• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method implemented with a computer terminal equipped with at least one loudspeaker and at least one microphone, in which: a first transmitting software application executed by the terminal is adapted to emit an acoustic signal for authentication by a loudspeaker (12) of said terminal (11), said authentication acoustic signal containing authentication information, - a second receiving software application executed by the terminal separate from the transmitting application is adapted to receive a microphone (13) of the terminal (11) any acoustic signal picked up by the microphone, emitted by a speaker of said terminal and capable of corresponding to an acoustic authentication signal. The invention extends to a terminal, a computer program, a data flow and a server for the implementation of this method.
    公开号:FR3047583A1
    申请号:FR1650907
    申请日:2016-02-04
    公开日:2017-08-11
    发明作者:Emmanuel Ruiz;Christian Ruiz;Daniel Ruiz
    申请人:Emmanuel Ruiz;Christian Ruiz;Daniel Ruiz;
    IPC主号:
    专利说明:

    The invention relates to a method implemented with a computer terminal equipped with at least one loudspeaker, at least one microphone, and of a computer terminal with at least one loudspeaker, at least one microphone, and at least one microphone. computer programmable data processing resources allowing the execution of software applications by the terminal, for the transmission of authentication information between at least two separate software applications at least partially executed by said terminal. It extends to a terminal -particularly to a portable computer terminal-, to a computer program, to a data stream, and to a server for the implementation of a method according to the invention.
    Throughout the text, we adopt the following terminology: - computer system: combination of hardware (s) and / or software (s) and / or information and / or files and / or databases and / or digital data, suitable for perform predetermined computer functions, - terminal: access point to a network, with a human-machine interface, - computer terminal: access point to a computer network, with a human-machine interface, - terminal portable: any terminal that can be permanently worn by an adult human being, having in particular a volume of less than 1 dm3 and a weight of less than 1 kg; a portable terminal is adapted to be able to operate wirelessly with an external environment, in particular to communicate with at least one telephone and / or computer network, - server: any computer system capable of providing accessible computing resources for at least one terminal via at least one network; a server can be made up of any computer system, including a single computer or a plurality of computers connected in a network or grid, - mass memory: any non-volatile rewritable computer memory for storing digital data in a sustainable manner whatever the implemented technology (magnetic, optical, electronic ...) to achieve it, which can consist of a single component or a plurality of components, - software application: a specific software application executed in the an operating system environment executed by a terminal or server to perform specific functions and / or to provide services to a user; or at least one window of at least one network browser software (Internet Explorer®, Safari®, Mozilla®, Google® Chrome®, Android®, Facebook®, Twitter®, ...) executed by the terminal when the latter is in communication with a remote server site (it should be noted that such a window can incorporate one or more modules (s) executed by said remote server site, this window then constituting a software application only partially executed by the terminal); or a combination of such a specific software application and at least one such window of at least one network browser software; - audio: means the audible sounds for the human ear, - acoustic signal: any signal chosen from audio sounds and ultrasounds, - user: human using a computer system or a terminal, - authentication information: all confidential data; it can be for example access data to services and / or software and / or Internet pages (access code ("Login") and / or password), personal data (for example to fill in forms accessible online), banking data for payment over the Internet, or even authorization data for transmitting such confidential data between two servers, at least one of which is connected to the terminal ...
    The secure transmission of authentication information between different software applications at least partly executed by a computer terminal is a necessity of modern computing. However, it often happens that different software applications at least partly executed by the same terminal are not compatible with each other, in particular because they do not use the same communication protocol and / or the same data format and / or the same development platform and / or the same programming language. It is then necessary to simultaneously develop numerous software modules for the exchange of information between various software applications of the same terminal.
    The same is true of the secure transmission (controlled by the production of authentication information) of data (which may themselves be authentication information or not) to servers from a computer terminal.
    Many technologies have been developed to secure the transmission of data between a terminal and a server. However, in practice users still have to memorize many different access codes and passwords most of the time. In addition, despite the encryption techniques, the access codes and / or passwords and / or personal and / or bank data stored on servers or computer devices such as terminals used by users are susceptible to attacks. malicious attempts to capture this data for fraudulent purposes. Similarly, terminals that can be used by users are often susceptible to such attacks, in particular via wireless communication networks (Wifi, Bluetooth®, etc.) used by these terminals.
    Consequently, there is a need to greatly simplify the secure transmission of authentication information between software applications at least partly executed in a terminal, and the secure transmission of data - particularly data representative of confidential information - between terminals and servers, upon authorization of terminal users.
    A known solution for the secure transmission of data to servers consists in making available to each user an identification card with a microcircuit, and a reader of this identification card that can be connected to a terminal such as a computer. The identification card can be a credit card or a specific card issued by a service provider to which the user can access. In this known solution, the user must connect the reader to the terminal, then insert his identification card in the card reader, then manually enter a password on a keyboard of said terminal or the card reader. This solution is expensive, non-universal, requires each user to have different identification cards and different passwords, and is not suitable for the use of modern handheld devices such as computers.
    In addition, this known method can not be implemented by a user at any time and at any place. However, with modern handheld computer terminals such as computers, the need is felt to be able to transmit data, including data representative of confidential information to servers by users on the go, at any place and at any time.
    In other known solutions it has been envisaged to use a mobile telephone network (GSM type) and / or the exchange of sound signals between a telephone and a terminal to authenticate a user accessing services. These technologies require on the one hand a mobile phone, on the other hand at least one terminal or other computer terminal separate from the mobile phone, and therefore can not be implemented by users at any time and at any location; in addition, they are not sufficiently secure and are not used in practice.
    Moreover, other known methods allow authentication and / or authorization of transactions, in particular by transmitting at least one acoustic signal between two mobile terminals (see in particular W02015 / 033061). However, these methods also require two devices physically close to each other, and therefore can not be implemented by users anytime and anywhere.
    In this context, the invention aims to overcome these drawbacks by proposing a method, a terminal, a computer program, a data flow, a computer program product, a medium that can be used in a computer system, a window of a software application, and a server allowing secure transmission of authentication information between two software applications at least partly executed by the same terminal, regardless of the technical characteristics of these software applications. It also aims more particularly to allow a user, from a single terminal, to authorize the secure transmission of data to at least one remote server of said terminal and connected to the latter, and to make this secure transmission from of the terminal. The invention therefore aims to enable such secure transmission of data - in particular data representative of confidential information and / or personal information of the user - by a user at any place and at any time, in particular including by a user on the move and from a portable terminal. The invention also aims at reinforcing the security of such a secure transmission of authentication or data information, especially with respect to various attacks (detection by a malicious third party of the authentication information or data whose transmission is authorized; invalidation by a malicious third party of said authentication or data information or authorization to transmit this authentication or data information by a user; transmission of authentication information or data or authorization of transmission of information; authentication or data by a malicious third party without the knowledge of a user ...). The invention also aims to propose such a method by which the intervention of a user of the terminal is reduced, in particular to the simple possession of said terminal, and which makes it possible to considerably simplify the transmission of authentication information, in particular confidential data, including banking, and secure access to services, including websites, by users, without requiring the storage by them of access code and passwords and many complex. The invention also aims to achieve these objectives by simple means, universal, compatible with exploitation on an industrial scale and with their dissemination to the general public, and can be exploited by a very large number of terminals and / or servers. various natures, operating on different software platforms and in different technological contexts.
    To do this, the invention relates to a method implemented with a terminal having at least one speaker, at least one microphone, and programmable computer data processing resources for executing software applications. by the terminal, for the transmission of authentication information between at least two software applications at least partly executed by said terminal, characterized in that: - a first software application at least partly executed by the terminal, said transmitting application , is adapted to emit an acoustic signal, said acoustic authentication signal, by a loudspeaker of said terminal, said authentication acoustic signal containing authentication information, - a second software application at least partly executed by the terminal , said receiving application, distinct from the transmitting application, is adapted to receive a microphone of the terminal any acoustic signal picked up by the microphone, issued by a speaker of the terminal and likely to match an acoustic authentication signal, that is to say to include it.
    In a method according to the invention, the authentication information is transmitted universally between the transmitting application and the receiving application by means of simple acoustic signals. It is sufficient that the transmitting application is capable of transmitting an acoustic authentication signal via the speaker of the terminal, and that the receiving application is capable of receiving the acoustic signals picked up by the terminal microphone. .
    The acoustic authentication signal can be generated by the sending application or on the contrary be received by the latter from another application at least partly executed by the terminal and / or a remote server connected to the terminal. The receiving application is adapted to receive any acoustic signal picked up by the microphone capable of corresponding to an acoustic authentication signal transmitted by the speaker of said terminal, that is to say capable of including this acoustic signal of authentication. This receiving application may or may not also be suitable for extracting the acoustic authentication signal from the acoustic signals picked up by the microphone and itself exploiting this acoustic authentication signal. If not, this extraction and / or exploitation of the authentication acoustic signal may be executed by another software application at least partly executed by the terminal and / or by a remote server connected to the terminal.
    It should also be noted that the authentication information thus transmitted may or may not contain confidential data specific to the user. They can simply be used for pairing the two software applications, this pairing being a preliminary step in establishing a communication session of such confidential data between the two software applications and / or with at least one remote server.
    In some embodiments, a method according to the invention is adapted for the secure transmission of data, said data to be transmitted, by a terminal to at least one server remote from said terminal and connected to said terminal. Thus, the invention also relates to a method implemented with a terminal equipped with at least one loudspeaker, at least one microphone and at least one link with at least one remote server of said terminal, for the transmission secured data, said data to be transmitted by said terminal to at least one server remote from said terminal and connected to said terminal, wherein: - an acoustic signal, said acoustic authentication signal, is emitted by a speaker of said terminal, a microphone of said terminal picks up any acoustic signal emitted by a loudspeaker of said terminal capable of corresponding to an acoustic authentication signal; secure transmission of the data to be transmitted by said terminal to at least one remote server is authorized on capture by the microphone of an acoustic signal corresponding to an acoustic authentication signal emitted by a loudspeaker of said terminal.
    In certain embodiments in accordance with the invention, a transmission of the data to be transmitted by said terminal to at least one remote server is authorized on capture by the microphone and reception by the receiving application of an acoustic signal, said acoustic signal received. , corresponding to an acoustic authentication signal transmitted by a speaker of said terminal, in particular on command of the transmitting application. The invention also relates to a method executed by said terminal for the implementation of a method according to the invention. It also relates to a method executed by a remote server connected to said terminal for the implementation of a method according to the invention.
    It turns out that the use of the microphone of the same terminal as the one of which a loudspeaker has emitted an acoustic authentication signal makes it possible to solve the aforementioned problems and to provide in an extremely reliable and secure manner a method allowing a secure transmission of data on authorization of a user of said terminal, regardless of the operating software platform of said terminal (including even with a terminal not endowed with computing resources) and in different application contexts. One of the consequences of the invention is thus to considerably simplify the ergonomics of operation from the point of view of the users, by preventing them from memorizing or recording sensitive and distinct confidential data such as access codes, passwords, banking data ... The use of an acoustic authentication signal transmitted between a loudspeaker and a microphone of the same terminal also provides great resistance to potential attacks by malicious third parties, insofar as the capture and identification of the acoustic authentication signal emitted by a loudspeaker of said terminal, in particular for data transmission authorization purposes, are extremely unlikely, if not impossible, because of the nature itself this acoustic signal of authentication (the latter is in particular emitted at short distance, its content, which may be variable depending on the application cations, can not a priori be differentiated from other acoustic signals that can be transmitted by said terminal and does not necessarily contain in itself confidential information). Furthermore, even assuming that the acoustic signal emitted by a loudspeaker of said terminal can be at least partially fraudulently picked up by a third party, it will not be the case that the third party will have access to the authentication information and / or the data. to be transmitted to the server, or that it can itself authorize this transmission, since it does not have the same terminal as the authentic user.
    According to the various possible embodiments of the invention and / or its different applications, the acoustic authentication signal emitted by a loudspeaker of said terminal can be in different ways, in particular and for example: the acoustic signal of authentication is at least partly integrated in an acoustic signal received by said terminal by at least one link of this terminal with a remote server, in particular by a link established by a window of a network browser (Internet page) executed by said terminal accessing the remote server via a network link connecting said terminal to said remote server, or by a telephone link; the acoustic authentication signal is at least partly received by the terminal by at least one link of this terminal with a remote server which transmits this authentication acoustic signal in the form of digital data (via a data communication link) digital representative of the acoustic authentication signal (audio file)), said terminal itself being programmed (with the transmitting application adapted for this purpose) to transmit on a loudspeaker any acoustic acoustic signal it receives; the acoustic authentication signal is at least partly recorded in said terminal, the latter itself being programmed to transmit on a loudspeaker the acoustic signal of authentication on command of a remote server to which said terminal is connected by a link and / or command of the sending application executing at least partly in said terminal itself.
    In particular, in certain embodiments and according to the invention, a transmission module executed by a remote server connected to said terminal is adapted to generate said authentication acoustic signal. The remote server generating said authentication acoustic signal may or may not be a server to which the data to be transmitted are intended. In these embodiments, such a transmission module can be executed in particular: via a window of a network browser (for example Internet page) executed by said terminal accessing the remote server over a network link connecting said terminal to this remote server, or - by a software application of a remote server directly connected by a link to said terminal. The transmission of said authentication acoustic signal may result from a command from a transmission module executed by a remote server connected to said terminal and / or from said sending application at least partly executed by said terminal.
    Furthermore, the authorization of the transmission of said data to be transmitted to at least one remote server advantageously results from the execution of at least one reception module executed at least partly by at least one remote server (which may or may not be a server to which the transmission of data is intended) and / or at least partly by said terminal.
    Thus, in certain embodiments, advantageously and according to the invention, each received acoustic signal is transmitted to a reception module adapted to: - compare each acoustic signal received with an acoustic authentication signal transmitted by a speaker of said terminal simultaneously with the reception of the acoustic signal received by the reception application, and - on reception of a received acoustic signal corresponding to said authentication acoustic signal (that is to say including at least this acoustic authentication signal) transmitted by a speaker of said terminal, allow transmission of said data to be transmitted from said terminal to at least one remote server.
    Said receiving module may itself be adapted or not to generate said data to be transmitted.
    Thus, in a first embodiment, the receiving module itself generates the data to be transmitted to at least one remote server of said terminal.
    In some embodiments, the receiving module is only executed by said terminal, the latter generating said data to be transmitted.
    In these embodiments in which the receiving module is executed by said terminal, this receiving module is a module of said receiving application.
    A method according to the invention allows in particular to authorize and perform, from a terminal, the transmission of data to at least one remote server. The data to be transmitted can be of any kind. These data to be transmitted can be in particular data, in particular confidential data, chosen from the group: - bank data, access data (access code and password), personal data of the user communicated in fields of a window of a network browser (for example Internet page) executed by said terminal, personal data communicated in fields of a window of a software application executed by said terminal, this software application being able to transmit this data to at least one remote server via a digital data communication link, for example an Internet link; authorization data for transmitting other data between two servers remote from said terminal, at least one of which is connected to said terminal; it may be for example a single-use code (OTP) transmitted to said terminal by a server or generated randomly by said terminal itself; this transmission authorization data can be transmitted to a window of a network browser (for example Internet page) executed by said terminal, or directly by the reception module to at least one remote server connected to said terminal by a link, this remote server being adapted to execute said data transmission to at least one remote server of said terminal (connected or not to said terminal).
    Furthermore, advantageously and according to the invention, said data to be transmitted are chosen from: data at least partly stored in a mass memory of said terminal, data downloaded by said terminal into a memory of said terminal from a remote server to which said terminal is connected, data entered by a user with a human-machine interface of said terminal.
    The data to be transmitted may consist of a combination of such data.
    In some embodiments, advantageously and according to the invention, the reception module is at least partly executed by a remote server connected to said terminal. In particular, in certain variant embodiments of a method according to the invention, the acoustic signal picked up by the microphone during the transmission of an acoustic authentication signal by a loudspeaker of said terminal, is transmitted by said terminal by via a link to at least one remote server in which the receiving module is executed at least in part, which may or may not be a remote server having at least partially controlled the transmission of said authentication acoustic signal. This remote server receiving the acoustic signal picked up by the microphone can then control said remote terminal to authorize and carry out a secure transmission of the data to be transmitted from said terminal to at least one remote server, which may be this same remote server receiving the acoustic signal picked up by the microphone and / or a separate server.
    Thus, in certain embodiments, a method according to the invention is characterized in that a reception module executed by a first server connected to said terminal is adapted to receive an acoustic signal picked up by a microphone of said terminal and transmitted to this first server by said terminal, and in that said first server is programmed to: - compare an acoustic signal received by the reception module with an acoustic authentication signal sent by said transmitting application, and - on reception by the reception module of an acoustic signal corresponding to an acoustic authentication signal sent by said transmitting application, generating and transmitting to at least one second remote server to which the first server is connected, selected data from data representative of confidential information and data of authorization for the secure transmission of representative data of confidential training to at least one server, whether or not serving as a second server.
    It should be noted as well as in a method according to the invention, as the case may be, each server remote from said terminal intended to receive data-in particular data representative of confidential information-upon authorization of said terminal, may or may not be itself in connection with said terminai. Indeed, when the data to be transmitted from said terminal are themselves transmission authorization data of other data to be transmitted to a server, the latter server is not necessarily in connection with said terminal.
    In a method according to the invention, said terminal can be of any kind, portable or not. Thus, advantageously and according to the invention, said terminal is chosen from the group consisting of mobile telephones, smartphones, portable computer touch tablets, laptops, desktops, computer workstations, cashing computers. POS, electronic payment terminals (POS), interactive kiosks, and multimedia interactive kiosks. Nevertheless, it is an advantage of certain embodiments of a method according to the invention to allow the implementation of a method of secure transmission of data from a portable terminal at any time and anywhere, when a digital data transmission link between said terminal and at least one remote server for receiving said data to be transmitted is active.
    Thus, advantageously and according to the invention, said terminal is a portable terminal connected by at least one wireless link for transmitting digital data with at least one server remote from said terminal and intended to receive at least a portion of said data to be transmitted. Thus, said terminal is advantageously chosen from the group consisting of mobile telephones, smartphones, portable computer touch tablets, and portable computers (in particular so-called portable computers comprising a screen hinged to a keyboard).
    More particularly, advantageously and according to the invention said portable terminal is connected to each remote server intended to receive at least a portion of said data to be transmitted solely by a wireless link for transmitting digital data. Such a wireless link for digital data transmission can be chosen in particular in the group formed of radio frequency links (Wifi, Bluetooth®, ...), optical links (especially infrared), and telephone links (GPRS, UMTS, LTE , WiMAX ...).
    Moreover, in certain embodiments, advantageously and according to the invention, the acoustic authentication signal is at least partially formed of ultrasound. In particular, in certain embodiments advantageously and according to the invention, the acoustic authentication signal is exclusively formed of ultrasound. In this way, he is inaudible. In particular, in some embodiments, the transmitted authentication acoustic signal is formed of ultrasound having at least one frequency between 18 kHz and 100 kHz.
    Whether it includes ultrasound or ultrasound, or not, the acoustic signal of authentication can also be integrated into an audio message (audible) transmitted by a speaker of said terminal.
    This acoustic authentication signal may itself be representative of digital data, that is to say can be an acoustic signal encoding digital data with a certain coding protocol. In this case, said digital data encoded by the acoustic authentication signal may or may not be encrypted. Nevertheless, it is an advantage of the invention to render unnecessary any encryption, or even any encoding of digital data in the acoustic authentication signal, which may be purely analog. Indeed, for example, the transmission of the data to be transmitted can be authorized by simple recognition of an analog acoustic signal picked up by the microphone of said terminal and corresponding to an acoustic authentication signal transmitted by a transmission module. It is then sufficient to compare analog acoustic signals with each other. The invention also extends to a terminal for the implementation of a method according to the invention. It therefore relates in particular to a terminal equipped with at least one speaker, at least one microphone, and programmable data processing data resources allowing the execution of software applications by the terminal, characterized in that it is configured to implement a method according to the invention. It also extends to a terminal equipped with at least one loudspeaker, at least one microphone, and at least one link with at least one remote server of said terminal, characterized in that it is configured to implement a method according to the invention.
    A terminal according to the invention is in particular a computer terminal equipped with computer resources and is programmed to implement a method according to the invention. In addition, a terminal according to the invention may also in particular advantageously be a portable terminal.
    A terminal according to the invention is advantageously characterized by all or some of the features mentioned above with reference to a method according to the invention.
    In particular, in some embodiments a terminal according to the invention is advantageously characterized in that it is adapted to be able to display on a display screen of this terminal at least one window of a network browser (for example Internet page ) having means of activation (hypertext links, interactive button ...) of a method according to the invention by a user of said terminal according to the invention.
    In some embodiments, a terminal according to the invention is also advantageously characterized in that it is adapted to be able to display on a display screen of this terminal at least one window of a software application executed by said terminal according to the present invention. invention, said window having activation means (hypertext links, interactive button ...) of a method according to the invention by a user of said terminal according to the invention.
    In some embodiments, a terminal according to the invention advantageously comprises at least one of the following components: at least one display screen -especially a touch screen-, a keyboard, a pointing device (mouse) a satellite positioning module (GPS, Galileo, GLONASS ...), at least one photographic and / or video shooting objective, a compass (at least one terrestrial magnetic field sensor), minus one accelerometer, - at least one input and / or output port, - at least one lighting device.
    The computer systems, terminals, servers, methods described herein may be implemented by a computer program or a plurality of computer programs, which may exist in various forms, both active and inactive, in a single computer system or a plurality of computer systems. For example, they may consist of software programs consisting of program instructions in source code, object code, executable code or other format for performing at least part of the steps of a method according to the invention. They may be in the form of a computer readable medium, which includes recording devices and signals, in compressed or uncompressed form. The invention thus extends to a computer program for implementing a method according to the invention.
    It therefore relates in particular to a computer program comprising computer program code instructions, characterized in that it comprises programming means: - readable by a computer system having programmable computer data processing resources, - adapted for once executed by said computer system, at least partly implementing a method according to the invention. The invention extends in particular to a computer program characterized in that said programming means are adapted, once executed by said computer system, to implement a module for transmitting a method according to the invention . The invention also extends in particular to a computer program characterized in that said programming means are adapted, once executed by said computer system, to implement a module for receiving a method according to the invention . The invention thus relates in particular to a computer program comprising program code instructions for executing at least a part of the steps -in particular a transmitting application and / or a receiving application and / or a receiving-receiving module. a method according to the invention when said program is executed on a terminal and / or on at least one remote server of said terminal and connected to said terminal.
    Said computer system may be in particular a remote server of said terminal, in particular connected to said terminal, a computer program according to the invention being readable by such a server and adapted for, once executed by this server, implement all or part characteristics of a method according to the invention. Also, the invention extends to a computer program comprising computer program code instructions characterized in that it comprises programming means: readable by a computer terminal equipped with programmable computer data processing resources, - adapted for, once executed by said computer terminal - in particular loaded in memory of the latter - implement at least partly a method according to the invention. Thus, a computer program according to the invention makes it possible to obtain a computer terminal according to the invention when it is executed by the latter. The invention also extends to a representative data stream of a computer program according to the invention. Such a data stream according to the invention can in particular be formed by downloading a computer program according to the invention from a server, in particular by downloading into memory a terminal according to the invention. The invention also extends to a computer program product comprising a computer program according to the invention. The invention also extends to a medium that can be used in a computer system, this medium comprising code instructions of a computer program recorded on this medium and usable in a computer system, characterized in that it comprises, recorded on this support, programming means readable by a computer system, and adapted for, once executed by said computer system (in particular loaded in memory of the latter), implement at least partly a method according to the invention. Hile also extends to a medium that can be used in a computer system, this medium comprising code instructions of a computer program recorded on this medium and usable in a computer system, characterized in that it comprises, recorded on this medium, programming means readable by a computer system, and adapted to, once executed by said computer system (in particular loaded in memory of the latter), allow the configuration of a computer terminal connected to said computer system for obtaining a computer system; terminal according to the invention. As used in this text, the term "media usable in a computer system" may refer to any device that may contain, store, communicate, propagate or transport a program for use by or in connection with a computer. computer system, terminal, apparatus or device for executing program code instructions. Such a support that can be used in a computer system may be, by way of non-limiting example, a terminal, a device, an apparatus, a system or an electronic, magnetic, optical, electromagnetic, infrared or semiconductor propagation medium. Some specific non-exhaustive examples of a computer readable medium may be the following: a computer terminal, an electrical connection having one or more conductors, a mass memory (hard disk, USB key, etc.), a diskette, a memory random access memory (RAM), a read-only memory (ROM), a read-only memory erasable by programming (EPROM or flash memory), an optical fiber, a read-only memory (read-only or rewritable compact disc). The invention also extends to a window of a software application -particularly chosen from a network browser and a mobile application of ordiphone- executed by a terminal -particularly by a terminal according to the invention-, said window being adapted to to be displayed by a terminal according to the invention and / or adapted to be displayed by said terminal in a method according to the invention, said window having activation means (hypertext link, interactive button ...) of a method according to the invention by a user of said terminal according to the invention. The invention also extends to a server programmed to be able to perform at least part of the steps of a method according to the invention. It therefore concerns a server that can be remotely connected to a terminal equipped with at least one speaker, at least one microphone, and programmable data processing computer resources allowing the execution of software applications by the terminal. , characterized in that it is configured to implement a method according to the invention. It relates in particular to a server programmed to display a window according to the invention on a computer terminal connected to this server. It also extends to a server that can be remotely connected to a terminal equipped with at least one loudspeaker and at least one microphone, characterized in that it is configured to implement a method according to the invention. invention. The invention also relates to a method, a terminal, a computer program, a data flow, a computer program product, a medium that can be used by a computer system, a window of a software application and a server characterized in combination. by all or some of the characteristics mentioned above or below. Other objects, features and advantages of the invention will become apparent on reading the following non-limiting description which refers to the appended figures in which: FIG. 1 is a block diagram illustrating a first embodiment of FIG. a method according to the invention, - Figure 2 is a block diagram illustrating a second embodiment of a method according to the invention, - Figure 3 is a block diagram illustrating a third embodiment of a method according to the invention.
    In the example shown in FIG. 1, a user terminal 11 is a computer terminal (which can be a portable terminal such as a portable tablet or a portable computer (smart mobile phone), or a laptop, or a desktop computer). , comprising in particular a speaker 12, a microphone 13, and a man / machine interface comprising a touch screen 14, or a keyboard and a screen and a pointing device. Such a computer terminal 11 incorporates computer data processing means including digital data including at least one microprocessor computing unit (s) and / or microcontroller (s) and associated memory (s), at least one mass memory 19, an operating system, software applications, and at least one connection and communication device on at least one network -in particular at least one wireless communication device capable of establishing a digital data transmission link with at least one a remote server (in particular a Wi-Fi connection and / or a Bluetooth® connection and / or a data connection via a wireless telephone network) and / or wired connection connection ports (RJ45, fiber optic, USB, HDMI ...). The terminal 11 is in particular configured to access the Internet network 20 via such a wireless communication device.
    The terminal 11 can execute software applications. Each software application mentioned hereafter can be either a specific software application executed in the environment of an operating system executed by the terminal 11 so as to perform specific functions and / or to provide services to a user; at least one window of at least one network browser software (Internet Explorer®, Safari®, Mozilla®, Google® Chrome®, Android®, Facebook®, Twitter®, etc.) executed by the terminal 11 when this last is in communication with a remote server site; it is still a combination of such a specific software application and at least one such window of at least one network browser software.
    In the first example of FIG. 1, a software application of the terminal 11 requires payment data from the user for the provision to the terminal 11 of a remote service via the Internet network 20. This software application of the terminal 11 may be a specific software application executed by the terminal 11, or a window of a network browser accessing a web page issued by a server. This software application is in any case connected via the Internet 20 to a server 16 service provider to which said payment data must be transmitted.
    To receive the payment data, the software application 18 which requires these payment data includes an authentication software module 17 connected by the Internet 20 to an authentication server 15 and requires an authentication server 15 from the latter. authentication which constitutes in the example an acoustic authorization signal S AA. This authentication module 17 can be activated either automatically by the software application 18 or by the user, for example by action of the user on a corresponding interactive button of a window displayed by the application 18.
    The authentication server 15 therefore transmits such an acoustic authorization signal to the authentication module 17, and the latter transmits this acoustic authorization signal S AA on the loudspeaker 12 of the terminal 11. The authentication module 17 therefore constitutes a transmission module executed by the terminal 11.
    The terminal 11 also contains an authentication software application 21 which also comprises an authentication software module 22, which is connected to the authentication server by the Internet network 20 and which can be identical to the authentication module 17. of the software application that requires the payment data.
    While the SAA authorization acoustic signal is emitted by the speaker 12 of the terminal 11, the software authentication application 21 has been launched by the user and the authentication module 22 has been activated (either automatically at the launch of the authentication software application 21, or by action of the user on a corresponding interactive button of the authentication software application 21), the microphone 13 of the terminal 11 is activated by the module 22 of authentication of the authentication software application 21, and the microphone 13 of the terminal 11 picks up the surrounding acoustic signals, including the acoustic authorization signal SAA, and the authentication module 21 of the authentication software application 21 receives and transmits them to the authentication server.
    The authentication server 15 compares the SAA authorization acoustic signal it has previously transmitted to the authentication module 17 of the software application 18 which requires the payment data, and which has therefore been sent by the loudspeaker. 12, with the acoustic signal that it receives from the authentication module 22 of the authentication software application 21, and which has therefore been picked up by the microphone 13.
    Preferably, the acoustic authorization signal SAA is formed of ultrasound. For example, it may be an acoustic signal having a frequency spectrum comprising a plurality of predetermined distinct frequency peaks, which may be for example between 18 kHz and 100 kHz. The authentication server then performs the comparison between the acoustic signals that it has transmitted and receives by extracting the frequency peaks of these acoustic signals and comparing them. If the acoustic signals emitted and received have the same frequency peaks, the authentication server considers that they are identical. It should be noted that in this example, the payment data to be transmitted to the service provider server 16 are not contained or encoded in the acoustic authorization signal S AA, nor in the acoustic signals emitted by the loudspeaker. 12 and / or picked up by the microphone 13 of the terminal 11. They can not be intercepted by the capture of acoustic signals.
    If this comparison is positive, that is to say concludes a presence of the acoustic authorization signal S AA in the acoustic signal received from the authentication module 22, the authentication server 15 sends an acknowledgment signal to the authentication software application 21, which transmits back to the authentication server the payment data, which may be wholly or partly recorded (preferably in encrypted form) in the mass memory 19 of the terminal 11.
    The authentication server 15 then returns these payment data via the Internet network 20 to the authentication module 17 of the software application 18 which requires these payment data.
    After possible validation by the user in the same window of the software application 18, these payment data are transmitted via the Internet 20 to the server 16 service provider.
    It should be noted that the payment data may be wholly or partly recorded not in a mass memory 19 of the terminal 11, but in a mass memory of a personal data server 23 which may be, for example, a data server. a bank institution to which the authentication software application 21 is connected via the Internet network 20.
    The second example shown in FIG. 2 differs from the first example of FIG. 1 in the direction of transmission of the acoustic authorization signal SAA. In this second example, it is indeed the authentication module 22 of the authentication application 21 which receives from the authentication server the authorization acoustic signal and transmits it on the loudspeaker 12. And the authentication module 17 of the software application 18 that requires the payment data accesses the microphone 13 to pick up the acoustic signals emitted by the loudspeaker 12 (including the acoustic authorization signal S AA) and retransmit them to the microphone. authentication server 15.
    It should be noted that in certain embodiments where each authentication module is activated by action of the user on a corresponding interactive button, the execution of the authentication model can be carried out in whole or in part by the software application. (Specific application or network browser software window) which contains the authentication module, or otherwise in whole or in part by the remote network server site delivering said window containing said interactive button.
    It should be noted that a method according to the embodiments of the invention described above can also be used to securely transmit all confidential data to a software application of a terminal 11. In addition to payment data as described herein above, such confidential data may be of any other nature, for example access control data, cookie data for an Internet server, etc. For example, it is possible, for example, to provide as a variant, the authentication server and the service provider server 16 consist of a single server, for example an Internet server, the authorization acoustic signal S AA itself being able to act as a connection indicator ("Cookie") acoustic for this Internet server.
    In the examples mentioned above, the SAA authorization acoustic signal is generated by the authentication server and the pairing between the software application 18 that requires the payment data and the authentication application 21 is performed. thanks to the acoustic signal authorization by the authentication server 15.
    It should be noted that it is also possible, in a variant that is not represented, to provide that the acoustic authorization signal SAA is generated locally in the terminal 11. To do this, the authentication module, called module 17, 22 of transmitter authentication, which transmits the acoustic signals on the loudspeaker 12, that is to say the software application authentication module 17 that requires the payment data (in the first of FIG. 1) or the authentication module 22 of the authentication application 21 (in the second example of FIG. 2) is adapted to be able to locally generate the acoustic authorization signal and transmit it on the loudspeaker 12. this variant, the authentication module 17 or 22 which emits the acoustic signals on the loudspeaker 12 simultaneously generates an identification code of the acoustic authorization signal, and transmits this code to the authentication server 15. The authentication module 22 or 17, said receiver authentication module 22, 17, which receives the acoustic signals picked up by the microphone 13, is programmed in the same way as the transmitter authentication module 17, 22 so that the module 22, 17 receiving receiver can, upon receipt of the authorization acoustic signal S AA, transmit to the server 15 an identification code of this acoustic authorization signal. The server 15 then performs the comparison between the identification code that it received from the transmitter authentication module 17, 22 and the identification code that it received from the receiver authentication module 22, 17. If these codes are identical, the authentication server 15 sends an acknowledgment signal to the authentication software application 21, which in turn transmits the payment data back to the authentication server. The authentication server 15 then returns these payment data via the Internet network 20 to the authentication module 17 of the software application 18 which requires these payment data.
    In the third example of the invention shown in FIG. 3, the terminal 11 must transmit confidential access control data to at least one server, called the Internet server, for example an access code and a password enabling access to a personal space on the Internet cloud ("cloud") represented by the Internet server (s).
    To do this, the user opens a software application 28 called access control application 28, allowing access to this personal space on the Internet cloud. This access control application 28 contains an authentication software module 27 which is connected via the Internet 20 with a first authentication server 25. The authentication module 27 transmits representative data to the first authentication server 25 because the access control application 28 requires access control data. The first authentication server 25 is adapted to be able to generate and transmit back to the authentication module 27 an acoustic authentication signal which, in the example, is an acoustic signal, said SAR request acoustic signal, preferably under ultrasonic form, wherein is encoded an access control data request.
    The authentication module 27 then transmits this acoustic SAR request acoustic signal on the speaker 12 of the terminal 11. The terminal 11 also contains a software authentication application 31 which also comprises an authentication software module 32, which is connected to a second authentication server 35 over the Internet network 20 and which may be identical to the authentication module 27 of the access control application 28.
    While the acoustic SAR request signal is emitted by the speaker 12 of the terminal 11, the authentication application 31 has been launched by the user and the authentication module 32 has been activated (automatically launch of the authentication software application 31, or by action of the user on a corresponding interactive button of the authentication software application 31), the microphone 13 of the terminal 11 is activated by the authentication module 32 of the authentication software application 31, and the microphone 13 of the terminal 11 captures the surrounding acoustic signals, including the acoustic SAR request signal, and the authentication software authentication module 32 authentication receives them and transmits to the second authentication server 35.
    The second authentication server 35 is programmed in the same way as the first authentication server, and is adapted to be able to analyze the acoustic signals it receives and to extract data encoded in these acoustic signals by the first server 25. authentication.
    Accordingly, upon receipt of the SAR request acoustic signal, the second authentication server extracts said access control data request, and retransmits it through the Internet network 20 to the authentication module 32. The latter then obtains the access control data from the mass memory of the terminal 11 and / or from a remote personal data server 23 to which it is connected by the Internet network 20.
    The authentication module 32 then transmits these access control data to the second authentication server, which encodes these data in an acoustic authentication signal, which in the example is an acoustic signal, called an acoustic control signal. access S AC A, preferably in ultrasound form, retransmitted by the second authentication server 35 to the authentication module 32. The authentication module 32 then transmits this acoustic access control signal S AC A on the loudspeaker 12 of the terminal 11.
    While the access control acoustic signal S AC A is emitted by the speaker 12 of the terminal 11, the microphone 13 of the terminal 11 is activated by the authentication module 27 of the access control application 28 , and the microphone 13 of the terminal 11 captures the surrounding acoustic signals, including the AC access control acoustic signal S AC A, and the authentication module 27 of the access control application 28 receives them and transmits them to the first authentication server 25. The first authentication server decodes the access control acoustic signal S AC A and extracts the access control data (access code and password) which it transmits to the authentication module 27. the application 28 of access control. The latter can then automatically incorporate the access control data in corresponding fields of a window of this access control application 28 to transmit them to the Internet server in order to access the personal space.
    In possible variants, not shown, of the third example of a method according to the invention, the first authentication server 25 and / or the second authentication server 35 may be deleted, the coding function and decoding digital data in an acoustic signal being incorporated directly into the authentication module 27 and / or 32 of the access control application 28 and / or the authentication application 31. This of course results in a lower transmission security, but also a greater speed. In any event, the invention provides a universal means of secure communication between several software applications, not necessarily compatible with each other, of the same terminal 11 by transmission of at least one acoustic authentication signal emitted by the loudspeaker. speaker 12 of the terminal 11 and picked up by the microphone 13 of the same terminal 11. It allows for example a specific application executed in a terminal 11 to transfer confidential data in fields of a window of a network browser executed by the terminal 11.
    It should also be noted that the invention applies not only to a terminal 11 having a remote connection to an Internet network, but also to any other digital data remote communication links and / or acoustic signals. In particular, a terminal 11 according to the invention can be connected remotely with each authentication server and / or with a service provider server via a telephone network, which is for example a mobile telephone network (GSM, GPRS, UMTS , LTE, WiMAX ...) to which the terminal 11 is connected.
    If an authentication acoustic signal is transmitted to the terminal 11 via a telephone link, this acoustic signal is formed of sounds and can not be formed of ultrasound. It may be transmitted as such in isolation or incorporated in an audio message broadcast by the loudspeaker 12, whether or not to incorporate confidential data, in particular all or part of the data to be transmitted, in coded and / or encrypted form.
    Moreover, the invention can be the subject of many different embodiments and various applications other than those mentioned above. For example, the data transmission authorization can be issued only when the comparison of the acoustic signals picked up by the microphone 13 with the acoustic authentication signal is carried out simultaneously by both a reception module executed by the terminal 11 and by a receiving module executed by a remote authorization server.
    Any form of coding may be envisaged to form each acoustic authentication signal, incorporating or not confidential data (in particular chosen from the group consisting of DTMF, APSK, ASK, CCK, CPM, FSK, MS K, OFDM, OFDMA coding, OOK, PPM, PSK, QAM, TCM).
    It may be for example and advantageously a coding by ultrasound frequency peaks as indicated above, or simple DTMF codes, or a more complex modulation, for example FSK (by phase shift).
    The different servers can be combined and put together in one server. The communication links between the terminal 11 and each of the servers or between the servers can be of various types, in particular of the telephone link type, the Internet link, the specific point-to-point secure link, etc.
    Moreover, in certain variant embodiments of a method according to the invention, the terminal 11 is specifically configured to implement this method, in particular for executing a transmission module for an acoustic authentication signal and / or for executing a reception module and / or executing a module for comparing acoustic signals picked up by the microphone 13 with an acoustic authentication signal transmitted by the loudspeaker 12 of the terminal 11. In other embodiments of a method according to the invention, it is partly implemented by the terminal 11 configured for this purpose, and partly implemented by at least one remote server connected to the terminal 11.
    权利要求:
    Claims (11)
    [1" id="c-fr-0001]
    CLAIMS 1 / - Method implemented with a terminal (11) having at least one speaker (12), at least one microphone (13), and computer programmable data processing resources for execution of software applications by the terminal, for the transmission of authentication information between at least two software applications at least partially executed by said terminal, characterized in that: - a first software application at least partially executed by the terminal , said transmitting application, is adapted to emit an acoustic signal, said acoustic authentication signal, by a loudspeaker (12) of said terminal (11), said authentication acoustic signal containing authentication information, - a second software application at least partially executed by the terminal, said receiving application, separate from the transmitting application, is adapted for receiving r of a microphone (13) of said terminal (11) any acoustic signal picked up by the microphone, emitted by a loudspeaker of said terminal and capable of corresponding to an acoustic authentication signal.
    [0002]
    2 / - Method according to claim 1 for the secure transmission of data, said data to be transmitted by said terminal (11) to at least one server remote from said terminal and connected to said terminal, wherein a transmission of data to be transmitted by said terminal at least one remote server is authorized on reception by the microphone (13) and reception by the receiving application of an acoustic signal, said received acoustic signal, corresponding to an acoustic authentication signal emitted by a loudspeaker ( 12) of said terminal.
    [0003]
    3 / - Method according to claim 2 characterized in that each acoustic signal received is transmitted to a receiving module adapted to: - compare each acoustic signal received with an acoustic signal of authentication issued by a speaker (12) of said terminal (11) simultaneously with the reception of the acoustic signal received by the reception application, and - on reception of a received acoustic signal corresponding to the said acoustic authentication signal emitted by a loudspeaker (12) of the said terminal (11), authorizing transmission of said data to be transmitted from said terminal (11) to at least one remote server.
    [0004]
    4 / - Method according to claim 3 implemented by said terminal characterized in that the receiving module is at least partially executed by said terminal (11).
    [0005]
    5 / - Method according to any one of claims 3 or 4 characterized in that the receiving module is at least partly executed by a remote server connected to said terminal (11).
    [0006]
    6 / - Method according to one of claims 2 to 5 characterized in that said data to be transmitted are selected from: - data at least partly stored in a memory (19) of mass of said terminal, - data downloaded by said terminal in a memory of said terminal (11) from a remote server to which said terminal is connected, - data entered by a user with a human-machine interface of said terminal (11).
    [0007]
    7 / - Method according to any one of claims 1 to 6 characterized in that said terminal (11) is selected from the group consisting of mobile phones, smartphones, portable computer touch pads, laptops, desktop computers , computer workstations, point-of-sale (POS) computers, electronic payment terminals (EPTs), interactive kiosks, and interactive multimedia kiosks.
    [0008]
    8 / - Method according to any one of claims 1 to 7 characterized in that said terminal (11) is a portable terminal connected by at least one wireless link for transmitting digital data with at least one remote server of said terminal and for receiving at least a portion of said data to be transmitted.
    [0009]
    9 / - Method according to one of claims 1 to 8 characterized in that said terminal is connected to at least one remote server of said terminal adapted to generate each authentication acoustic signal and transmit it to the terminal.
    [0010]
    10 / - Method according to any one of claims 1 to 9 characterized in that the acoustic authentication signal issued is at least partly formed of ultrasound.
    [0011]
    11 / - Terminal provided with at least one loudspeaker (12), at least one microphone (13), and programmable computer data processing resources for executing software applications by the terminal, characterized in that it is configured to implement a method according to any one of claims 1 to 10.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP2619941B1|2018-12-12|Method, server and system for authentication of a person
    CA2897649C|2018-02-13|Audio-based electronic transaction authorization system and method
    EP2306324A1|2011-04-06|Method, system and adapting device enabling a data exchange between a communicating object and a processing unit
    EP3252692A1|2017-12-06|Method for supplying data relative to a payment transaction, device and corresponding program
    FR3047583A1|2017-08-11|METHOD OF SECURELY TRANSMITTING AUTHENTICATION INFORMATION BETWEEN SOFTWARE APPLICATIONS IN A COMPUTER TERMINAL
    EP3087543B1|2019-12-11|Transmission and processing of data relating to a contactless transaction
    EP3214564A1|2017-09-06|Method for running and processing data, terminal and corresponding computer program
    EP3095223B1|2022-03-16|Method of transmitting encrypted data, method of reception, devices and computer programs corresponding thereto
    FR3061971A1|2018-07-20|TWO STEP AUTHENTICATION METHOD, CORRESPONDING COMPUTER DEVICE AND PROGRAM
    EP3627419A1|2020-03-25|Secure transaction using a mobile device
    WO2019186041A1|2019-10-03|Method and device for authenticating a user
    EP2897095B1|2018-07-11|Method for securing a transaction conducted by bank card
    BE1026342B1|2020-01-14|DEVICE AND METHOD FOR SECURE INDENTIFICATION OF A USER
    EP3588418A1|2020-01-01|Method for conducting a transaction, terminal, server and corresponding computer program
    EP3570238A1|2019-11-20|Method for conducting a transaction, terminal, server and corresponding computer program
    FR3045876A1|2017-06-23|METHOD FOR PRODUCING A CHALLENGE WORD, ELECTRONIC DEVICE, PERIPHERAL DEVICE AND SYSTEM IMPLEMENTING SAID METHOD
    FR3110984A1|2021-12-03|Secure sharing of credentials information
    FR3096481A1|2020-11-27|Method and device for authenticating a user.
    EP2795526A1|2014-10-29|Electronic device for storing confidential data
    WO2021212001A1|2021-10-21|Systems and methods for cryptographic authentication
    FR3086414A1|2020-03-27|TRANSACTION PROCESSING METHOD, DEVICE, SYSTEM AND PROGRAM
    FR3111721A1|2021-12-24|User authentication method on client equipment
    WO2017162995A1|2017-09-28|Authentication method for authorising access to a website
    FR3075534A1|2019-06-21|DEVICE FOR STORING DIGITAL KEYS TO SIGN TRANSACTIONS ON A BLOCK CHAIN
    FR3031609A1|2016-07-15|METHOD OF PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL
    同族专利:
    公开号 | 公开日
    FR3047583B1|2018-03-09|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20140172430A1|2012-12-19|2014-06-19|Robert Rutherford|System and method for voice authentication|
    WO2015163774A1|2014-04-24|2015-10-29|Igor Muttik|Methods and apparatus to enhance security of authentication|US10623403B1|2018-03-22|2020-04-14|Pindrop Security, Inc.|Leveraging multiple audio channels for authentication|
    US10665244B1|2018-03-22|2020-05-26|Pindrop Security, Inc.|Leveraging multiple audio channels for authentication|
    US10873461B2|2017-07-13|2020-12-22|Pindrop Security, Inc.|Zero-knowledge multiparty secure sharing of voiceprints|
    法律状态:
    2017-02-10| PLFP| Fee payment|Year of fee payment: 2 |
    2017-08-11| PLSC| Publication of the preliminary search report|Effective date: 20170811 |
    2018-02-26| PLFP| Fee payment|Year of fee payment: 3 |
    2020-02-28| PLFP| Fee payment|Year of fee payment: 5 |
    2021-02-26| PLFP| Fee payment|Year of fee payment: 6 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1650907|2016-02-04|
    FR1650907A|FR3047583B1|2016-02-04|2016-02-04|METHOD OF SECURELY TRANSMITTING AUTHENTICATION INFORMATION BETWEEN SOFTWARE APPLICATIONS IN A COMPUTER TERMINAL|FR1650907A| FR3047583B1|2016-02-04|2016-02-04|METHOD OF SECURELY TRANSMITTING AUTHENTICATION INFORMATION BETWEEN SOFTWARE APPLICATIONS IN A COMPUTER TERMINAL|
    [返回顶部]