WO2001073706A1 - Payment system not revealing banking information on the public or quasi-public network - Google Patents

Payment system not revealing banking information on the public or quasi-public network Download PDF

Info

Publication number
WO2001073706A1
WO2001073706A1 PCT/FR2001/000894 FR0100894W WO0173706A1 WO 2001073706 A1 WO2001073706 A1 WO 2001073706A1 FR 0100894 W FR0100894 W FR 0100894W WO 0173706 A1 WO0173706 A1 WO 0173706A1
Authority
WO
WIPO (PCT)
Prior art keywords
party
merchant
purchaser
transaction
buyer
Prior art date
Application number
PCT/FR2001/000894
Other languages
French (fr)
Inventor
Philippe Agnelli
Original Assignee
Philippe Agnelli
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Philippe Agnelli filed Critical Philippe Agnelli
Priority to AU48418/01A priority Critical patent/AU4841801A/en
Publication of WO2001073706A1 publication Critical patent/WO2001073706A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems

Definitions

  • Payment system allowing not to disclose banking information on the public and quasi-public network.
  • the Third Party offers a set of software that will allow the Buyer and the Merchant to transfer funds via the banking system in place Free or paid software is distributed to all
  • a Buyer account is created with the Third Party via a form completed by the Buyer and returned by mail to the Third Party
  • the information relating to the account is stored on a server belonging to the Third Party and has an identifier and a password
  • a number of credit cards can be linked to it
  • the Merchant's server sends a payment request to the application of the Third Party.
  • the latter activates the second step.
  • the Buyer must then indicate the username and password corresponding to his Purchaser's account Once the identification has been made, the Purchaser chooses the method of payment he wishes to use.
  • a crypto payment message is then sent to the Third Party server.
  • the latter validates the transaction with the Bank, as with a credit card reader and returns to the Buyer, if successful, a signed message indicating the success of the transaction
  • This message is then forwarded from the Buyer to the Merchant who considers that the purchase has been made (in a other device, the message is sent directly from the Third Party to the Merchant)
  • the banking systems must accept requests from the Third Parties
  • the wish is to set up a fully electronic money system for which banks could offer parity with conventional money
  • the Third Party offers a particularly wide range of services allowing the establishment of servers supporting the most diverse financial transactions, consultation and purchase statistics, order taking and even the establishment of real shopping malls .
  • the Purchaser can provide a bank card identifier with specific software for encrypting the data, and software on the Merchant's server automatically manages the link with partner banking processing organizations to obtain the various authorizations and make the transfer.
  • This system does not require any specific software or the need to encrypt sensitive information.
  • it is sufficient to have an individual e-mail address, an internet browser and a credit card.
  • the originality of the system lies in the fact that bank card identifiers will never circulate on the network.
  • the request for creation of a Buyer account by the Third Party can be made through the quasi-public network but the bank card number is provided by telephone.
  • the Buyer account is created, its identifier is sent by email to the owner. If a Buyer wants to buy something from a server, they provide their name and identifier.
  • the Merchant can check the validity of the account on a Third Party server intended for this purpose. It then sends an electronic message to the Third Party specifying the identifier of the Buyer and the amount invoiced.
  • the Third Party server Upon receipt of the invoice request, the Third Party server returns an Email to the Buyer asking him to accept or refuse the transaction or even to report fraud. If the transaction is validated, the Third Party takes care of transfers between bank accounts concerned by traditional means.
  • This system makes it possible to validate electronic transactions with a credit card reader used as a payment terminal.
  • the Purchaser obtains this reader free of charge or for a fee.
  • the Buyer indicates that he has a payment terminal, inserts his credit card into the reader and types his personal code.
  • This device requires the use of a smart credit card; the cost of the payment term must be borne by the Buyer or his bank.
  • the Purchaser obtains a telephone set equipped with a credit card reader used as payment terminal.
  • the Buyer When paying for purchases made via the quasi-public network, the Buyer indicates that he has a payment terminal, inserts his credit card into the reader and types his personal code.
  • the telephone device then operates as a payment terminal. This device requires the use of a smart credit card; the cost of the telephone to the payment terminal must be borne by the Buyer, his bank, or his telecommunications operator.
  • Figure 1 is a schematic diagram of the main parts of the system containing the present invention.
  • Figure 2 is a schematic diagram showing the main modules used in the invention.
  • Figures 3-1 to 3-2 describe the sequences and the security mechanism of the payment process according to the present invention. Summary of the invention
  • the invention solves the problem of sending personal or commercial information over a network open to fraud.
  • the invention solves the problem of fake sites Merchants, it removes the risk of having private financial data captured during transit on the quasi-public network, it provides security in case of theft of the personal key of identification and in the event of theft of the personal device, in the event of the simultaneous theft of the personal identification key and the personal device, the system remains inviolable without the algorithm personalized by the Purchaser.
  • the invention allows the Buyer to remain anonymous towards the Merchant, an important point for the respect of individual freedoms related to trade in general.
  • the invention eliminates the risk of receiving financial information which would have been obtained fraudulently, it certifies that payment for goods and services will be made.
  • the invention shows a Third Party Agent which stores the identity of Merchants who have registered with the Third Party;
  • the Third Party has registered itself with the Banks, and preferably with one or more telecommunications companies.
  • Buyers must be registered with the telecommunications company that gave them a telephone address for the personal device 40; they must also be registered with the Third Party which gives them a personal PIK identification key; they agree with the Third Party of an AG algorithm; they also have a way of accessing the quasi-public network.
  • the present invention includes the exchange of information between a Buyer connected to a quasi-public network through a terminal 10, a Merchant site 20, a Third Party center 30, a personal device 40 owned by the Buyer , a telecommunications company (Telco called by abbreviation) 60 capable of presenting messages to the device 40, a Bank staff 50.
  • a telecommunications company Telco called by abbreviation 60 capable of presenting messages to the device 40
  • a Bank staff 50 a telecommunications company (Telco called by abbreviation) 60 capable of presenting messages to the device 40
  • the device 40 is capable of being connected to the public network almost the same time that it is connected to the telephone network, it can be considered as two different logical units: one is the terminal 40 and the other is the terminal 10, these two logical units being capable of operating independently and / or simultaneously.
  • the Buyer looking for goods or services opens a session 101 between the terminal (or the logical unit) 10 and the Merchant's information server 20a via the quasi-public network.
  • the information server 20a assigns in transaction 202 a transaction number TC, valid for this transaction only, and which will be used to reference events and data for the duration of this transaction both on the side of the Merchant and the Purchaser, of the Bank and the Telecommunications Company, and will be used for synchronization of transactions by the Third Party.
  • the TC transaction code is uniquely generated by the Merchant according to a predetermined secret formula between the Merchant and the Third Party.
  • the Buyer uses terminal 10 to select the goods or services that interest him.
  • the Merchant's information server establishes the list of selected goods and / or services. by the Buyer, using, for example, the database 20c through the data server 20b.
  • the Purchaser starts the invoice preparation procedure from terminal 10.
  • the information server 20a prepares the payment note and offers the Purchaser a secure payment via the Third party. Information to contact the Third Party is included during this exchange as well as the TC transaction number.
  • the Buyer uses the terminal 10 to confirm to the Merchant that he wishes to use payment via the Third Party.
  • the Buyer initiates a connection with the Third Party using the information provided by the Merchant.
  • the TC number is also transmitted to the Third Party, to enable the merchant transaction to be retrieved.
  • the merchant's payment module 20d (part separate or not from the information server 20a) identifies itself, with the information server 30a of the third party, as an integral part of the merchant's site; the identification method is not part of the invention, it can be an exchange of electronic signatures, or any equivalent method.
  • the database 30c of the information server 30a contains information relating to the Merchant which enables the Third Party to identify the latter. This information was recorded when the Merchant registered with the Third Party.
  • the module 20d sends to the server 30a during the session 101 the address of the terminal 10, the content and the amount of the order and the transaction number TC.
  • the information server 20a waits in state 212 for the information server 30a to send it information that the transaction is valid.
  • the information server 30a uses the database 30c via the data server 30b to verify the authenticity and validity of the Merchant site 20.
  • the information server 30a uses the information received in step 207 and 208 to synchronize the data between the Merchant's site and the terminal 10; when this is done, the information server 30a requests the user of the terminal 10 to identify himself using his personal identification key PIK (PIK is composed of at least one identification code and one password, or it is a type of electronic signature that can be sent with the terminal 10); PIK was established when the Purchaser registered with the Third Party or afterwards during an update.
  • the PIK personal identification key constitutes the first level of security for the Purchaser.
  • the user of the terminal 10 receives the request in step 211 and gives the personal PIK key in step 213.
  • the information server 30a uses the database 30c via the data server 30b to validate the identification key received from terminal 10. If the key is validated, the user of terminal 10 is considered to be in possession of the PIK of one of the customers registered with the Third Party. The validation of the PIK personal identification key authorizes the continuation of the transaction; Otherwise, the closing of the transaction is notified to the merchant and the buyer.
  • the Third Party uses the information received in 208 and the information stored in the database 30c to establish a form containing the different payment methods available to the Purchaser; these different payment methods had been communicated to the Third Party by the Buyer, at the time of registration or then during an update, using a secure means which is not part of the invention.
  • the form can be extended to show again the information relating to the content of the 1 transaction (name of the Merchant, amount, goods and services ordered, all details which were sent in step 208).
  • the form is sent to terminal 10, and the information server 30a remains awaiting the response on the payment method.
  • step 216 the user of the terminal 10 verifies that the information coming to it be sent 5 are correct, selects the payment method among those proposed, and in step 217 returns this information to the information server 30a.
  • the information server 30a receives from the terminal 10 the information on the method of payment and in the operation
  • the database 30c of the information server 30a contains information relating to the Merchant, allowing the Third Party to carry out banking operations on behalf of the Merchant. . This information was recorded when the Merchant registered with the Third Party. Information exchange between the 30d banking interface module and the banking system
  • the banking interface module 30d also sends the amount of the invoice to the banking system 50a, the information on the method of payment and on the account of the Buyer to be debited previously stored in the 30c database.
  • the banking system 50a uses the data received in 219, data previously recorded making it possible to identify the Third Party as a customer of the Bank, and its own data relating to the Buyer, to establish the authorization. payment which is returned to the banking interface module 20 30d in operation 228.
  • the Third Party is registered with the banking establishment so that the Third Party
  • the banking interface module 30d receives the payment authorization from the banking system 50a and sends it to the information server 30a.
  • the information server 30a prepares a message to the Buyer containing at least one CC confirmation code 25 generated uniquely for each transaction, the identity of the Merchant, and the amount of the transaction.
  • This CC confirmation code constitutes the second level of security for the Buyer.
  • the server 30a also searches in the database 30c for the reference number RN which identifies the Purchaser for the telecommunications company (this reference number given by the telecommunications company 60 to the Third Party 30 is preferably different from the number telephone address to maintain anonymity between the Third Party and the telephone company). .
  • the Third Party is registered with the telecommunications company so that the Third Party obtains a RN reference number from the Buyer and can send messages to the Buyer through the telecommunications network.
  • the message with this reference number RN is sent to the telecommunications company by the telco interface module 30 e to the telco interface 60a.
  • the telco interface 60a converts the RN reference number to a telecommunications address, using the 60d database via the 60c data server.
  • the message is sent to the terminal 40 by the message server 60b using a communication channel specially opened for this occasion
  • the payment validation document is prepared.
  • the information server 30a sends the payment validation document to terminal 10 and requests the user of the terminal 10 to read the message arriving on the apparatus 40 and to enter the confirmation code from that contained in the message.
  • the Buyer uses terminal 10 to manually enter the modified CCI confirmation code: this modification of the confirmation code is carried out by an AG algorithm on which the Buyer and the Third Party have agreed at the time of registration or then during an update (thanks to a secure means which is not part of the invention) and which the Purchaser can memorize.
  • the AG algorithm for modifying the CC confirmation code is known only to the Buyer and the Third Party, and it is the Buyer's responsibility to keep this information confidential.
  • the AG algorithm constitutes the third level of security for the Purchaser.
  • the information server 30a verifies that the CCI code sent by the terminal 10 corresponds to the validation code CC according to the rules pre-established in the algorithm AG.
  • the information server 30a uses the results of steps 231 and 229 to definitively validate the transaction and 30a sends the information for validating the transaction to the payment server
  • the information server 20a receives the information for validating the transaction and uses it to exit the waiting state 212; the information server 20a establishes a summary of the transaction, with in addition additional information such as delivery method, delivery date, delivery address, and sends them to the terminal 10 in operation 234.
  • the information server 20a sends the information closing the transaction to the information server 30a via the payment module 20d and the session 101.
  • the Third Party sends directly to the Merchant the information validating the transaction in operations 232 to 237.
  • the information server 30a prepares an end-of-transaction confirmation message containing the identity of the Merchant, the amount of the transaction, and, optionally, other data relating to the transaction, associates the message with the number of RN reference and sends everything to the telco 60a interface.
  • the telco interface 60a converts the reference number RN to a telephone address, using the database 60d via the data server 60c and the message is ready to be sent.
  • the message is sent to the apparatus 40 by the message server 60b.
  • the Buyer receives the transaction closing information contained in the message.
  • the Third Party sends transaction validation information directly to the Purchaser directly to the operations
  • transaction 242 the Third Party notifies the Bank of transferring funds between the accounts of the Buyer and the Merchant.
  • Operation 214 validates PIK which constitutes the first level of security for the Purchaser; the operation 221 creates the CC confirmation code which is the second level of security for the Purchaser; operation 231 validates CCI which corresponds to the validation code CC according to the rules pre-established in the algorithm AG. Two of the three security levels can be stolen without affecting the security of the transaction.
  • Any anomaly detected during operations 214 and 231 on each of the three security levels is detected and recorded by the Third Party and reported to the Purchaser.
  • Another possible device of the invention - 1 Another device of the invention can omit steps 238 to 241
  • the invention can be used to secure operations carried out remotely by the Purchaser to his own site
  • the Buyer has a personal Merchant site used to carry out operations defined by the Buyer.
  • the Purchaser has registered his Merchant site with the Third Party, and has defined with him the types of valid transactions. These transactions may or may not include the intervention of the banking establishment
  • Steps 203 to 208 are modified to become stages during which the Buyer prepares the transaction he wishes to carry out.
  • Steps 215 to 218 are also modified to take into account the type of transaction chosen by the Buyer.
  • Steps 219, 220, 228, 229, 242 exist or not depending on the type of transaction defined by the Buyer at the time of registration with the Third Party. The other steps are unchanged.
  • the invention can be used to secure operations carried out remotely by the Purchaser towards his own electronic money account.
  • the Buyer has a personal account used to carry out operations defined by the Buyer.
  • the Buyer has registered his personal account with the Third Party, and defined with him the types of valid transactions. These transactions may or may not include the intervention of the banking establishment 50.
  • the Buyer can launch operations on his Merchant site and security will be obtained by the use of the PIK, AK and CCI keys and by the use of the personal device 40.
  • Steps 203 to 208 are modified to become steps during which the Buyer prepares the transaction he wishes to carry out.
  • Steps 215 to 218 are also modified to take into account the type of transaction chosen by the Buyer.
  • Steps 219, 220, 228, 229, 242 exist or not depending on the type of transaction defined by the Buyer at the time of registration with the Third Party. The other steps are unchanged.

Abstract

The invention concerns an electronic payment method between two users, through a quasi-public network, using personal data previously registered with a third party, and a confirmation code randomly selected by said third party. The two users are registered by the third party which is also capable of identifying the two users. One of the two users is called merchant and the other, purchaser. When the purchaser selects the goods or services with the merchant, the merchant contacts the third party requesting validation of the transaction. The third party: (1) communicates with the purchaser so that he may identify himself with the personal identification key he has been provided with at the time of registration with the third party; (2) sends to the purchaser a confirmation code on an apparatus owned by the purchaser; the confirmation code is modified by the purchaser according to a pre-recorded method, and returned by the purchaser to the third party; (3) verifies with the purchaser's bank that payment can be made; and (4) verifies the validity of the confirmation code returned by the purchaser. When these steps of the procedure are successfully completed, the third party authorises the merchant to confirm the transaction.

Description

Système de paiement permettant de ne pas divulguer d'information bancaire sur le réseau public et quasi-public.Payment system allowing not to disclose banking information on the public and quasi-public network.
Description de l'état de l'artDescription of the state of the art
Différents systèmes utilisent le reseau public et quasi-public pour permettre le paiement entre un Acheteur et unDifferent systems use the public and quasi-public network to allow payment between a Buyer and a
MarchandTrader
1 1 Interface avec le système bancaire1 1 Interface with the banking system
La Tierce Partie propose un ensemble de logiciels qui vont permettre a l'Acheteur et au Marchand d'effectuer le transfert de fonds via le système bancaire en place Un logiciel gratuit ou payant est distribue a tous lesThe Third Party offers a set of software that will allow the Buyer and the Merchant to transfer funds via the banking system in place Free or paid software is distributed to all
Acheteurs potentielsPotential buyers
Dans une première étape , un compte Acheteur est crée chez la Tierce Partie via un formulaire rempli par l'Acheteur et renvoyé par courrier a la Tierce Partie L'information relative au compte est stockée sur un serveur appartenant a la Tierce Partie et possède un identifiant et un mot de passe Lorsque le compte Acheteur est mis en place, il est possible d'y lier un certain nombre de cartes de créditIn a first step, a Buyer account is created with the Third Party via a form completed by the Buyer and returned by mail to the Third Party The information relating to the account is stored on a server belonging to the Third Party and has an identifier and a password When the Buyer account is set up, a number of credit cards can be linked to it
Lorsqu'une décision d'achat est prise, le serveur du Marchand envoie une demande de paiement a l'application de la Tierce Partie Cette dernière active la deuxième étape L'Acheteur doit alors indiquer l'identifiant et le mot de passe correspondant a son compte Acheteur Une fois l'identification effectuée, l'Acheteur choisit le mode de paiement qu'il souhaite utiliser Un message de paiement crypte est alors envoyé au serveur Tierce Partie Ce dernier valide -ou non- la transaction avec la Banque, tout comme avec un lecteur de carte de crédit et retourne a l'Acheteur, en cas de succès, un message signe indiquant la réussite de la transaction Ce message est ensuite retransmis de l'Acheteur vers le Marchand qui considère que l'achat est effectue ( dans un autre dispositif, le message est envoyé directement de la Tierce Partie au Marchand ) Pour que ce système se généralise, il faut que les systèmes bancaires acceptent les requêtes en provenance des Tierces PartiesWhen a purchase decision is made, the Merchant's server sends a payment request to the application of the Third Party. The latter activates the second step. The Buyer must then indicate the username and password corresponding to his Purchaser's account Once the identification has been made, the Purchaser chooses the method of payment he wishes to use. A crypto payment message is then sent to the Third Party server. The latter validates the transaction with the Bank, as with a credit card reader and returns to the Buyer, if successful, a signed message indicating the success of the transaction This message is then forwarded from the Buyer to the Merchant who considers that the purchase has been made (in a other device, the message is sent directly from the Third Party to the Merchant) For this system to become generalized, the banking systems must accept requests from the Third Parties
1 2 Création d'argent électronique1 2 Creation of electronic money
Le souhait est de mettre en place un système de monnaie entièrement électronique pour lequel des Banques pourraient offrir une parité avec la monnaie classiqueThe wish is to set up a fully electronic money system for which banks could offer parity with conventional money
La marche a suivre est la suivante II faut ouvrir un compte dans une "Banque digitale" sur l'Internet, et l'approvisionner Pendant la phase expérimentale, les comptes se voient automatiquement attribuer une somme de monnaie électronique Ensuite l'Acheteur peut faire des retraits de la Banque et obtenir de la monnaie électronique Cette monnaie est représentée par des suites de nombres, l'équivalent de pièces de monnaie Ces nombres sont génères par des algorithmes mathématiques sophistiques Chaque nombre contient la somme représentée, la signature de l'émetteur (la Banque) et une partie de l'identifiant du compte de l'Acheteur, le tout crypte avec un sceau confidentiel Chaque nombre ne peut être génère qu'une fois Cette monnaie digitale stockée sur le disque dur de l'Acheteur , peut être échangée tout comme de l'argent liquide avec n'importe quiThe procedure to follow is the following It is necessary to open an account in a "Digital Bank" on the Internet, and to supply it During the experimental phase, the accounts are automatically allocated an amount of electronic money Then the Buyer can make Bank withdrawals and obtaining electronic money This currency is represented by sequences of numbers, the equivalent of coins These numbers are generated by sophisticated mathematical algorithms Each number contains the sum represented, the signature of the issuer ( the Bank) and part of the Purchaser's account identifier, all encrypted with a confidential seal Each number can only be generated once This digital currency stored on the Buyer's hard drive can be exchanged just like cash with anyone
Cela réalise la non-traçabihte des échanges financiers Néanmoins des mécanismes de protection complexes permettent en théorie d'interdire tout usage abusif du systèmeThis achieves the non-traceability of financial exchanges Nevertheless, complex protection mechanisms allow in theory to prohibit any abusive use of the system
1 3 Transfert d'identifiant de carte de crédit sur l'Internet1 3 Transfer of credit card identifier on the Internet
C'est un système de transmission cryptée du numéro de cartes de crédit via l'Internet Le logiciel serveur duIt is an encrypted transmission system of credit card numbers via the Internet The server software of the
Marchand reçoit un numéro de carte de crédit crypte qu'il utilise ensuite pour effectuer une transaction classique avec un centre de traitement L'étape suivante consistera a installer le centre de paiement directement sur l'Internet 1.4 Mise en place de boutiques électroniques clef en mainMerchant receives an encrypted credit card number which he then uses to carry out a standard transaction with a processing center The next step will be to install the payment center directly on the Internet 1.4 Implementation of turnkey electronic stores
La Tierce Partie offre une gamme de services particulièrement étendue permettant la mise en place de serveurs prenant en charge les transactions financières les plus diverses, les statistiques de consultations et d'achats, les prises de commandes et même la mise en place de véritables galeries commerciales. L'Acheteur peut fournir un identifiant de carte bancaire avec un logiciel spécifique pour crypter les données, et un logiciel sur le serveur du Marchand gère automatiquement la liaison avec des organismes de traitement bancaire partenaires pour obtenir les différentes autorisations et effectuer le virement.The Third Party offers a particularly wide range of services allowing the establishment of servers supporting the most diverse financial transactions, consultation and purchase statistics, order taking and even the establishment of real shopping malls . The Purchaser can provide a bank card identifier with specific software for encrypting the data, and software on the Merchant's server automatically manages the link with partner banking processing organizations to obtain the various authorizations and make the transfer.
1.5 Organisation de ventes de biens électroniques (informations, images, programmes ...)1.5 Organization of sales of electronic goods (information, images, programs ...)
Ce système ne nécessite aucun logiciel spécifique ni le besoin de crypter des informations sensibles. Pour l'Acheteur , il suffit de posséder une adresse Courrier électronique individuelle, un navigateur internet et une carte de crédit. L'originalité du système réside dans le fait que les identifiants de cartes bancaires ne circuleront jamais sur le réseau. La demande de création de compte Acheteur par la Tierce Partie peut être faite à travers le réseau quasi-public mais le numéro de carte bancaire est fourni par téléphone. Lorsque le compte Acheteur est créé, son identifiant est envoyé par Courrier électronique au propriétaire. Si un Acheteur veut acheter quelque chose sur un serveur, il fournit son nom et son identifiant. Le Marchand peut vérifier la validité du compte sur un serveur Tierce Partie destiné à cet effet. Il envoie ensuite un message électronique à la Tierce Partie précisant l'identifiant de l'Acheteur et le montant facturé. A la réception de la demande de facture, le serveur Tierce Partie retourne un Courrier électronique à l'Acheteur lui demandant d'accepter ou de refuser la transaction ou même de déclarer une fraude. Si la transaction est validée, la Tierce Partie s'occupe des virements entre comptes bancaires concernés par les moyens traditionnels.This system does not require any specific software or the need to encrypt sensitive information. For the Purchaser, it is sufficient to have an individual e-mail address, an internet browser and a credit card. The originality of the system lies in the fact that bank card identifiers will never circulate on the network. The request for creation of a Buyer account by the Third Party can be made through the quasi-public network but the bank card number is provided by telephone. When the Buyer account is created, its identifier is sent by email to the owner. If a Buyer wants to buy something from a server, they provide their name and identifier. The Merchant can check the validity of the account on a Third Party server intended for this purpose. It then sends an electronic message to the Third Party specifying the identifier of the Buyer and the amount invoiced. Upon receipt of the invoice request, the Third Party server returns an Email to the Buyer asking him to accept or refuse the transaction or even to report fraud. If the transaction is validated, the Third Party takes care of transfers between bank accounts concerned by traditional means.
1.6 Installation de lecteur de carte de crédit1.6 Installation of credit card reader
Ce système permet de valider les transactions électroniques avec un lecteur de carte de crédit utilisé comme terminal de paiement. L'Acheteur se procure ce lecteur gratuitement ou à titre onéreux. Au moment du paiement des achats effectués via le réseau quasi public, l'Acheteur indique qu'il possède un terminal de paiement insère sa carte de crédit dans le lecteur et tape son code personnel. Ce dispositif nécessite l'utilisation de carte de crédit à puce ; le coût du teπninal de paiement doit être supporté par l'Acheteur ou sa banque .This system makes it possible to validate electronic transactions with a credit card reader used as a payment terminal. The Purchaser obtains this reader free of charge or for a fee. When paying for purchases made via the quasi-public network, the Buyer indicates that he has a payment terminal, inserts his credit card into the reader and types his personal code. This device requires the use of a smart credit card; the cost of the payment term must be borne by the Buyer or his bank.
1.7 Téléphone mobile a lecteur de carte intégré1.7 Mobile phone with integrated card reader
L'Acheteur se procure un appareil téléphonique muni d'un lecteur de carte de crédit utilisé comme teπninal de paiement. Au moment du paiement des achats effectués via le réseau quasi public, l'Acheteur indique qu'il possède un terminal de paiement insère sa carte de crédit dans le lecteur et tape son code personnel. L'appareil téléphonique fonctionne alors en teπninal de paiement. Ce dispositif nécessite l'utilisation de carte de crédit à puce ; le coût du téléphone à terminal de paiement doit être supporté par l'Acheteur, sa banque, ou son opérateur de télécommunications .The Purchaser obtains a telephone set equipped with a credit card reader used as payment terminal. When paying for purchases made via the quasi-public network, the Buyer indicates that he has a payment terminal, inserts his credit card into the reader and types his personal code. The telephone device then operates as a payment terminal. This device requires the use of a smart credit card; the cost of the telephone to the payment terminal must be borne by the Buyer, his bank, or his telecommunications operator.
Brève Description des figures Figure 1 est un diagramme schématique des parties principales du système contenant la présente invention. Figure 2 est un diagramme schématique montrant les modules principaux utilisés dans l'invention. Les Figures 3-1 à 3-2 décrivent les séquences et le mécanisme de sécurité du processus de paiement suivant la présente invention. Sommaire de l'inventionBrief Description of Figures Figure 1 is a schematic diagram of the main parts of the system containing the present invention. Figure 2 is a schematic diagram showing the main modules used in the invention. Figures 3-1 to 3-2 describe the sequences and the security mechanism of the payment process according to the present invention. Summary of the invention
Pour le commerce électronique, l'invention permet de résoudre le problème de l'envoi d'information personnelle ou commerciale sur un réseau ouvert à la fraude.For electronic commerce, the invention solves the problem of sending personal or commercial information over a network open to fraud.
Pour l'Acheteur , l'invention résout le problème des faux sites Marchands, elle supprime le risque d'avoir des données financières privées capturées lorsqu'elles transitent sur le réseau quasi public, elle fournit la sécurité en cas de vol de la clé personnelle d'identification et en cas de vol de l'appareil personnel , en cas de vol simultané de la clé personnelle d'identification et de l'appareil personnel, le système reste inviolable sans l'algorithme personnalisé par l'Acheteur. L'invention permet à l'Acheteur de rester anonyme vis à vis du Marchand, point important pour le respect des libertés individuelles liées au commerce en général. Pour le Marchand l'invention supprime le risque de recevoir des informations financières qui auraient été obtenues frauduleusement, elle certifie que le paiement des biens et des services sera effectué.For the buyer, the invention solves the problem of fake sites Merchants, it removes the risk of having private financial data captured during transit on the quasi-public network, it provides security in case of theft of the personal key of identification and in the event of theft of the personal device, in the event of the simultaneous theft of the personal identification key and the personal device, the system remains inviolable without the algorithm personalized by the Purchaser. The invention allows the Buyer to remain anonymous towards the Merchant, an important point for the respect of individual freedoms related to trade in general. For the Merchant, the invention eliminates the risk of receiving financial information which would have been obtained fraudulently, it certifies that payment for goods and services will be made.
L'invention montre un agent Tierce Partie qui stocke l'identité des Marchands qui se sont enregistrés auprès de la Tierce Partie ; La Tierce Partie s 'est enregistrée elle même auprès des Banques , et préférablement auprès d'une ou plusieurs compagnies de télécommunications. Les Acheteurs doivent être inscrits auprès de la compagnie de télécommunication qui leur a donné une adresse téléphonique pour l'appareil personnel 40 ; ils doivent aussi être enregistrés auprès de la Tierce Partie qui leur donne une clé personnelle d'identification PIK ; ils conviennent avec la Tierce Partie d'un algorithme AG ; ils ont aussi une façon d'accéder au réseau quasi public.The invention shows a Third Party Agent which stores the identity of Merchants who have registered with the Third Party; The Third Party has registered itself with the Banks, and preferably with one or more telecommunications companies. Buyers must be registered with the telecommunications company that gave them a telephone address for the personal device 40; they must also be registered with the Third Party which gives them a personal PIK identification key; they agree with the Third Party of an AG algorithm; they also have a way of accessing the quasi-public network.
Description détaillée du dispositif préféréDetailed description of the preferred device
Selon la figure 1 , la présente invention inclut l'échange d'informations entre un Acheteur connecté à un réseau quasi public à travers un terminal 10, un site Marchand 20, un centre Tierce Partie 30, un appareil personnel 40 possédé par l'Acheteur, une compagnie de télécommunications ( appelée Telco par abréviation ) 60 capable de présenter des messages à l'appareil 40, une Banque 50. Si l'appareil personnel 40 est capable d'être connecté au réseau quasi public en même temps qu'il est connecté au réseau téléphonique, il peut être considéré comme deux unités logiques différentes : l'une est le teπninal 40 et l'autre est le terminal 10, ces deux unités logiques étant capables de fonctionner indépendamment et/ou simultanément.According to FIG. 1, the present invention includes the exchange of information between a Buyer connected to a quasi-public network through a terminal 10, a Merchant site 20, a Third Party center 30, a personal device 40 owned by the Buyer , a telecommunications company (Telco called by abbreviation) 60 capable of presenting messages to the device 40, a Bank staff 50. If the device 40 is capable of being connected to the public network almost the same time that it is connected to the telephone network, it can be considered as two different logical units: one is the terminal 40 and the other is the terminal 10, these two logical units being capable of operating independently and / or simultaneously.
La description détaillée de l'invention est donnée en faisant référence à la figure 2 et aux figures 3-1 et 3-2 . Dans l'opération 201 l'Acheteur à la recherche de biens ou de services ouvre une session 101 entre le terminal (ou l'unité logique) 10 et le serveur d'information 20a du Marchand via le réseau quasi public.The detailed description of the invention is given with reference to Figure 2 and Figures 3-1 and 3-2. In operation 201, the Buyer looking for goods or services opens a session 101 between the terminal (or the logical unit) 10 and the Merchant's information server 20a via the quasi-public network.
Le serveur d'information 20a attribue dans l'opération 202 un numéro de transaction TC , valide pour cette transaction seulement , et qui servira à référencer événements et données pour la durée de cette transaction aussi bien du coté du Marchand que de l'Acheteur , de la Banque et de la Compagnie de télécommunications, et sera utilisé pour la synchronisation des transactions par la Tierce Partie. Le code de transaction TC est généré de façon unique par le Marchand selon une formule secrète prédéterminée entre le Marchand et la Tierce Partie. Dans l'opération 203 l'Acheteur utilise le terminal 10 pour sélectionner les biens ou services qui l'intéressent . Dans l'opération 204 le serveur d'information du Marchand établit la liste des biens et/ou services sélectionnés par l 'Acheteur, en utilisant ,par exemple, la base de données 20c à travers le serveur de données 20b. Dans l'opération 205 l'Acheteur démarre la procédure d'établissement de la facture à partir du terminal 10. Dans l'opération 206 le serveur d'information 20a prépare la note de paiement et propose à l'Acheteur un paiement sécuritaire via la Tierce Partie. Les informations pour contacter le Tierce Partie sont incluses lors de cet échange ainsi que le numéro de transaction TC .The information server 20a assigns in transaction 202 a transaction number TC, valid for this transaction only, and which will be used to reference events and data for the duration of this transaction both on the side of the Merchant and the Purchaser, of the Bank and the Telecommunications Company, and will be used for synchronization of transactions by the Third Party. The TC transaction code is uniquely generated by the Merchant according to a predetermined secret formula between the Merchant and the Third Party. In operation 203, the Buyer uses terminal 10 to select the goods or services that interest him. In operation 204, the Merchant's information server establishes the list of selected goods and / or services. by the Buyer, using, for example, the database 20c through the data server 20b. In operation 205, the Purchaser starts the invoice preparation procedure from terminal 10. In operation 206, the information server 20a prepares the payment note and offers the Purchaser a secure payment via the Third party. Information to contact the Third Party is included during this exchange as well as the TC transaction number.
Dans l'opération 207 l'Acheteur utilise le teπninal 10 pour confirmer au Marchand qu'il désire utiliser le paiement via la Tierce Partie. Lors de cette même opération, l'Acheteur initie une connexion avec la Tierce Partie à l'aide des informations fournies par le Marchand Lors de cette connexion est aussi transmis a la Tierce Partie le numéro TC, pour permettre de retrouver la transaction Marchand coπespondante. Dans l'opération 208 le module de paiement 20d du Marchand (partie séparée ou non du serveur d'information 20a ) s'identifie, auprès du serveur d'information 30a de la Tierce Partie, comme partie intégrante du site du Marchand ; la méthode d'identification ne fait pas partie de l'invention, ce peut être un échange de signatures électroniques, ou n'importe quelle méthode équivalente. La base de données 30c du serveur d'information 30a contient des informations relatives au Marchand qui permettent à la Tierce Partie d'identifier celui ci . Ces informations ont été enregistrées au moment où le Marchand s'est enregistré auprès de la Tierce Partie. Le module 20d envoie au serveur 30a pendant la session 101 l'adresse du terminal 10 , le contenu et le montant de la commande et le numéro de transaction TC.In operation 207, the Buyer uses the terminal 10 to confirm to the Merchant that he wishes to use payment via the Third Party. During this same operation, the Buyer initiates a connection with the Third Party using the information provided by the Merchant. During this connection, the TC number is also transmitted to the Third Party, to enable the merchant transaction to be retrieved. In operation 208 the merchant's payment module 20d (part separate or not from the information server 20a) identifies itself, with the information server 30a of the third party, as an integral part of the merchant's site; the identification method is not part of the invention, it can be an exchange of electronic signatures, or any equivalent method. The database 30c of the information server 30a contains information relating to the Merchant which enables the Third Party to identify the latter. This information was recorded when the Merchant registered with the Third Party. The module 20d sends to the server 30a during the session 101 the address of the terminal 10, the content and the amount of the order and the transaction number TC.
Le serveur d'information 20a attend en état 212 que le serveur d'information 30a lui renvoie l'information que la transaction est valide. Dans l'opération 209 le serveur d'information 30a utilise la base de données 30c via le serveur de données 30b pour vérifier l'authenticité et la validité du site Marchand 20.The information server 20a waits in state 212 for the information server 30a to send it information that the transaction is valid. In operation 209, the information server 30a uses the database 30c via the data server 30b to verify the authenticity and validity of the Merchant site 20.
Dans l'opération 210 le serveur d'information 30a utilise les informations reçues à l'étape 207 et 208 pour synchroniser les données entre le site du Marchand et le terminal 10 ; quand c 'est fait, le serveur d'information 30a demande à l'utilisateur du terminal 10 de s'identifier en utilisant sa clé personnelle d'identification PIK (PIK est composé au moins d'un code d'identification et d'un mot de passe , ou bien c'est un type de signature électronique qui peut être envoyé avec le terminal 10) ; PIK a été établi au moment où l'Acheteur s'est enregistré auprès de la Tierce Partie ou ensuite lors d'une mise à jour. La clé d'identification personnelle PIK constitue le premier niveau de sécurité pour l'Acheteur. L'utilisateur du terminal 10 reçoit la demande à l'étape 211 et donne la clé PIK personnelle à l'étape 213. Dans l'opération 214 le serveur d'information 30a utilise la base de données 30c via le serveur de données 30b pour valider la clé d'identification reçue du terminal 10. Si la clé est validée, l'utilisateur du terminal 10 est considéré comme étant en possession du PIK d'un des clients enregistrés auprès de la Tierce Partie. La validation de la clé d'identification personnelle PIK autorise la poursuite de la transaction ; Dans le cas contraire, la fermeture de la transaction est notifiée au marchand et à l'acheteur. Dans l'opération 215 la Tierce Partie utilise l'information reçue en 208 et l'information stockée dans la base de données 30c pour établir un formulaire contenant les différents modes de paiement à la disponibilité de l'Acheteur ; ces différents modes de paiement avaient été communiqués à la Tierce Partie par l'Acheteur, au moment de l'enregistrement ou ensuite lors d'une mise à jour, grâce à un moyen sécurisé qui ne fait pas partie de l'invention. Le formulaire peut être étendu pour montrer à nouveau les informations relatives au contenu de la 1 transaction (nom du Marchand, montant, biens et services commandés, tous détails qui avaient été envoyés à l'étape 208) . Dans l'opération 215 le formulaire est envoyé au terminal 10 , et le serveur d'information 30a reste en attente de la réponse sur le mode de paiement.In operation 210, the information server 30a uses the information received in step 207 and 208 to synchronize the data between the Merchant's site and the terminal 10; when this is done, the information server 30a requests the user of the terminal 10 to identify himself using his personal identification key PIK (PIK is composed of at least one identification code and one password, or it is a type of electronic signature that can be sent with the terminal 10); PIK was established when the Purchaser registered with the Third Party or afterwards during an update. The PIK personal identification key constitutes the first level of security for the Purchaser. The user of the terminal 10 receives the request in step 211 and gives the personal PIK key in step 213. In operation 214 the information server 30a uses the database 30c via the data server 30b to validate the identification key received from terminal 10. If the key is validated, the user of terminal 10 is considered to be in possession of the PIK of one of the customers registered with the Third Party. The validation of the PIK personal identification key authorizes the continuation of the transaction; Otherwise, the closing of the transaction is notified to the merchant and the buyer. In operation 215, the Third Party uses the information received in 208 and the information stored in the database 30c to establish a form containing the different payment methods available to the Purchaser; these different payment methods had been communicated to the Third Party by the Buyer, at the time of registration or then during an update, using a secure means which is not part of the invention. The form can be extended to show again the information relating to the content of the 1 transaction (name of the Merchant, amount, goods and services ordered, all details which were sent in step 208). In operation 215, the form is sent to terminal 10, and the information server 30a remains awaiting the response on the payment method.
Dans l'opération 216 l'utilisateur du terminal 10 vérifie que les informations qui viennent de lui être envoyées 5 sont correctes, sélectionne le mode de paiement parmi ceux qui sont proposés, et dans l'opération 217 renvoie ces informations au serveur d'information 30a.In operation 216 the user of the terminal 10 verifies that the information coming to it be sent 5 are correct, selects the payment method among those proposed, and in step 217 returns this information to the information server 30a.
Le serveur d'information 30a reçoit du terminal 10 les informations sur le mode de paiement et dans l'opérationThe information server 30a receives from the terminal 10 the information on the method of payment and in the operation
219 démaπe une requête d'autorisation de paiement auprès de la Banque , via le module d'interface bancaire 10 30d, le lien sécurisé 104 et le système bancaire 50a. La base de données 30c du serveur d'information 30a contient des informations relatives au Marchan , permettant à la Tierce Partie de faire des opérations bancaires au nom du Marchand. . Ces informations ont été enregistrées au moment où le Marchand s'est enregistré auprès de la Tierce Partie. L'échange d'informations entre le module d'interface bancaire 30d et le système bancaire219 initiates a payment authorization request from the Bank, via the banking interface module 10 30d, the secure link 104 and the banking system 50a. The database 30c of the information server 30a contains information relating to the Merchant, allowing the Third Party to carry out banking operations on behalf of the Merchant. . This information was recorded when the Merchant registered with the Third Party. Information exchange between the 30d banking interface module and the banking system
50a se fait suivant le protocole d'échange interbancaire, le module d'interface bancaire 30d envoie aussi au 15 système bancaire 50a le montant de la facture, rinformation sur le mode de paiement et sur le compte d'Acheteur à débiter préalablement stockée dans la base de données 30c.50a is done according to the interbank exchange protocol, the banking interface module 30d also sends the amount of the invoice to the banking system 50a, the information on the method of payment and on the account of the Buyer to be debited previously stored in the 30c database.
Dans l'opération 220 le système bancaire 50a utilise les données reçues en 219, des données préalablement enregistrées permettant d'identifier la Tierce Partie en tant que client de la Banque, et ses propres données relatives à l'Acheteur, pour établir l'autorisation de paiement qui est renvoyée au module d'interface bancaire 20 30d dans l'opération 228. La Tierce Partie est enregistrée auprès de l'établissement bancaire pour que la TierceIn operation 220, the banking system 50a uses the data received in 219, data previously recorded making it possible to identify the Third Party as a customer of the Bank, and its own data relating to the Buyer, to establish the authorization. payment which is returned to the banking interface module 20 30d in operation 228. The Third Party is registered with the banking establishment so that the Third Party
Partie soit reconnue comme un client de cet établissement.Party is recognized as a client of this establishment.
Dans l'opération 229 le module d'interface bancaire 30d reçoit du système bancaire 50a l'autorisation de paiement et l'envoie au serveur d'information 30a.In operation 229, the banking interface module 30d receives the payment authorization from the banking system 50a and sends it to the information server 30a.
Dans l'opération 221 le serveur d'information 30a prépare un message à l'Acheteur contenant au moins un code 25 de confirmation CC généré de façon unique pour chaque transaction, l'identité du Marchand, et le montant de la transaction. Ce code de confirmation CC constitue le deuxième niveau de sécurité pour l'Acheteur.In operation 221, the information server 30a prepares a message to the Buyer containing at least one CC confirmation code 25 generated uniquely for each transaction, the identity of the Merchant, and the amount of the transaction. This CC confirmation code constitutes the second level of security for the Buyer.
Le serveur 30 a cherche aussi dans la base de données 30c le numéro de référence RN qui identifie l'Acheteur pour la compagnie de télécommunication (ce numéro de référence donné par la compagnie de télécommunication 60 à la Tierce Partie 30 est de préférence différent du numéro d'adresse téléphonique pour 30 maintenir l'anonymat entre Tierce Partie et compagnie de téléphone) . . La Tierce Partie est s'enregistrée auprès de la compagnie de télécommunication pour que la Tierce Partie obtienne un numéro de référence RN de l'Acheteur et puisse envoyer des messages à l'Acheteur à travers le réseau de télécommunications.The server 30a also searches in the database 30c for the reference number RN which identifies the Purchaser for the telecommunications company (this reference number given by the telecommunications company 60 to the Third Party 30 is preferably different from the number telephone address to maintain anonymity between the Third Party and the telephone company). . The Third Party is registered with the telecommunications company so that the Third Party obtains a RN reference number from the Buyer and can send messages to the Buyer through the telecommunications network.
Le message avec ce numéro de référence RN est envoyé à la compagnie de télécommunication par le module d'interface telco 30 e vers l'interface telco 60a.. 35 Dans l'opération 222 l'interface telco 60a. convertit le numéro de référence RN en une adresse de télécommunication, utilisant la base de données 60d via le serveur de données 60c .The message with this reference number RN is sent to the telecommunications company by the telco interface module 30 e to the telco interface 60a. In operation 222 the telco interface 60a. converts the RN reference number to a telecommunications address, using the 60d database via the 60c data server.
Dans l'opération 223 le message est envoyé au terrninal 40 par le serveur de messages 60b en utilisant un canal de communication spécialement ouvert à cette occasionIn operation 223 the message is sent to the terminal 40 by the message server 60b using a communication channel specially opened for this occasion
Dans l'opération 225 le document de validation du paiement est préparé. 40 Dans l'opération 226 le serveur d'information 30a envoie au terminal 10 le document de validation de paiement et demande à l'utilisateur du terminal 10 de lire le message arrivant sur l'appareil 40 et d'entrer le code de confirmation à partir de celui contenu dans le message.In operation 225, the payment validation document is prepared. 40 In operation 226, the information server 30a sends the payment validation document to terminal 10 and requests the user of the terminal 10 to read the message arriving on the apparatus 40 and to enter the confirmation code from that contained in the message.
Dans l'opération 224 l'Acheteur prend connaissance sur l'appareil 40 du message qui lui a été envoyé à l'étapeIn operation 224, the Buyer takes note of the message sent to him on the device 40 at the step
223. Dans l'opération 227 l'utilisateur du terminal 10 doit avoir utilisé l'appareil 40 et lu le code de confirmation CC contenu dans le message.223. In operation 227, the user of the terminal 10 must have used the device 40 and read the confirmation code CC contained in the message.
Dans l'opération 230 l'Acheteur utilise le terminal 10 pour entrer manuellement le code de confirmation modifié CCI : cette modification du code de confirmation est réalisé par un algorithme AG sur lequel l'Acheteur et la Tierce Partie se sont mis d'accord au moment de l'enregistrement ou ensuite lors d'une mise à jour (grâce à un moyen sécurisé qui ne fait pas partie de l'invention) et que l'Acheteur peut mémoriser. L'algorithme AG de modification du code de confirmation CC n'est connu que de l'Acheteur et de la Tierce Partie , et il est de la responsabilité de l'Acheteur de garder cette information confidentielle. L'algorithme AG constitue le troisième niveau de sécurité pour l'Acheteur.In operation 230, the Buyer uses terminal 10 to manually enter the modified CCI confirmation code: this modification of the confirmation code is carried out by an AG algorithm on which the Buyer and the Third Party have agreed at the time of registration or then during an update (thanks to a secure means which is not part of the invention) and which the Purchaser can memorize. The AG algorithm for modifying the CC confirmation code is known only to the Buyer and the Third Party, and it is the Buyer's responsibility to keep this information confidential. The AG algorithm constitutes the third level of security for the Purchaser.
Dans l'opération 231 le serveur d'information 30a vérifie que le code CCI envoyé par le terminal 10 coπespond au code de validation CC selon les règles préétablies dans l'algorithme AG.In operation 231, the information server 30a verifies that the CCI code sent by the terminal 10 corresponds to the validation code CC according to the rules pre-established in the algorithm AG.
Dans l'opération 232 le serveur d'information 30a utilise les résultats des étapes 231 et 229 pour valider définitivement la transaction et 30a envoie Finformation de validation de la transaction au serveur de paiementIn operation 232 the information server 30a uses the results of steps 231 and 229 to definitively validate the transaction and 30a sends the information for validating the transaction to the payment server
20d et au serveur d'information 20a du Marchand via la session 101 sur le réseau quasi public .20d and to the information server 20a of the Merchant via session 101 on the quasi-public network.
Dans l'opération 233 le serveur d'information 20a reçoit Finformation de validation de la transaction et l'utilise pour sortir de l'état d'attente 212 ; le serveur d'information 20a établit un sommaire de la transaction , avec en plus des informations additionnelles telles que méthode de livraison, date de livraison, adresse de livraison, et les envoie vers le terminal 10 dans l'opération 234.In operation 233, the information server 20a receives the information for validating the transaction and uses it to exit the waiting state 212; the information server 20a establishes a summary of the transaction, with in addition additional information such as delivery method, delivery date, delivery address, and sends them to the terminal 10 in operation 234.
Dans l'opération 235 l'Acheteur peut maintenant se déconnecter de la session 101.In operation 235, the Buyer can now log out of session 101.
Dans l'opération 236 le serveur d'information 20a envoie Finformation de fermeture de la transaction au serveur d'information 30a via le module de paiement 20d et la session 101.In operation 236, the information server 20a sends the information closing the transaction to the information server 30a via the payment module 20d and the session 101.
La Tierce Partie envoie directement au Marchand Finformation de validation de la transaction dans les opérations 232 à 237.The Third Party sends directly to the Merchant the information validating the transaction in operations 232 to 237.
Dans l'opération 238 le serveur d'information 30a prépare un message de confirmation de fin de transaction contenant l'identité du Marchand, le montant de la transaction, et opuonnellement d'autres données relatives à la transaction , associe le message au numéro de référence RN et envoie le tout vers l'interface telco 60a..In operation 238, the information server 30a prepares an end-of-transaction confirmation message containing the identity of the Merchant, the amount of the transaction, and, optionally, other data relating to the transaction, associates the message with the number of RN reference and sends everything to the telco 60a interface.
Dans l'opération 239 l'interface telco 60a convertit le numéro de référence RN en une adresse téléphonique, en utilisant la base de données 60d via le serveur de données 60c et le message est prêt à être envoyé.In operation 239 the telco interface 60a converts the reference number RN to a telephone address, using the database 60d via the data server 60c and the message is ready to be sent.
Dans l'opération 240 le message est envoyé à l'appareil 40 par le serveur de messages 60b.In operation 240 the message is sent to the apparatus 40 by the message server 60b.
Dans l'opération 241 l'Acheteur reçoit l'information de fermeture de transaction contenue dans le message. La Tierce Partie envoie directement à l'Acheteur Finformation de validation de la transaction dans les opérationsIn operation 241, the Buyer receives the transaction closing information contained in the message. The Third Party sends transaction validation information directly to the Purchaser directly to the operations
238 à 241.238 to 241.
Dans l'opération 242 la Tierce Partie notifie la Banque d'effectuer le transfert de fonds entre les comptes de l'Acheteur et du Marchand.In transaction 242 the Third Party notifies the Bank of transferring funds between the accounts of the Buyer and the Merchant.
Il est à noter que durant les opérations 201 à 242 aucune information financière n'est échangée sur le réseau quasi public , c'est à dire du début à la fin du processus. De même aucune information financière relative à l'Acheteur n'est communiquée au Marchand.It should be noted that during operations 201 to 242 no financial information is exchanged on the quasi-public network, ie from the beginning to the end of the process. Similarly, no financial information relating to the Purchaser is communicated to the Merchant.
L'opération 214 valide PIK qui constitue le premier niveau de sécurité pour l'Acheteur; l'opération 221 crée le code de confirmation CC qui constitue le deuxième niveau de sécurité pour l'Acheteur ; l'opération 231 valide CCI qui correspond au code de validation CC selon les règles préétablies dans l'algorithme AG. Deux des trois niveaux de sécurité peuvent être dérobés sans que la sécurité de la transaction soit affectée.Operation 214 validates PIK which constitutes the first level of security for the Purchaser; the operation 221 creates the CC confirmation code which is the second level of security for the Purchaser; operation 231 validates CCI which corresponds to the validation code CC according to the rules pre-established in the algorithm AG. Two of the three security levels can be stolen without affecting the security of the transaction.
Toute anomalie détectée durant les opérations 214 et 231 sur chacun des trois niveaux de sécurité est détectée et enregistrée par la Tierce Partie et rapportée à .l'Acheteur.Any anomaly detected during operations 214 and 231 on each of the three security levels is detected and recorded by the Third Party and reported to the Purchaser.
Autre dispositif possible de l'invention- 1 Un autre dispositif de l 'invention peut omettre les étapes 238 à 241Another possible device of the invention - 1 Another device of the invention can omit steps 238 to 241
Autre dispositif possible de l'invention- 2Another possible device of the invention- 2
L'invention peut être utilisée pour sécuriser des opérations menées à distance par l'Acheteur vers son propre siteThe invention can be used to secure operations carried out remotely by the Purchaser to his own site
Marchand.Trader.
Dans ce cas l'Acheteur possède un site Marchand personnel utilisé pour faire des opérations définies par l'Acheteur. L'Acheteur a enregistré son site Marchand auprès de la Tierce Partie , et a défini auprès d'elle les types de transactions valides. Ces transactions peuvent inclure ou non l'intervention de l'établissement bancaireIn this case, the Buyer has a personal Merchant site used to carry out operations defined by the Buyer. The Purchaser has registered his Merchant site with the Third Party, and has defined with him the types of valid transactions. These transactions may or may not include the intervention of the banking establishment
50.50.
Depuis le réseau quasi public l'Acheteur peut lancer des opérations sur son site Marchand et la sécurité sera obtenue par l'utilisation des clés PIK, AK et CCI et par l'utilisation de l'appareil personnel 40. Les étapes 203 à 208 sont modifiées pour devenir des étapes pendant lesquelles l'Acheteur prépare la transaction qu'il désire effectuer. Les étapes 215 à 218 sont aussi modifiées pour tenir compte du type de transaction choisi par l'Acheteur. Les étapes 219, 220, 228, 229 , 242 existent ou non selon le type de transaction défini par l'Acheteur au moment de l'enregistrement auprès de la Tierce Partie. Les autres étapes sont inchangées.From the quasi-public network, the Purchaser can launch operations on its Merchant site and security will be obtained by the use of the PIK, AK and CCI keys and by the use of the personal device 40. Steps 203 to 208 are modified to become stages during which the Buyer prepares the transaction he wishes to carry out. Steps 215 to 218 are also modified to take into account the type of transaction chosen by the Buyer. Steps 219, 220, 228, 229, 242 exist or not depending on the type of transaction defined by the Buyer at the time of registration with the Third Party. The other steps are unchanged.
Autre dispositif possible de l'invention- 3 L'invention peut être utilisée pour sécuriser des opérations menées à distance par l'Acheteur vers son propre compte d'argent électronique. Dans ce cas F Acheteur possède un compte personnel utilisé pour faire des opérations définies par l'Acheteur. L'Acheteur a enregistré son compte personnel auprès de la Tierce Partie , et a défini auprès d'elle les types de transactions valides. Ces transactions peuvent inclure ou non l'intervention de l'établissement bancaire 50. Depuis le réseau quasi public l'Acheteur peut lancer des opérations sur son site Marchand et la sécurité sera obtenue par l'utilisation des clés PIK, AK et CCI et par l'utilisation de l'appareil personnel 40. Les étapes 203 à 208 sont modifiées pour devenir des étapes pendant lesquelles l'Acheteur prépare la transaction qu'il désire effectuer. Les étapes 215 à 218 sont aussi modifiées pour tenir compte du type de transaction choisi par l'Acheteur. Les étapes 219, 220, 228, 229 , 242 existent ou non selon le type de transaction défini par l'Acheteur au moment de l'enregistrement auprès de la Tierce Partie. Les autres étapes sont inchangées. Another possible device of the invention. The invention can be used to secure operations carried out remotely by the Purchaser towards his own electronic money account. In this case, the Buyer has a personal account used to carry out operations defined by the Buyer. The Buyer has registered his personal account with the Third Party, and defined with him the types of valid transactions. These transactions may or may not include the intervention of the banking establishment 50. From the quasi-public network, the Buyer can launch operations on his Merchant site and security will be obtained by the use of the PIK, AK and CCI keys and by the use of the personal device 40. Steps 203 to 208 are modified to become steps during which the Buyer prepares the transaction he wishes to carry out. Steps 215 to 218 are also modified to take into account the type of transaction chosen by the Buyer. Steps 219, 220, 228, 229, 242 exist or not depending on the type of transaction defined by the Buyer at the time of registration with the Third Party. The other steps are unchanged.

Claims

Revendications claims
1) Système de paiement permettant de ne pas divulguer d'information bancaire sur le réseau public et quasi-public caractérisé en ce qu'il comporte une clé d'identification personnelle PKI - un code de confirmation CC un algorithme de transformation AG un code de confirmation CCI issue de la transformation de CC par l'algorithme AG un code de transaction TC une base de données 30c - un numéro de référence RN un Marchand, un Acheteur, une Tierce Partie, un établissement bancaire, une société de télécommunication 2) Système de paiement selon la revendication (1) caractérisé en ce que la validation de la clé d'identification personnelle PIK autorise la poursuite de la transaction ; Dans le cas contraire, la fermeture de la transaction est notifiée au marchand et à l'acheteur. la clé d'identification personnelle PIK est composée au moins d'un code d'identification et d'un mot de passe, la clé d'identification personnelle PIK a été établie au moment où l'Acheteur s'est enregistré auprès de la Tierce Partie ou ensuite lors d'une mise à jour, - au moment de s'identifier, l'utilisateur donne la clé PIK personnelle au serveur d'information1) Payment system making it possible not to disclose banking information on the public and quasi-public network, characterized in that it includes a personal identification key PKI - a confirmation code CC a transformation algorithm AG a code of CCI confirmation resulting from the transformation of CC by the AG algorithm a transaction code TC a database 30c - a reference number RN a Merchant, a Buyer, a Third Party, a banking establishment, a telecommunications company 2) System payment according to claim (1) characterized in that the validation of the PIK personal identification key authorizes the continuation of the transaction; Otherwise, the closing of the transaction is notified to the merchant and the buyer. the PIK personal identification key is made up of at least one identification code and a password, the PIK personal identification key was established at the time the Buyer registered with the Third Party Part or then during an update, - when identifying himself, the user gives the personal PIK key to the information server
30a qui utilise la base de données 30c via le serveur de données 30b pour valider la clé d'identification reçue .30a which uses the database 30c via the data server 30b to validate the identification key received.
3) Système selon la revendication (1) caractérisé en ce que le code de confirmation CC est généré par le serveur d'information 30a de la Tierce Partie de façon unique pour chaque transaction, le code de confirmation CC est envoyé à l'appareil personnel 40 possédé par l'Acheteur par le serveur de messages 60b en utilisant un canal de communication spécialement ouvert à cette occasion, l'Acheteur envoie à la Tierce Partie un code CCI résultat de la transformation du CC par l'algorithme AG la Tierce Partie vérifie que le code CCI envoyé par le terminal 10 correspond au code de validation CC selon les règles préétablies dans l'algorithme AG, avant de valider définitivement la transaction.3) System according to claim (1) characterized in that the CC confirmation code is generated by the information server 30a of the Third Party uniquely for each transaction, the CC confirmation code is sent to the personal device 40 possessed by the Purchaser by the message server 60b using a communication channel specially open on this occasion, the Purchaser sends to the Third Party a CCI code result of the transformation of the CC by the algorithm AG the Third Party verifies that the CCI code sent by the terminal 10 corresponds to the CC validation code according to the rules pre-established in the AG algorithm, before definitively validating the transaction.
4) Système selon la revendication (1) caractérisé en ce que - Il y a un algorithme de transformation AG sur lequel l'Acheteur et la Tierce Partie se sont mis d'accord au moment de l'enregistrement ou ensuite lors d'une mise à jour l'algorithme de transformation AG n'est connu que de l'Acheteur et de la Tierce Partie , et il est de la responsabilité de l'Acheteur de garder cette information confidentielle. 5) Système selon la revendication (1) caractérisé en ce que le code de transaction TC est généré de façon unique par le Marchand selon une formule prédéterminée entre le Marchand et la Tierce Partie, le code de transaction TC est transmis par le Marchand au serveur 30a de la Tierce Partie - le code de transaction TC est transmis par le Marchand à l'Acheteur qui le retransmet à son tour à la Tierce Partie lors de la connexion, numéro de transaction TC , qui servira à référencer événements et données pour la durée de cette transaction aussi bien du coté du Marchand que de l'Acheteur , de la Banque et de la4) System according to claim (1) characterized in that - There is an AG transformation algorithm on which the Purchaser and the Third Party have agreed at the time of registration or then during a bet the AG transformation algorithm is only known to the Purchaser and the Third Party, and it is the responsibility of the Purchaser to keep this information confidential. 5) System according to claim (1) characterized in that the TC transaction code is generated uniquely by the Merchant according to a predetermined formula between the Merchant and the Third Party, the TC transaction code is transmitted by the Merchant to the server 30a of the Third Party - the TC transaction code is transmitted by the Merchant to the Buyer who in turn transmits it to the Third Party upon connection, TC transaction number, which will be used to reference events and data for the duration of this transaction on the side of the Merchant as well as the Buyer, the Bank and the
Compagnie de télécommunications, et sera utilisé pour la synchronisation des transactions par la Tierce PartieTelecommunications company, and will be used for synchronization of transactions by the Third Party
6) Système selon la revendication (1) caractérisé en ce que6) System according to claim (1) characterized in that
La base de données 30c de la Tierce Partie contient des informations relatives au Marchand qui permettent à la Tierce Partie d'identifier celui ci . Ces informations ont été enregistrées au moment où le Marchand s'est enregistré auprès de la Tierce Partie. - La base de données 30c de la Tierce Partie contient des informations relatives au Marchand . permettant à la Tierce Partie de faire des opérations bancaires au nom du Marchand. Ces informations ont été enregistrées au moment où le Marchand s'est enregistré auprès de laThe Third Party database 30c contains information relating to the Merchant which enables the Third Party to identify the latter. This information was recorded when the Merchant registered with the Third Party. - The Third Party database 30c contains information relating to the Merchant. allowing the Third Party to do banking operations on behalf of the Merchant. This information was recorded when the Merchant registered with the
Tierce Partie.Third party.
La Tierce Partie est enregistrée auprès de l'établissement bancaire pour que la Tierce Partie soit reconnue comme un client de cet établissement.The Third Party is registered with the banking establishment so that the Third Party is recognized as a client of this establishment.
La Tierce Partie est enregistrée auprès d'une compagnie de télécommunication pour que laThe Third Party is registered with a telecommunications company so that the
Tierce Partie obtienne un numéro de référence RN de l'Acheteur et puisse envoyer des messages à l'Acheteur à travers le réseau de télécommunications.Third Party obtains an RN reference number from the Buyer and can send messages to the Buyer through the telecommunications network.
7) Système selon la revendication (1) caractérisé en ce que - aucune information financière n'est échangée sur le réseau quasi public7) System according to claim (1) characterized in that - no financial information is exchanged on the quasi-public network
- aucune information financière relative à l'Acheteur n'est communiquée au Marchand- no financial information relating to the Purchaser is communicated to the Merchant
8) Système selon la revendication (1) caractérisé en ce que la Tierce Partie8) System according to claim (1) characterized in that the Third Party
- utilise les informations stockées dans sa base de données et relatives à l'Acheteur pour demander une autorisation de paiement à l'établissement bancaire dans le but de valider la transaction avec le Marchand. Les différents modes de paiement à la disposition de l'Acheteur avaient été communiqués à la Tierce Partie par l'Acheteur, au moment de l'enregistrement ou ensuite lors d'une mise à jour- uses the information stored in its database and relating to the Purchaser to request a payment authorization from the banking establishment in order to validate the transaction with the Merchant. The different payment methods available to the Purchaser had been communicated to the Third Party by the Purchaser, at the time of registration or then during an update
- La Tierce Partie envoie directement au Marchand Finformation de validation de la transaction .- The Third Party sends the Merchant validation information of the transaction directly to the Merchant.
- La Tierce Partie envoie directement à l'Acheteur l'information de validation de la transaction . 9) Système selon la revendication (1) caractérisé en ce qu'il triple la sécurité pour l'Acheteur par les moyens suivants : la clé personnelle d'identification PIK , le code de confirmation reçu sur un appareil possédé par l'Acheteur, l'algorithme AG de modification du code de confirmation déposé auprès de la Tierce Partie et mémorisé par l 'Acheteur, deux des trois niveaux de sécurité ci-dessus peuvent être dérobés sans que la sécurité de la transaction soit affectée ; Toute anomahe détectée sur chacun des trois niveaux de sécurité est détectée et enregistrée par la Tierce Partie et rapportée à .l'Acheteur. - The Third Party sends the validation information of the transaction directly to the Buyer. 9) System according to claim (1) characterized in that it triples security for the Buyer by the following means: the personal identification key PIK, the confirmation code received on a device owned by the Buyer, l 'AG algorithm to modify the confirmation code deposited with the Third Party and memorized by the Buyer, two of the above three security levels can be stolen without affecting the security of the transaction; Any anomaly detected on each of the three security levels is detected and recorded by the Third Party and reported to the Purchaser.
PCT/FR2001/000894 2000-03-28 2001-03-23 Payment system not revealing banking information on the public or quasi-public network WO2001073706A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU48418/01A AU4841801A (en) 2000-03-28 2001-03-23 Payment system not revealing banking information on the public or quasi-public network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0003889A FR2807247B1 (en) 2000-03-28 2000-03-28 PAYMENT SYSTEM FOR NOT DISCLOSING BANKING INFORMATION ON THE PUBLIC AND QUASI-PUBLIC NETWORK
FR00/03889 2000-03-28

Publications (1)

Publication Number Publication Date
WO2001073706A1 true WO2001073706A1 (en) 2001-10-04

Family

ID=8848557

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2001/000894 WO2001073706A1 (en) 2000-03-28 2001-03-23 Payment system not revealing banking information on the public or quasi-public network

Country Status (3)

Country Link
AU (1) AU4841801A (en)
FR (1) FR2807247B1 (en)
WO (1) WO2001073706A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2379525A (en) * 2001-09-08 2003-03-12 Int Computers Ltd Electronic payment authorisation
GB2393806A (en) * 2002-10-05 2004-04-07 Simos Symeou Method for confirming authorisation of access to an account
GB2401209A (en) * 2003-04-30 2004-11-03 Hewlett Packard Development Co Carrying Out a Secure Transaction Across Two Different Networks
US6990471B1 (en) * 2001-08-02 2006-01-24 Oracle International Corp. Method and apparatus for secure electronic commerce
GB2420900A (en) * 2004-11-26 2006-06-07 Toshiba Kk Using temporary authentication information in online purchasing
EP1424664A3 (en) * 2002-11-22 2007-10-03 Pitney Bowes Inc. Secure payment system and method having one-time use authorization

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0590861A2 (en) * 1992-09-29 1994-04-06 AT&T Corp. Secure credit/debit card authorization
WO1996000485A2 (en) * 1994-06-24 1996-01-04 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
WO1997016897A1 (en) * 1995-11-01 1997-05-09 First Virtual Holdings, Inc. Computerized payment system for purchasing goods and services on the internet
EP0813325A2 (en) * 1996-06-12 1997-12-17 AT&T Corp. A mechanism for enabling secure electronic transactions on the open internet
WO1998040809A2 (en) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
WO1999023617A2 (en) * 1997-11-04 1999-05-14 Gilles Kremer Method for transmitting data and implementing server
US6026166A (en) * 1997-10-20 2000-02-15 Cryptoworx Corporation Digitally certifying a user identity and a computer system in combination

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0590861A2 (en) * 1992-09-29 1994-04-06 AT&T Corp. Secure credit/debit card authorization
WO1996000485A2 (en) * 1994-06-24 1996-01-04 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
WO1997016897A1 (en) * 1995-11-01 1997-05-09 First Virtual Holdings, Inc. Computerized payment system for purchasing goods and services on the internet
EP0813325A2 (en) * 1996-06-12 1997-12-17 AT&T Corp. A mechanism for enabling secure electronic transactions on the open internet
WO1998040809A2 (en) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US6026166A (en) * 1997-10-20 2000-02-15 Cryptoworx Corporation Digitally certifying a user identity and a computer system in combination
WO1999023617A2 (en) * 1997-11-04 1999-05-14 Gilles Kremer Method for transmitting data and implementing server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PAYS P ET AL: "An intermediation and payment system technology", COMPUTER NETWORKS AND ISDN SYSTEMS,NL,NORTH HOLLAND PUBLISHING. AMSTERDAM, vol. 28, no. 11, 1 May 1996 (1996-05-01), pages 1197 - 1206, XP004018220, ISSN: 0169-7552 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6990471B1 (en) * 2001-08-02 2006-01-24 Oracle International Corp. Method and apparatus for secure electronic commerce
GB2379525A (en) * 2001-09-08 2003-03-12 Int Computers Ltd Electronic payment authorisation
GB2393806A (en) * 2002-10-05 2004-04-07 Simos Symeou Method for confirming authorisation of access to an account
EP1424664A3 (en) * 2002-11-22 2007-10-03 Pitney Bowes Inc. Secure payment system and method having one-time use authorization
GB2401209A (en) * 2003-04-30 2004-11-03 Hewlett Packard Development Co Carrying Out a Secure Transaction Across Two Different Networks
GB2401209B (en) * 2003-04-30 2005-10-26 Hewlett Packard Development Co Method and system for facilitation of a remote transaction
GB2420900A (en) * 2004-11-26 2006-06-07 Toshiba Kk Using temporary authentication information in online purchasing
GB2420900B (en) * 2004-11-26 2007-07-04 Toshiba Kk Information communication system, user management apparatus thereof, information providing apparatus thereof and user terminal apparatus thereof
US8666899B2 (en) 2004-11-26 2014-03-04 Kabushiki Kaisha Toshiba Information communication system, user management apparatus thereof, information providing apparatus thereof and user terminal apparatus thereof
US8744970B2 (en) 2004-11-26 2014-06-03 Kabushiki Kaisha Toshiba Information communication system, user management apparatus thereof, information providing apparatus thereof and user terminal apparatus thereof

Also Published As

Publication number Publication date
FR2807247A1 (en) 2001-10-05
FR2807247B1 (en) 2003-01-31
AU4841801A (en) 2001-10-08

Similar Documents

Publication Publication Date Title
EP0820620B1 (en) Electronic payment method for purchase-related transactions over a computer network
EP1153376B1 (en) Telepayment method and system for implementing said method
EP1330798B1 (en) Secure telematics payment method
US7043025B2 (en) Method and apparatus for secured electronic commerce
US8738457B2 (en) Methods of facilitating merchant transactions using a computerized system including a set of titles
US7685020B2 (en) Mobile commerce receipt system
US20030061163A1 (en) Method and apparatus for verification/authorization by credit or debit card owner of use of card concurrently with merchant transaction
US20060036447A1 (en) Methods of facilitating contact management using a computerized system including a set of titles
NZ305540A (en) Distribution of electronic money with receipt issuance
EP1360665A1 (en) Telepayment method and system
CA2324114A1 (en) A method for using a telephone calling card for business transactions
GB2366162A (en) Controlling access to a telecommunicated data file
WO2001073706A1 (en) Payment system not revealing banking information on the public or quasi-public network
EP4074005A1 (en) Transaction authentication method, server and system using two communication channels
EP1490851A1 (en) Method and system of securing a credit card payment
FR2823882A1 (en) Commercial transaction using prepayment card over the Internet, uses personal computer or mobile phone, certification center validates data contained on prepayment card
WO2005088568A1 (en) Micropayment method and device
FR2830100A1 (en) Secure payment avoiding divulging of secret information on a public network, uses trusted third party to provide transaction keys and to manage confirmation of transaction
FR2831361A1 (en) Secure transmission of electronic transaction information between the parties involved by creation of encrypted physical electronic transaction tokens containing relevant information, which are used via a service provider
JP2003044775A (en) Electronic commerce method and apparatus, and program
FR2912579A1 (en) SECURE TRANSFER METHOD THROUGH A MONETARY FLOW COMMUNICATION NETWORK, TRANSFER SYSTEM AND PROGRAM PRODUCT THEREOF
FR2750275A1 (en) Distributed telematic system management method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU BR CA CN IL IN JP NO RU UA US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001921423

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2001921423

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase