Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4014—Identity check for transactions
  • G06Q20/40145—Biometric identity checks
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/22—Payment schemes or models
  • G06Q20/227—Payment schemes or models characterised in that multiple accounts are available, e.g. to the payer
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/322—Aspects of commerce using mobile devices [M-devices]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/327—Short range or proximity payments by means of M-devices
  • G06Q20/3278—RFID or NFC payments by means of M-devices

Definitions

• the invention relates to a method of payment and to a device implementing said method.
• Payment includes any authentication and / or authorization related to a transaction including a payment, a debit unit credit (including a transport application), a simple authentication of the person who triggers a subsequent payment or valid prepayment already made.
• a first step 1 10 is to put in contact (or type) the mobile phone and the player. Following this step, the reader transfers a selection request to the mobile phone that launches a selection application on the phone. It is then that the selection application leaves the choice to the user to validate the payment with a payment method proposed by default or to select another payment method during step 120.
• This step 120 therefore allows to select the means of payment including a payment source such as an account or a card and a type of payment (prepaid, debit or credit).
• the payment application associated with the selected payment means requires the user to authenticate, step 130.
• This step 130 can be performed in different ways such as entering a PIN code, the presentation of a fingerprint, the detection of a face, or other.
• the authentication step 130 being performed, it then becomes possible to finalize the transaction, for example using a second contact between the phone and the reader, in a step 140.
• the phone transmits the banking information enabling the transaction to be carried out accompanied by a payment authorization signature. More generally, we speak of transaction authorization cryptogram, commonly called ARQC (Authorization Request Cryptogram) according to the EMV payment standard.
• ARQC Authorization Request Cryptogram
• step 1 10 it is known to delete the first step 1 10.
• the user will directly proceed to step 120 of selecting the means of payment.
• Step 130 will authenticate the bearer and the transaction request will be generated in step 140.
• Such a much faster method requires some confidence in the reader because the amount is no longer displayed on the screen. the phone at the time of authentication but only on the reader.
• the current trend is to speed up the checkout and especially the time required for payment. For this purpose, it is requested to go to the simplest possible use for the user while ensuring the most security possible.
• biometrics is a means of strong authentication of a user while guaranteeing a great simplicity of use for the user.
• the invention proposes a new method of payment to go even faster. More particularly, the invention is a payment method using an electronic device having at least one biometric sensor, at least one communication interface for communicating with an external or remote terminal, and at least one a processing unit having banking information, reference biometric information, at least one authentication software, one or more payment software, banking information and payment software offering at least two payment means to the user.
• the method allows a selection of the payment means by associating with each payment means a biometric identifier of its own so that the biometric authentication allows both to select the means of payment and to generate a transaction authorization cryptogram with said means of payment.
• the selection of the means of payment consists in making at least one of several selection possibilities.
• the selection can be done among banking information that correspond to a bank card among at least two bank cards or that correspond to a bank account among at least two bank accounts.
• the selection can be made among at least two types of payment (prepaid, immediate debit, deferred debit, credit).
• the selection can be done among at least two different payment software.
• a payment request has been received by the electronic device with an amount to be paid and in which the amount to be paid is indicated on the display device at the same time as a request for selection and authentication.
• the biometric identifiers are fingerprints and a fingerprint can only be used for a means of payment. It may be indicated on the display device the fingerprint to present for each means of payment.
• the invention is an electronic device which comprises at least one biometric sensor, at least one communication interface for communicating with an external or remote terminal, and at least one processing unit having banking information, biometric reference information, at least one authentication software, one or more payment software, banking information and payment software offering at least two means of payment to the user.
• Each payment means is associated with a biometric identifier of its own, and the authentication software allows a selection of the payment means simultaneously with the biometric authentication by associating the payment means with the biometric fingerprint presented after having been authenticated. .
• the communication interface may be a radio interface compatible with a contactless payment terminal.
• the communication interface may be an internet interface.
• the biometric sensor can be a sensor fingerprints where each fingerprint is associated with a means of payment.
• the processing unit may include an attack-resistant secure processing circuit so that at least a portion of the authentication and transaction authorization cryptogram generation is performed in said secure processing circuit.
• the electronic device may further include a display device for displaying a transaction amount and a choice of payment means.
• FIG. 1 represents an electronic payment scheme according to the invention
• FIGS. 2 and 3 illustrate a mobile phone that can implement the invention
• Figure 4 illustrates a mobile phone in a payment system
• Figures 5-7 illustrate the method of the invention.
• FIGS. 2 and 3 show a mobile telephone 200 equipped with a touch screen 210 and a fingerprint sensor 220 connected to a processing unit 230.
• the telephone 200 furthermore comprises a first communication interface 240 with a network mobile telecommunication radio and a second radio interface 250 for proximity communication.
• the processing unit 230 comprises a microprocessor 231 and a memory 232 comprising a volatile part and a non-volatile part.
• the memory 232 includes most of the programs and data that will work on the phone.
• the processing unit 230 furthermore comprises a SIM card 233 and a secure circuit 234.
• the SIM card 233 contains information necessary for the identification of the telephone on the radio network and also for programs and data which may require some security such as for example for a payment.
• the secure circuit 234 is typically an attack-resistant microcontroller, this type of circuit is better known by its English name "secure element" and is intended to keep all the confidential information of the processing unit and also includes programs sensitive in relation to these data.
• the fingerprint authentication program which makes it possible to verify that the fingerprint that is presented to the sensor 220 corresponds to a known fingerprint resides in this secure circuit 234.
• the sensitive part of a payment software specific to the telephone can be also locate in this secure element 234.
• the first communication interface 240 is a radio interface compatible with standards for data transfer allowing communication via the Internet.
• the second communication interface 250 is a proximity interface which can be of different types. As a proximity interface, it is known to have interfaces related to the exchange of data type Bluetooth or Wifi that can exchange any type of data. It is also known to have a Near Field Communication (NFC) interface compatible with contactless payment terminals according to the IS014443 standard.
• NFC Near Field Communication
• a telephone 200 may comprise one or more payment applications that may be in parts executed either in the secure circuit 234 or in the SIM card 233 if it is desired to have a minimum of data security banking.
• the part executed in the secure circuit 234 or the SIM card 233 is generally started by a program executed by the microprocessor 231 which sends an appropriate command to said secure circuit 234 or SIM card 233 whenever said program must perform a sensitive operation .
• a fingerprint is taken using the fingerprint sensor 220, under the control of a program currently being executed. on the microprocessor 231.
• the microprocessor 231 will then build a fingerprint check command to the secure circuit 234 that receives the captured fingerprint or signature of that fingerprint.
• the secure circuit 234 compares this captured fingerprint with one or more reference fingerprints. If a reference fingerprint corresponds to the captured fingerprint, the secure circuit 234 returns a positive authentication response. In the case where several fingerprints are stored, the secure circuit can also return an identifier corresponding to the authenticated fingerprint.
• the authentication command of the fingerprint may also contain the information relating to the transaction, thus, the return message of the authentication command may also contain the information necessary for the transaction including a signature of the transaction and / or an encrypted message corresponding to a transaction authorization cryptogram that validates the transaction with the server of a bank.
• FIG. 4 illustrates two types of payment environment that the telephone 200 may encounter.
• a first method of payment is the payment via internet in which the telephone 200 communicates via a marketplace 400 to which it is connected via the Internet and the radiotelephone network.
• a second mode of payment is the payment in the shop using a bank payment terminal 450 which communicates with the telephone via a short-range radio communication.
• Figures 5 to 7 show the operation of the invention in the context of a payment made to a payment terminal 450.
• Figure 5 shows the steps performed by the user.
• Figure 6 gives an example of the user interface that can be used.
• Figure 7 illustrates what is happening at the functional level in the phone.
• a user wishing to make a purchase will "tap" his telephone 200 against the payment terminal 450 during a start-up step 500.
• the payment terminal 450 sends on the phone a request for authorization of payment.
• the request received by the phone automatically initiates a selection application that requests the user to validate the payment during a step 510 authentication and payment method selection.
• the screen 210 displays the screen shown in Figure 6 which asks the user to validate the transaction using the fingerprint sensor 220.
• the validation screen offers different payment methods 610 to 630 while indicating a finger 640 to 660 associated with each payment method 610 to 630.
• the user When the user will authenticate using one of the indicated fingers, he will simultaneously select the payment method associated with the fingerprint of said finger. Authentication and selection of the means of payment being simultaneous, the user only has to "type" his phone 200 again against the payment terminal 450 which will complete the transaction by providing the terminal of payment a transaction authentication cryptogram which will include, for example, the identification of the transaction, the account or card to be debit and a signature of this information to justify the debit authorization.
• the payment methods 610 and 620 may correspond to the same credit card emulation payment software while the payment method 630 corresponds to a payment software by electronic purchase order provided by a store chain and usable only in said store chain.
• a first step 710 starts a selection application that will display the different means of payment as shown in Figure 6, optionally the display can also indicate the amount of the transaction to perform.
• a second step 720 then asks the user to validate the payment by authenticating with the aid of the biometric sensor 220.
• the screen of FIG. 6 is displayed until an impression capture is received by the sensor. 220.
• a check 730 makes it possible to check whether the imprint presented to the biometric sensor corresponds to a registered imprint and the imprint is associated with a means of payment.
• a selection step 740 launches the application with parameters corresponding to the payment means associated with the imprint while retaining the authentication performed.
• the payment application can go directly to the validation step 750 in order to construct a transaction authorization cryptogram corresponding to the payment means that has just been selected.
• the user After the validation step 750, the user only has to "tap" the phone again on the reader to transmit the transaction authorization cryptogram to the payment terminal 450.
• the payment transaction is rejected 760, a message indicates rejection to the user and terminates the selection application without triggering a payment application.
• the validation step 750 will be done at the same time as the finalization step 520.
• the reader sends a selection command to perform an identified transaction.
• Step 750 can then be performed by generating the transaction authorization cryptogram based on the authentication previously performed and on the identification of the transaction received in the selection command. Once the cryptogram has been prepared, it is automatically sent back to the payment terminal.
• steps 500 and 520 are replaced by interactions with a remote server or a script sent by a remote server.
• the initialization of the payment is triggered by the support of the user on an icon which will trigger a payment request to a selection application on the phone 200.
• the finalization of the payment is then naturally done at the end. of step 740 without any action of the user.
• the payment transaction is therefore relatively simplified for the user while maintaining a certain security of the operation.
• the security comes in particular because at least the sensitive steps are performed in a secure environment such as a secure circuit 234.
• the SIM card is used as a secure circuit or to use a removable secure circuit which is for example integrated in an SD card.
• the secure circuit is not essential to the realization of the invention.
• the biometric sensor is a fingerprint sensor.
• voice biometrics the biometric sensor becoming a microphone and the imprint can be done by voice recognition of the user on pre-recorded words such as the name of use of the means of payment each sequence corresponding to a voice print and a means of payment.
• the payment method can also be applied to a transport network.
• the cryptogram generated is mainly an authentication of the user. This cryptogram will then be used either to establish that the user has a valid subscription, or debit an account containing prepaid tickets.
• the selection is certainly not necessary if only one means of transport is possible, however, the authentication and simultaneous selection of the means of transport becomes interesting when several transport application are present on the same phone.
• the invention has been described in connection with a mobile phone but it is applicable to other electronic devices.
• it can be tablet, laptop, smart watch or even a multi application smart card.
• a smart card it must have a fingerprint sensor but not necessarily have a display screen, the user must in this case have in memory the fingerprint associated with payment method or the card will display the equivalent of Figure 6 on the payment terminal.

Landscapes

• Business, Economics & Management (AREA)
• Engineering & Computer Science (AREA)
• Accounting & Taxation (AREA)
• Physics & Mathematics (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Finance (AREA)
• Computer Security & Cryptography (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
• Telephone Function (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=54782644

Family Applications (2)

Family Applications Before (1)

Country Status (3)

Families Citing this family (3)

Family Cites Families (1)

• 2015
  • 2015-11-30 EP EP15306896.0A patent/EP3173998A1/de not_active Withdrawn
• 2016
  • 2016-11-28 US US15/780,184 patent/US20180349911A1/en not_active Abandoned
  • 2016-11-28 WO PCT/EP2016/078991 patent/WO2017093182A1/fr active Application Filing
  • 2016-11-28 EP EP16802047.7A patent/EP3384449A1/de not_active Withdrawn

Also Published As

Similar Documents

Legal Events