EP3189485A1 - Electronic ticket management - Google Patents

Electronic ticket management

Info

Publication number
EP3189485A1
EP3189485A1 EP15767215.5A EP15767215A EP3189485A1 EP 3189485 A1 EP3189485 A1 EP 3189485A1 EP 15767215 A EP15767215 A EP 15767215A EP 3189485 A1 EP3189485 A1 EP 3189485A1
Authority
EP
European Patent Office
Prior art keywords
ticket
mobile terminal
security element
electronic ticket
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP15767215.5A
Other languages
German (de)
French (fr)
Inventor
Jean-Luc Grimault
Jean LEMAUVIEL
Franck GRUPELI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Publication of EP3189485A1 publication Critical patent/EP3189485A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/02Reservations, e.g. for tickets, services or events
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • G06Q20/0457Payment circuits using payment protocols involving tickets the tickets being sent electronically
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points

Definitions

  • the invention relates to the general field of the dematerialization of title deeds otherwise known as "electronic tickets” and more particularly to the field of application in which an electronic ticket is intended to be stored in a mobile terminal capable of restoring said ticket to allow its user to access a property or more generally a service.
  • NFC Near field communication techniques
  • ISO International Standard Organization
  • transport services are known in which public transport users use a dedicated application of their mobile terminal to buy electronic tickets and to validate their ticket at the entrance of the bus or tram by approaching their mobile terminal with a device.
  • access control able to communicate with the mobile terminal, or more exactly with an element of the mobile terminal, by NFC near-field communication means to obtain the electronic ticket in order to check the validity thereof.
  • security element is meant here a data storage and manipulation element to guarantee a user of the mobile terminal a high security since the data recorded in the security element is not accessible to an unauthorized user .
  • user is meant the user of the mobile terminal, which is also the customer of the ticket provider.
  • This security element may for example be constituted by a SIM (Subscriber Identity Module) SIM card, used in mobile telephony to store the subscriber-specific information of a mobile network and the user's applications. its operator or in some cases third parties.
  • SIM Subscriber Identity Module
  • This security element can still be a removable support type "Secure SD Card” or a security element integrated in the terminal ("Embedded Secure Element”) or a secure area of the application processor through the use of a technology of integrated security in the processor and its peripheral components (for example "TrustZone” technology, registered trademark of the ARM company).
  • Embedded Secure Element a technology of integrated security in the processor and its peripheral components
  • TrustZone registered trademark of the ARM company
  • access control device is meant a physical device capable of acquiring knowledge of the content of the electronic ticket and checking its validity in association with one or more verification servers (of the validity date of the ticket, etc.) and authentication (of the security element associated with the user of the mobile terminal). Subsequently, the terms “access control device” and “terminal” will be used interchangeably.
  • ticket validation we mean all two operations, namely ticket verification and authentication of the security element. In another example, the experiment "M-
  • a service-specific application is developed and then installed in the security element, so that the security element can provide authentication of the user for access to the service (transport subscription, access to the football stadium, etc.) and at the same time manage service-specific data.
  • Relatively complex techniques need to be used to load applications into the security element via service platforms located in the mobile operator infrastructure and / or OTA (over the air) service providers. ) which comply with the specifications published by the "Global Platform" association.
  • Such platforms are expensive.
  • the user can not install such an application himself in a SEVI card.
  • the multiplication of dedicated applications considerably loads the SIM card which is generally limited in memory resources.
  • the invention proposes a system for controlling access to a service by the user of a mobile terminal equipped with a security element, by validating an electronic ticket, which does not have such disadvantages.
  • the subject of the invention is a method of providing an electronic ticket by a security element associated with a mobile terminal, the ticket being stored in the mobile terminal and designed to access a service via an access control device, the method being characterized in that it comprises the following steps in the security element: a step of receiving the electronic ticket from the mobile terminal;
  • an authentication step taking into account at least one piece of data contained in the ticket and data related to the security element.
  • the ticket is not exploited by the security element but only made available to the access control device by an application of the security element, called security application (in computer language, applet).
  • security application in computer language, applet.
  • the invention differs from current techniques which require the installation of an application specific to each service in the security element of the mobile terminal (SEVI card in particular), by example an application for access to a show and another application for transport tickets.
  • a secure application in the SEVI card is often not sufficient to cover the needs of the service and must be associated with an application on the mobile, including a graphical interface adapted to the service.
  • This set consisting of the specific application on mobile interacting with the specific security application on the SIM card is a complex technical set to develop and test.
  • the security element of the mobile terminal (SIM card for example) is used as a strong authentication means, namely to provide proof that the mobile terminal approaching the terminal has the correct security element, that is to say say that of the user of the mobile terminal with which the security element (the user's SIM card) is associated. It is therefore important that this strong authentication function remains dedicated to the SIM card.
  • the invention avoids the need to load a specific security application for each service in the security element (application that should specifically manage tickets according to the service to be rendered, ie an application for transport, an application for payment a third for shows, etc.) It still retains the advantages of the secure element, ie the strong authentication of the SEVI card which stores the electronic ticket, under the control of a secure applet which is satisfied to make the ticket available to the terminal and therefore does not perform any particular analysis or management of the ticket data.
  • a method as described above also includes the following steps: a step of receiving, from the mobile terminal, an erasure order of the stored ticket ;
  • the ticket is stored in the security element only temporarily. It is typically removed from the SIM card when the user has benefited from the service (e.g. has passed the gantry gate associated with the access control device) and therefore no longer needs the ticket in the SEVI.
  • the ticket can however be kept in the mobile (for example if it is a transport ticket valid for several days). It is advantageous, in accordance with the invention, to store the tickets in the mobile phone and to make them available temporarily in the secure memory of the SEVI card, because the tickets can be bulky (in number of bytes) and occupy a large memory space in the SIM card.
  • erasure is meant here deletion or replacement of the ticket, the deletion of releasing the memory while the replacement consists of storing another ticket (also temporary) instead of the ticket to be erased, typically the next ticket selected by the terminal mobile.
  • This mode of implementation of the invention makes it possible, while benefiting from the authentication and security capabilities naturally linked to the security element, not to overload it.
  • a method as described above is such that said ticket comprises at least one public key of the element security system, and is characterized in that it comprises the steps of: receiving a random event originating from the access control device; signature of the hazard by means of the private key of the security element; provision of the signed hazard for the access control device.
  • the security procedure implemented according to the invention is very simple: the ticket issued by the ticket provider includes a public key of the SEVI card of the user, whereas the security element (SEVI card) conventionally comprises the corresponding private key. If the hazard is correctly signed by the SEVI card, the access control device can decrypt it using the public key contained in the ticket, thus ensuring authentication of the SIM card and therefore the user of the mobile terminal.
  • SEVI card security element
  • a method as described above is further characterized in that at least a portion of the ticket has been signed by means of a private key of the issuing entity.
  • this signature of the message, or of a part of the message contained in the ticket by the secret key of the issuing entity makes it possible to add additional authentication relating to the identity of the service provider (and tickets): the device access control having access, directly or indirectly, to the public key of the issuing entity that provides the tickets, can verify the authenticity of this provider by decrypting the encrypted message.
  • the subject of the invention is also a method for managing an electronic ticket in a mobile terminal with which a security element is associated, the ticket being provided for accessing a service via a control device. access, this method being characterized in that it comprises the following steps at the mobile terminal: a step of selecting an electronic ticket stored by the terminal;
  • the electronic ticket is stored and managed within the mobile terminal by a ticket management application that runs on the mobile terminal and communicates with the security element.
  • the electronic ticket is stored in a memory of the mobile terminal out of the secure element and transferred only after it has been selected, for example by the user by means of a graphical interface offering him a choice of tickets.
  • the electronic tickets and the associated application are loaded into the mobile terminal by simple and flexible techniques known to those skilled in the art (for example SMS short messages (Short Message Service) or MMS (Multimedia Message Service), downloading to a mobile network server or the Internet via the mobile network, etc.) without the need for complex techniques used to load applications or data into the Internet.
  • a SEVI card via OTA platforms.
  • the user of the invention can advantageously install the application itself on his mobile terminal (for example an Android or Apple type application).
  • Such an application can be adapted to each type of service or even to each service (graphics and adapted menus) without there being complex interaction between this application and the secure application for authentication and provision of the ticket which is in the secure element.
  • Such an application can be dedicated to a certain type of service or on the contrary a single application on the mobile can manage all the tickets of all the services, without loss of generalities for the invention.
  • the user can load several management applications into his mobile phone which generally has a larger memory than the SIM card.
  • the temporary storage of the ticket in the SIM card limits the number of communication sessions to be chained between the terminal and the set SEVI-MOBILE: indeed if the terminal had to communicate simultaneously with an application on the mobile phone and another application on the SIM card, it should open two separate sessions, for example a Bluetooth session (with the mobile terminal) and an NFC session (with the SIM card) or two NFC sessions, etc. It is of course easier to open a single session to the SIM card when it has the ticket.
  • a management method as described above is further characterized in that the communication between the security element and the access control device is performed in the near field.
  • Near-field communication offers many advantages in this context of dematerialized tickets: an intrinsic security to this mode of communication, since the user of the mobile terminal must be only a few centimeters from the terminal to be able to validate his ticket; but still, the NFC allows the consumption of the ticket even when the battery of the mobile terminal is discharged or when the mobile is off: in fact the access control device is capable of supplying the SEVI card via its NFC field, thus ensuring the reading of the ticket and the signed hazard in the absence of even battery.
  • a management method as described above also includes a step of transmitting to the security module an erase order of said ticket.
  • this aspect of the invention reduces the space occupied by the tickets in the security element. Erasing can be a deletion or replacement of the ticket (by another ticket).
  • a management method as described above also includes a prior step of receiving an electronic ticket in from a sending entity, said ticket comprising at least one public key of the user of the mobile terminal corresponding to the private key that is in the security element.
  • the ticket issued by the ticket provider comprises a public key of the user's SIM card
  • the security element comprises the corresponding private key
  • a management method as described above is further characterized in that the selection step is automatic. if the power level of the mobile phone is below a predetermined threshold, and is carried out according to a pre-established rule.
  • a management method is further characterized in that the pre-established rule consists in selecting the last ticket consulted by the user.
  • the last ticket viewed or accessed by the user is selected as the most likely choice that the user would have made if he had himself made this selection, for example in a list of tickets.
  • a management method as described above is further characterized in that the selection step is automatic. if the data contained in the ticket has certain predefined characteristics relating to the validity of the ticket.
  • the ticket closest to its expiry date can thus be "pushed" automatically to the security module.
  • the invention also relates to a security element associated with a mobile terminal able to make available to an access control device an electronic ticket stored in the mobile terminal, characterized in that it comprises the following modules: a reception module arranged to receive an electronic ticket from the mobile terminal;
  • an authentication module able to take into account at least one piece of data contained in the ticket and a piece of data related to the security element.
  • a module for erasing the ticket from the memory of the security device a module for erasing the ticket from the memory of the security device.
  • module may correspond to both a software component and a hardware component or a set of hardware and software components, a software component itself corresponding to one or more computer programs or subprograms or more generally any element of a program capable of implementing a function or a set of functions as described for the modules concerned.
  • a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions for the module concerned (integrated circuit, smart card, memory card, etc. .).
  • the invention also relates to a mobile terminal with which is associated a security element, able to manage a ticket intended to access a service via an access control device, characterized in that it comprises the following modules: - a module for selecting an electronic ticket in the memory of the terminal; a module for sending said ticket to the security module;
  • the invention also relates to a computer program adapted to be implemented by a method of providing electronic tickets as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the method of providing electronic tickets.
  • the invention also relates to a computer program adapted to be implemented by an electronic ticket management method as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the electronic ticket management method.
  • the invention relates to a recording medium readable by a data processor on which is recorded a program comprising program code instructions for executing the steps of the methods defined above.
  • FIG. 1 represents the general context of one embodiment of the invention.
  • FIG. 2 represents an architecture of a mobile equipment equipped with a subscriber identity module and an NFC module, able to implement an embodiment of the invention.
  • FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention.
  • FIG. 4 represents a flowchart illustrating the different steps of the method according to one embodiment of the invention.
  • FIG. 1 corresponds to the general context of one embodiment of the invention; it is the local control, by an access control device or terminal (B), dematerialized tickets stored on the mobile (T) of a user (1), with authentication by the security element ( VS).
  • the mobile terminal (T) also has an NFC module (3) allowing the use of contactless communications between the mobile phone and the associated SIM card (in this case also referred to as SEV1-NFC) and the terminal (B).
  • the uses covered by the invention are those for which the user must prove to be in possession of a right of access to a service with a validity limited to a specific date or during a definite period of time (for example, a transport subscription for the month of October 2014) or with an electronic ticket number that can be verified when accessing the service (for example, access to a concert, sports competition, etc.).
  • the intended application is a ticketing application delivering concert tickets. It is assumed here that the electronic tickets are delivered by SMS to the user: he has chosen an electronic ticket (here, in concert) from a service provider (5).
  • the service provider (here, a provider of concert tickets), located in the example in a network (9), generated a ticket (4), signed it with its private key, then transmitted by SMS to the mobile phone of the user (T) (or several SMS, because of the intrinsic limitation of the size of an SMS).
  • the network (9) is here a mobile network but other types of networks would be possible, for example the Internet, an Intranet, etc.
  • the user can order his ticket on the server of the service provider (5), with his mobile terminal, through a data connection of the mobile network extending to the Internet, and receive his ticket on his mobile in the form of SMS . Before issuing the ticket, the service provider verified that the user is registered with a trusted authority (not shown).
  • the public key of the user provided by the trusted authority to the ticket provider is the public key whose corresponding private key is contained in the user's SIM card.
  • it is managed by a secure authentication and transit application, which is called a ticket provisioning application, or in shorthand, secure application, that the we will describe later.
  • the service provider may have included in the ticket information provided by the trusted authority and the user.
  • a possible format for such a ticket will be described later in support of Figure 3.
  • the mobile terminal (T) contains a mobile application (for example an Android application) for managing electronic tickets, which notably enables the user to view the relevant information related to the ticket data (show name, date and time, etc.). ).
  • the mobile application detects the ticket, for example upon receipt of an SMS starting with a given identifier.
  • This ticket is stored on the mobile. All tickets stored on the mobile appear in the interface that the mobile application for ticket management offers to the user, and are usable if their end of validity date is not earlier than the current date. Alternatively, the tickets can be managed by several applications on the mobile (one for transportation, another for shows, etc.). The dematerialized electronic tickets are therefore not stored in the security element but on the mobile terminal. As will be seen later, the security element serves only to authenticate the user and to transit the ticket (temporary storage before reading by the terminal (B)).
  • Each ticket is selectable by the user, for example by a touch of the finger on the touch screen of the mobile phone, and a dialog box can ask for confirmation of the selection of the ticket.
  • the security element (C), or SIM card contains a secure application, also known as an applet (APS), which is installed on the SIM cards of the users of mobile terminals wishing to have access to the paperless ticket service.
  • APS an applet
  • Applet or security application, or APS. It can access the private key of the user in the memory of the SEVI card, which allows the SIM card, and therefore the user, to authenticate with the base station.
  • This applet also makes it possible to temporarily store the ticket which will be read by the terminal.
  • the APM mobile management application sends the ticket to the applet of the SIM card and then asks the user to present his mobile terminal to the terminal.
  • an NFC communication is established between the terminal and the SIM-NFC card contained in the mobile terminal of the user.
  • the terminal can then communicate with the SIM card to read the previously stored ticket.
  • the applet of the SIM then makes it possible to authenticate the user, of which only the SEVI card has the private key corresponding to the public key contained in the ticket.
  • the terminal (B) also communicates with a ticket verification "business" server (7) which itself is in contact with a signature verification server that has the public key of the service provider (5) and verifies that the signature of the ticket (ie the signature by the service provider) is correct.
  • These two servers are, according to this example, local servers. They can alternatively be in the terminal itself or in a local network, or in the wide area network.
  • the NFC terminal After the reception phase of the ticket by NFC, followed by the random sending phase to the SIM card and reception of this signed randomness, the NFC terminal waits for the response of the ticket verification phases carried out by the business server ( 6) and the signature verification server (7).
  • the NFC terminal may include a graphical interface, not shown, which enables it to display information intended for the bearer of the mobile terminal. For example, a "state" part indicates the state of the verification: the display of the terminal indicates in green that the access is authorized, in gray what the user must do and in red any error occurred.
  • the terminal responds positively to the request of the user, for example it opens a gate to let it pass.
  • the terminal detects when the mobile terminal is no longer placed on the NFC reader, and can then start a new check when a new terminal approaches the NFC terminal.
  • a system comprises a terminal T able to communicate with a network (9) comprising a ticket provider, and a security element (C) able to be inserted into the terminal (T) and to communicate with a terminal (B) for performing the validation of an electronic ticket.
  • the terminal T is, for example, a mobile phone or a PDA (for "Personal Digital Assistant") or a tablet.
  • the terminal T conventionally comprises a processing unit, or "CPU"
  • a set of memories M including a volatile memory, or "RAM” (for "Random Access Memory”) used to execute code instructions, store variables, etc. and a non-volatile memory, of the "ROM” type (of "Read Only Memory”), or "EEPROM” (for "Electronically Erasable Programmable Read Only Memory”) intended to contain persistent data, used for example to store electronic tickets and the APM ticket management application.
  • RAM for "Random Access Memory”
  • EEPROM for "Electronically Erasable Programmable Read Only Memory” intended to contain persistent data, used for example to store electronic tickets and the APM ticket management application.
  • the terminal T furthermore comprises:
  • a first communication module MCI able to communicate with the security element C via a first communication interface (II).
  • a second communication module MR enabling communication, via a communication network, with remote servers, for example with the ticket provider (5) which is in the Internet network (9) accessible via the mobile network or on a mobile phone network. It is in this way that the mobile terminal (T) receives in particular the application APM (Mobile Application) ticket management (according to our example, in concert) loaded into a memory M of the mobile, and tickets.
  • APM Mobile Application
  • a third NFC contactless communication module (3) capable of communicating the security element with a remote device via an NFC contactless link, for example terminal B located near the terminal T.
  • contactless module NFC is also able to communicate with the security element C via an MC2 communication module and a second communication interface 12. It communicates with the mobile terminal via an interface MC3.
  • the NFC module conventionally comprises an antenna adapted to transmit and receive messages modulated on the radio channel in NFC.
  • the security element C is for example a removable support type UICC (for "Universal Integrated Circuit Card”), also called “SIM card”, a memory card hosting a secure element (SD card, Embedded Secure control ... ) or a specific memory area of the terminal as in the context of the HCE standard defined above.
  • UICC Universal Integrated Circuit Card
  • SIM card Secure Digital card
  • SD card Embedded Secure control ...
  • specific memory area of the terminal as in the context of the HCE standard defined above.
  • the security element C commonly used for authentication to the mobile network (case of the SEVI card) has the function, in addition to authenticate with the terminal, to store the specific information to the mobile subscriber (here called user and the processes that allow the device to authenticate to the mobile network. For this purpose it has the private key (K) of the user. It comprises a first transceiver module MCI 'able to communicate with the terminal T via the first communication interface II, a second transceiver module MC2' able to communicate with the NFC module via the second communication interface 12.
  • the security element C is an SEVI card and conventionally comprises ROM type memories M 'containing in particular the operating system of the security element and programs implementing the security mechanisms.
  • security among others the authentication algorithm of the card, EEPROM type memories permanently containing directories and data defined by the mobile standard (eg GSM, UMTS, etc.), the authentication key (K) , or private key (of the user), as well as specific applications (APS) also called applets running in a RAM type memory. Applets are for example software programs using the "SEVI Application Toolkit" protocols according to the ETSI 102.223 recommendation, which make it possible to control certain functions of the mobile telephone, for example to communicate with the subscriber via the interface of the mobile phone. communication II between the SIM and the mobile phone T.
  • Figure 2 is shown the secure APS applet common to all electronic ticket services. It implements the functions of transi t / temporary storage of tickets, the provision of the ticket for reading via NFC and the signature of a random received by NFC.
  • the mobile application uses SmartCard according to the ETSI 102.221 recommendation. It makes it possible to open a communication channel with the SIM card applets for sending the data (e.g. the ticket) in the form of packets.
  • the Android application closes the channel to allow other Android apps or NFC players to interact with the SIM card applet.
  • FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention.
  • the electronic ticket is structured so as to be able to provide all the information, or data, enabling the authentication of the user. It also contains information about the expiry date, the place number, the name of the event, the date, and so on. for a ticket to a concert hall.
  • Each service provider structures his ticket so that it can be read by the APM mobile application that receives the tickets.
  • an "identifier / value" type coding system may be used: the user data is then preceded by an identifier and separated from each other by separation data.
  • the ticket (4) represented in FIG. 3 comprises the following data fields: the object of the ticket (Ml) contains the name of the event, the number of the place, the price, the date, etc.
  • the validity period (M2) contains the end date of validity of the ticket.
  • the two-key reference (Cl) contains the reference of the user's key pair.
  • the term "key pair" covers the set consisting of the private key contained in the SIM card and the public key corresponding to this private key.
  • the private key is used by the SEVI card to sign the hazard sent by the terminal (B); the corresponding public key is used by the kiosk to verify this signature.
  • This reference (Cl) is therefore used to the terminal to know the key pair to use. Thanks to this reference read in the ticket, the terminal (B) indicates to the SIM card which private key it must use to sign the hazard and that its corresponding public key terminal itself must use to verify the signature of the randomness.
  • the reference of the SEVI authentication algorithm (C2) is the reference of the algorithm that is associated with the user's key pair (Cl). Indeed, some companies may want, not only their own key pair, but also their own authentication algorithm.
  • the public key of the SIM card (C3) is the public key of the user according to the bi-key reference (Cl).
  • the seller ticket identifier is the reference of the service provider who sold and signed the ticket.
  • the reference of the signature algorithm (S2) is the reference of the algorithm that is associated with the seller's key pair.
  • the signature (S3) is the signature obtained by signing the fields M1, M2, C1, C2, C3, SI and S2. This signature is made by the service provider (ticket vendor) before sending the ticket to the mobile of the user.
  • FIG. 4 represents a kinematics of the exchanges between the different entities of the invention.
  • the terminal (B) When the user approaches, during a step El, the terminal (B), with his mobile (T) hosting the ticket, he selects on his mobile application the ticket (4) he wants to consume.
  • the APM ticket management application on the mobile sends the ticket, during a step E2, to the APS applet of the SIM card and the ticket is stored temporarily in step El i in a memory ( ⁇ ') SIM card. It is a temporary storage before reading by the terminal (B).
  • AID identification number
  • the secure applet does not know or manage the contents of the ticket: it only makes temporary storage of the ticket that will be consumed.
  • the applet of the SEVI card verifies during a step E12 that the ticket is received (the loading of the ticket may require several data packets), then optionally returns a response attesting to the good reception of the APM application of management of the ticket on the mobile, which receives it during a step E3 and can then ask the user to present his phone at the base station.
  • the terminal B immerses the mobile terminal in an electromagnetic field from its NFC module.
  • the emitted electromagnetic field is sufficiently high to properly power the NFC module of the SEVI card, ie when the mobile phone is sufficiently close to the terminal for the NFC module of the SEVI card to be powered, a communication can be established according to the protocol NFC between the two devices.
  • the terminal can read the ticket in the memory of the SEVI-NFC.
  • NFC communication is well known to those skilled in the art and will not be detailed further.
  • the data flow of the NFC session passes through a controller (CLF for ContactLess Frontend) of the NFC module, which redirects the data to the SEVI-NFC card via the Single Wire Protocol (SWP).
  • CLF ContactLess Frontend
  • SWP Single Wire Protocol
  • the terminal reads the key reference (Cl) and the algorithm reference (C2) to be used on the SIM card for the signature of the next hazard.
  • the key reference (Cl) and the algorithm reference (C2) to be used on the SIM card for the signature of the next hazard.
  • the terminal sends the SEVI-NFC a randomly generated number, also called a random number. Having a different random number each time prevents a person who has succeeded in recovering a signature of an old random number from reusing it.
  • the SEVI card receives the hazard (A) during a step E14. During the step E15 it signs it using its private key, and returns the random signed S ⁇ A ⁇ to the terminal. To sign the random number, the applet uses cryptographic libraries of the SIM card well known to those skilled in the art. Note that only the SIM card of the user of the mobile terminal has this key, which implies that the user is strongly authenticated by this signature.
  • the terminal receives the signature S ⁇ A ⁇ during the step E22 and then checks (E23) using the public key of the user, which it read in the ticket, that the signature of this random number has been done with the private key of the user. If step E23 fails, the process stops and the terminal does not give access to the service.
  • the terminal checks during the step E24 the date of validity of the ticket: if it is incorrect, the process stops and the terminal does not give access to the service.
  • the terminal sends during a step E24 the "business" fields of the ticket (Ml, M2: name of the concert, date, place number, etc.). ) to the business server (6).
  • the business server verifies (E30) that the business fields are correct. If they are incorrect, the process stops and the terminal does not give access to the service.
  • the business server has the signature (S3) of the ticket verified by the signature verification server (S3) (step E31) by the signature verification server (7) because the server (7) has the public key of the service provider that has signed the ticket. If the signature of the ticket is valid, the business server sends to the terminal (E32) its agreement to allow the user to access the service, that is to say here enter the room. The terminal opens the gantry (E25) and the user can enter.
  • the process stops and the terminal does not give access to the service.
  • the ticket can be unloaded from the memory of the SIM card (El 6).
  • the SIM card contains only one ticket at a time (ticket in transit); a new ticket (from concert 2) hunts the concert ticket 1 in the SIM: when the user selects the ticket 2, it is transmitted to the SIM which erases the ticket 1, and the same for the following tickets. This avoids unnecessarily overloading the mobile memory.
  • an order is issued by the management application on the mobile (APM) to the applet (APS) of the SEVI card (E4).
  • the invention can nevertheless make the service to the user.
  • the battery reaches a critical threshold
  • the ticket whose validity date expires earlier can be selected and therefore stored in the SEVI card.
  • the latter will be able to recover the ticket stored in the SEVI card by feeding it via the electromagnetic field NFC.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Tourism & Hospitality (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Finance (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention concerns a method for providing an electronic ticket (4) by a security element (C, SIM) associated with a mobile terminal (T). The ticket (4) is stored in the mobile terminal and designed to access a service via an access control device (B). The method is characterised in that it comprises the following steps in the security element (C): a step (E10) of receiving the electronic ticket (4) originating from the mobile terminal (T); a step (E11) of temporarily storing the electronic ticket (4) in the security element (SEVI); a step (E13) of providing the electronic ticket for the access control device (B); - a step (E14, E15) of authentication taking into account at least one item of data contained in the ticket and one item of data linked to the security element; - a step (E17) of deleting the ticket (4) from the memory of the security device.

Description

Gestion de ticket électronique.  Electronic ticket management.
Domaine technique Technical area
L'invention se rapporte au domaine général de la dématérialisation des titres de propriété autrement connus sous le nom de « tickets électroniques » et plus particulièrement au domaine d'application dans lequel un ticket électronique est destiné à être mémorisé dans un terminal mobile apte à restituer ledit ticket pour permettre à son utilisateur d'accéder à un bien ou plus généralement à un service. The invention relates to the general field of the dematerialization of title deeds otherwise known as "electronic tickets" and more particularly to the field of application in which an electronic ticket is intended to be stored in a mobile terminal capable of restoring said ticket to allow its user to access a property or more generally a service.
Elle trouve une application privilégiée, mais non limitative, dans les applications pour lesquelles le terminal mobile restitue le ticket électronique en utilisant une technique de communication par champ proche. It finds a preferred application, but not limited to, in applications for which the mobile terminal renders the electronic ticket using a near field communication technique.
Etat de la technique State of the art
Les techniques de communication "en champ proche" se développent largement ; la plus utilisée de ces technologies pour la téléphonie mobile est celle connue sous l'acronyme de NFC (en anglais « Near Field Communication »). On rappelle que les communications « NFC », basées principalement sur la norme ISO (International Standard Organisation) 14443, utilisent des technologies sans fil pour permettre un échange d'informations entre deux périphériques éloignés d'une courte distance, typiquement inférieure à dix centimètres. II a déjà été démontré la faisabilité de services de dématérialisation de tickets électroniques sur terminaux mobiles au moyen de la technologie sans contact. Near field communication techniques are developing widely; the most used of these technologies for mobile telephony is that known by the acronym NFC (in English "Near Field Communication"). It is recalled that "NFC" communications, based mainly on the International Standard Organization (ISO) 14443, use wireless technologies to allow information to be exchanged between two peripherals distant from a short distance, typically less than ten centimeters. It has already been demonstrated the feasibility of electronic ticket dematerialization services on mobile terminals by means of contactless technology.
On connaît notamment des services de transport dans lesquels les usagers des transports publics utilisent une application dédiée de leur terminal mobile pour acheter des tickets électroniques et pour valider leur ticket à l'entrée du bus ou du tramway en approchant leur terminal mobile d'un dispositif de contrôle d'accès apte à communiquer avec le terminal mobile, ou plus exactement avec un élément de sécurité du terminal mobile, par des moyens de communication en champ proche NFC pour obtenir le ticket électronique afin d'en vérifier la validité. In particular, transport services are known in which public transport users use a dedicated application of their mobile terminal to buy electronic tickets and to validate their ticket at the entrance of the bus or tram by approaching their mobile terminal with a device. access control able to communicate with the mobile terminal, or more exactly with an element of the mobile terminal, by NFC near-field communication means to obtain the electronic ticket in order to check the validity thereof.
Par « élément de sécurité », on entend ici un élément de stockage et de manipulation des données permettant de garantir à un utilisateur du terminal mobile une sécurité élevée puisque les données enregistrées dans l'élément de sécurité ne sont pas accessibles à un utilisateur non autorisé. Par « utilisateur » on entend l'utilisateur du terminal mobile, qui est aussi le client du fournisseur de tickets. Cet élément de sécurité peut par exemple être constitué par une carte SIM (de l'anglais Subscriber Identity Module), utilisée en téléphonie mobile pour stocker les informations spécifiques à l'abonné d'un réseau mobile et des applications de l'utilisateur, de son opérateur ou dans certains cas de tierces parties. Cet élément de sécurité peut encore être un support amovible de type "Secure SD Card" ou un élément de sécurité intégré au terminal ("Embedded Secure Elément") ou encore une zone sécurisée du processeur applicatif grâce à l'utilisation d'une technologie de sécurité intégrée dans le processeur et ses composants périphériques (par exemple la technologie « TrustZone », marque déposée de la société ARM). Dans le cas d'un terminal supportant des applications de type Android (on rappelle qu'une application Android est une application mobile spécifiquement développée pour les terminaux mobiles utilisant le système d'application Android développé par la société Google), des applications sécurisées peuvent également s'exécuter dans le terminal Android lui-même (à partir de la version 4.4. "KitKat"), grâce à la technologie "HCE" ("Host Card Emulation"). By "security element" is meant here a data storage and manipulation element to guarantee a user of the mobile terminal a high security since the data recorded in the security element is not accessible to an unauthorized user . By "user" is meant the user of the mobile terminal, which is also the customer of the ticket provider. This security element may for example be constituted by a SIM (Subscriber Identity Module) SIM card, used in mobile telephony to store the subscriber-specific information of a mobile network and the user's applications. its operator or in some cases third parties. This security element can still be a removable support type "Secure SD Card" or a security element integrated in the terminal ("Embedded Secure Element") or a secure area of the application processor through the use of a technology of integrated security in the processor and its peripheral components (for example "TrustZone" technology, registered trademark of the ARM company). In the case of a terminal supporting applications of the Android type (it is recalled that an Android application is a mobile application specifically developed for mobile terminals using the Android application system developed by the company Google), secure applications can also run in the Android terminal itself (from version 4.4 "KitKat"), thanks to the "HCE" ("Host Card Emulation") technology.
Par la suite, on utilisera indifféremment les termes « élément de sécurité » et « carte SIM ». Subsequently, the terms "security element" and "SIM card" will be used interchangeably.
Par « dispositif de contrôle d'accès » on entend un dispositif physique apte à prendre connaissance du contenu du ticket électronique et en vérifier la validité en association avec un ou plusieurs serveurs de vérification (de la date de validité du ticket, etc.) et d' authentification (de l'élément de sécurité associé à l'utilisateur du terminal mobile). Par la suite, on utilisera indifféremment les termes « dispositif de contrôle d'accès » et « borne ». Par « validation du ticket », on entendra l'ensemble des deux opérations, à savoir vérification du ticket et authentification de l'élément de sécurité. On peut également citer, selon un autre exemple, l'expérimentation « M-By "access control device" is meant a physical device capable of acquiring knowledge of the content of the electronic ticket and checking its validity in association with one or more verification servers (of the validity date of the ticket, etc.) and authentication (of the security element associated with the user of the mobile terminal). Subsequently, the terms "access control device" and "terminal" will be used interchangeably. By "ticket validation", we mean all two operations, namely ticket verification and authentication of the security element. In another example, the experiment "M-
Stadium », à Caen, France, qui a montré l'intégration de la technologie sans contact tout au long du parcours d'un public dans un stade : acquisition et dématérialisation de tickets électroniques sur des terminaux mobiles, contrôle des tickets électroniques et lecture d'étiquettes interactives dans le stade, etc. Les utilisateurs d'un tel système chargent préalablement un ticket au moyen d'une application mobile de leur terminal mobile équipé de la technologie sans contact. Les données ainsi chargées, relatives au ticket, sont mémorisées et gérées dans un élément de sécurité associé au terminal mobile, en l'occurrence la carte SEVI de l'utilisateur, puis contrôlées à l'entrée du stade au moyen d'un terminal de contrôle. Stadium ", in Caen, France, which showed the integration of contactless technology throughout an audience in a stadium: acquisition and dematerialization of electronic tickets on mobile devices, electronic ticket control and reading interactive tags in the stadium, etc. Users of such a system first load a ticket by means of a mobile application of their mobile terminal equipped with contactless technology. The data thus loaded, relating to the ticket, are stored and managed in a security element associated with the mobile terminal, in this case the SEVI card of the user, and then checked at the entrance of the stadium by means of a terminal. control.
On connaît également, selon encore un autre exemple choisi dans le monde bancaire, des services de paiement pour lesquels certaines banques ont déployé, chez des commerçants, des terminaux de paiement électroniques sans contact utilisables aussi bien avec une carte bancaire qu'avec un terminal mobile NFC doté d'un élément de sécurité comme la carte SEVI. It is also known, according to yet another example chosen in the banking world, payment services for which some banks have deployed, at merchants, electronic payment terminals without contact usable with both a bank card and a mobile terminal NFC with a security element like the SEVI card.
Dans tous ces exemples, une application spécifique au service est développée puis installée dans l'élément de sécurité, de sorte que celui-ci peut assurer authentification de l'utilisateur pour l'accès au service (abonnement transport, accès au stade de football, etc.) et en même temps gérer des données propres aux services. Des techniques relativement complexes doivent être utilisées pour charger des applications dans l'élément de sécurité via des plateformes de service situées dans l'infrastructure de l'opérateur mobile et/ou des fournisseurs de services, techniques dites OTA (pour "Over The Air") qui sont conformes aux spécifications éditées par l'association « Global Platform ». De telles plateformes sont coûteuses. L'utilisateur ne peut pas installer lui-même une telle application dans une carte SEVI. De plus, la multiplication des applications dédiées charge considérablement la carte SIM qui est généralement limitée en ressources mémoire. L'invention propose un système de contrôle d'accès à un service par l'utilisateur d'un terminal mobile équipé d'un élément de sécurité, par validation d'un ticket électronique, qui ne présente pas de tels inconvénients. In all these examples, a service-specific application is developed and then installed in the security element, so that the security element can provide authentication of the user for access to the service (transport subscription, access to the football stadium, etc.) and at the same time manage service-specific data. Relatively complex techniques need to be used to load applications into the security element via service platforms located in the mobile operator infrastructure and / or OTA (over the air) service providers. ) which comply with the specifications published by the "Global Platform" association. Such platforms are expensive. The user can not install such an application himself in a SEVI card. In addition, the multiplication of dedicated applications considerably loads the SIM card which is generally limited in memory resources. The invention proposes a system for controlling access to a service by the user of a mobile terminal equipped with a security element, by validating an electronic ticket, which does not have such disadvantages.
L'invention The invention
Selon un premier aspect fonctionnel, l'invention a pour objet un procédé de mise à disposition d'un ticket électronique par un élément de sécurité associé à un terminal mobile, le ticket étant stocké dans le terminal mobile et prévu pour accéder à un service via un dispositif de contrôle d'accès, le procédé étant caractérisé en ce qu'il comporte les étapes suivantes dans l'élément de sécurité : une étape de réception du ticket électronique en provenance du terminal mobile ; According to a first functional aspect, the subject of the invention is a method of providing an electronic ticket by a security element associated with a mobile terminal, the ticket being stored in the mobile terminal and designed to access a service via an access control device, the method being characterized in that it comprises the following steps in the security element: a step of receiving the electronic ticket from the mobile terminal;
une étape de mémorisation temporaire du ticket électronique dans l'élément de sécurité ;  a step of temporary storage of the electronic ticket in the security element;
une étape de mise à disposition du ticket électronique pour le dispositif de contrôle d'accès ;  a step of providing the electronic ticket for the access control device;
- une étape d'authentification prenant en compte au moins une donnée contenue dans le ticket et une donnée liée à l'élément de sécurité. une étape d'effacement du ticket de la mémoire du dispositif de sécurité.  an authentication step taking into account at least one piece of data contained in the ticket and data related to the security element. a step of erasing the ticket from the memory of the security device.
Avantageusement selon l'invention, le ticket n'est pas exploité par l'élément de sécurité mais seulement mis à la disposition du dispositif de contrôle d'accès par une application de l'élément de sécurité, dite application sécuritaire (en langage informatique, applet). Ainsi, l'invention se distingue des techniques actuelles qui nécessitent l'installation d'une application spécifique à chaque service dans l'élément de sécurité du terminal mobile (carte SEVI notamment), par exemple une application pour l'accès à un spectacle et une autre application pour les tickets de transport. Advantageously according to the invention, the ticket is not exploited by the security element but only made available to the access control device by an application of the security element, called security application (in computer language, applet). Thus, the invention differs from current techniques which require the installation of an application specific to each service in the security element of the mobile terminal (SEVI card in particular), by example an application for access to a show and another application for transport tickets.
Il est avantageux d'héberger une seule application sécuritaire de mise à disposition du ticket qui va être consommé dans l'élément de sécurité, quel que soit le type de ce ticket. En effet, le stockage d'applications dans la carte SIM demande des infrastructures complexes de type OTA. De plus, installer une application sécuritaire spécifique à chaque service dans la carte SIM suppose que la carte dispose de suffisamment de mémoire, ce qui n'est pas toujours le cas, et ce d'autant plus que le nombre de services augmente, augmentant de ce fait les besoins en mémoire et complexité. It is advantageous to host a single secure application for the provision of the ticket that will be consumed in the security element, regardless of the type of ticket. In fact, the storage of applications in the SIM card requires complex infrastructures of the OTA type. In addition, installing a security application specific to each service in the SIM card assumes that the card has enough memory, which is not always the case, and especially as the number of services increases, increasing by this makes the needs in memory and complexity.
Enfin, une application sécuritaire dans la carte SEVI ne suffit souvent pas à couvrir les besoins du service et il faut lui associer une application sur le mobile, notamment une interface graphique adaptée au service. Cet ensemble constitué de l'application spécifique sur mobile interagissant avec l'application sécuritaire spécifique sur la carte SIM constitue un ensemble technique complexe à mettre au point et à tester. Finally, a secure application in the SEVI card is often not sufficient to cover the needs of the service and must be associated with an application on the mobile, including a graphical interface adapted to the service. This set consisting of the specific application on mobile interacting with the specific security application on the SIM card is a complex technical set to develop and test.
L'élément de sécurité du terminal mobile (carte SIM par exemple) est utilisé comme moyen d'authentification forte, à savoir pour fournir la preuve que le terminal mobile approché de la borne comporte le bon élément de sécurité, c'est-à-dire celui de l'utilisateur du terminal mobile auquel est associée l'élément de sécurité (la carte SIM de l'utilisateur). Il est donc important que cette fonction d'authentification forte reste dédiée à la carte SIM. The security element of the mobile terminal (SIM card for example) is used as a strong authentication means, namely to provide proof that the mobile terminal approaching the terminal has the correct security element, that is to say say that of the user of the mobile terminal with which the security element (the user's SIM card) is associated. It is therefore important that this strong authentication function remains dedicated to the SIM card.
En résumé, l'invention évite la nécessité de charger une application sécuritaire spécifique à chaque service dans l'élément de sécurité (application qui devrait gérer spécifiquement les tickets selon le service à rendre, i.e. une application pour le transport, une application pour le paiement, une troisième pour les spectacles, etc.) Elle conserve cependant les avantages de l'élément sécurisé, c'est à dire l'authentification forte de la carte SEVI qui stocke le ticket électronique, sous contrôle d'une applet sécuritaire qui se contente de mettre le ticket à disposition de la borne et n'exécute donc aucune analyse ou gestion particulière des données du ticket. In summary, the invention avoids the need to load a specific security application for each service in the security element (application that should specifically manage tickets according to the service to be rendered, ie an application for transport, an application for payment a third for shows, etc.) It still retains the advantages of the secure element, ie the strong authentication of the SEVI card which stores the electronic ticket, under the control of a secure applet which is satisfied to make the ticket available to the terminal and therefore does not perform any particular analysis or management of the ticket data.
Selon un mode de mise en œuvre particulier de l'invention, un procédé tel que décrit ci-dessus inclut en outre les étapes suivantes : - une étape de réception, en provenance du terminal mobile, d'un ordre d'effacement du ticket mémorisé ; According to a particular embodiment of the invention, a method as described above also includes the following steps: a step of receiving, from the mobile terminal, an erasure order of the stored ticket ;
Avantageusement selon l'invention, le ticket n'est donc stocké dans l'élément de sécurité que de manière temporaire. Il est typiquement supprimé de la carte SIM lorsque l'utilisateur a bénéficié du service (e.g. a passé la porte du portique associé au dispositif de contrôle d'accès) et n'a donc plus besoin du ticket dans la SEVI. Le ticket peut cependant être conservé dans le mobile (par exemple s'il s'agit d'un ticket de transport valable sur plusieurs jours). Il est avantageux, conformément à l'invention, de stocker les tickets dans le téléphone mobile et de les mettre à disposition de manière temporaire dans la mémoire sécurisée de la carte SEVI, car les tickets peuvent être volumineux (en nombre d'octets) et occuper un espace mémoire important dans la carte SIM. Par « effacement » on entend ici suppression ou remplacement du ticket, la suppression consistant à libérer la mémoire alors que le remplacement consiste à stoker un autre ticket (également temporaire) à la place du ticket à effacer, typiquement le ticket suivant sélectionné par le terminal mobile. Ce mode de mise en œuvre de l'invention permet, tout en bénéficiant des capacités d' authentification et de sécurité liées naturellement à l'élément de sécurité, de ne pas le surcharger.  Advantageously according to the invention, the ticket is stored in the security element only temporarily. It is typically removed from the SIM card when the user has benefited from the service (e.g. has passed the gantry gate associated with the access control device) and therefore no longer needs the ticket in the SEVI. The ticket can however be kept in the mobile (for example if it is a transport ticket valid for several days). It is advantageous, in accordance with the invention, to store the tickets in the mobile phone and to make them available temporarily in the secure memory of the SEVI card, because the tickets can be bulky (in number of bytes) and occupy a large memory space in the SIM card. By "erasure" is meant here deletion or replacement of the ticket, the deletion of releasing the memory while the replacement consists of storing another ticket (also temporary) instead of the ticket to be erased, typically the next ticket selected by the terminal mobile. This mode of implementation of the invention makes it possible, while benefiting from the authentication and security capabilities naturally linked to the security element, not to overload it.
Selon un second mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec le précédent, un procédé tel que décrit ci-dessus est tel que ledit ticket comprend au moins une clé publique de l'élément de sécurité, et est caractérisé en ce qu'il comporte les étapes de : réception d'un aléa en provenance du dispositif de contrôle d'accès ; signature de l'aléa au moyen de la clé privée de l'élément de sécurité ; mise à disposition de l'aléa signé pour le dispositif de contrôle d'accès.According to a second particular mode of implementation of the invention, which can be implemented alternatively or cumulatively with the previous one, a method as described above is such that said ticket comprises at least one public key of the element security system, and is characterized in that it comprises the steps of: receiving a random event originating from the access control device; signature of the hazard by means of the private key of the security element; provision of the signed hazard for the access control device.
La procédure de sécurité mise en œuvre selon l'invention est très simple : le ticket émis par le fournisseur de tickets comprend une clé publique de la carte SEVI de l'utilisateur, alors que l'élément de sécurité (carte SEVI) comprend classiquement la clé privée correspondante. Si l'aléa est correctement signé par la carte SEVI, le dispositif de contrôle d'accès pourra le déchiffrer au moyen de la clé publique contenue dans le ticket, assurant ainsi authentification de la carte SIM et donc de l'utilisateur du terminal mobile. The security procedure implemented according to the invention is very simple: the ticket issued by the ticket provider includes a public key of the SEVI card of the user, whereas the security element (SEVI card) conventionally comprises the corresponding private key. If the hazard is correctly signed by the SEVI card, the access control device can decrypt it using the public key contained in the ticket, thus ensuring authentication of the SIM card and therefore the user of the mobile terminal.
Selon un troisième mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec les précédents, un procédé tel que décrit ci-dessus est en outre caractérisé en ce que au moins une partie du ticket a été signée au moyen d'une clé privée de l'entité émettrice. According to a third particular mode of implementation of the invention, which can be implemented alternatively or cumulatively with the above, a method as described above is further characterized in that at least a portion of the ticket has been signed by means of a private key of the issuing entity.
Avantageusement, cette signature du message, ou d'une partie du message contenu dans le ticket par la clé secrète de l'entité émettrice permet d'ajouter une authentification supplémentaire portant sur l'identité du fournisseur de service (et tickets) : le dispositif de contrôle d'accès ayant accès, directement ou indirectement, à la clé publique de l'entité émettrice qui fournit les tickets, pourra vérifier l'authenticité de ce fournisseur en déchiffrant le message chiffré. Advantageously, this signature of the message, or of a part of the message contained in the ticket by the secret key of the issuing entity makes it possible to add additional authentication relating to the identity of the service provider (and tickets): the device access control having access, directly or indirectly, to the public key of the issuing entity that provides the tickets, can verify the authenticity of this provider by decrypting the encrypted message.
Selon un autre aspect fonctionnel, l'invention a aussi pour objet un procédé de gestion d'un ticket électronique dans un terminal mobile auquel est associé un élément de sécurité, le ticket étant prévu pour accéder à un service via un dispositif de contrôle d'accès, ce procédé étant caractérisé en ce qu'il comporte les étapes suivantes au niveau du terminal mobile : - une étape de sélection d'un ticket électronique mémorisé par le terminal ; According to another functional aspect, the subject of the invention is also a method for managing an electronic ticket in a mobile terminal with which a security element is associated, the ticket being provided for accessing a service via a control device. access, this method being characterized in that it comprises the following steps at the mobile terminal: a step of selecting an electronic ticket stored by the terminal;
une étape d'envoi dudit ticket vers le module de sécurité. Avantageusement, le ticket électronique est donc stocké et géré au sein du terminal mobile par une application de gestion de tickets qui s'exécute sur le terminal mobile et communique avec l'élément de sécurité. Le ticket électronique est stocké dans une mémoire du terminal mobile hors de l'élément sécurisé et transféré seulement après qu'il a été sélectionné, par exemple par l'utilisateur au moyen d'une interface graphique lui proposant un choix de tickets. a step of sending said ticket to the security module. Advantageously, the electronic ticket is stored and managed within the mobile terminal by a ticket management application that runs on the mobile terminal and communicates with the security element. The electronic ticket is stored in a memory of the mobile terminal out of the secure element and transferred only after it has been selected, for example by the user by means of a graphical interface offering him a choice of tickets.
Conformément à l'invention, les tickets électroniques et l'application associée (application de gestion des tickets) sont chargés dans le terminal mobile par des techniques souples et simples connues de l'homme du métier (par exemple messages courts de type SMS (Short Message Service) ou MMS (Multimedia Message Service), téléchargement sur un serveur du réseau mobile ou du réseau Internet via le réseau mobile, etc.) sans qu'il soit nécessaire de recourir aux techniques complexes utilisées pour charger des applications ou des données dans une carte SEVI via des plateformes OTA. Dans un tel contexte, l'utilisateur de l'invention peut avantageusement installer lui-même l'application sur son terminal mobile (par exemple une application de type Android ou Apple). Une telle application peut être adaptée à chaque type de service ou même à chaque service (graphisme et menus adaptés) sans qu'il y ait d'interaction complexe entre cette application et l'application sécuritaire d'authentification et de mise à disposition du ticket qui se trouve dans l'élément sécurisé. Une telle application peut être dédiée à un certain type de services ou au contraire une seule application sur le mobile peut gérer tous les tickets de tous les services, sans perte de généralités pour l'invention. Ainsi, l'utilisateur peut charger plusieurs applications de gestion dans son téléphone mobile qui dispose généralement d'une mémoire plus large que la carte SIM. In accordance with the invention, the electronic tickets and the associated application (ticket management application) are loaded into the mobile terminal by simple and flexible techniques known to those skilled in the art (for example SMS short messages (Short Message Service) or MMS (Multimedia Message Service), downloading to a mobile network server or the Internet via the mobile network, etc.) without the need for complex techniques used to load applications or data into the Internet. a SEVI card via OTA platforms. In such a context, the user of the invention can advantageously install the application itself on his mobile terminal (for example an Android or Apple type application). Such an application can be adapted to each type of service or even to each service (graphics and adapted menus) without there being complex interaction between this application and the secure application for authentication and provision of the ticket which is in the secure element. Such an application can be dedicated to a certain type of service or on the contrary a single application on the mobile can manage all the tickets of all the services, without loss of generalities for the invention. Thus, the user can load several management applications into his mobile phone which generally has a larger memory than the SIM card.
Dans le même temps, le stockage temporaire du ticket dans la carte SIM limite le nombre de sessions de communication à enchaîner entre la borne et l'ensemble SEVI-MOBILE : en effet si la borne devait dialoguer simultanément avec une application sur le téléphone mobile et une autre application sur la carte SIM, il devrait ouvrir deux sessions distinctes, par exemple une session Bluetooth (avec le terminal mobile) et une session NFC (avec la carte SIM) ou deux sessions NFC, etc. Il est naturellement plus simple d'ouvrir une seule session vers la carte SIM au moment où elle dispose du ticket. At the same time, the temporary storage of the ticket in the SIM card limits the number of communication sessions to be chained between the terminal and the set SEVI-MOBILE: indeed if the terminal had to communicate simultaneously with an application on the mobile phone and another application on the SIM card, it should open two separate sessions, for example a Bluetooth session (with the mobile terminal) and an NFC session (with the SIM card) or two NFC sessions, etc. It is of course easier to open a single session to the SIM card when it has the ticket.
Selon un mode de mise en œuvre particulier, un procédé de gestion tel que décrit ci-dessus est en outre caractérisé en ce que la communication entre l'élément de sécurité et le dispositif de contrôle d'accès est effectuée en champ proche. According to a particular mode of implementation, a management method as described above is further characterized in that the communication between the security element and the access control device is performed in the near field.
La communication en champ proche offre de nombreux avantages dans ce contexte de tickets dématérialisés : une sécurité intrinsèque à ce mode de communication, puisque l'utilisateur du terminal mobile doit être à quelques centimètres seulement de la borne pour pouvoir valider son ticket ; mais encore, le NFC permet la consommation du ticket même lorsque la batterie du terminal mobile est déchargée ou lorsque le mobile est éteint : en effet le dispositif de contrôle d'accès est capable d'alimenter la carte SEVI via son champ NFC, assurant ainsi la lecture du ticket et de l'aléa signé en l'absence même de batterie. Near-field communication offers many advantages in this context of dematerialized tickets: an intrinsic security to this mode of communication, since the user of the mobile terminal must be only a few centimeters from the terminal to be able to validate his ticket; but still, the NFC allows the consumption of the ticket even when the battery of the mobile terminal is discharged or when the mobile is off: in fact the access control device is capable of supplying the SEVI card via its NFC field, thus ensuring the reading of the ticket and the signed hazard in the absence of even battery.
Selon un second mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec le précédent, un procédé de gestion tel que décrit ci-dessus inclut en outre une étape d'émission vers le module de sécurité d'un ordre d'effacement dudit ticket. Avantageusement, comme noté précédemment, cet aspect de l'invention réduit la place occupée par les tickets dans l'élément de sécurité. L'effacement peut être une suppression ou un remplacement du ticket (par un autre ticket). According to a second particular mode of implementation of the invention, which can be implemented alternatively or cumulatively with the previous one, a management method as described above also includes a step of transmitting to the security module an erase order of said ticket. Advantageously, as noted above, this aspect of the invention reduces the space occupied by the tickets in the security element. Erasing can be a deletion or replacement of the ticket (by another ticket).
Selon un troisième mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec les précédents, un procédé de gestion tel que décrit plus haut inclut en outre une étape préalable de réception d'un ticket électronique en provenance d'une entité émettrice, ledit ticket comprenant au moins une clé publique de l'utilisateur du terminal mobile correspondant à la clé privée qui se trouve dans l'élément de sécurité. Avantageusement, comme noté précédemment, si le ticket émis par le fournisseur de tickets comprend une clé publique de la carte SIM de l'utilisateur, alors que l'élément de sécurité comprend la clé privée correspondante, authentification de la carte SIM et donc de l'utilisateur du terminal mobile est facilement assurée. According to a third particular embodiment of the invention, which can be implemented alternatively or cumulatively with the above, a management method as described above also includes a prior step of receiving an electronic ticket in from a sending entity, said ticket comprising at least one public key of the user of the mobile terminal corresponding to the private key that is in the security element. Advantageously, as noted above, if the ticket issued by the ticket provider comprises a public key of the user's SIM card, while the security element comprises the corresponding private key, authentication of the SIM card and therefore the user of the mobile terminal is easily ensured.
Selon un quatrième mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec les précédents, un procédé de gestion tel que décrit plus haut est en outre caractérisé en ce que l'étape de sélection est automatique si le niveau d'alimentation du téléphone mobile se trouve en-dessous d'un seuil prédéterminé, et s'effectue selon une règle préétablie. According to a fourth particular mode of implementation of the invention, which can be implemented alternatively or cumulatively with the above, a management method as described above is further characterized in that the selection step is automatic. if the power level of the mobile phone is below a predetermined threshold, and is carried out according to a pre-established rule.
Avantageusement, il est ainsi possible de traiter le ticket même lorsque le téléphone mobile est presque déchargé : une fois le ticket transféré dans la carte SEVI, cette dernière peut être alimentée via le champ proche NFC et donc ne nécessite plus d'alimentation de la part du terminal mobile, qui peut même être éteint. Advantageously, it is thus possible to process the ticket even when the mobile phone is almost discharged: once the ticket transferred into the SEVI card, the latter can be powered via the NFC near field and therefore no longer requires power from the mobile terminal, which can even be turned off.
Selon une variante de ce mode de réalisation de l'invention, un procédé de gestion selon l'invention est en outre caractérisé en ce que la règle préétablie consiste à sélectionner le dernier ticket consulté par l'utilisateur. Avantageusement, le dernier ticket visualisé ou accédé par l'utilisateur est sélectionné comme étant le choix le plus probable qu'aurait fait l'utilisateur s'il avait lui-même effectué cette sélection, par exemple dans une liste de tickets. According to a variant of this embodiment of the invention, a management method according to the invention is further characterized in that the pre-established rule consists in selecting the last ticket consulted by the user. Advantageously, the last ticket viewed or accessed by the user is selected as the most likely choice that the user would have made if he had himself made this selection, for example in a list of tickets.
Selon un cinquième mode de mise en œuvre particulier de l'invention, qui pourra être mis en œuvre alternativement ou cumulativement avec les précédents, un procédé de gestion tel que décrit plus haut est en outre caractérisé en ce que l'étape de sélection est automatique si les données contenues dans le ticket comportent certaines caractéristiques prédéfinies relatives à la validité du ticket. Avantageusement, le ticket le plus proche de sa date d'expiration peut être ainsi « poussé » automatiquement vers le module de sécurité. According to a fifth particular embodiment of the invention, which can be implemented alternatively or cumulatively with the above, a management method as described above is further characterized in that the selection step is automatic. if the data contained in the ticket has certain predefined characteristics relating to the validity of the ticket. Advantageously, the ticket closest to its expiry date can thus be "pushed" automatically to the security module.
Selon un aspect matériel, l'invention concerne également un élément de sécurité associé à un terminal mobile apte à mettre à disposition d'un dispositif de contrôle d'accès un ticket électronique stocké dans le terminal mobile, caractérisé en ce qu'il comporte les modules suivants : un module de réception agencé pour recevoir du terminal mobile un ticket électronique ; According to a material aspect, the invention also relates to a security element associated with a mobile terminal able to make available to an access control device an electronic ticket stored in the mobile terminal, characterized in that it comprises the following modules: a reception module arranged to receive an electronic ticket from the mobile terminal;
un module de mémorisation temporaire du ticket ;  a module for temporarily storing the ticket;
- un module de mise à disposition du ticket électronique pour le dispositif de contrôle d'accès.  - A module for providing the electronic ticket for the access control device.
un module d'authentification apte à prendre en compte au moins une donnée contenue dans le ticket et une donnée liée à l'élément de sécurité.  an authentication module able to take into account at least one piece of data contained in the ticket and a piece of data related to the security element.
- un module d'effacement du ticket de la mémoire du dispositif de sécurité.  a module for erasing the ticket from the memory of the security device.
Le terme module peut correspondre aussi bien à un composant logiciel qu'à un composant matériel ou un ensemble de composants matériels et logiciels, un composant logiciel correspondant lui-même à un ou plusieurs programmes ou sous-programmes d'ordinateur ou de manière plus générale à tout élément d'un programme apte à mettre en œuvre une fonction ou un ensemble de fonctions telles que décrites pour les modules concernés. De la même manière, un composant matériel correspond à tout élément d'un ensemble matériel (ou hardware) apte à mettre en œuvre une fonction ou un ensemble de fonctions pour le module concerné (circuit intégré, carte à puce, carte à mémoire, etc.).  The term module may correspond to both a software component and a hardware component or a set of hardware and software components, a software component itself corresponding to one or more computer programs or subprograms or more generally any element of a program capable of implementing a function or a set of functions as described for the modules concerned. In the same way, a hardware component corresponds to any element of a hardware set (or hardware) able to implement a function or a set of functions for the module concerned (integrated circuit, smart card, memory card, etc. .).
Selon un autre aspect matériel, l'invention concerne également un terminal mobile auquel est associé un élément de sécurité, apte à gérer un ticket prévu pour accéder à un service via un dispositif de contrôle d'accès, caractérisé en ce qu'il comporte les modules suivants : - un module de sélection d'un ticket électronique dans la mémoire du terminal; un module d'envoi dudit ticket vers le module de sécurité ; According to another material aspect, the invention also relates to a mobile terminal with which is associated a security element, able to manage a ticket intended to access a service via an access control device, characterized in that it comprises the following modules: - a module for selecting an electronic ticket in the memory of the terminal; a module for sending said ticket to the security module;
Selon un autre aspect matériel, l'invention concerne également un programme d'ordinateur apte à être mis en œuvre par un procédé de mise à disposition de tickets électroniques tel que défini ci-dessus, le programme comprenant des instructions de code qui, lorsque le programme est exécuté par un processeur, réalise les étapes du procédé de mise à disposition de tickets électroniques.  According to another material aspect, the invention also relates to a computer program adapted to be implemented by a method of providing electronic tickets as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the method of providing electronic tickets.
Selon un autre aspect matériel, l'invention concerne également un programme d'ordinateur apte à être mis en œuvre par un procédé de gestion de tickets électroniques tel que défini ci-dessus, le programme comprenant des instructions de code qui, lorsque le programme est exécuté par un processeur, réalise les étapes du procédé de gestion de tickets électroniques. According to another material aspect, the invention also relates to a computer program adapted to be implemented by an electronic ticket management method as defined above, the program comprising code instructions which, when the program is executed by a processor, performs the steps of the electronic ticket management method.
Cet élément de sécurité, ce terminal et ces programmes d'ordinateur présentent des caractéristiques et avantages analogues à ceux décrits précédemment en relation avec les procédés de mise à disposition et de gestion de tickets. This security element, this terminal and these computer programs have features and advantages similar to those described above in connection with the methods of provision and management of tickets.
Selon encore un autre aspect matériel, l'invention a trait à un support d'enregistrement lisible par un processeur de données sur lequel est enregistré un programme comprenant des instructions de code de programme pour l'exécution des étapes des procédés définis ci-dessus. According to yet another material aspect, the invention relates to a recording medium readable by a data processor on which is recorded a program comprising program code instructions for executing the steps of the methods defined above.
L'invention sera mieux comprise à la lecture de la description qui suit, donnée à titre d'exemple et faite en référence aux dessins annexés. The invention will be better understood on reading the description which follows, given by way of example and with reference to the accompanying drawings.
Les figures: La figure 1 représente le contexte général d'un mode de réalisation de l'invention. La figure 2 représente une architecture d'un équipement mobile équipé d'un module d'identité d'abonné et d'un module NFC, apte à mettre en œuvre un mode de réalisation de l'invention. The figures: FIG. 1 represents the general context of one embodiment of the invention. FIG. 2 represents an architecture of a mobile equipment equipped with a subscriber identity module and an NFC module, able to implement an embodiment of the invention.
La figure 3 représente la structure possible d'un ticket électronique selon un mode de réalisation de l'invention. FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention.
La figure 4 représente un organigramme illustrant les différentes étapes du procédé selon un mode de réalisation de l'invention. FIG. 4 represents a flowchart illustrating the different steps of the method according to one embodiment of the invention.
Description détaillée d'un exemple de réalisation illustrant l'invention La figure 1 correspond au contexte général d'un mode de réalisation de l'invention ; il s'agit du contrôle local, par un dispositif de contrôle d'accès ou borne (B), de tickets dématérialisés stockés sur le mobile (T) d'un utilisateur (1), avec une authentification par l'élément de sécurité (C). Dans ce mode de réalisation de l'invention, le terminal mobile (T) dispose également d'un module NFC (3) permettant l'usage de communications sans contact entre le mobile, la carte SIM associée (on parle aussi dans ce cas de SEVl-NFC) et la borne (B). DETAILED DESCRIPTION OF AN EMBODIMENT EXCHANGING THE INVENTION FIG. 1 corresponds to the general context of one embodiment of the invention; it is the local control, by an access control device or terminal (B), dematerialized tickets stored on the mobile (T) of a user (1), with authentication by the security element ( VS). In this embodiment of the invention, the mobile terminal (T) also has an NFC module (3) allowing the use of contactless communications between the mobile phone and the associated SIM card (in this case also referred to as SEV1-NFC) and the terminal (B).
On rappelle que les usages visés par l'invention sont ceux pour lesquels l'utilisateur doit prouver être en possession d'un droit d'accès à un service avec une validité limitée à une date précise ou durant une durée définie (par exemple, un abonnement de transport pour le mois d'octobre 2014) ou avec un numéro de ticket électronique pouvant être vérifié lors de l'accès au service (par exemple, un accès à un concert, une compétition sportive, etc.). On considère, dans ce mode de réalisation, que l'application visée est une application de billetterie délivrant des tickets de concert. On suppose ici que les tickets électroniques sont livrés par SMS à l'utilisateur : il a choisi un ticket électronique (ici, de concert) auprès d'un fournisseur de services (5). Le fournisseur de services (ici, un fournisseur de tickets de concert), situé dans l'exemple dans un réseau (9), a généré un ticket (4), l'a signé avec sa clé privée, puis transmis par SMS au téléphone mobile de l'utilisateur (T) (ou plusieurs SMS, du fait de la limitation intrinsèque de la taille d'un SMS). Le réseau (9) est ici un réseau mobile mais d'autres types de réseaux seraient possibles, par exemple Internet, un réseau Intranet, etc. L'utilisateur peut commander son ticket sur le serveur du fournisseur de services (5), avec son terminal mobile, à travers une connexion de données du réseau mobile se prolongeant vers l'Internet, et recevoir son ticket sur son mobile sous forme de SMS. Avant de délivrer le ticket, le fournisseur de services a vérifié que le l'utilisateur est enregistré auprès d'une autorité de confiance (non représentée). Il s'est procuré auprès d'une l'autorité de confiance la clé publique de l'utilisateur, le nom de l'algorithme associé et la référence de la clé. On rappelle que les systèmes de cryptographie "à clé publique" (appelée aussi "cryptographie asymétrique") sont des méthodes qui reposent sur l'utilisation d'une clé publique (qui est diffusée) et d'une clé privée (qui est gardée secrète). Dans le cadre de la signature, la clé privée est utilisée pour signer un message et la clé publique sert à vérifier la validité de la signature du message. Une entité qui dispose d'un certificat de la clé publique (certificat fourni par une autorité de confiance) peut ainsi authentifier l'auteur du message. It is recalled that the uses covered by the invention are those for which the user must prove to be in possession of a right of access to a service with a validity limited to a specific date or during a definite period of time (for example, a transport subscription for the month of October 2014) or with an electronic ticket number that can be verified when accessing the service (for example, access to a concert, sports competition, etc.). In this embodiment, it is considered that the intended application is a ticketing application delivering concert tickets. It is assumed here that the electronic tickets are delivered by SMS to the user: he has chosen an electronic ticket (here, in concert) from a service provider (5). The service provider (here, a provider of concert tickets), located in the example in a network (9), generated a ticket (4), signed it with its private key, then transmitted by SMS to the mobile phone of the user (T) (or several SMS, because of the intrinsic limitation of the size of an SMS). The network (9) is here a mobile network but other types of networks would be possible, for example the Internet, an Intranet, etc. The user can order his ticket on the server of the service provider (5), with his mobile terminal, through a data connection of the mobile network extending to the Internet, and receive his ticket on his mobile in the form of SMS . Before issuing the ticket, the service provider verified that the user is registered with a trusted authority (not shown). He obtained from a trusted authority the public key of the user, the name of the associated algorithm and the reference of the key. It is recalled that "public key" cryptography systems (also called "asymmetric cryptography") are methods that rely on the use of a public key (which is broadcast) and a private key (which is kept secret ). As part of the signature, the private key is used to sign a message and the public key is used to verify the validity of the signature of the message. An entity that has a certificate of the public key (certificate provided by a trusted authority) can thus authenticate the author of the message.
La clé publique de l'utilisateur que fournit l'autorité de confiance au fournisseur de tickets est la clé publique dont la clé privée correspondante est contenue dans la carte SIM de l'utilisateur. Dans le contexte de ce mode de réalisation de l'invention, elle est gérée par une application sécuritaire d' authentification et de transit, que l'on appelle application de mise à disposition de tickets, ou de manière raccourcie, application sécuritaire, que l'on va décrire plus loin. Dans un but ultérieur d' authentification, le fournisseur de services peut avoir intégré dans le ticket des informations fournies par l'autorité de confiance et l'utilisateur. Un format possible pour un tel ticket sera décrit plus tard à l'appui de la figure 3. Le terminal mobile (T) contient une application mobile (par exemple une application Android) de gestion des tickets électroniques qui permet notamment à l'utilisateur de visualiser les informations pertinentes liées aux données du ticket (nom du spectacle, date et heure, etc.). Lorsque le terminal mobile reçoit un SMS, l'application mobile détecte le ticket, par exemple à la réception d'un SMS commençant par un identifiant donné. Ce ticket est stocké sur le mobile. Tous les tickets stockés sur le mobile apparaissent dans l'interface que l'application mobile de gestion des tickets propose à l'utilisateur, et sont utilisables si leur date de fin de validité n'est pas antérieure à la date actuelle. Alternativement, les tickets peuvent être gérés par plusieurs applications sur le mobile (une pour le transport, une autre pour les spectacles, etc.). Les tickets électroniques dématérialisés ne sont donc pas stockés dans l'élément de sécurité mais sur le terminal mobile. Comme on le verra par la suite, l'élément de sécurité sert uniquement à authentifier l'utilisateur et à faire transiter le ticket (stockage temporaire avant lecture par la borne (B)). The public key of the user provided by the trusted authority to the ticket provider is the public key whose corresponding private key is contained in the user's SIM card. In the context of this embodiment of the invention, it is managed by a secure authentication and transit application, which is called a ticket provisioning application, or in shorthand, secure application, that the we will describe later. For a subsequent authentication purpose, the service provider may have included in the ticket information provided by the trusted authority and the user. A possible format for such a ticket will be described later in support of Figure 3. The mobile terminal (T) contains a mobile application (for example an Android application) for managing electronic tickets, which notably enables the user to view the relevant information related to the ticket data (show name, date and time, etc.). ). When the mobile terminal receives an SMS, the mobile application detects the ticket, for example upon receipt of an SMS starting with a given identifier. This ticket is stored on the mobile. All tickets stored on the mobile appear in the interface that the mobile application for ticket management offers to the user, and are usable if their end of validity date is not earlier than the current date. Alternatively, the tickets can be managed by several applications on the mobile (one for transportation, another for shows, etc.). The dematerialized electronic tickets are therefore not stored in the security element but on the mobile terminal. As will be seen later, the security element serves only to authenticate the user and to transit the ticket (temporary storage before reading by the terminal (B)).
Chaque ticket est sélectionnable par l'utilisateur, par exemple par une pression du doigt sur l'écran tactile du téléphone mobile, et une boite de dialogue peut lui demander une confirmation de la sélection du ticket. Each ticket is selectable by the user, for example by a touch of the finger on the touch screen of the mobile phone, and a dialog box can ask for confirmation of the selection of the ticket.
L'élément de sécurité (C), ou carte SIM, contient une application sécuritaire, aussi appelée applet (APS) qui est installée sur les cartes SIM des utilisateurs de terminaux mobiles désirant avoir accès au service de ticket dématérialisé. Il s'agit d'une application unique pour tous les tickets. On l'appelle par la suite Applet, ou application sécuritaire, ou encore APS. Elle peut accéder à la clé privée de l'utilisateur dans la mémoire de la carte SEVI, ce qui permet à la carte SIM, et donc à l'utilisateur, de s'authentifier auprès de la borne d'accès. Cette applet permet aussi de stocker temporairement le ticket qui va être lu par la borne. Lorsque l'utilisateur sélectionne le ticket (4) sur son terminal mobile, l'application mobile de gestion APM envoie le ticket à l'applet de la carte SIM puis demande à l'utilisateur de présenter son terminal mobile à la borne. The security element (C), or SIM card, contains a secure application, also known as an applet (APS), which is installed on the SIM cards of the users of mobile terminals wishing to have access to the paperless ticket service. This is a unique app for all tickets. It is later called Applet, or security application, or APS. It can access the private key of the user in the memory of the SEVI card, which allows the SIM card, and therefore the user, to authenticate with the base station. This applet also makes it possible to temporarily store the ticket which will be read by the terminal. When the user selects the ticket (4) on his mobile terminal, the APM mobile management application sends the ticket to the applet of the SIM card and then asks the user to present his mobile terminal to the terminal.
Lorsque l'utilisateur présente son terminal mobile à la borne d'accès, une communication NFC s'établit entre la borne et la carte SIM-NFC contenue dans le le terminal mobile de l'utilisateur. La borne peut alors communiquer avec la carte SIM pour lire le ticket préalablement mémorisé. L'applet de la SIM permet ensuite d'authentifier l'utilisateur, dont seule la carte SEVI possède la clé privée correspondant à la clé publique contenue dans le ticket. La borne (B) dialogue par ailleurs avec un serveur « métier » (7) de vérification des tickets qui est lui-même en relation avec un serveur de vérification des signatures disposant de la clé publique du fournisseur de service (5) et vérifie que la signature du ticket (c'est-à-dire la signature par le fournisseur de services) est correcte. Ces deux serveurs sont, selon cet exemple, des serveurs locaux. Ils peuvent alternativement se trouver dans la borne elle-même ou dans un réseau local, ou encore dans le réseau étendu. When the user presents his mobile terminal at the base station, an NFC communication is established between the terminal and the SIM-NFC card contained in the mobile terminal of the user. The terminal can then communicate with the SIM card to read the previously stored ticket. The applet of the SIM then makes it possible to authenticate the user, of which only the SEVI card has the private key corresponding to the public key contained in the ticket. The terminal (B) also communicates with a ticket verification "business" server (7) which itself is in contact with a signature verification server that has the public key of the service provider (5) and verifies that the signature of the ticket (ie the signature by the service provider) is correct. These two servers are, according to this example, local servers. They can alternatively be in the terminal itself or in a local network, or in the wide area network.
Après la phase de réception du ticket par NFC, suivi de la phase d'envoi d'aléa à la carte SIM et de réception de cet aléa signé, la borne NFC attend la réponse des phases de vérification du ticket effectuées par le serveur métier (6) et le serveur de vérification des signatures (7). La borne NFC peut comporter une interface graphique, non représentée, qui lui permet d'afficher des informations à destination du porteur du terminal mobile. Par exemple, une partie « état » indique l'état de la vérification : l'affichage de la borne indique en vert que l'accès est autorisé, en gris ce que doit faire l'utilisateur et en rouge toute erreur survenue. Si la phase de vérification de la signature de l'aléa par la carte SIM, suivie par la phase de vérification des champs « métier » du ticket, suivie par la phase vérification de la signature du fournisseur de services sont correctement validés par les serveurs, alors la borne répond positivement à la requête de l'utilisateur, par exemple elle ouvre un portillon pour le laisser passer. La borne détecte quand le terminal mobile n'est plus posé sur le lecteur NFC, et peut alors lancer alors une nouvelle vérification quand un nouveau terminal s'approche de la borne NFC. After the reception phase of the ticket by NFC, followed by the random sending phase to the SIM card and reception of this signed randomness, the NFC terminal waits for the response of the ticket verification phases carried out by the business server ( 6) and the signature verification server (7). The NFC terminal may include a graphical interface, not shown, which enables it to display information intended for the bearer of the mobile terminal. For example, a "state" part indicates the state of the verification: the display of the terminal indicates in green that the access is authorized, in gray what the user must do and in red any error occurred. If the verification phase of the signature of the hazard by the SIM card, followed by the verification phase of the "business" fields of the ticket, followed by the verification phase of the signature of the service provider are correctly validated by the servers, then the terminal responds positively to the request of the user, for example it opens a gate to let it pass. The terminal detects when the mobile terminal is no longer placed on the NFC reader, and can then start a new check when a new terminal approaches the NFC terminal.
En référence à la figure 2, un système comprend un terminal T apte à communiquer avec un réseau (9) comportant un fournisseur de tickets, et un élément de sécurité (C) apte à être inséré dans le terminal (T) et à communiquer avec une borne (B) pour effectuer la validation d'un ticket électronique. With reference to FIG. 2, a system comprises a terminal T able to communicate with a network (9) comprising a ticket provider, and a security element (C) able to be inserted into the terminal (T) and to communicate with a terminal (B) for performing the validation of an electronic ticket.
Le terminal T est, par exemple, un téléphone mobile ou un PDA (pour "Personal Digital Assistant") ou encore une tablette.  The terminal T is, for example, a mobile phone or a PDA (for "Personal Digital Assistant") or a tablet.
Le terminal T comprend classiquement une unité de traitement, ou « CPU » The terminal T conventionally comprises a processing unit, or "CPU"
(pour « Central Processing Unit »), destinée à charger des instructions en mémoire, à les exécuter, à effectuer des opérations ; un ensemble de mémoires M, dont une mémoire volatile, ou "RAM" (pour "Random Access Memory") utilisée pour exécuter des instructions de code, stocker des variables, etc. et une mémoire non volatile, de type « ROM » (de l'anglais « Read Only Memory »), ou « EEPROM » (pour « Electronically Erasable Programmable Read Only Memory ») destinée à contenir des données persistantes, utilisées par exemple pour stocker les tickets électroniques et l'application APM de gestion des tickets. (for "Central Processing Unit"), intended to load instructions in memory, to execute them, to perform operations; a set of memories M, including a volatile memory, or "RAM" (for "Random Access Memory") used to execute code instructions, store variables, etc. and a non-volatile memory, of the "ROM" type (of "Read Only Memory"), or "EEPROM" (for "Electronically Erasable Programmable Read Only Memory") intended to contain persistent data, used for example to store electronic tickets and the APM ticket management application.
Le terminal T comporte par ailleurs :  The terminal T furthermore comprises:
- un premier module de communication MCI apte à communiquer avec l'élément de sécurité C, via une première interface de communication (II).  a first communication module MCI able to communicate with the security element C via a first communication interface (II).
- un deuxième module de communication MR, permettant une communication, via un réseau de communication, avec des serveurs distants, par exemple avec le fournisseur de tickets (5) qui se trouve dans le réseau Internet (9) accessible via le réseau mobile ou sur un réseau de téléphonie mobile. C'est par ce biais que le terminal mobile (T) reçoit notamment l'application APM (Application dans le Mobile) de gestion des tickets (selon notre exemple, de concert) chargée dans une mémoire M du mobile, puis les tickets.  a second communication module MR, enabling communication, via a communication network, with remote servers, for example with the ticket provider (5) which is in the Internet network (9) accessible via the mobile network or on a mobile phone network. It is in this way that the mobile terminal (T) receives in particular the application APM (Mobile Application) ticket management (according to our example, in concert) loaded into a memory M of the mobile, and tickets.
- un troisième module de communication sans contact NFC (3), apte à faire communiquer l'élément de sécurité avec un équipement distant via une liaison sans contact NFC, par exemple la borne B située à proximité du terminal T. Le module sans contact NFC est également apte à dialoguer avec l'élément de sécurité C, via un module de communication MC2 et une deuxième interface de communication 12. Il dialogue avec le terminal mobile via une interface MC3. Le module NFC comporte classiquement une antenne adaptée pour émettre et recevoir des messages modulés sur la voie radio en NFC. a third NFC contactless communication module (3) capable of communicating the security element with a remote device via an NFC contactless link, for example terminal B located near the terminal T. contactless module NFC is also able to communicate with the security element C via an MC2 communication module and a second communication interface 12. It communicates with the mobile terminal via an interface MC3. The NFC module conventionally comprises an antenna adapted to transmit and receive messages modulated on the radio channel in NFC.
L'élément de sécurité C est par exemple un support amovible de type UICC (pour "Universal Integrated Circuit Card"), appelé aussi "carte SIM", une carte à mémoire hébergeant un élément sécurisé (SD card, Embeded Secure contrôler ...) ou encore une zone mémoire spécifique du terminal comme dans le contexte de la norme HCE définie ci-avant.  The security element C is for example a removable support type UICC (for "Universal Integrated Circuit Card"), also called "SIM card", a memory card hosting a secure element (SD card, Embedded Secure control ... ) or a specific memory area of the terminal as in the context of the HCE standard defined above.
L'élément de sécurité C, couramment utilisé pour l'authentification au réseau mobile (cas de la carte SEVI) a pour fonction, outre de s'authentifier auprès de la borne, de stocker les informations spécifiques à l'abonné mobile (ici appelé utilisateur) et les processus qui permettent à l'équipement de s'authentifier sur le réseau mobile. A cet effet il possède la clé privée (K) de l'utilisateur. Il comporte un premier module d'émission-réception MCI' apte à dialoguer avec le terminal T via la première interface de communication II, un deuxième module d'émission- réception MC2' apte à communiquer avec le module NFC via la deuxième interface de communication 12.  The security element C, commonly used for authentication to the mobile network (case of the SEVI card) has the function, in addition to authenticate with the terminal, to store the specific information to the mobile subscriber (here called user and the processes that allow the device to authenticate to the mobile network. For this purpose it has the private key (K) of the user. It comprises a first transceiver module MCI 'able to communicate with the terminal T via the first communication interface II, a second transceiver module MC2' able to communicate with the NFC module via the second communication interface 12.
Dans ce mode de réalisation de l'invention, l'élément de sécurité C est une carte SEVI et comporte classiquement des mémoires M' de type ROM contenant notamment le système d'exploitation de l'élément de sécurité et des programmes implémentant les mécanismes de sécurité, entre autres l'algorithme d'authentification de la carte, des mémoires de type EEPROM contenant de manière permanente des répertoires et données définis par la norme mobile (e.g. GSM, UMTS, etc.), la clé d'authentification (K), ou clé privée (de l'utilisateur), ainsi que des applications spécifiques (APS) aussi appelées applets s'exécutant dans une mémoire de type RAM. Les applets sont par exemple des programmes logiciels utilisant les protocoles « SEVI Application Toolkit » selon la recommandation ETSI 102.223, qui permettent de contrôler certaines fonctions du téléphone mobile, par exemple de dialoguer avec l'abonné via l'interface de communication II entre la SIM et le téléphone mobile T. Sur la figure 2 est représentée l'applet APS sécuritaire commune à tous les services de tickets électroniques. Elle met en œuvre les fonctions de transi t/stockage temporaire de tickets, la mise à disposition du ticket pour la lecture via NFC et la signature d'un aléa reçu par NFC. In this embodiment of the invention, the security element C is an SEVI card and conventionally comprises ROM type memories M 'containing in particular the operating system of the security element and programs implementing the security mechanisms. security, among others the authentication algorithm of the card, EEPROM type memories permanently containing directories and data defined by the mobile standard (eg GSM, UMTS, etc.), the authentication key (K) , or private key (of the user), as well as specific applications (APS) also called applets running in a RAM type memory. Applets are for example software programs using the "SEVI Application Toolkit" protocols according to the ETSI 102.223 recommendation, which make it possible to control certain functions of the mobile telephone, for example to communicate with the subscriber via the interface of the mobile phone. communication II between the SIM and the mobile phone T. In Figure 2 is shown the secure APS applet common to all electronic ticket services. It implements the functions of transi t / temporary storage of tickets, the provision of the ticket for reading via NFC and the signature of a random received by NFC.
Pour communiquer avec la carte SIM, l'application sur le mobile utilise ΓΑΡΙ SmartCard selon la recommandation ETSI 102.221. Elle permet d'ouvrir un canal de communication avec les applets de la carte SIM pour l'envoi des données (e.g. le ticket) sous forme de paquets. Une fois la communication terminée, l'application Android ferme le canal pour permettre à d'autres applications Android ou à des lecteurs NFC d' interagir avec l'applet de la carte SIM.  To communicate with the SIM card, the mobile application uses SmartCard according to the ETSI 102.221 recommendation. It makes it possible to open a communication channel with the SIM card applets for sending the data (e.g. the ticket) in the form of packets. When communication is complete, the Android application closes the channel to allow other Android apps or NFC players to interact with the SIM card applet.
La figure 3 représente la structure possible d'un ticket électronique selon un mode de réalisation de l'invention Le ticket électronique est structuré de façon à pouvoir fournir toutes les informations, ou données, permettant l'authentification de l'utilisateur. Il contient également des informations sur la date de fin de validité, le numéro de la place, le nom de l'événement, la date, etc. pour un ticket d'accès à une salle de concert. Chaque fournisseur de service structure son ticket de manière à ce qu'il puisse être lu par l'application mobile APM qui reçoit les tickets. On peut utiliser par exemple un système de codage de type « identifiant / valeur » : les données utiles sont alors précédées d'un identifiant et sont séparées les unes des autres par des données de séparation. Le ticket (4) représenté à la figure 3 comprend les champs de données suivants : - L'objet du ticket (Ml) contient le nom de l'événement, le numéro de la place, le prix, la date, etc. FIG. 3 represents the possible structure of an electronic ticket according to one embodiment of the invention. The electronic ticket is structured so as to be able to provide all the information, or data, enabling the authentication of the user. It also contains information about the expiry date, the place number, the name of the event, the date, and so on. for a ticket to a concert hall. Each service provider structures his ticket so that it can be read by the APM mobile application that receives the tickets. For example, an "identifier / value" type coding system may be used: the user data is then preceded by an identifier and separated from each other by separation data. The ticket (4) represented in FIG. 3 comprises the following data fields: the object of the ticket (Ml) contains the name of the event, the number of the place, the price, the date, etc.
La période de temps de validité (M2) contient la date de fin de validité du ticket. La référence bi-clé (Cl) contient la référence de la paire de clés de l'utilisateur. Le terme « bi-clé » recouvre l'ensemble constitué de la clé privée contenue dans la carte SIM et de la clé publique correspondant à cette clé privée. La clé privée est utilisée par la carte SEVI pour signer l'aléa envoyé par la borne (B); la clé publique correspondante sert à la borne à vérifier cette signature. Généralement tous les services utilisent la même bi-clé, mais quelquefois des services offerts par de grandes entreprises (exemple sociétés de transports) peuvent désirer utiliser une bi-clé qui leur est propre. Cette référence (Cl) sert donc à la borne à connaître la bi-clé à utiliser. Grâce à cette référence lue dans le ticket, la borne (B) indique à la carte SIM quelle clé privée elle doit utiliser pour signer l'aléa et q'elle clé publique correspondante la borne doit elle-même utiliser pour vérifier la signature de l'aléa. The validity period (M2) contains the end date of validity of the ticket. The two-key reference (Cl) contains the reference of the user's key pair. The term "key pair" covers the set consisting of the private key contained in the SIM card and the public key corresponding to this private key. The private key is used by the SEVI card to sign the hazard sent by the terminal (B); the corresponding public key is used by the kiosk to verify this signature. Generally all services use the same bi-key, but sometimes services offered by large companies (eg transport companies) may wish to use a bi-key of their own. This reference (Cl) is therefore used to the terminal to know the key pair to use. Thanks to this reference read in the ticket, the terminal (B) indicates to the SIM card which private key it must use to sign the hazard and that its corresponding public key terminal itself must use to verify the signature of the randomness.
- La référence de l'algorithme d'authentification SEVI (C2) est la référence de l'algorithme qui est associé à la paire de clés de l'utilisateur (Cl). En effet, certaines entreprises peuvent désirer, non seulement leur bi-clé en propre, mais aussi leur algorithme d'authentification en propre. - The reference of the SEVI authentication algorithm (C2) is the reference of the algorithm that is associated with the user's key pair (Cl). Indeed, some companies may want, not only their own key pair, but also their own authentication algorithm.
Avantageusement, il n'y a qu'une seule clé privée dans la carte SIM et un seul algorithme pour tous les services, ce qui simplifie la carte SIM, en évitant toute spécificité aux services dans la carte.  Advantageously, there is only one private key in the SIM card and a single algorithm for all the services, which simplifies the SIM card, avoiding any specificity to the services in the card.
La clé publique de la carte SIM (C3) est la clé publique de l'utilisateur selon la référence de bi-clé (Cl). The public key of the SIM card (C3) is the public key of the user according to the bi-key reference (Cl).
L'identifiant « vendeur ticket » (SI) est la référence du fournisseur de service qui a vendu et signé le ticket.  The seller ticket identifier (SI) is the reference of the service provider who sold and signed the ticket.
La référence de l'algorithme de signature (S2) est la référence de l'algorithme qui est associé à la paire de clés du vendeur.  The reference of the signature algorithm (S2) is the reference of the algorithm that is associated with the seller's key pair.
La signature (S3) est la signature obtenue en signant les champs Ml, M2, Cl, C2, C3, SI et S2. Cette signature est effectuée par le fournisseur de service (vendeur de tickets) avant l'envoi du ticket sur le mobile de l'utilisateur. La figure 4 représente une cinématique des échanges entre les différentes entités de l'invention. The signature (S3) is the signature obtained by signing the fields M1, M2, C1, C2, C3, SI and S2. This signature is made by the service provider (ticket vendor) before sending the ticket to the mobile of the user. FIG. 4 represents a kinematics of the exchanges between the different entities of the invention.
On suppose ici que les prérequis concernant l'obtention du ticket, déjà décrits à l'appui de la figure 1, ont été remplis lors d'une étape E0 : le ticket de concert (4) a été chargé sur le mobile de l'utilisateur qui souhaite passer la borne de la salle de concert. Un enchaînement d'étapes, transparentes pour l'utilisateur, sont alors effectuées entre le mobile (T), la carte SEVI-NFC (C) et la borne (B), représentés en haut de la figure 4 : It is assumed here that the prerequisites for obtaining the ticket, already described in support of FIG. 1, have been fulfilled during a step E0: the concert ticket (4) has been loaded onto the mobile of the user who wishes to pass the terminal of the concert hall. A sequence of steps, transparent for the user, are then performed between the mobile (T), the SEVI-NFC card (C) and the terminal (B), shown at the top of Figure 4:
Lorsque l'utilisateur s'approche, lors d'une étape El, de la borne (B), avec son mobile (T) hébergeant le ticket, il sélectionne sur son application mobile le ticket (4) qu'il souhaite consommer. L'application APM de gestion de tickets sur le mobile envoie le ticket, lors d'une étape E2, à l'applet APS de la carte SIM et le ticket est stocké temporairement à l'étape El i dans une mémoire (Μ') de la carte SIM. Il s'agit d'un stockage temporaire avant lecture par la borne (B). Comme il est bien connu de l'homme du métier, pour être sûr que le ticket est envoyé à la bonne applet, celle-ci peut être identifiée par un numéro d'identification (appelé AID). On rappelle ici que l'applet sécurisée ne connaît, ni ne gère, le contenu du ticket : elle n'effectue qu'un stockage temporaire du ticket qui va être consommé. L'applet de la carte SEVI vérifie au cours d'une étape E12 que le ticket est bien reçu (le chargement du ticket peut nécessiter plusieurs paquets de données), puis renvoie facultativement une réponse attestant de la bonne réception à l'application APM de gestion du ticket sur le mobile, qui la reçoit lors d'une étape E3 et peut alors demander à l'utilisateur de présenter son téléphone à la borne d'accès. When the user approaches, during a step El, the terminal (B), with his mobile (T) hosting the ticket, he selects on his mobile application the ticket (4) he wants to consume. The APM ticket management application on the mobile sends the ticket, during a step E2, to the APS applet of the SIM card and the ticket is stored temporarily in step El i in a memory (Μ ') SIM card. It is a temporary storage before reading by the terminal (B). As is well known to those skilled in the art, to be sure that the ticket is sent to the correct applet, it can be identified by an identification number (called AID). It is recalled here that the secure applet does not know or manage the contents of the ticket: it only makes temporary storage of the ticket that will be consumed. The applet of the SEVI card verifies during a step E12 that the ticket is received (the loading of the ticket may require several data packets), then optionally returns a response attesting to the good reception of the APM application of management of the ticket on the mobile, which receives it during a step E3 and can then ask the user to present his phone at the base station.
Lorsque l'utilisateur se trouve suffisamment proche de la borne, celle-ci lit le ticket (E20) dans la mémoire de la carte SIM sous contrôle du module NFC (E13) : la borne B plonge le terminal mobile dans un champ électromagnétique issu de son module NFC. Lorsque le champ électromagnétique émis est suffisamment élevé pour alimenter correctement le module NFC de la carte SEVI, c'est-à-dire lorsque le téléphone mobile est suffisamment proche de la borne pour que le module NFC de la carte SEVI soit alimenté, une communication peut être établie selon le protocole NFC entre les deux dispositifs. En particulier, comme schématisé par la flèche bidirectionnelle surmontée du ticket, la borne peut lire le ticket dans la mémoire de la SEVI-NFC. Une telle communication NFC est bien connue de l'homme du métier et ne sera donc pas détaillée plus avant. On notera cependant que, lors des phases de lecture et d'authentification ultérieure, le flux des données de la session NFC passe par un contrôleur (CLF pour ContactLess Frontend) du module NFC, qui redirige les données vers la carte SEVI-NFC via le protocole SWP (Single Wire Protocol). L'invention permet d'ouvrir une seule session vers la carte SIM, via l'interface 12, et aucune vers le mobile. When the user is sufficiently close to the terminal, it reads the ticket (E20) in the memory of the SIM card under control of the NFC module (E13): the terminal B immerses the mobile terminal in an electromagnetic field from its NFC module. When the emitted electromagnetic field is sufficiently high to properly power the NFC module of the SEVI card, ie when the mobile phone is sufficiently close to the terminal for the NFC module of the SEVI card to be powered, a communication can be established according to the protocol NFC between the two devices. In particular, as shown schematically by the bidirectional arrow surmounted by the ticket, the terminal can read the ticket in the memory of the SEVI-NFC. Such NFC communication is well known to those skilled in the art and will not be detailed further. However, during the reading and subsequent authentication phases, the data flow of the NFC session passes through a controller (CLF for ContactLess Frontend) of the NFC module, which redirects the data to the SEVI-NFC card via the Single Wire Protocol (SWP). The invention makes it possible to open a single session to the SIM card, via the interface 12, and none to the mobile.
Au cours d'une étape E20, la borne lit la référence de clé (Cl) et la référence d'algorithme (C2) à faire utiliser à la carte SIM pour la signature de l'aléa qui va suivre. Avantageusement, il n'y a qu'une seule clé privée dans la carte SIM et un seul algorithme de signature pour tous les services, ce qui simplifie la carte SIM, en évitant toute spécificité aux différents services. During a step E20, the terminal reads the key reference (Cl) and the algorithm reference (C2) to be used on the SIM card for the signature of the next hazard. Advantageously, there is only one private key in the SIM card and a single signature algorithm for all services, which simplifies the SIM card, avoiding any specificity to the various services.
Au cours d'une étape E21 d'authentification, la borne envoie à la SEVI- NFC un nombre généré aléatoirement, aussi appelé aléa. Le fait d'avoir un nombre aléatoire différent à chaque fois permet d'éviter qu'une personne ayant réussi à récupérer une signature d'un ancien nombre aléatoire puisse la réutiliser. During an authentication step E21, the terminal sends the SEVI-NFC a randomly generated number, also called a random number. Having a different random number each time prevents a person who has succeeded in recovering a signature of an old random number from reusing it.
La carte SEVI reçoit l'aléa (A) au cours d'une étape E14. Au cours de l'étape E15 elle le signe en utilisant sa clé privée, et renvoie l'aléa signé S{A} vers la borne. Pour signer le nombre aléatoire, l'applet utilise des bibliothèques cryptographiques de la carte SIM bien connues de l'homme du métier. On notera que seule la carte SIM de l'utilisateur du terminal mobile possède cette clé, ce qui implique que l'utilisateur est authentifié de manière forte grâce à cette signature. The SEVI card receives the hazard (A) during a step E14. During the step E15 it signs it using its private key, and returns the random signed S {A} to the terminal. To sign the random number, the applet uses cryptographic libraries of the SIM card well known to those skilled in the art. Note that only the SIM card of the user of the mobile terminal has this key, which implies that the user is strongly authenticated by this signature.
La borne reçoit la signature S{A} au cours de l'étape E22 et vérifie ensuite (E23) à l'aide de la clé publique de l'utilisateur, qu'elle a lue dans le ticket, que la signature de ce nombre aléatoire a bien été réalisée avec la clé privée de l'utilisateur. Si l'étape E23 échoue, le processus s'arrête et la borne ne donne pas accès au service. The terminal receives the signature S {A} during the step E22 and then checks (E23) using the public key of the user, which it read in the ticket, that the signature of this random number has been done with the private key of the user. If step E23 fails, the process stops and the terminal does not give access to the service.
La carte SIM de l'utilisateur étant correctement authentifiée, la borne vérifie au cours de l'étape E24 la date de validité du ticket : si elle est incorrecte, le processus s'arrête et la borne ne donne pas accès au service. The SIM card of the user being correctly authenticated, the terminal checks during the step E24 the date of validity of the ticket: if it is incorrect, the process stops and the terminal does not give access to the service.
L'utilisateur étant correctement authentifié (via sa carte SIM) et la date valide, la borne envoie lors d'une étape E24 les champs « métier » du ticket (Ml, M2 : nom du concert, date, numéro de place, etc.) au serveur métier (6). Le serveur métier vérifie (E30) que les champs métier sont corrects. S'ils sont incorrects, le processus s'arrête et la borne ne donne pas accès au service. The user being correctly authenticated (via his SIM card) and the valid date, the terminal sends during a step E24 the "business" fields of the ticket (Ml, M2: name of the concert, date, place number, etc.). ) to the business server (6). The business server verifies (E30) that the business fields are correct. If they are incorrect, the process stops and the terminal does not give access to the service.
Le serveur métier fait vérifier (étape E31) par le serveur (7) de vérification des signatures la signature (S3) du ticket, car le serveur (7) dispose de la clé publique du fournisseur de service qui a signé le ticket. Si la signature du ticket est valide, le serveur métier envoie à la borne (E32) son accord pour autoriser l'utilisateur à accéder au service, c'est-à-dire ici entrer dans la salle. La borne ouvre le portique (E25) et l'utilisateur peut rentrer. The business server has the signature (S3) of the ticket verified by the signature verification server (S3) (step E31) by the signature verification server (7) because the server (7) has the public key of the service provider that has signed the ticket. If the signature of the ticket is valid, the business server sends to the terminal (E32) its agreement to allow the user to access the service, that is to say here enter the room. The terminal opens the gantry (E25) and the user can enter.
Si la signature n'est pas correcte à l'issue de l'étape E31, le processus s'arrête et la borne ne donne pas accès au service. Une fois que l'utilisateur est entré, le ticket peut être déchargé de la mémoire de la carte SIM (El 6). Selon un premier exemple, la carte SIM ne contient qu'un seul ticket à la fois (ticket en transit) ; un nouveau ticket (du concert 2) chasse le ticket du concert 1 dans la SIM : quand l'utilisateur sélectionne le ticket 2, il est transmis à la SIM qui efface le ticket 1, et de même pour les tickets suivants. On évite ainsi de surcharger inutilement la mémoire du mobile. Alternativement, un ordre est émis par l'application de gestion sur le mobile (APM) vers l'applet (APS) de la carte SEVI (E4). On notera que, même lorsque la batterie du terminal mobile est sur le point d'être épuisée, l'invention peut néanmoins rendre le service à l'utilisateur. Par exemple, selon une variante de l'invention, lorsque la batterie atteint un seuil critique, le ticket dont la date de validité expire le plus tôt peut être sélectionné et donc stocké dans la carte SEVI. Ainsi, même si la batterie du mobile est épuisée lorsque l'utilisateur le présente à la borne, cette dernière sera capable de récupérer le ticket stocké dans la carte SEVI en l'alimentant via le champ électromagnétique NFC. If the signature is not correct after step E31, the process stops and the terminal does not give access to the service. Once the user has entered, the ticket can be unloaded from the memory of the SIM card (El 6). According to a first example, the SIM card contains only one ticket at a time (ticket in transit); a new ticket (from concert 2) hunts the concert ticket 1 in the SIM: when the user selects the ticket 2, it is transmitted to the SIM which erases the ticket 1, and the same for the following tickets. This avoids unnecessarily overloading the mobile memory. Alternatively, an order is issued by the management application on the mobile (APM) to the applet (APS) of the SEVI card (E4). Note that even when the battery of the mobile terminal is about to be exhausted, the invention can nevertheless make the service to the user. For example, according to a variant of the invention, when the battery reaches a critical threshold, the ticket whose validity date expires earlier can be selected and therefore stored in the SEVI card. Thus, even if the battery of the mobile is exhausted when the user presents it to the terminal, the latter will be able to recover the ticket stored in the SEVI card by feeding it via the electromagnetic field NFC.
D'autres variantes de sélection automatique du ticket lorsque le seuil de batterie est atteint peuvent être imaginés : sélection du dernier ticket consulté par l'utilisateur, sélection en fonction des données relatives à la durée de validité du ticket, sélection en fonction de l'environnement (privilégier un ticket de métro si on est à proximité d'une station), etc. On peut de surcroît prévoir de stocker non plus un seul, mais quelques tickets dans la carte SEVI. ïï va de soi que le mode de réalisation qui a été décrit ci-dessus a été donné à titre purement indicatif et nullement limitatif, et que de nombreuses modifications peuvent être facilement apportées par l'homme de l'art sans pour autant sortir du cadre de l'invention. Other variants of automatic ticket selection when the battery threshold is reached can be imagined: selection of the last ticket consulted by the user, selection according to the data relating to the validity period of the ticket, selection according to the environment (prefer a metro ticket if you are near a station), etc. We can also plan to store not one, but some tickets in the SEVI card. It goes without saying that the embodiment which has been described above has been given for purely indicative and not limiting, and that many modifications can be easily made by those skilled in the art without departing from the scope of the invention.

Claims

Revendications claims
Procédé de mise à disposition d'un ticket électronique (4) par un élément de sécurité (C,SIM) associé à un terminal mobile (T), le ticket (4) étant stocké dans le terminal mobile et prévu pour accéder à un service via un dispositif de contrôle d'accès (B), le procédé étant caractérisé en ce qu'il comporte les étapes suivantes dans l'élément de sécurité (C): une étape (E10) de réception du ticket électronique (4) en provenance du terminal mobile (T) ; Method of providing an electronic ticket (4) with a security element (C, SIM) associated with a mobile terminal (T), the ticket (4) being stored in the mobile terminal and provided for accessing a service via an access control device (B), the method being characterized in that it comprises the following steps in the security element (C): a step (E10) for receiving the electronic ticket (4) from the mobile terminal (T);
une étape (El i) de mémorisation temporaire du ticket électronique (4) dans l'élément de sécurité (SEVI) ;  a step (El i) of temporary storage of the electronic ticket (4) in the security element (SEVI);
une étape (E13) de mise à disposition du ticket électronique pour le dispositif de contrôle d'accès (B) ;  a step (E13) of providing the electronic ticket for the access control device (B);
une étape (E14, E15) d'authentification prenant en compte au moins une donnée contenue dans le ticket et une donnée liée à l'élément de sécurité.  an authentication step (E14, E15) taking into account at least one piece of data contained in the ticket and data related to the security element.
une étape d'effacement (E17) du ticket (4) de la mémoire du dispositif de sécurité.  a step of erasing (E17) the ticket (4) from the memory of the security device.
Procédé de mise à disposition d'un ticket électronique (4) selon la revendication 1, caractérisé en ce qu'il comporte en outre les étapes suivantes : une étape (El 6) de réception, en provenance du terminal mobile (T), d'un ordre d'effacement du ticket mémorisé dans l'élément de sécurité ; A method of providing an electronic ticket (4) according to claim 1, characterized in that it further comprises the following steps: a step (El 6) of reception, from the mobile terminal (T), d an erase order of the ticket stored in the security element;
Procédé de mise à disposition d'un ticket électronique (4) selon la revendication 1, ledit ticket comprenant au moins une clé publique de l'élément de sécurité, caractérisé en ce qu'il comporte les étapes de : réception (El 4) d'un aléa en provenance du dispositif de contrôle d'accès (B) ;  A method of providing an electronic ticket (4) according to claim 1, said ticket comprising at least one public key of the security element, characterized in that it comprises the steps of: receiving (El 4) d a hazard from the access control device (B);
signature (El 4) de l'aléa au moyen de la clé privée de l'élément de sécurité ;  signature (El 4) of the hazard by means of the private key of the security element;
mise à disposition (E15) de l'aléa signé pour le dispositif de contrôle d'accès. Procédé de mise à disposition d'un ticket électronique (4) selon la revendication 1 caractérisé en ce que au moins une partie du ticket a été signée au moyen d'une clé privée de l'entité émettrice. provision (E15) of the signed hazard for the access control device. Method of providing an electronic ticket (4) according to claim 1 characterized in that at least a portion of the ticket has been signed by means of a private key of the issuing entity.
Procédé de gestion d'un ticket électronique dans un terminal mobile (T), terminal auquel est associé un élément de sécurité (C, SIM), le ticket (4) étant prévu pour accéder à un service via un dispositif de contrôle d'accès (B), ce procédé étant caractérisé en ce qu'il comporte les étapes suivantes au niveau du terminal mobile : une étape (El) de sélection d'un ticket électronique mémorisé par le terminal ; Method of managing an electronic ticket in a mobile terminal (T), terminal with which is associated a security element (C, SIM), the ticket (4) being provided to access a service via an access control device (B), this method being characterized in that it comprises the following steps at the mobile terminal: a step (El) for selecting an electronic ticket stored by the terminal;
une étape (E2) d'envoi dudit ticket vers le module de sécurité.  a step (E2) for sending said ticket to the security module.
Procédé de gestion d'un ticket électronique (4) selon la revendication 5, caractérisé en ce que la communication entre l'élément de sécurité (SEVI, C) et le dispositif de contrôle d'accès (B) est effectuée en champ proche (NFC).  Method for managing an electronic ticket (4) according to claim 5, characterized in that the communication between the security element (SEVI, C) and the access control device (B) is carried out in the near field ( NFC).
Procédé de gestion d'un ticket électronique dans un terminal mobile (T) selon la revendication 5, caractérisé en ce qu'il comporte en outre une étape (E3) d'émission vers le module de sécurité d'un ordre d'effacement dudit ticket. A method for managing an electronic ticket in a mobile terminal (T) according to claim 5, characterized in that it further comprises a step (E3) for sending to the security module an erase command of said ticket.
Procédé de gestion d'un ticket électronique dans un terminal mobile (T) selon la revendication 5, caractérisé en ce qu'il comporte en outre une étape préalable (EO) de réception d'un ticket électronique en provenance d'une entité émettrice (5,9), ledit ticket comprenant au moins une clé publique de l'utilisateur du terminal mobile correspondant à la clé privée qui se trouve dans l'élément de sécurité. A method for managing an electronic ticket in a mobile terminal (T) according to claim 5, characterized in that it further comprises a preliminary step (EO) for receiving an electronic ticket from an issuing entity ( 5,9), said ticket comprising at least one public key of the user of the mobile terminal corresponding to the private key that is in the security element.
Procédé de gestion d'un ticket électronique dans un terminal mobile (T) selon la revendication 5, caractérisé en ce que l'étape de sélection (El) est automatique si le niveau d'alimentation du téléphone mobile (T) se trouve en- dessous d'un seuil prédéterminé, et s'effectue selon une règle préétablie. A method for managing an electronic ticket in a mobile terminal (T) according to claim 5, characterized in that the selection step (El) is automatic if the power supply level of the mobile telephone (T) is reached. below a predetermined threshold, and is carried out according to a pre-established rule.
10. Procédé de gestion d'un ticket électronique dans un terminal mobile (T) selon la revendication 9, caractérisé en ce que la règle préétablie consiste à sélectionner le dernier ticket consulté par l'utilisateur. 10. A method for managing an electronic ticket in a mobile terminal (T) according to claim 9, characterized in that the pre-established rule is to select the last ticket consulted by the user.
11. Procédé de gestion d'un ticket électronique dans un terminal mobile (T) selon la revendication 5, caractérisé en ce que l'étape de sélection est automatique si les données contenues dans le ticket comportent certaines caractéristiques prédéterminées relatives à la validité du ticket. 11. A method for managing an electronic ticket in a mobile terminal (T) according to claim 5, characterized in that the selection step is automatic if the data contained in the ticket include certain predetermined characteristics relating to the validity of the ticket. .
12. Elément de sécurité (C,SIM) associé à un terminal mobile (T) apte à mettre à disposition d'un dispositif de contrôle d'accès (B) un ticket électronique (4) stocké dans le terminal mobile caractérisé en ce qu'il comporte les modules suivants : un module (MCI') de réception agencé pour recevoir du terminal mobile (T) un ticket électronique, 12. Security element (C, SIM) associated with a mobile terminal (T) adapted to make available to an access control device (B) an electronic ticket (4) stored in the mobile terminal characterized in that it comprises the following modules: a reception module (MCI ') arranged to receive an electronic ticket from the mobile terminal (T),
un module (Μ') de mémorisation temporaire du ticket ;  a module (Μ ') for temporary storage of the ticket;
un module (MC2') de mise à disposition du ticket électronique pour le dispositif de contrôle d'accès (B) ;  a module (MC2 ') for providing the electronic ticket for the access control device (B);
un module (APS) d'authentification de l'élément de sécurité (C) apte à prendre en compte au moins une donnée contenue dans le ticket (C3) et une donnée (K) liée à l'élément de sécurité.  an authentication module (APS) of the security element (C) able to take into account at least one piece of data contained in the ticket (C3) and a piece of data (K) linked to the security element.
un module d'effacement du ticket (4) de la mémoire du dispositif de sécurité.  a module for erasing the ticket (4) from the memory of the security device.
13. Terminal mobile (11) auquel est associé un élément de sécurité (C, SIM) , apte à gérer un ticket (4) prévu pour accéder à un service (S) via un dispositif de contrôle d'accès (B), caractérisé en ce qu'il comporte les modules suivants : 13. Mobile terminal (11) with which is associated a security element (C, SIM), able to manage a ticket (4) provided for accessing a service (S) via an access control device (B), characterized in that it comprises the following modules:
Un module (APM) de sélection d'un ticket électronique dans la mémoire (M) du terminal ; A module (APM) for selecting an electronic ticket in the memory (M) of the terminal;
Un module (MCI) d'envoi dudit ticket vers le module de sécurité. A module (MCI) sending said ticket to the security module.
14. Programme d'ordinateur comportant des instructions de code pour la mise en œuvre du procédé de mise à disposition de tickets électroniques conforme à la revendication 1, lorsque celle-ci est exécutée par un processeur. 14. A computer program comprising code instructions for the implementation of the electronic ticket delivery method according to claim 1, when the latter is executed by a processor.
15. Programme d'ordinateur comportant des instructions de code pour la mise en œuvre du procédé de gestion de tickets conforme à la revendication 5, lorsque celle-ci est exécutée par un processeur. A computer program having code instructions for implementing the ticket management method according to claim 5, when executed by a processor.
EP15767215.5A 2014-09-02 2015-09-01 Electronic ticket management Ceased EP3189485A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1458202A FR3025377A1 (en) 2014-09-02 2014-09-02 MANAGEMENT OF ELECTRONIC TICKETS
PCT/FR2015/052314 WO2016034810A1 (en) 2014-09-02 2015-09-01 Electronic ticket management

Publications (1)

Publication Number Publication Date
EP3189485A1 true EP3189485A1 (en) 2017-07-12

Family

ID=52016748

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15767215.5A Ceased EP3189485A1 (en) 2014-09-02 2015-09-01 Electronic ticket management

Country Status (4)

Country Link
US (1) US20170286873A1 (en)
EP (1) EP3189485A1 (en)
FR (1) FR3025377A1 (en)
WO (1) WO2016034810A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3015725A1 (en) * 2013-12-19 2015-06-26 Orange SYSTEM AND METHOD FOR PROVIDING SERVICE TO THE USER OF A MOBILE TERMINAL
TWI529638B (en) * 2014-05-26 2016-04-11 國立成功大學 System and method for electronic ticket peer to peer secure transfer on mobile devices by near field communication (nfc) technology
US20180060989A1 (en) * 2016-08-30 2018-03-01 MaaS Global Oy System, method and device for digitally assisted personal mobility management
FR3073304B1 (en) * 2017-11-03 2021-03-05 Thales Sa PROCESS FOR LEGITIMING A TRANSPORTATION TICKET CARRIED BY A MOBILE TERMINAL, COMPUTER PROGRAM AND ASSOCIATED MOBILE TERMINAL
TWI770279B (en) * 2018-09-19 2022-07-11 財團法人工業技術研究院 Voucher verification auxiliary device, system and method thereof
DE102019114844A1 (en) * 2019-06-03 2020-12-03 VDV eTicket Service GmbH & Co. KG Method and control device for the secure verification of an electronic ticket
US11182786B2 (en) 2020-01-29 2021-11-23 Capital One Services, Llc System and method for processing secure transactions using account-transferable transaction cards
US11954205B2 (en) * 2022-06-24 2024-04-09 GM Global Technology Operations LLC Security control for electronic control unit

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1439495A1 (en) * 2003-01-17 2004-07-21 Siemens Aktiengesellschaft Electronic ticket, system and method for issuing electronic tickets, and devices and methods for using and performing operations on electronic tickets
DE102010017861A1 (en) * 2010-04-22 2011-10-27 Giesecke & Devrient Gmbh Method for handling electronic tickets
US20120244805A1 (en) * 2011-03-21 2012-09-27 Nokia Corporation Method and apparatus for battery with secure element
US20120254030A1 (en) * 2006-09-01 2012-10-04 Mohammad Khan Methods, systems and computer readable media for over the air (ota) provisioning of soft cards on devices with wireless communications capabilities
US20130124349A1 (en) * 2011-11-03 2013-05-16 Mastercard International Incorporated Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device
US20130344807A1 (en) * 2005-12-16 2013-12-26 Broadcom Innovision Limited Communications Devices Comprising NFC Communicators

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1262966C (en) * 1999-04-07 2006-07-05 瑞士电信流动电话公司 Method and system for ordering, loading and using access tickets
US20020065713A1 (en) * 2000-11-29 2002-05-30 Awada Faisal M. Coupon delivery via mobile phone based on location
KR20030072852A (en) * 2002-03-07 2003-09-19 인터내셔널 비지네스 머신즈 코포레이션 system and method for purchasing and validating electronic tickets
FR2950450B1 (en) * 2009-09-18 2013-10-11 Oberthur Technologies METHOD OF VERIFYING THE VALIDITY OF AN ELECTRONIC PARKING TICKET.

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1439495A1 (en) * 2003-01-17 2004-07-21 Siemens Aktiengesellschaft Electronic ticket, system and method for issuing electronic tickets, and devices and methods for using and performing operations on electronic tickets
US20130344807A1 (en) * 2005-12-16 2013-12-26 Broadcom Innovision Limited Communications Devices Comprising NFC Communicators
US20120254030A1 (en) * 2006-09-01 2012-10-04 Mohammad Khan Methods, systems and computer readable media for over the air (ota) provisioning of soft cards on devices with wireless communications capabilities
DE102010017861A1 (en) * 2010-04-22 2011-10-27 Giesecke & Devrient Gmbh Method for handling electronic tickets
US20120244805A1 (en) * 2011-03-21 2012-09-27 Nokia Corporation Method and apparatus for battery with secure element
US20130124349A1 (en) * 2011-11-03 2013-05-16 Mastercard International Incorporated Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LANGER ET AL: "Anwendungen und Technik von Near Field Communication (NFC)", 31 December 2010 (2010-12-31), XP055641202, Retrieved from the Internet <URL:http://babylon.internal.epo.org/projects/babylon/evl.nsf/0/AAAB25117F1D5E12C1257C850055AEBE/$FILE/Anwendungen-und-Technik-von-Near-Field-Communication-NFC-German-Edition.pdf> [retrieved on 20191111] *
See also references of WO2016034810A1 *

Also Published As

Publication number Publication date
WO2016034810A1 (en) 2016-03-10
US20170286873A1 (en) 2017-10-05
FR3025377A1 (en) 2016-03-04

Similar Documents

Publication Publication Date Title
EP3189485A1 (en) Electronic ticket management
EP3243176B1 (en) Method of processing a transaction from a communication terminal
EP1687953B1 (en) Method for the authentication of applications
EP3085133B1 (en) System and method for providing a service to the user of a mobile terminal
EP2741466B1 (en) Method and system for managing a built-in secured element eSE
CA2941313C (en) Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal
FR2989799A1 (en) METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE
WO2015059389A1 (en) Method for executing a transaction between a first terminal and a second terminal
WO2016207715A1 (en) Secure management of electronic tokens in a cell phone
EP3857413A1 (en) Method for processing a transaction, device, system and corresponding program
EP3552327A1 (en) Method of personalizing a secure transaction during a radio communication
EP2471237B1 (en) Mobile electronic device configured to establish secure wireless communication
EP2911365B1 (en) Method and system for protecting transactions offered by a plurality of services between a mobile device of a user and an acceptance point
EP4078922B1 (en) Method for obtaining a command relating to a network access profile of an euicc security module
WO2017005644A1 (en) Method and system for controlling access to a service via a mobile media without a trusted intermediary
WO2020148492A1 (en) Authorization for the loading of an application onto a security element
EP4348459A1 (en) Method for processing a transaction, device and corresponding program
FR3081246A1 (en) METHOD FOR MAKING A TRANSACTION, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAM
EP3371760A1 (en) Method for verifying identity during virtualization
WO2016051059A1 (en) Method of protecting a mobile terminal against attacks
WO2013045793A1 (en) Method of distributing contents, device for obtaining and computer program corresponding thereto
FR2998398A1 (en) Method for activating on-line payment service from e.g. near field communication integrated tablet personal computer, involves starting subscription process by administration server from unique identifier if checking of sign is positive

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170403

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20191118

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20220217