EP3465584A1 - Procédé de sécurisation d'un dispositif electronique, et dispositif electronique correspondant - Google Patents
Procédé de sécurisation d'un dispositif electronique, et dispositif electronique correspondantInfo
- Publication number
- EP3465584A1 EP3465584A1 EP17729524.3A EP17729524A EP3465584A1 EP 3465584 A1 EP3465584 A1 EP 3465584A1 EP 17729524 A EP17729524 A EP 17729524A EP 3465584 A1 EP3465584 A1 EP 3465584A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transaction
- electronic device
- time
- current
- period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/12—Card verification
Definitions
- the present invention is in the general field of electronic devices and more particularly relates to an electronic device, such as a smart card for example, configured to cooperate with an external terminal to perform a transaction, in the banking field for example.
- the invention applies more particularly, but not exclusively, to smart cards (or microcircuit cards), conforming for example to the IS07816 standard.
- the invention aims in particular to secure a smart card operating according to the EMV protocol (for "Europay Mastercard Visa").
- a smart card In general, a smart card is designed to communicate with a device external to this card, otherwise called terminal or reader. These cards make it possible to carry out various types of transactions, such as, for example, payment, debit or carrier authentication transactions. Smart cards for banking applications (credit card, debit card etc.), for example, are able to cooperate with payment terminals or ATMs to carry out various financial transactions.
- EMV is the standardized protocol used today mainly in the world to secure payment transactions made by smart cards.
- the EMV protocol has been designed to reduce the risk of fraud during a payment transaction by allowing in particular the authentication of both the smart card and its holder.
- This authentication process uses a combination of cryptograms (or encrypted keys) and digital signatures and possibly requires the entry of a secret code (commonly called PIN) by the cardholder.
- PIN secret code
- an EMV card can work online or offline.
- the EMV card can communicate, via the reader, with the corresponding issuing entity (the bank at the origin of the card, for example) to verify in particular that the current transaction is legitimate.
- the EMV card is operating in offline mode, it applies prerecorded verification criteria to decide whether the transaction should be allowed or denied.
- Figure 1 shows an example of implementation of an EMV-compliant payment transaction using an EMV 100 chip card.
- the EMV protocol is divided into three phases, although variants are possible.
- a first phase intended to authenticate the smart card 100 used
- the terminal 110 and the card 100 exchange a certain number of messages including a RESET message (RST) at S2 and then an ATR response at S4.
- RST RESET message
- ATR response at S4.
- the carrier of the card selects via the terminal 110 the desired transaction mode, thereby triggering the sending of a "SELECT" command to the card 100 to initiate the start of the EMV transaction.
- the EMV protocol proceeds to an authentication phase (not shown) of the cardholder 100.
- the terminal 110 determines the authentication method of the bearer to be applied and determines in particular if the transaction must be performed in code verification mode or in non-code verification mode. If the code verification mode is selected, the smart card 100 verifies the validity of the PIN entered by the bearer on the terminal 110. If, on the other hand, the mode without code verification is selected, no PIN check is performed. performed.
- the EMV protocol initiates the verification phase of the transaction.
- the terminal 110 sends (S8) to the smart card 100 a first APDU command called GENERATE AC or GAC (noted here GAC1).
- GAC GENERATE AC
- This well-known order includes information about the current transaction such as the amount of the transaction, the currency used, the type of transaction, and so on.
- the EMV card then performs (S9) a verification of the transaction according to predefined verification criteria and sends (S10), in response to the GAC1, a cryptogram (or cryptographic certificate) comprising a message authentication code (or MAC for " Message Authentication Code ").
- the response of the card 100 in the ARQC message depends in particular on the setting of the card made by the issuing entity 120 (called "issuer") of said card.
- the smart card 100 S10 sends a message type ARCQ ("Authorization Request Cryptogram") indicating that the card 100 wishes to continue the transaction online with, for example, a remote server of the transmitter 120 (online mode).
- the cryptogram ARQC is transmitted by the terminal 110 to the transmitter 120 which can thus perform (S13) a number of checks to ensure that the transaction is valid.
- the transmitter 120 then sends (S14), in response to the received ARCQ message, an encrypted message of the ARPC type indicating the decision of the transmitter 120.
- This ARPC message is transmitted by the terminal 110 to the card 100 at S16.
- the card 100 determines whether or not it accepts the transaction from the ARPC response received at S16.
- the card 100 If the card 100 accepts the transaction, the latter sends (S18) in response a cryptogram of TC type (accepted transaction) to the terminal 110. In the opposite case, the card 100 sends (S18) a cryptogram of AAC type indicating the refusal of the transaction.
- the online implementation of a transaction therefore makes it possible to implement security mechanisms that make it possible to identify risk situations and to trigger an appropriate security response.
- the issuer of the smart card can for example detect abnormal behavior during an online transaction and decline the transaction or trigger additional verification checks.
- EMV cards are typically configured to be able to perform a number of offline transactions, so that it is not possible for the card issuing entity to perform remote security checks in the course of time. the offline transaction. For example, certain EMV cards are configured to work offline if the amount of the current transaction does not reach a pre-defined minimum amount.
- Smart cards especially EMVs, are therefore particularly vulnerable to malicious (or abnormal) attacks and behavior when they work offline.
- the author of the flight can then carry out multiple successive transactions, all of which are on moderate amounts so as not to trigger the online operation of the card and thus escape the vigilance of the customer. the issuer of the card.
- the present invention relates to a method of securing implemented by an electronic device, said method comprising:
- risk analysis based on at least one historization data item recorded in the log file in association with each selected transaction, for detecting whether an abnormal use of said electronic device has occurred during said predefined period of time;
- the predefined period of time is here a slippery period of time ending at the current point in time.
- the present invention advantageously makes it possible to effectively protect electronic devices, in particular smart cards (of EMV or other type), configured to cooperate with a terminal to implement a transaction (a banking or other transaction).
- the invention makes it possible in particular to secure such electronic devices against abnormal or suspicious behavior occurring during offline transactions.
- the current point in time comprises at least one of the current date and the current time of the current transaction.
- the determination of the current point comprises receiving, from a terminal with which the electronic device cooperates, a time data representative of the current point in time.
- said selection comprises a computation of the point in time of the beginning of the predefined period of time, starting from the current point in time and a predefined duration attributed to said predefined period of time,
- each selected transaction being subsequent to the point in time of the beginning of the predefined period of time.
- the electronic device during said selection, the electronic device:
- said at least one predefined first condition comprises at least one of the following conditions: - the reference transaction is a so-called “online transaction” that has been carried out in cooperation with an entity issuing the electronic device; and
- the reference transaction is an online transaction that has been successfully authenticated by the issuing entity of the electronic device.
- the electronic device filters the transactions recorded in the log file to select only each transaction satisfying at least a second predefined condition.
- the second predefined condition comprises a condition on the type of the terminal with which the electronic device cooperated during said transaction.
- the electronic device detects whether an abnormal use of said electronic device has occurred during said predefined period of time starting from at least one of:
- the electronic device detects that abnormal use has occurred during said predefined period of time if at least one of the following three predefined conditions is satisfied:
- the cumulative amount of each transaction selected during said selection reaches a second predefined threshold value.
- said at least one security operation comprises at least one of:
- the electronic device is a smart card.
- the various steps of the security method are determined by instructions of computer programs. Consequently, the invention also aims at a computer program on an information medium (or recording medium), this program being capable of being implemented in an electronic device such as a smart card, this program comprising instructions adapted to the implementation of the steps of a security method as defined above.
- This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape.
- the invention also provides a computer-readable information carrier (or recording medium), and including instructions of a computer program as mentioned above.
- the information carrier may be any entity or device capable of storing the program.
- the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a floppy disk or a disk. hard.
- the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means.
- the program according to the invention can be downloaded in particular on an Internet type network.
- the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
- the invention also relates to an electronic device comprising:
- a determination module for determining a current point in time during which a current transaction is or must be implemented by the electronic device
- a selection module for selecting, in a log file in which at least one transaction is recorded, at least one (or each) transaction implemented by said electronic device in a predefined period of time ending at the current point in the weather ;
- a risk analysis module for detecting, from at least one historization data item recorded in the log file in association with each selected transaction, whether an abnormal use of said electronic device occurred during said period predefined time; and a security module configured, in the event of a positive result of said detection by the risk analysis module, for triggering a security operation of the electronic device in response to said current transaction.
- the predefined period of time is here a slippery period of time ending at the current point in time.
- the invention is implemented by means of software and / or hardware components.
- module may correspond in this document as well to a software component, a hardware component or a set of hardware and software components.
- the electronic device is a chip card, of the EMV type for example.
- the smart card is in accordance with the ISO 7816 standard.
- the electronic device comprises a memory in which the log file is saved.
- FIG. 1 already described represents, in a schematic manner, a transaction implemented according to the EMV protocol
- FIGS. 2A and 2B schematically represent a first mechanism for securing an EMV chip card
- FIG. 3 schematically shows the structure of a smart card according to a particular embodiment of the invention
- FIG. 4 schematically represents modules implemented in the smart card of FIG. 3, according to a particular embodiment of the invention.
- FIG. 5 represents, in the form of a flowchart, the steps of a security method according to a particular embodiment of the invention.
- FIG. 6 represents a log file according to a particular embodiment of the invention.
- FIG. 7 schematically shows transactions implemented over time by the smart card of Figure 3, according to a particular embodiment
- - Figure 8 shows, in the form of a flowchart, the steps of a securing method according to a particular embodiment of the invention.
- the present invention relates to electronic devices, such as smart cards for example, configured to cooperate with an external terminal to perform a transaction, in the banking field for example.
- the invention relates more particularly to the security of the configured smart cards, in particular when they are configured to process an offline transaction as explained above.
- FIGS. 2A and 2B illustrate a first mechanism for securing an EMV chip card 130.
- the smart card 130 is configured to calculate the cumulative amount of TR transactions that it has successfully performed during a fixed period of time CL, called "cycle", and then to check whether this cumulative amount reaches a certain amount. maximum threshold value.
- This period of time CL begins at a fixed position (or point) DRef in time, called reference position in time, corresponding for example to the date of a given transaction TRI.
- the CL time period also ends at a fixed position DF in time.
- the EMV card 130 verifies, during the transaction TR4, the cumulative amount of the transactions TR1, TR2 and TR3 carried out previously during the same cycle CL, as well as the amount of the transaction TR4. Classes. If this accumulated amount reaches at least the maximum threshold value, the card 130 asks for example to continue in online mode. Subsequently, when the card 130 detects that a new transaction occurs after the instant DF, it resets the reference point DRef in order to initiate a new time cycle CL also fixed in time.
- FIG. 2B illustrates an example in which the card 130 performs the transactions TR1 and TR2 during a first cycle CL1 and then initiates a new cycle CL2 in which it performs the transactions TR3 - TR5.
- transaction TR5 for example, smart card 130 checks the cumulative amount of transactions TR3, TR4 and TR5 included in the transaction.
- cycle CL2 but does not take into account the transactions TRI and TR2 because these were carried out during the previous cycle CL1.
- the time distribution of the TRI - TR5 transactions over two distinct cycles CL1 - CL2 thus increases the risks that these offline transactions are not identified by the card 130 as constituting abnormal or suspicious behavior.
- the invention proposes to overcome these disadvantages in particular by means of a security mechanism making it possible to effectively detect abnormal or suspicious behaviors, even when the smart card is operating offline, so that an appropriate security response can be brought if necessary.
- the method of the invention implemented by an electronic device such as a smart card for example, comprises the following steps: determining a current point in time during which a current transaction is or must be implemented by the electronic device; selecting, in a log file in which at least one transaction is recorded, each transaction implemented by said electronic device in a predefined period of time ending at the current point in time; risk analysis, from at least one historian data recorded in the log file in association with each selected transaction, for detecting whether abnormal use of said electronic device has occurred during said predefined period of time; and, if so, initiating a secure operation of the electronic device in response to said current transaction.
- the invention also relates to such an electronic device capable of implementing a security method as defined above.
- EMV chip card examples of implementations of the invention are described in relation to an EMV chip card. It is understood that the invention is not limited exclusively to EMV cards but more generally applies to any electronic device configured to implement a transaction, including devices other than smart cards, this device can use the standard EMV or other transaction standards.
- the electronic device of the invention is a smart card in accordance with the ISO 7816 standard.
- transaction is understood here in a broad sense and includes, for example, in the banking field, both a payment or transfer transaction and a consultation of a bank account on a bank terminal.
- the various embodiments of the invention are here described in the context of a payment card configured to perform banking transactions. We will understand that other types of transactions or operations are possible within the scope of the invention.
- FIG. 3 schematically represents the structure of a CD chip card according to a particular embodiment of the invention.
- the smart card CD is configured to cooperate with a terminal (or reader) T to perform a transaction TR, such as a financial transaction or bank (payment transaction or otherwise) in this case.
- a transaction TR such as a financial transaction or bank (payment transaction or otherwise) in this case.
- the terminal T is configured to interface between the smart card CD and a remote server SV.
- the server SV is a server of the issuing entity EM (Le., A banking institution for example) of the smart card CD.
- the card CD is able to communicate, via the terminal T, with the remote server SV in order to implement, according to the EMV protocol, a so-called "online" transaction, that is to say involving a exchange with the EM issuer as already explained above.
- the smart card CD comprises in this example external contacts 4 able to cooperate with the reader T, at least one processor 6, a rewritable volatile memory (of the RAM type) 8 and a rewritable non-volatile memory 10 (of type Flash for example).
- the memory 10 constitutes in this example a recording medium (or information medium) according to a particular embodiment, readable by the smart card C2, and on which is recorded a computer program PG corresponding to a particular embodiment.
- This computer program PG includes instructions for executing the steps of a security method according to a particular embodiment. The main steps of this method are shown, in particular embodiments of the invention, in Figures 5 and 8 described later.
- the smart card CD complies with the ISO 7816 standard.
- the external contacts 4 have characteristics in accordance with this standard. standard.
- the smart card CD can for example cooperate with the reader T in contactless mode via an RF antenna integrated in the CD card.
- a log file LG also called "Log” in English
- at least one criterion (or parameter) CR predefined are stored in the rewritable non-volatile memory 10 of the CD card.
- At least one transaction TR implemented in the past by the smart card CD is recorded in the log file LG.
- at least one DLG history data is recorded in the log file LG.
- a DLG logging datum is for example a transaction datum characterizing the corresponding transaction TR.
- LG log file in which TR transactions (and, more particularly, historization data associated with these transactions) are recorded
- terminals T may be, for example, automatic ticket machines (ATMs) and payment terminals, other types of terminals being possible.
- ATMs automatic ticket machines
- payment terminals other types of terminals being possible.
- the CR criterion or criteria stored in the memory 10 may comprise at least one selection criterion CRI and / or at least one analysis criterion CR2. Criteria for selection and analysis CRI, CR2 configure, if necessary, how the card implements the method of the invention, as explained later.
- the criteria CR stored in the memory 10 comprise two predefined conditions CD1 and CD2 each constituting a selection criterion CRI, as well as a condition CD3 constituting an analysis criterion CR2.
- CD1 and CD2 each constituting a selection criterion CRI
- condition CD3 constituting an analysis criterion CR2.
- other exemplary embodiments are possible within the scope of the invention, the number and the nature of the selection criteria and the analysis criteria in particular being able to vary according to the use case.
- the criteria CR and the log file LOG will be described in more detail below according to a particular embodiment with reference to FIGS. 4-9.
- the processor 6 controlled by the computer program PG implements a number of modules shown in FIG. 4, namely: a determination module MD2, a selection module MD4, a module d MD6 analysis and an MD8 security module.
- the determination module MD2 is configured to determine a point (or position) running in time, denoted by PC, during which a current transaction is, or must be, implemented by the smart card CD.
- current point in time is meant a given moment in time when a current transaction is, or must be, implemented by the smart card CD.
- a point in time can be defined for example by a date and / or a time, and more generally by any temporal data making it possible to define a given position in time.
- the determination module MD2 determines the current point PC in time from a received temporal data, for example from the terminal T.
- the smart card CD comprises a communication unit. calculation of the current date and / or time.
- the selection module MD4 is configured to select, in the log file LG in which is recorded at least one transaction TR passed, each (or at least one) transaction TR implemented by the smart card CD in a predefined period (or window) of time (denoted PD) ending at the current point in the PC time. Since the period of time PD has a fixed duration, it moves in time so that it always ends at the current point in the time PC determined by the determination module MD2.
- the predefined time period PD is a sliding time period whose end terminal is defined by the current point PC in the time determined by the determination module MD2. Whenever a new current point PC in time is determined by the determining module MD2, the period of time PD slides in time so that it always ends with the current point PC. Examples of embodiments will be described later with reference in particular to FIG.
- the selection module MD4 is configured to select, among the transactions TR recorded in the log file LG, all the transactions TR that have been implemented in the predefined period of time PD. In a particular example, the selection module MD4 is configured to select, among the transactions TR recorded in the log file LG, the transactions TR which have been implemented in the predefined period of time PD and which also comply with minus one predefined selection criterion (or condition) CRI. These selection criteria CRI are for example recorded in the memory 10 of the CD card. As already indicated, Fig. 3 represents a particular example where the CRI selection criteria comprise two conditions CD1 and CD2.
- the risk analysis module MD6 is configured to detect, from at least one DLG history data item recorded in the log file LG in association with each transaction TR selected by the selection module MD4, whether a use abnormal (or suspicious) of said CD card occurred during said predefined period of time PD.
- abnormal use is meant here any use of the smart card CD deemed, according to at least one predefined analysis criterion, to be potentially at risk, fraudulent or abnormal.
- the security module MD8 is configured, in case of a positive result of the detection by the risk analysis module MD6 (that is to say if an abnormal use of the CD card is detected by the MD6 analysis module), for triggering at least one security operation of the CD chip card in response to the current transaction TR.
- Each security operation is configured to secure the smart card CD in response to the current transaction TR. Examples of such operations are described hereinafter with reference to FIGS. 5-9.
- the smart card CD executes the computer program PG.
- the smart card CD has initiated, in cooperation with the terminal T, the processing of a transaction TR, called the current transaction.
- the current transaction TR has not yet been initiated.
- the transaction TR conforms to the EMV protocol.
- the smart card CD determines a current point PC in the time in which the current transaction TR is, or must be, implemented by the smart card CD.
- This current point PC comprises for example at least one of the date (called current date) and time (known as current time) of the current transaction.
- the smart card CD selects, in the log file LG in which is recorded at least one transaction TR passed, each (or at least one) transaction TR implemented by the smart card CD in a period of predefined PD time ending at the current PC point in time.
- this PD period is a sliding time window, of predefined duration, whose end terminal is defined by the current position in PC time.
- the duration of the period of time PD can in particular be adapted according to the desired configuration in view of the type of events or behaviors that it is desired to monitor at the level of the smart card CD.
- the smart card CD then carries out in S34 a risk analysis (or a transaction analysis), from at least one DLG historization data item recorded in the log file LG in association with each TR transaction selected in S32. , to detect whether abnormal (or suspicious) use of the CD chip card has occurred during the predefined time period PD.
- the smart card CD detects for example whether abnormal use of said CD card has occurred during the predefined PD period from at least one of:
- the smart card CD detects that abnormal use has occurred during the predefined period PD if at least one of the following predefined conditions is satisfied:
- the number of transactions selected during the selection S32 reaches at least a first predefined threshold value
- the cumulative amount of each TR transaction selected during the selection S32 reaches at least a second predefined threshold value.
- the smart card CD triggers in S36 at least one operation of securing the smart card CD in response to the current transaction TR.
- Each security operation aims at securing the CD chip card vis-à-vis the current transaction TR, and more generally, vis-à-vis the use of the smart card CD over the PD period of time.
- the number and nature of these security operations may vary depending on the use case.
- said at least one security operation S36 comprises at least one of:
- an operation parameter PR configures the manner in which the smart card CD processes a transaction TR with an external terminal, such as the reader T in this example.
- the operating parameter PR to be modified may, for example, be a counter stored in the smart card CD. Such a counter can for example represent a number of offline transactions already performed by the smart card CD, or the cumulative amount of offline transactions already made by the smart card CD.
- the parameter PR can moreover relate to a threshold value of such a counter.
- the modification of the PR parameter may constitute an update of the configuration of the CD chip card causing a change in the processing of TR transactions by the smart card CD.
- the smart card CD implements an example of a security method by executing the computer program PG.
- FIG. 7 represents, along a time line, TRI-TR5 transactions that have been successively implemented in the past by the EMV chip card.
- Figure 6 shows the recording of these transactions TRI to TR5 in the LG historian file of the smart card CD. More specifically, DLG logging data is stored in the LG log file in association with each TRI-TR5 transaction. This DLG history data characterizes the TRI - TR5 transactions that have already been implemented by the CD chip card.
- the DLG history data recorded in the log file LG includes, in association with each referenced transaction TR, a transaction identifier ID, a point in time PT (for example a date and / or a time) where the transaction was carried out and an amount MT of the transaction, and possibly at least one of: a log data DN1 indicating whether the transaction was performed online or offline, a log data DN2 indicating whether the online authentication (or validation) by the emitter EM has been successfully passed in the case of an online transaction, and a log data item DN3 indicating the type of terminal T cooperating with the card CD during the transaction.
- the types of terminals T possible, there may be mentioned for example ATMs (or ATMs) and payment terminals, other types of terminals being conceivable.
- the chip card CD has initiated, in cooperation with the terminal T, the processing according to the EMV protocol of a new transaction TR6, called current transaction.
- the smart card CD is for example inserted in the terminal T to allow communication by contact.
- the smart card CD has received a first GENERATE AC APDU command, denoted GAC1, as already explained above with reference to step S8 in FIG. 1, and that the smart card CD implements the security method according to a particular embodiment of the invention in response to this command GAC1.
- the security method is implemented at another stage of the EMV protocol.
- the smart card CD implements the security method whereas the processing of the current transaction TR according to the EMV protocol has not yet been initiated.
- Steps A4, A6, A12 and A14 described hereinafter with reference to FIG. 8 respectively correspond to steps S30, S32, S34 and S36, represented in FIG. 5, implemented in a particular embodiment of the invention.
- the terminal T sends a time data DNT to the chip card CD which receives it at A2.
- the time data DNT is representative of a current point PC in time.
- This time data DNT may have any appropriate format and here includes for example the current date DC and the current time HC.
- the chip card CD determines, from the time data DNT received at A2, the current point in time PC during which the current transaction TR6 must be implemented.
- the current point PC is defined by the current date DC and the current time HC at the time of initiation of the EMV protocol between the smart card DC and the terminal T to implement the current transaction TR6.
- Other techniques for determining the current date and / or time are possible, however.
- the chip card CD selects (A6), in the log file LG, each transaction TR implemented by the smart card CD in the predefined period of time PD ending at the current point PC in the time determined in A4.
- the time period PD is a time window of a predefined duration DT.
- the value of DT can be adapted according to the desired purpose as explained later.
- the smart card CD determines in this example the reference point in time, denoted PRef, corresponding to the beginning of the predefined period of time PD ( Figure 7).
- the chip card CD calculates the reference point PRef in time from the current point PC in time and the predefined duration DT assigned to the time period PD. More precisely, the chip card CD calculates PRef such that:
- PRef PC - DT
- the reference point PRef includes the date and time of the beginning of the period of time PD.
- the reference point PRef in time can correspond to a transaction previously implemented by the smart card CD.
- the smart card CD selects (A10) then each transaction TR, recorded in the log file LG, which is later than the reference point PRef in time.
- the selection A10 includes the transaction TR implemented, if necessary, at the reference point PRef in time (no transaction is recorded at the point PRef in this example).
- the CD smart card determines when it was implemented
- PT includes for example the date and / or time of the corresponding transaction TR.
- the smart card CD selects in A10 the transactions
- the chip card CD additionally selects the current transaction TR6 in A10, although variants are possible in which the current transaction TR is not selected in A10.
- the chip card CD can also be configured to apply at least one selection criterion CRI to refine the selection made in A10.
- the chip card CD determines for example in A10, from the log file LG, as reference transaction TRef, the most recent transaction TR in the period of time PD that satisfies the first predefined condition CD1.
- the chip card CD selects in A10 only each TR transaction implemented by said CD card after the reference transaction TRef in the predefined period of time PD.
- the first condition CD1 comprises at least one of the following conditions:
- the TRef reference transaction is an online transaction that has been conducted in cooperation with the EM issuer;
- ⁇ CD12 the TRef reference transaction is an online transaction carried out in cooperation with the EM issuer that has been successfully authenticated (or validated) by the EM issuer.
- the chip card CD determines, for each transaction TR whose point in the time PT is subsequent to the reference transaction TRef, and from the associated data DN1, if said transaction TR is an online transaction.
- the CD chip card determines, for each online transaction whose point in time PT is subsequent to the reference transaction TRef, and from the corresponding data DN2 in the LG history file, if said TR transaction has been successfully authenticated (or validated) by the EM issuer.
- the smart card CD applies the condition CDU but not the condition CD12 at A10.
- the smart card CD applies the condition CD12 above.
- the CD chip card selects the transactions TR4 and TR5 in accordance with condition CD12 at A10.
- the smart card CD can be configured to apply at least one selection criterion CRI to refine the selection made in A10.
- the number and nature of CRI selection criteria may vary from case to case.
- the smart card CD filters the transactions TR recorded in the log file LG to select only each transaction TR satisfying at least a second predefined condition CD2.
- the second predefined condition CD2 includes a condition on the type of the terminal T with which the smart card CD cooperated during said transaction TR.
- the log file LG records as log data DN3, for each transaction TR, whether said transaction was carried out in cooperation with a terminal T according to a first type TY1 or according to a second type TY2.
- the states TY1 and TY2 respectively indicate that the terminal T is an automatic cash dispenser (ATM) and a payment terminal (a mobile terminal for example). If, for example, the condition CD2 is applied, the smart card CD excludes from the selection A10 the transactions TR which are in the predefined period PD and but do not satisfy the state TY1 (the transaction TR5 is therefore excluded in this example).
- the smart card CD it will be understood that it is possible to configure the smart card CD to apply at least a first condition CD1 and / or at least a second condition CD2 as explained above.
- the smart card CD applies the condition CDU and selects accordingly at A10 the transactions TR4 and TR5.
- the smart card CD (more particularly the risk analysis module MD6) performs a risk analysis (or transaction analysis), based on the recorded DLG history data. in the LG history file in association with each TR transaction selected in A6 (ie TR4 and TR5 in this example), to detect whether abnormal (or suspicious) use of the CD chip card occurred during the period predefined time PD.
- the CD chip card detects whether abnormal use of said CD card has occurred during the predefined time period PD from at least one of:
- the smart card CD detects whether abnormal (or suspect) use has occurred during the predefined period PD according to at least one criterion CR2, recorded in this example in the memory 10.
- the smart card CD applies, as analysis criteria CR2, the following predefined conditions CD3:
- the smart card CD detects that abnormal or suspect use has occurred during the predefined period of time PD if the conditions CD32 and CD32 are satisfied.
- the values Lmaxl and Lmax2 are set according to the needs of the case.
- only one of the predefined conditions CD31 and CD32 is applied by the chip card CD during the analysis A12.
- the smart card CD resumes for example a normal processing of the transaction according to the EMV protocol.
- the smart card CD triggers in A14 at least one operation of securing the smart card CD in response to the current transaction TR6.
- Each security operation is configured to secure the CD chip card vis-à-vis the current transaction TR, and more generally, vis-à-vis the use made of the CD chip card over the PD period of time. The number and nature of these security operations may vary depending on the use case.
- the smart card CD carries out in A14 at least one of the following security operations:
- the terminal T may optionally transmit (B17) the message MSG1 to the remote server SV so that the sender SV is informed of the abnormal or suspicious use detected by the smart card CD;
- a PR operation parameter configures how the CD chip card processes a TR transaction with the terminal T.
- the CD chip CD sends for example a refusal message MSG2 which is received by the terminal T in B22.
- a smart card according to the invention is thus capable of storing in memory memory data relating to transactions processed by said card over time. From this historization data, the smart card can then analyze the use that is made of the card in a relevant time window, namely a time window corresponding here to a period of time immediately preceding the transaction. In progress. It is thus possible to take into account all relevant transactions for each analysis made by the smart card, without there being a risk that certain transactions are excluded from the analysis as is the case for example in the mechanism security described above with reference to Figures 2A and 2B.
- abnormal behavior of the authentic carrier for example a number and / or a cumulative amount of abnormal or suspicious expenditure
- the invention makes it possible to better control the use of a smart card, of EMV type in particular, even when it operates offline.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1654572A FR3051579B1 (fr) | 2016-05-23 | 2016-05-23 | Procede de securisation d'un dispositif electronique, et dispositif electronique correspondant |
PCT/FR2017/051254 WO2017203146A1 (fr) | 2016-05-23 | 2017-05-22 | Procede de securisation d'un dispositif electronique, et dispositif electronique correspondant |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3465584A1 true EP3465584A1 (fr) | 2019-04-10 |
Family
ID=57113448
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17729524.3A Ceased EP3465584A1 (fr) | 2016-05-23 | 2017-05-22 | Procédé de sécurisation d'un dispositif electronique, et dispositif electronique correspondant |
Country Status (4)
Country | Link |
---|---|
US (1) | US20200320535A1 (fr) |
EP (1) | EP3465584A1 (fr) |
FR (1) | FR3051579B1 (fr) |
WO (1) | WO2017203146A1 (fr) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3076027B1 (fr) * | 2017-12-21 | 2021-08-20 | Oberthur Technologies | Securisation du traitement d'une transaction |
FR3076026B1 (fr) * | 2017-12-22 | 2019-11-29 | Oberthur Technologies | Sauvegarde de donnees d'historique dans un dispositif destine a traiter des transactions |
FR3090959B1 (fr) * | 2018-12-21 | 2020-12-11 | Idemia France | Traitement d’un service de tickets électroniques |
FR3099272B1 (fr) * | 2019-07-24 | 2021-07-02 | Idemia France | Procédé de sécurisation, et dispositif électronique associé |
CN115982703B (zh) * | 2023-03-22 | 2023-06-16 | 新兴际华集团财务有限公司 | 用户行为数据处理方法、装置、电子设备和计算机可读介质 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1955269A4 (fr) * | 2005-12-02 | 2012-12-05 | Welcome Real Time Pte Ltd | Procédé et système pour retours autorisés |
FR2958770B1 (fr) * | 2010-04-13 | 2012-11-16 | Oberthur Technologies | Procede de controle d'un dispositif apte a fonctionner en mode avec ou sans verification de code pour effectuer une transaction |
FR2984648B1 (fr) * | 2011-12-20 | 2014-01-10 | Oberthur Technologies | Dispositif electronique individuel et procede de reponse par un dispositif electronique individuel a une sollicitation |
FR3012645A1 (fr) * | 2013-10-24 | 2015-05-01 | Orange | Procede d'execution d'une transaction entre un premier terminal et un deuxieme terminal |
CA2934342C (fr) * | 2013-12-18 | 2023-02-28 | Capital One Financial Corporation | Systemes et methodes pour generer des offres a partir de paiements sans contact mis en jetons |
US10311439B2 (en) * | 2014-10-15 | 2019-06-04 | Paypal, Inc. | Systems and methods for facilitating offline payments |
US10366378B1 (en) * | 2016-06-30 | 2019-07-30 | Square, Inc. | Processing transactions in offline mode |
-
2016
- 2016-05-23 FR FR1654572A patent/FR3051579B1/fr not_active Expired - Fee Related
-
2017
- 2017-05-22 WO PCT/FR2017/051254 patent/WO2017203146A1/fr unknown
- 2017-05-22 US US16/304,235 patent/US20200320535A1/en not_active Abandoned
- 2017-05-22 EP EP17729524.3A patent/EP3465584A1/fr not_active Ceased
Also Published As
Publication number | Publication date |
---|---|
WO2017203146A1 (fr) | 2017-11-30 |
FR3051579A1 (fr) | 2017-11-24 |
FR3051579B1 (fr) | 2021-11-19 |
US20200320535A1 (en) | 2020-10-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3465584A1 (fr) | Procédé de sécurisation d'un dispositif electronique, et dispositif electronique correspondant | |
EP3455812B1 (fr) | Procédé de sécurisation d'un dispositif electronique, et dispositif electronique correspondant | |
FR2958770A1 (fr) | Procede de controle d'un dispositif apte a fonctionner en mode avec ou sans verification de code pour effectuer une transaction | |
FR3021799A1 (fr) | Methode d'identification, dispositif et programme correspondant | |
EP3234848B1 (fr) | Procede d'envoi d'une information de securite et dispositif electronique apte a mettre en oeuvre un tel procede | |
EP3261014B1 (fr) | Procédé d'envoi d'une information de sécurité | |
EP3343487A1 (fr) | Procédé de contrôle d'habitudes d'utilisation et dispositif électronique apte à mettre en uvre un tel procédé | |
EP3579588B1 (fr) | Procédé de gestion d'une procédure d'un mode de secours de transaction, et dispositif associé | |
EP3394812A1 (fr) | Procédé d'authentification | |
EP3291188B1 (fr) | Procédé de contrôle d'un dispositif électronique et dispositif électronique correspondant | |
EP3340098B1 (fr) | Procédé pour la sécurité d'une opération électronique avec une carte à puce | |
EP3502997B1 (fr) | Sauvegarde de donnees d'historique dans un dispositif destine a traiter des transactions | |
FR3062501A1 (fr) | Procede pour la securite d'une operation electronique | |
EP4075358B1 (fr) | Gestion de la mémoire dans un dispositif de traitement de transactions | |
FR3076027A1 (fr) | Securisation du traitement d'une transaction | |
EP3836060A1 (fr) | Traitement de transactions selon un profil opérationnel | |
FR3092412A1 (fr) | Authentification d’un utilisateur d’un dispositif électronique | |
FR3099272A1 (fr) | Procédé de sécurisation, et dispositif électronique associé | |
FR3084502A1 (fr) | Securisation de transactions | |
FR3091945A1 (fr) | Procédé de transaction avec une devise différente, et dispositif correspondant | |
FR3092413A1 (fr) | Procede d’authentification d’un utilisateur et dispositif associe | |
WO2016097637A1 (fr) | Procede de securisation d'un code pin avec des compteurs d'erreurs dans une carte a puce | |
EP2812864A2 (fr) | Système de paiement, terminal de paiement de ce système, et procédé de paiement associé |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20181122 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20190905 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20201209 |