    EP1354288B1|2006-03-29|Method using electronic banking cards for making secure transactions
    WO2018002351A1|2018-01-04|Method for authenticating payment data, corresponding devices and programs
    EP3542335B1|2021-06-23|Method for processing transaction data, corresponding communication terminal, card reader and program
    EP3029878B1|2020-05-27|Method for transmitting a secret with limited lifetime for conducting a transaction between a mobile terminal and a system
    EP3588418A1|2020-01-01|Method for conducting a transaction, terminal, server and corresponding computer program
    EP3758322A1|2020-12-30|Method and system for generating encryption keys for transaction or connection data
    FR3081246A1|2019-11-22|METHOD FOR MAKING A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM
    FR3098947A1|2021-01-22|Process for processing a transaction issued from a proof entity
    EP3688961A1|2020-08-05|Federated closed-loop system
    CN110999254A|2020-04-10|Securely performing cryptographic operations
    WO2017077210A1|2017-05-11|Method for verifying identity during virtualization
    WO2016034812A1|2016-03-10|Securing of encryption keys for transactions on a device lacking a secure module
    FR3025959A1|2016-03-18|METHOD OF SECURING AN APPLICATION FOR REALIZING PROXIMITY TRANSACTIONS BETWEEN TWO TERMINALS
    同族专利:
    公开号 | 公开日
    US20170132622A1|2017-05-11|
    EP3168803A1|2017-05-17|
    FR3043483B1|2018-11-02|
    CA2947920A1|2017-05-10|
    EP3168803B1|2021-10-13|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20090150295A1|2007-12-09|2009-06-11|Jeffrey Alan Hatch|Validation service for payment cards with preloaded dynamic card verification values|
    US7584153B2|2004-03-15|2009-09-01|Qsecure, Inc.|Financial transactions with dynamic card verification values|
    US9251637B2|2006-11-15|2016-02-02|Bank Of America Corporation|Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value|
    US8504451B2|2006-11-16|2013-08-06|Visa U.S.A. Inc.|Method and system using candidate dynamic data elements|
    US8201747B2|2008-11-26|2012-06-19|Qsecure, Inc.|Auto-sequencing financial payment display card|
    US10037524B2|2009-01-22|2018-07-31|First Data Corporation|Dynamic primary account number and unique key per card|
    CA2697921C|2009-03-27|2019-09-24|Intersections Inc.|Dynamic card verification values and credit transactions|
    US8615468B2|2010-01-27|2013-12-24|Ca, Inc.|System and method for generating a dynamic card value|
    US9558481B2|2010-09-28|2017-01-31|Barclays Bank Plc|Secure account provisioning|
    US20120153028A1|2010-12-15|2012-06-21|Poznansky Amir|Transaction Card with dynamic CVV|
    DE102012005427A1|2012-03-16|2013-09-19|Giesecke & Devrient Gmbh|Method and system for secure communication between an RFID tag and a reader|
    US8978152B1|2012-03-30|2015-03-10|Protegrity Corporation|Decentralized token table generation|
    US20140067675A1|2012-09-06|2014-03-06|American Express Travel Related Services Company, Inc.|Authentication using dynamic codes|
    EP2787474A3|2013-03-14|2014-12-17|Philippe Guillaud|Dynamically allocated security code system for smart debt and credit cards|
    EP2997532A4|2013-05-15|2016-05-11|Visa Int Service Ass|Mobile tokenization hub|
    US20160086171A1|2014-04-07|2016-03-24|Eric Gregory Rehe|Indication of Recurring Transaction for Payment Devices and Credit Cards|
    US9819485B2|2014-05-01|2017-11-14|At&T Intellectual Property I, L.P.|Apparatus and method for secure delivery of data utilizing encryption key management|
    US9805205B2|2015-02-19|2017-10-31|Konvax Corporation|Adaptive system profile|CN109934709A|2018-11-05|2019-06-25|阿里巴巴集团控股有限公司|Data processing method, device and server based on block chain|
    US10949855B2|2020-01-14|2021-03-16|Joseph Carlo Pastrana|Mathematical constant pi dynamic-hybrid CVV authentication method for credit cards|
    US10951610B2|2020-01-14|2021-03-16|Joseph Carlo Pastrana|Operation of mathematical constant PI to authenticate website and computer network users|
    法律状态:
    2016-11-25| PLFP| Fee payment|Year of fee payment: 2 |
    2017-05-12| PLSC| Publication of the preliminary search report|Effective date: 20170512 |
    2017-11-28| PLFP| Fee payment|Year of fee payment: 3 |
    2019-11-26| PLFP| Fee payment|Year of fee payment: 5 |
    2020-11-27| PLFP| Fee payment|Year of fee payment: 6 |
    2021-11-25| PLFP| Fee payment|Year of fee payment: 7 |
    2022-01-07| TP| Transmission of property|Owner name: BANKS AND ACQUIRERS INTERNATIONAL HOLDING, FR Effective date: 20211202 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1560772A|FR3043483B1|2015-11-10|2015-11-10|METHOD OF ENCRYPTING DATA OF PAYMENT MEANS, MEANS OF PAYMENT, SERVER AND CORRESPONDING PROGRAMS|
    FR1560772|2015-11-10|FR1560772A| FR3043483B1|2015-11-10|2015-11-10|METHOD OF ENCRYPTING DATA OF PAYMENT MEANS, MEANS OF PAYMENT, SERVER AND CORRESPONDING PROGRAMS|
    EP16197843.2A| EP3168803B1|2015-11-10|2016-11-08|Method for encrypting data of payment means, corresponding payment means, server and programs|
    CA2947920A| CA2947920A1|2015-11-10|2016-11-09|Data encryption process for methods of payment, corresponding methods of payment, server and programs|
    US15/347,982| US20170132622A1|2015-11-10|2016-11-10|Method for the encryption of payment means data, corresponding payment means, server and programs|
    [返回顶部]