WO2003025869A1 - Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network - Google Patents

Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network Download PDF

Info

Publication number
WO2003025869A1
WO2003025869A1 PCT/FR2002/003122 FR0203122W WO03025869A1 WO 2003025869 A1 WO2003025869 A1 WO 2003025869A1 FR 0203122 W FR0203122 W FR 0203122W WO 03025869 A1 WO03025869 A1 WO 03025869A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing means
seller
funds
authorization code
customer
Prior art date
Application number
PCT/FR2002/003122
Other languages
French (fr)
Inventor
Alexandre Fusiller
Original Assignee
Alexandre Fusiller
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alexandre Fusiller filed Critical Alexandre Fusiller
Priority to EP02785496A priority Critical patent/EP1425724A1/en
Publication of WO2003025869A1 publication Critical patent/WO2003025869A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the present invention relates to a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communications network.
  • the aim of the present invention is to propose a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which overcomes the aforementioned drawbacks and allow intervention "online", while reducing or even eliminating the damaging consequences of hacking and / or fraudulent use of information transmitted over the network for payment.
  • Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communications network which allow the customer to '' make payments without having to wait for information from its banking organization on the identification means to be used for the transaction.
  • Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which allow the customer to check the amount of the transaction before it takes place.
  • Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which allow the customer to wait for delivery before authorizing payment while guaranteeing the seller the discharge of his claim as soon as the delivery has been accepted.
  • the invention firstly relates to a method for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communication network by a user of said network, called a client, said client being provided with a permanent personal identification code intended to allow the carrying out of money transfers, method in which:
  • At least one authorization code specific to said customer and valid for a limited number of payment transactions, is stored in association with said identification code, in one or more so-called identification files, provided at the level centralized processing facilities, before purchase, and, upon purchase,
  • the invention also relates to an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communications network by a said network user, known as a client, provided with a code.
  • permanent personal identification system intended to allow the transfer of funds
  • said installation comprising: - centralized processing means, provided with one or more files, known as identification files, allowing storage, in association with said code identification, of at least one authorization code, specific to said customer and valid for a limited number of payment transactions, before purchase, - first means of exchanging information allowing the transmission of said authorization code on said network, upon purchase,
  • said centralized processing means being provided capable of allowing the exploitation of said identification file or files to authorize updating the identification code associated with the authorization code transmitted so that you can transfer funds.
  • FIG. 1 schematically illustrates a first mode of implementation of the method according to the invention
  • FIG. 2 schematically illustrates an alternative embodiment of the embodiment of FIG. 1,
  • FIG. 3 schematically illustrates an embodiment of the installation according to the invention.
  • the invention relates first of all to a method of securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network, by a user of said network, known as a customer, provided with a permanent personal identification code, specific to the customer's audit and intended to allow the transfer of funds.
  • Permanent means independent of the number of operations carried out.
  • the network in question it is, for example, an open network, that is to say accessible to all, in particular the Internet.
  • information communicated by the network in particular according to the arrow marked 1, capable of authorizing a transfer, possibly electronic, of funds, in particular according to the arrows marked 4, 5.
  • At least one authorization code specific to said customer and valid for a limited number of payment transactions, is stored. , in particular only one, in one or more so-called identification files, provided at the level of centralized processing means 8.
  • said authorization code is then transmitted by said network.
  • said authorization code to said centralized processing means 8 and the identification file or files of said centralized processing means are used to update said identification code associated with said authorization code and allow said transfer of funds.
  • Said payment is intended, for example, for another user of said network, called the seller, said client 3 and said seller 2 being each provided with a banking organization 6, 7, said banking organization 6 of the client as well as, possibly, that 7 of the seller being accessible digitally.
  • said seller is also provided with a permanent identification code and said customer and seller banking organizations are accessible by them using their said identification code.
  • Said seller is, for example, the owner of the products and / or services purchased by said customer through said network.
  • Said banking organizations are, for example, those where the seller and / or the customer has a current account.
  • Said centralized processing means may be provided independent, that is to say not dependent neither on the customer's banking organization, nor on the seller's banking organization, the digital processing means of each being provided separate, at least in part.
  • said authorization code is then transmitted to the seller by said network, according to the arrow marked 1, said authorization code and the seller's identification code are associated, as well as, possibly, the amount of the payment and all this information from the seller is transmitted to said centralized processing means, according to the arrow marked 9.
  • the transfer of funds is carried out, for example, directly from the customer's banking organization to the seller's banking organization. It can also pass through said centralized processing means 8.
  • Said authorization code is, for example, previously prepared by the customer himself and transmitted, directly or indirectly, to said centralized processing means, with the identification code of said customer.
  • the customer can develop said authorization code and transmit it to his banking organization which will then communicate it with his identification code to said centralized processing means. It is therefore not necessary to provide a direct connection between the client and said centralized processing means.
  • the customer may be allowed to build up a list of different authorization codes, said list being provided for consultation from his banking institution in which it will have been stored, each authorization code being to be used as desired.
  • said information may only consist of said authorization code which, remember, says nothing about the client himself.
  • the said authorization code may also be supplemented with the amount of the funds.
  • a prior request for transfer authorization associated with the amount of funds and / or the seller's identification code.
  • the client is then informed of said request and his response is transmitted, according to the arrows marked 12, 13 by means of centralized processing 8 before authorizing or not authorizing said transfer of funds as a function of said response.
  • Said requests are provided for stored, for example, at the level of the customer's banking organization so that the latter can consult and respond to them, his response passing through said banking organization.
  • the customer decides to make a purchase "online”
  • he communicates to the seller his authorization code.
  • This is followed by a series of communications between the seller 2, the centralized processing means 8 and the customer's banking organization 6.
  • client's banking organization 6 will present to client 3 a prior request for transfer authorization. It will be the positive response of the client to said request that will allow the transfer of funds and payment, and not the communication by the client of his authorization code to the seller.
  • the customer is thus allowed to check the quality of the product and / or service purchased before payment while guaranteeing the seller the payment of his claim.
  • the funds may be sequestered electronically, for example at the level of said centralized processing means 8.
  • the exchange of digital information with the delivery organization 21 can be organized as follows. Upon receipt of the receiver's information by the seller, the latter may trigger an exchange of computerized data delivery transmitted according to the arrow identified 16 to said delivery organization 21.
  • the latter delivers the goods to the customer 3, according to the arrow marked 17.
  • reception information is transmitted from said client 3 to said delivery organization 21, according to the arrow marked 18.
  • Said delivery organization 21 then informs the seller 2, according to the arrow identified 19, which indicates to the centralized processing means, according to the arrow marked 22, that the sequestered funds can be released.
  • said personal identification codes of the customer and / or the seller consist, for example, of any designation such as, in particular, their name.
  • said personal identification codes will then be associated, at the level of said centralized processing means 8, with the account number usually used for such operations.
  • the invention also relates to an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network, by a user of said network, known as a customer, provided with a personal identification code intended to allow the transfer of funds.
  • Said installation is intended, in particular, for the implementation of the method described above.
  • the installation according to the invention comprises means for exchanging information able to allow the transmission by the network 24 of information allowing a transfer, in particular electronic, of funds.
  • said installation further comprises according to the invention centralized processing means 8, provided with one or more files, called identification, allowing memorization, in association with said customer identification code, of an authorization code, specific to said customer and valid for a limited number of payment transactions, before purchase.
  • Said installation also includes first means of exchanging information, capable of transmitting said authorization code over said network 24, during the purchase.
  • Said installation also comprises second means for exchanging information, capable of allowing the transmission of said authorization code to said centralized processing means, said centralized processing means 8 being provided capable of allowing the exploitation of said file or files. identification to authorize the update of the identification code associated with the authorization code transmitted so as to be able to effect said transfer of funds.
  • the payment takes place, for example, between said client 3 and said seller 2, said first means of exchanging information then being provided capable of transmitting said authorization code from said client 3 to said seller 2.
  • said installation comprises first decentralized processing means 30, provided capable of associating said authorization code and the identification code of the seller and possibly an amount of funds to be transferred, said second means of exchanging information being then provided capable of communicating all of this information from said seller to said centralized processing means, directly or indirectly.
  • said centralized processing means they are then able to combine said customer and seller identification codes, thanks to said authorization code to authorize a transfer of funds between the banking organizations of these 6, 7.
  • Said first decentralized processing means 30 are provided, for example, at the seller's own processing means 23 2 and / or 27 of his banking organization 7.
  • each banking organization takes place, for example, at the using connections 31, 32 established between the means centralized processing 8 on the one hand, and on the other hand, respectively, the seller's banking organization 27 and the client's banking organization 26.
  • said links are provided secure.
  • Said link 29 established between seller 2 and his banking organization 27 is used, for example, for the transmission of said authorization code and of the amount of the purchase of said seller to his banking organization.
  • the link 31 established between said seller's banking organization and said centralized processing means it is then used to transmit said authorization code of said purchase amount and said seller identification code, from its banking organization to said centralized processing facilities. All or part of this information can also pass directly from said seller to said centralized processing means by a link 40.
  • Said first decentralized processing means 30 can then be provided at the level of the seller 2.
  • the installation according to the invention may also include second decentralized processing means 33, capable of allowing said authorization code to be drawn up by said client himself, and means for exchanging information between said client 3 and / or his banking organization 6, d on the one hand, and, on the other hand, said centralized processing means 8, called third means for exchanging information, capable of allowing the transmission of said authorization code with said client identification code.
  • Said second decentralized processing means are provided, for example, at the level of the client's own processing means 25 and / or at the level of the client's own processing means 26.
  • said transmission of said authorization code and of said identification code is carried out, in particular, by virtue of the connection 32 provided between said banking body 6 of the client and said centralized processing means 8.
  • said authorization code may be is temporary, i.e. it will only be valid for a limited period, and / or for a given amount, i.e. for a transfer of funds not exceeding a preset amount.
  • Said second means of information may also be provided capable, for example, of allowing the transmission to the seller and / or to its banking organization of information on the arrival and / or the origin of funds, said information being made up of the code authorization of the client and / or of the amount of funds, in particular thanks to the links 29, 31 provided between said centralized processing means 8 and the seller's banking organization and between the seller's banking organization and said seller.
  • said third means of exchanging information may be provided capable of transmitting to the customer's banking organization a prior request for transfer authorization, associated with the amount of funds and / or the code identification of the seller, in particular thanks to the link 32 established between said centralized processing means 8 and said banking organization 6 of the client.
  • the installation according to the invention then further comprises means for informing said client of said request, said third means for exchanging information being provided capable of transmitting the client's response to said centralized processing means 8 before authorizing or not said transfer of funds depending on said response.
  • Said means for informing said client are provided, for example, at the level of the second decentralized processing means 33 with which the client will be able to get in touch thanks to the link 28 established between himself and his banking organization.
  • said third means of information may also be provided capable of transmitting to said centralized processing means, in response to the request for authorization of transfer of funds, information of sequestration of said funds, in particular by means of the link 32 established between said centralized processing means 8 and said customer's banking organization.
  • Said second means for exchanging information are then provided capable of transmitting said escrow information to the seller, directly or indirectly, in particular thanks to the links 40; 29, 31 established between said centralized processing means 8 and the seller's banking organization and between said banking organization and the seller himself.
  • said installation will also include distributed processing means, capable of making it possible to ensure, by exchange of digital information with a delivery organization, not shown in FIG. 3, of good reception by the customer of the product and / or service purchased, before effecting said transfer of funds.

Abstract

The invention concerns a method and a device for making secure a payment operation carried out for remote purchase of goods and/or services on a digital data communication network, by a user of said network, called client (3), said client being provided with a permanent personal identification code enabling to carry out cash transfers. The invention is characterized in that it consists in: storing, in association with said identification code, at least an authorization code, particular to said client and valid for a limited number of payment operations, in one or more so-called identification files, provided at centralized processing means (8), prior to the purchase; and upon purchasing, transmitting said authorization code via said network, communicating it to said centralized processing means and using said identification file(s) of said centralized processing means to update said identification code associated with said authorization code and to enable a cash transfer.

Description

PROCEDE DE SECURISATION D ' UNE OPERATION DE PAIEMENT EFFECTUEE POUR L ' ACHAT A DISTANCE DE PRODUITS ET/OU SERVICES SUR UN RESEAU DE COMMUNICATIONSMETHOD FOR SECURING A PAYMENT OPERATION CARRIED OUT FOR THE REMOTE PURCHASE OF PRODUCTS AND / OR SERVICES ON A COMMUNICATIONS NETWORK
La présente invention concerne un procédé et une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communications d'informations numériques.The present invention relates to a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communications network.
Actuellement, il est connu d'effectuer des achats, dits « en ligne », en commandant des produits et/ou services au niveau de sites informatisés accessibles par l'intermédiaire d'un réseau numérique, notamment l'internet.Currently, it is known to make purchases, called "online", by ordering products and / or services at computerized sites accessible via a digital network, in particular the Internet.
Il est également connu de pouvoir payer de tels achats « en ligne », c'est-à-dire en communiquant au vendeur par le réseau des informations, aptes à autoriser une identification bancaire du client, à savoir plus précisément, son numéro de carte bancaire, voire sa date de validité. On réalise ensuite un transfert électronique de fonds entre l'organisme bancaire du client et celui du vendeur.It is also known to be able to pay for such purchases "online", that is to say by communicating to the seller through the network of information, capable of authorizing a bank identification of the customer, namely more precisely, his card number bank, or even its validity date. An electronic transfer of funds is then carried out between the banking organization of the client and that of the seller.
Toutefois, un tel mode de paiement reste encore peu utilisé, en grande partie, en raison des craintes de piratage et d'utilisations frauduleuses des coordonnées bancaires communiquées. En effet, compte tenu du caractère ouvert des réseaux employés pour l'achat « en ligne », les informations circulant sur de tels réseaux sont difficilement protégeables.However, such a method of payment is still little used, in large part, due to fears of hacking and fraudulent use of the bank details communicated. In fact, given the open nature of the networks used for “online” purchases, the information circulating on such networks is difficult to protect.
Il est connu, pour apaiser les craintes de piratage et d'utilisation frauduleuse, de crypter les informations communiquées au vendeur et/ou de lui communiquer un pseudo numéro de carte bancaire, préalablement fourni au client par un organisme administrateur auprès duquel il s'est inscrit.It is known, to allay fears of piracy and fraudulent use, to encrypt the information communicated to the seller and / or to communicate a pseudo bank card number, previously provided to the customer by an administrator body with which he registered.
Cela suppose cependant l'établissement d'une nouvelle relation de confiance entre le client et l'organisme administrateur, ainsi que la transmission « en ligne » de données qui, même cryptées, contiennent des informations sur les coordonnées bancaires du client. En cas de détournement, ces informations peuvent être utilisées pour effectuer un mouvement de fonds autre que celui initialement voulu par le client.However, this presupposes the establishment of a new relationship of trust between the client and the administrative body, as well as the "online" transmission of data which, even if encrypted, contains information on the client's bank details. In the event of misappropriation, this information can be used to carry out a movement of funds other than that initially desired by the client.
Le but de la présente invention est de proposer un procédé et une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques qui pallient les inconvénients précités et permettent d'intervenir « en ligne », tout en diminuant, voire en éliminant les conséquences dommageables d'un piratage et/ou d'une utilisation frauduleuse des informations transmises sur le réseau pour le paiement.The aim of the present invention is to propose a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which overcomes the aforementioned drawbacks and allow intervention "online", while reducing or even eliminating the damaging consequences of hacking and / or fraudulent use of information transmitted over the network for payment.
Un autre but de la présente invention est de proposer un procédé et une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communications d'informations numériques qui permettent au client d'effectuer des paiements sans avoir à attendre des informations de son organisme bancaire sur les moyens d'identification à utiliser pour la transaction. Un autre but de la présente invention est de proposer un procédé et une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques qui permettent au client de vérifier le montant de la transaction avant que celle-ci n'ait lieu. Un autre but de la présente invention est de proposer un procédé et une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou de services sur un réseau de communication d'informations numériques qui permettent au client d'attendre la livraison avant d'autoriser le paiement tout en garantissant au vendeur l'acquittement de sa créance dès que la livraison aura été acceptée.Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communications network which allow the customer to '' make payments without having to wait for information from its banking organization on the identification means to be used for the transaction. Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which allow the customer to check the amount of the transaction before it takes place. Another object of the present invention is to provide a method and an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network which allow the customer to wait for delivery before authorizing payment while guaranteeing the seller the discharge of his claim as soon as the delivery has been accepted.
D'autres buts et avantages de l'invention apparaîtront au cours de la description qui va suivre qui n'est donnée qu'à titre indicatif et qui n'a pas pour but de la limiter.Other objects and advantages of the invention will appear during the description which follows which is given for information only and which is not intended to limit it.
L'invention concerne tout d'abord un procédé de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques par un utilisateur dudit réseau, dénommé client, ledit client étant muni d'un code d'identification personnel permanent destiné à permettre la réalisation de transferts de fonds, procédé dans lequel :The invention firstly relates to a method for securing a payment transaction carried out for the remote purchase of products and / or services over a digital information communication network by a user of said network, called a client, said client being provided with a permanent personal identification code intended to allow the carrying out of money transfers, method in which:
- on mémorise, en association avec ledit code d'identification, au moins un code d'autorisation, propre audit client et valable pour un nombre limité d'opérations de paiement, dans un ou plusieurs fichiers, dits d'identification, prévus au niveau de moyens de traitement centralisés, avant l'achat, et, lors de l'achat,- at least one authorization code, specific to said customer and valid for a limited number of payment transactions, is stored in association with said identification code, in one or more so-called identification files, provided at the level centralized processing facilities, before purchase, and, upon purchase,
- on transmet ledit code d'autorisation par ledit réseau, on le communique auxdits moyens de traitement centralisés et on exploite le ou lesdits fichiers d'identification desdits moyens de traitement centralisés pour mettre au jour ledit code d'identification associé audit code d'autorisation communiqué et permettre un transfert de fonds.- transmitting said authorization code by said network, communicating it to said centralized processing means and using the identification file or files of said centralized processing means to update said identification code associated with said authorization code release and allow a transfer of funds.
L'invention concerne également une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communications d'informations numériques par un utilisateurdudit réseau, dénommé client, muni d'un code d'identification personnel permanent destiné à permettre la réalisation de transferts de fonds, ladite installation comprenant : - des moyens de traitement centralisés, munis d'un ou plusieurs fichiers, dits d'identification, permettant la mémorisation, en association avec ledit code d'identification, d'au moins un code d'autorisation, propre audit client et valable pour un nombre limité d'opérations de paiement, avant l'achat, - de premiers moyens d'échanges d'informations permettant la transmission dudit code d'autorisation sur ledit réseau, lors de l'achat,The invention also relates to an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communications network by a said network user, known as a client, provided with a code. permanent personal identification system intended to allow the transfer of funds, said installation comprising: - centralized processing means, provided with one or more files, known as identification files, allowing storage, in association with said code identification, of at least one authorization code, specific to said customer and valid for a limited number of payment transactions, before purchase, - first means of exchanging information allowing the transmission of said authorization code on said network, upon purchase,
- de seconds moyens d'échanges d'informations permettant la transmission dudit code d'autorisation auxdits moyens de traitement centralisés, lesdits moyens de traitement centralisés étant prévus aptes à permettre l'exploitation du ou desdits fichiers d'identification pour autoriser la mise au jour du code d'identification associé au code d'autorisation transmis de façon à pouvoir effectuer un transfert de fonds.- second means for exchanging information allowing the transmission of said authorization code to said centralized processing means, said centralized processing means being provided capable of allowing the exploitation of said identification file or files to authorize updating the identification code associated with the authorization code transmitted so that you can transfer funds.
L'invention sera mieux comprise à la lecture de la description suivante accompagnée des dessins en annexe parmi lesquels :The invention will be better understood on reading the following description accompanied by the accompanying drawings, among which:
- la figure 1 illustre de façon schématique un premier mode de mise en œuvre du procédé conforme à l'invention,FIG. 1 schematically illustrates a first mode of implementation of the method according to the invention,
- la figure 2 illustre de manière schématique une variante de réalisation du mode de mise en œuvre de la figure 1,FIG. 2 schematically illustrates an alternative embodiment of the embodiment of FIG. 1,
- la figure 3 illustre de manière schématique un exemple de réalisation de l'installation conforme à l'invention. L'invention concerne tout d'abord un procédé de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques, par un utilisateur dudit réseau, dénommé client, muni d'un code d'identification personnel permanent, propre audit client et destiné à permettre la réalisation de transferts de fonds.- Figure 3 schematically illustrates an embodiment of the installation according to the invention. The invention relates first of all to a method of securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network, by a user of said network, known as a customer, provided with a permanent personal identification code, specific to the customer's audit and intended to allow the transfer of funds.
Par « permanents », on entend indépendant du nombre d'opérations effectuées. Quant au réseau en cause, il s'agit, par exemple, d'un réseau ouvert, c'est-à-dire accessible à tous, notamment l'internet.“Permanent” means independent of the number of operations carried out. As for the network in question, it is, for example, an open network, that is to say accessible to all, in particular the Internet.
Comme illustré à la figure 1 , pour effectuer un paiement selon le procédé conforme à l'invention, on communique par le réseau, notamment selon la flèche repérée 1 , des informations aptes à autoriser un transfert, éventuellement électronique, de fonds, notamment selon les flèches repérées 4, 5.As illustrated in FIG. 1, to make a payment according to the method according to the invention, information communicated by the network, in particular according to the arrow marked 1, capable of authorizing a transfer, possibly electronic, of funds, in particular according to the arrows marked 4, 5.
Pour sécuriser une telle transaction, selon l'invention, avant l'achat, on mémorise en association avec ledit code d'identification du client au moins un code d'autorisation, propre audit client et valable pour un nombre limité d'opérations de paiement, notamment une seule, dans un ou plusieurs fichiers, dits d'identification, prévus au niveau de moyens de traitement centralisés 8. Lors d'un achat, on transmet alors ledit code d'autorisation par ledit réseau. On transmet ensuite, notamment selon la flèche repérée 9, ledit code d'autorisation auxdits moyens de traitement centralisés 8 et on exploite le ou lesdits fichiers d'identification desdits moyens de traitement centralisés pour mettre au jour ledit code d'identification associé audit code d'autorisation et permettre ledit transfert de fonds. Ainsi, aucune information permettant en elle-même un transfert de fonds ne circule sur le réseau, et la seule information circulant sur celui-ci est ledit code d'autorisation. Ledit code n'étant utilisable qu'un nombre limité de fois, les conséquences de son éventuel piratage et de son utilisation frauduleuse sont limitées. En outre, en lui-même, il ne contient aucune information quant au client. Son anonymat est ainsi préservé, au moins vis-à- vis des tiers.To secure such a transaction, according to the invention, before purchase, in association with said customer identification code, at least one authorization code, specific to said customer and valid for a limited number of payment transactions, is stored. , in particular only one, in one or more so-called identification files, provided at the level of centralized processing means 8. During a purchase, said authorization code is then transmitted by said network. Then transmitted, in particular according to the arrow marked 9, said authorization code to said centralized processing means 8 and the identification file or files of said centralized processing means are used to update said identification code associated with said authorization code and allow said transfer of funds. Thus, no information permitting in itself a transfer of funds circulates on the network, and the only information circulating on it is said authorization code. Said code being usable only a limited number of times, the consequences of its possible hacking and its fraudulent use are limited. Furthermore, in itself, it does not contain any information about the customer. Its anonymity is thus preserved, at least vis-à-vis third parties.
Ledit paiement est destiné, par exemple, à un autre utilisateur dudit réseau, dénommé vendeur, ledit client 3 et ledit vendeur 2 étant chacun muni d'un organisme bancaire 6, 7, ledit organisme bancaire 6 du client ainsi que, éventuellement, celui 7 du vendeur étant accessible de façon numérique. Pour cela, ledit vendeur est également muni d'un code d'identification permanent et lesdits organismes bancaires du client et du vendeur sont accessibles par ceux-ci à l'aide de leurdit code d'identification.Said payment is intended, for example, for another user of said network, called the seller, said client 3 and said seller 2 being each provided with a banking organization 6, 7, said banking organization 6 of the client as well as, possibly, that 7 of the seller being accessible digitally. For this, said seller is also provided with a permanent identification code and said customer and seller banking organizations are accessible by them using their said identification code.
Ledit vendeur est, par exemple, le propriétaire des produits et/ou services achetés par ledit client par l'intermédiaire dudit réseau.Said seller is, for example, the owner of the products and / or services purchased by said customer through said network.
Lesdits organismes bancaires sont, par exemple, ceux où le vendeur et/ou le client bénéficie d'un compte courant.Said banking organizations are, for example, those where the seller and / or the customer has a current account.
Lesdits moyens de traitement centralisés pourront être prévus indépendants, c'est-à-dire ne dépendants ni de l'organisme bancaire du client, ni de l'organisme bancaire du vendeur, les moyens de traitement numériques de chacun étant prévus distincts, au moins en partie.Said centralized processing means may be provided independent, that is to say not dependent neither on the customer's banking organization, nor on the seller's banking organization, the digital processing means of each being provided separate, at least in part.
Lors de l'achat, on transmet alors ledit code d'autorisation au vendeur par ledit réseau, selon la flèche repérée 1 , on associe ledit code d'autorisation et le code d'identification du vendeur, ainsi que, éventuellement, le montant du paiement et on transmet toutes ces informations du vendeur auxdits moyens de traitement centralisés, selon la flèche repérée 9. On peut alors associer leur code d'identification, grâce audit code d'autorisation, et permettre la réalisation dudit transfert de fonds entre leur organisme bancaire, selon les flèches repérées 4, 5.During the purchase, said authorization code is then transmitted to the seller by said network, according to the arrow marked 1, said authorization code and the seller's identification code are associated, as well as, possibly, the amount of the payment and all this information from the seller is transmitted to said centralized processing means, according to the arrow marked 9. We can then associate their identification code, using said authorization code, and allow said funds to be transferred between their banking organization, according to the arrows identified 4, 5.
Avec un tel fonctionnement, on peut vérifier que seul ledit code d'autorisation circule sur le réseau, les autres informations, à savoir les informations éventuellement permanentes à sécuriser, circulant uniquement sur des liaisons établies entre les moyens de traitement centralisés, d'une part, et d'autre part, les organismes bancaires du client ou du vendeur ou le vendeur lui-même qui, de manière connue, pourront être des réseaux fermés, c'est-à-dire, accessibles seulement à certaines personnes autorisées.With such an operation, it can be verified that only said authorization code is circulating on the network, the other information, namely the possibly permanent information to be secured, circulating only on links established between the centralized processing means, on the one hand , and on the other hand, the banking organizations of the customer or the seller or the seller himself which, in known manner, may be closed networks, that is to say, accessible only to certain authorized persons.
Le transfert de fonds est effectué, par exemple, directement de l'organisme bancaire du client à l'organisme bancaire du vendeur. Il pourra aussi transiter par lesdits moyens de traitement centralisés 8.The transfer of funds is carried out, for example, directly from the customer's banking organization to the seller's banking organization. It can also pass through said centralized processing means 8.
Ledit code d'autorisation est, par exemple, préalablement élaboré par le client lui-même et transmis, directement ou indirectement, auxdits moyens de traitement centralisés, avec le code d'identification dudit client.Said authorization code is, for example, previously prepared by the customer himself and transmitted, directly or indirectly, to said centralized processing means, with the identification code of said customer.
Plus précisément, le client pourra élaborer ledit code d'autorisation et le transmettre à son organisme bancaire qui le communiquera par la suite avec son code d'identification auxdits moyens de traitement centralisés. Il n'est ainsi pas nécessaire de prévoir de liaison directe entre le client et lesdits moyens de traitement centralisés.More specifically, the customer can develop said authorization code and transmit it to his banking organization which will then communicate it with his identification code to said centralized processing means. It is therefore not necessary to provide a direct connection between the client and said centralized processing means.
Par ailleurs, on pourra permettre au client de se constituer une liste de codes d'autorisation différents, ladite liste étant prévue consultable à partir de son organisme bancaire au sein duquel elle aura été mémorisée, chaque code d'autorisation étant à utiliser au choix.In addition, the customer may be allowed to build up a list of different authorization codes, said list being provided for consultation from his banking institution in which it will have been stored, each authorization code being to be used as desired.
Selon un tel mode de mise en œuvre, on constate que c'est le client qui établit ses propres codes. Ainsi, il n'a pas à attendre que son organisme bancaire effectue une telle tâche. Afin de diminuer encore les conséquences dommageables d'un piratage ou d'une utilisation frauduleuse du code d'autorisation, on pourra prévoir que celui-ci soit temporaire, c'est-à-dire qu'il ne sera valable que pour une durée limitée, et/ou pour un montant donné, c'est-à-dire pour un transfert de fonds ne dépassant pas une somme pré-établie.According to such an implementation mode, it can be seen that it is the client who establishes his own codes. Thus, he does not have to wait for his banking organization to perform such a task. In order to further reduce the damaging consequences of hacking or fraudulent use of the authorization code, we may provide that it is temporary, that is to say that it will be valid only for a limited period, and / or for a given amount, that is to say for a transfer of funds not exceeding a pre-established sum.
Cela étant, afin de permettre au vendeur de pouvoir identifier une transaction, on pourra transmettre à celui-ci, selon la flèche repérée 10, ou à son organisme bancaire des informations sur l'arrivée et/ou l'origine des fonds. Toutefois, afin de préserver l'anonymat du client, lesdites informations pourront n'être constituées que dudit code d'autorisation qui, rappelons-le ne dit rien sur le client lui-même. Ledit code d'autorisation pourra également être complété du montant des fonds.That said, in order to allow the seller to be able to identify a transaction, we can transmit to it, according to the arrow marked 10, or to its banking organization, information on the arrival and / or origin of the funds. However, in order to preserve the anonymity of the client, said information may only consist of said authorization code which, remember, says nothing about the client himself. The said authorization code may also be supplemented with the amount of the funds.
Selon un mode de réalisation particulier de l'invention, on pourra même espérer empêcher toute utilisation frauduleuse d'un code d'autorisation en cas de piratage de celui-ci.According to a particular embodiment of the invention, one can even hope to prevent any fraudulent use of an authorization code in the event of piracy thereof.
Pour cela, à réception dudit code d'utilisation par lesdits moyens de traitement centralisés, on transmet, selon la flèche repérée 11 à l'organisme bancaire 6 du client, une requête préalable en autorisation de transfert, associée au montant des fonds et/ou au code d'identification du vendeur.For this, upon receipt of said code of use by said centralized processing means, a prior request for transfer authorization, associated with the amount of funds and / or the seller's identification code.
On informe ensuite le client de ladite requête et on transmet sa réponse, selon les flèches repérées 12, 13 au moyen de traitements centralisés 8 avant d'autoriser ou non ledit transfert de fonds en fonction de ladite réponse.The client is then informed of said request and his response is transmitted, according to the arrows marked 12, 13 by means of centralized processing 8 before authorizing or not authorizing said transfer of funds as a function of said response.
Avec un tel mode de fonctionnement, on constate que l'on permet également au client de vérifier le montant de la transaction avant de l'accepter. Il peut ainsi s'assurer que le montant que l'on s'apprête à débiter correspond à celui qu'on lui avait annoncé lors de l'achat.With such a mode of operation, we see that we also allow the customer to check the amount of the transaction before accepting it. He can thus ensure that the amount that we are about to debit corresponds to that which was announced to him during the purchase.
Lesdites requêtes sont prévues mémorisées, par exemple, au niveau de l'organisme bancaire du client afin que celui-ci puisse les consulter et y répondre, sa réponse transitant par ledit organisme bancaire. En d'autres termes, lorsque le client décide d'effectuer un achat « en ligne », il communique au vendeur son code d'autorisation. S'ensuivent une série de communications entre le vendeur 2, les moyens de traitement centralisés 8 et l'organisme bancaire 6 du client.Said requests are provided for stored, for example, at the level of the customer's banking organization so that the latter can consult and respond to them, his response passing through said banking organization. In other words, when the customer decides to make a purchase "online", he communicates to the seller his authorization code. This is followed by a series of communications between the seller 2, the centralized processing means 8 and the customer's banking organization 6.
Finalement, l'organisme bancaire 6 du client va présenter au client 3 une requête préalable en autorisation de transfert. Ce sera la réponse positive du client à ladite requête qui permettra le transfert de fonds et le paiement, et non la communication par le client de son code d'autorisation au vendeur.Finally, the client's banking organization 6 will present to client 3 a prior request for transfer authorization. It will be the positive response of the client to said request that will allow the transfer of funds and payment, and not the communication by the client of his authorization code to the seller.
La seule relation de confiance nécessaire est donc celle qui lie le client 3 et son organisme bancaire 6, puisque c'est ce dernier qui va présenter au client 3 des requêtes préalables en autorisation de transfert, à charge pour le client 3 de les valider ou non.The only necessary relationship of trust is therefore that which binds the client 3 and its banking organization 6, since it is the latter which will present to the client 3 prior requests for authorization of transfer, the client 3 being responsible for validating them or no.
Comme illustré à la figure 2, selon une variante de réalisation, on pourra transmettre auxdits moyens de traitement centralisés 8 en réponse à ladite requête en autorisation de transfert de fond, une information de séquestre desdits fonds, comme illustré par la flèche repérée 14, et on transmet ladite information de séquestre au vendeur 2, comme illustré par la flèche repérée 15.As illustrated in FIG. 2, according to an alternative embodiment, it will be possible to transmit to said centralized processing means 8 in response to said request for authorization of transfer of funds, sequestration information of said funds, as illustrated by the arrow marked 14, and said escrow information is transmitted to the seller 2, as illustrated by the arrow marked 15.
Comme illustré par les flèches 16-20, on s'assure ensuite par échange d'informations numériques avec un organisme de livraison 21 de la bonne réception par le client du produit et/ou service acheté, avant d'effectuer ledit transfert de fonds.As illustrated by the arrows 16-20, it is then ensured by exchange of digital information with a delivery organization 21 of the good reception by the customer of the product and / or service purchased, before carrying out said transfer of funds.
On permet ainsi au client de vérifier la qualité du produit et/ou service acheté avant paiement tout en garantissant au vendeur l'acquittement de sa créance. Les fonds pourront être séquestrés de manière électronique, par exemple au niveau desdits moyens de traitement centralisés 8.The customer is thus allowed to check the quality of the product and / or service purchased before payment while guaranteeing the seller the payment of his claim. The funds may be sequestered electronically, for example at the level of said centralized processing means 8.
En ce qui concerne les échanges d'informations numériques avec l'organisme de livraison 21 , ils pourront être organisés de la manière suivante. A réception de l'information de séquestre par le vendeur, celui- ci pourra déclencher par échanges de données informatisées un ordre de livraison transmis selon la flèche repérée 16 audit organisme de livraison 21.Regarding the exchange of digital information with the delivery organization 21, they can be organized as follows. Upon receipt of the receiver's information by the seller, the latter may trigger an exchange of computerized data delivery transmitted according to the arrow identified 16 to said delivery organization 21.
Celui-ci effectue la livraison des biens au client 3, selon la flèche repérée 17.The latter delivers the goods to the customer 3, according to the arrow marked 17.
Après livraison, une information de réception est transmise dudit client 3 vers ledit organisme de livraison 21 , selon la flèche repérée 18. Ledit organisme de livraison 21 informe alors le vendeur 2, selon la flèche repérée 19, qui indique aux moyens de traitement centralisés, selon la flèche repérée 22, que les fonds séquestrés peuvent être débloqués.After delivery, reception information is transmitted from said client 3 to said delivery organization 21, according to the arrow marked 18. Said delivery organization 21 then informs the seller 2, according to the arrow identified 19, which indicates to the centralized processing means, according to the arrow marked 22, that the sequestered funds can be released.
On pourra éventuellement prévoir une vérification de l'information par échanges de données entre lesdits moyens de traitement centralisés 8 et ledit organisme de livraison 21 , selon la flèche repérée 20. Les fonds peuvent alors être transférés, comme précédemment.It will be possible, if appropriate, to provide for a verification of the information by exchanging data between said centralized processing means 8 and said delivery organization 21, according to the arrow marked 20. The funds can then be transferred, as before.
Cela étant, lesdits codes d'identification personnels du client et/ou du vendeur sont constitués, par exemple, d'une appellation quelconque telle que, notamment, leur nom. Afin de permettre les transferts de fonds, lesdits codes d'identification personnels seront alors associés, au niveau desdits moyens de traitement centralisés 8, au numéro de compte habituellement utilisé pour de telles opérations.However, said personal identification codes of the customer and / or the seller consist, for example, of any designation such as, in particular, their name. In order to allow transfers of funds, said personal identification codes will then be associated, at the level of said centralized processing means 8, with the account number usually used for such operations.
L'invention concerne également une installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques, par un utilisateur dudit réseau, dénommé client, muni d'un code d'identification personnel destiné à permettre la réalisation de transfert de fonds. Ladite installation est destinée, notamment, à la mise en œuvre du procédé décrit plus haut. Comme illustré à la figure 3, l'installation conforme à l'invention comprend des moyens d'échanges d'informations aptes à permettre la transmission par le réseau 24 d'informations permettant un transfert, notamment électronique, de fonds.The invention also relates to an installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network, by a user of said network, known as a customer, provided with a personal identification code intended to allow the transfer of funds. Said installation is intended, in particular, for the implementation of the method described above. As illustrated in FIG. 3, the installation according to the invention comprises means for exchanging information able to allow the transmission by the network 24 of information allowing a transfer, in particular electronic, of funds.
Pour permettre la sécurité d'une telle transaction, ladite installation comprend en outre selon l'invention des moyens de traitement centralisés 8, munis d'un ou plusieurs fichiers, dits d'identification, permettant la mémorisation, en association avec ledit code d'identification du client, d'un code d'autorisation, propre audit client et valable pour un nombre limité d'opérations de paiement, avant l'achat.To allow the security of such a transaction, said installation further comprises according to the invention centralized processing means 8, provided with one or more files, called identification, allowing memorization, in association with said customer identification code, of an authorization code, specific to said customer and valid for a limited number of payment transactions, before purchase.
Ladite installation comprend également des premiers moyens d'échanges d'informations, aptes à transmettre ledit code d'autorisation sur ledit réseau 24, lors de l'achat.Said installation also includes first means of exchanging information, capable of transmitting said authorization code over said network 24, during the purchase.
Ladite installation comprend encore des seconds moyens d'échanges d'informations, aptes à permettre la transmission dudit code d'autorisation auxdits moyens de traitement centralisés, lesdits moyens de traitement centralisés 8 étant prévus aptes à permettre l'exploitation du ou desdits fichiers d'identification pour autoriser la mise au jour du code d'identification associé au code d'autorisation transmis de façon à pouvoir effectuer ledit transfert de fonds.Said installation also comprises second means for exchanging information, capable of allowing the transmission of said authorization code to said centralized processing means, said centralized processing means 8 being provided capable of allowing the exploitation of said file or files. identification to authorize the update of the identification code associated with the authorization code transmitted so as to be able to effect said transfer of funds.
Comme évoqué plus haut le paiement a lieu, par exemple, entre ledit client 3 et ledit vendeur 2, lesdits premiers moyens d'échange d'informations étant alors prévus aptes à transmettre ledit code d'autorisation dudit client 3 audit vendeur 2.As mentioned above, the payment takes place, for example, between said client 3 and said seller 2, said first means of exchanging information then being provided capable of transmitting said authorization code from said client 3 to said seller 2.
En outre, ladite installation comprend des premiers moyens de traitement décentralisés 30, prévus aptes à associer ledit code d'autorisation et le code d'identification du vendeur et éventuellement un montant des fonds à transférer, lesdits seconds moyens d'échange d'informations étant alors prévus aptes à communiquer l'ensemble de ces informations dudit vendeur auxdits moyens de traitement centralisés, directement ou indirectement. Quant auxdits moyens de traitement centralisés, ils sont alors aptes à associer lesdits codes d'identification du client et du vendeur, grâce audit code d'autorisation pour autoriser un transfert de fonds entre les organismes bancaires de ceux-ci 6, 7. Lesdits premiers moyens de traitement décentralisés 30 sont prévus, par exemple, au niveau des moyens de traitement propres 23 du vendeur 2 et/ou 27 de son organisme bancaire 7. Le transfert de fonds entre chaque organisme bancaire s'effectue, par exemple, à l'aide de liaisons 31 , 32 établies entre les moyens de traitement centralisés 8 d'une part, et d'autre part, respectivement, l'organisme bancaire 27 du vendeur et l'organisme bancaire 26 du client. De façon connue de l'homme de l'art, lesdites liaisons sont prévues sécurisées.In addition, said installation comprises first decentralized processing means 30, provided capable of associating said authorization code and the identification code of the seller and possibly an amount of funds to be transferred, said second means of exchanging information being then provided capable of communicating all of this information from said seller to said centralized processing means, directly or indirectly. As for said centralized processing means, they are then able to combine said customer and seller identification codes, thanks to said authorization code to authorize a transfer of funds between the banking organizations of these 6, 7. Said first decentralized processing means 30 are provided, for example, at the seller's own processing means 23 2 and / or 27 of his banking organization 7. The transfer of funds between each banking organization takes place, for example, at the using connections 31, 32 established between the means centralized processing 8 on the one hand, and on the other hand, respectively, the seller's banking organization 27 and the client's banking organization 26. In a manner known to those skilled in the art, said links are provided secure.
Ladite liaison 29 établie entre le vendeur 2 et son organisme bancaire 27 sert, par exemple, à la transmission dudit code d'autorisation et du montant de l'achat dudit vendeur à son organisme bancaire. Quant à la liaison 31 établie entre ledit organisme bancaire du vendeur et lesdits moyens de traitement centralisés, elle sert alors à la transmission dudit code d'autorisation dudit montant de l'achat et dudit code d'identification du vendeur, de son organisme bancaire auxdits moyens de traitement centralisés. Tout ou partie de ces informations pourront également passer de manière directe dudit vendeur auxdits moyens de traitement centralisé par une liaison 40. Lesdites premiers moyens de traitement décentralisés 30 pourront alors être prévus au niveau du vendeur 2. L'installation conforme à l'invention pourra également comprendre des seconds moyens de traitement décentralisés 33, aptes à permettre l'élaboration dudit code d'autorisation par ledit client lui-même, et des moyens d'échanges d'informations entre ledit client 3 et/ou son organisme bancaire 6, d'une part, et, d'autre part, lesdits moyens de traitement centralisés 8, dits troisièmes moyens d'échanges d'informations, aptes à permettre la transmission dudit code d'autorisation avec ledit code d'identification du client.Said link 29 established between seller 2 and his banking organization 27 is used, for example, for the transmission of said authorization code and of the amount of the purchase of said seller to his banking organization. As for the link 31 established between said seller's banking organization and said centralized processing means, it is then used to transmit said authorization code of said purchase amount and said seller identification code, from its banking organization to said centralized processing facilities. All or part of this information can also pass directly from said seller to said centralized processing means by a link 40. Said first decentralized processing means 30 can then be provided at the level of the seller 2. The installation according to the invention may also include second decentralized processing means 33, capable of allowing said authorization code to be drawn up by said client himself, and means for exchanging information between said client 3 and / or his banking organization 6, d on the one hand, and, on the other hand, said centralized processing means 8, called third means for exchanging information, capable of allowing the transmission of said authorization code with said client identification code.
Lesdits seconds moyens de traitement décentralisés sont prévus, par exemple, au niveau des moyens de traitement propres 25 du client et/ou au niveau des moyens de traitement propres 26 de son organisme bancaire 6.Said second decentralized processing means are provided, for example, at the level of the client's own processing means 25 and / or at the level of the client's own processing means 26.
La transmission dudit code d'autorisation et dudit code d'identification est effectuée, notamment, grâce à la liaison 32 prévue entre ledit organisme bancaire 6 du client et lesdits moyens de traitement centralisés 8. Comme déjà évoqué, ledit code d'autorisation pourra être soit temporaire, c'est-à-dire qu'il ne sera valable que pour une durée limitée, et/ou pour un montant donné, c'est-à-dire pour un transfert de fonds ne dépassant pas une somme pré-établie.The transmission of said authorization code and of said identification code is carried out, in particular, by virtue of the connection 32 provided between said banking body 6 of the client and said centralized processing means 8. As already mentioned, said authorization code may be is temporary, i.e. it will only be valid for a limited period, and / or for a given amount, i.e. for a transfer of funds not exceeding a preset amount.
Lesdits seconds moyens d'informations pourront également être prévus aptes, par exemple, à permettre la transmission au vendeur et/ou à son organisme bancaire d'informations sur l'arrivée et/ou l'origine des fonds, lesdites informations étant constituées du code d'autorisation du client et/ou du montant des fonds, notamment grâce aux liaisons 29, 31 prévues entre lesdits moyens de traitement centralisés 8 et l'organisme bancaire du vendeur et entre l'organisme bancaire du vendeur et ledit vendeur. Cela étant, selon un mode de réalisation particulier, lesdits troisièmes moyens d'échanges d'informations pourront être prévus aptes à transmettre à l'organisme bancaire du client une requête préalable en autorisation de transfert, associée au montant des fonds et/ou au code d'identification du vendeur, notamment grâce à la liaison 32 établie entre lesdits moyens de traitement centralisés 8 et ledit organisme bancaire 6 du client.Said second means of information may also be provided capable, for example, of allowing the transmission to the seller and / or to its banking organization of information on the arrival and / or the origin of funds, said information being made up of the code authorization of the client and / or of the amount of funds, in particular thanks to the links 29, 31 provided between said centralized processing means 8 and the seller's banking organization and between the seller's banking organization and said seller. However, according to a particular embodiment, said third means of exchanging information may be provided capable of transmitting to the customer's banking organization a prior request for transfer authorization, associated with the amount of funds and / or the code identification of the seller, in particular thanks to the link 32 established between said centralized processing means 8 and said banking organization 6 of the client.
L'installation conforme à l'invention comprend alors en outre des moyens pour informer ledit client de ladite requête, lesdits troisièmes moyens d'échanges d'informations étant prévus aptes à transmettre la réponse du client auxdits moyens de traitement centralisés 8 avant d'autoriser ou non ledit transfert de fonds en fonction de ladite réponse.The installation according to the invention then further comprises means for informing said client of said request, said third means for exchanging information being provided capable of transmitting the client's response to said centralized processing means 8 before authorizing or not said transfer of funds depending on said response.
Lesdits moyens pour informer ledit client sont prévus, par exemple, au niveau des seconds moyens de traitement décentralisés 33 avec lesquels le client pourra se mettre en relation grâce à la liaison 28 établie entre lui-même et son organisme bancaire.Said means for informing said client are provided, for example, at the level of the second decentralized processing means 33 with which the client will be able to get in touch thanks to the link 28 established between himself and his banking organization.
Selon une variante de réalisation, lesdits troisièmes moyens d'informations pourront également être prévus aptes à transmettre auxdits moyens de traitement centralisés, en réponse à la requête en autorisation de transfert de fond, une information de séquestre desdits fonds, notamment grâce à la liaison 32 établie entre lesdits moyens de traitement centralisés 8 et ledit organisme bancaire du client. Lesdits seconds moyens d'échanges d'informations sont alors prévus aptes à transmettre ladite information de séquestre au vendeur, directement ou indirectement, notamment grâce aux liaisons 40 ; 29, 31 établies ente lesdits moyens de traitement centralisés 8 et l'organisme bancaire du vendeur et entre ledit organisme bancaire et le vendeur lui-même.According to an alternative embodiment, said third means of information may also be provided capable of transmitting to said centralized processing means, in response to the request for authorization of transfer of funds, information of sequestration of said funds, in particular by means of the link 32 established between said centralized processing means 8 and said customer's banking organization. Said second means for exchanging information are then provided capable of transmitting said escrow information to the seller, directly or indirectly, in particular thanks to the links 40; 29, 31 established between said centralized processing means 8 and the seller's banking organization and between said banking organization and the seller himself.
Toujours selon la même variante de réalisation, ladite installation comprendra en outre des moyens de traitement répartis, aptes à permettre de s'assurer par échanges d'informations numériques avec un organisme de livraison, non représenté à la figure 3, de la bonne réception par le client du produit et/ou service acheté, avant d'effectuer ledit transfert de fonds.Still according to the same alternative embodiment, said installation will also include distributed processing means, capable of making it possible to ensure, by exchange of digital information with a delivery organization, not shown in FIG. 3, of good reception by the customer of the product and / or service purchased, before effecting said transfer of funds.
Naturellement, d'autres modes de mise en œuvre à la portée de l'homme de l'art, auraient pu être envisagés sans pour autant sortir du cadre de l'invention. Naturally, other modes of implementation within the reach of ordinary skill in the art could have been envisaged without departing from the scope of the invention.

Claims

REVENDICATIONS
1. Procédé de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau de communication d'informations numériques par un utilisateur dudit réseau, dénommé client (3), ledit client étant muni d'un code d'identification personnel permanent destiné à permettre la réalisation de transferts de fonds, procédé dans lequel :1. Method for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communication network by a user of said network, called a client (3), said client being provided with '' a permanent personal identification code intended to allow the transfer of funds, a process in which:
- on mémorise, en association avec ledit code d'identification, au moins un code d'autorisation, propre audit client et valable pour un nombre limité d'opérations de paiement, dans un ou plusieurs fichiers, dits d'identification, prévus au niveau de moyens de traitement centralisés (8), avant l'achat, et, lors de l'achat,- at least one authorization code, specific to said customer and valid for a limited number of payment transactions, is stored in association with said identification code, in one or more so-called identification files, provided at the level centralized processing means (8), before the purchase, and, during the purchase,
- on transmet ledit code d'autorisation par ledit réseau, on le communique auxdits moyens de traitement centralisés et on exploite le ou lesdits fichiers d'identification desdits moyens de traitement centralisés pour mettre au jour ledit code d'identification associé audit code d'autorisation communiqué et permettre un transfert de fonds.- transmitting said authorization code by said network, communicating it to said centralized processing means and using the identification file or files of said centralized processing means to update said identification code associated with said authorization code release and allow a transfer of funds.
2. Procédé selon la revendication 1 , dans lequel ledit paiement est destiné à un autre utilisateur dudit réseau, dénommé vendeur (2), ledit vendeur et ledit client étant chacun muni d'un organisme bancaire (7, 6), l'organisme bancaire du client au moins étant accessible de façon numérique, à l'aide dudit code d'identification personnel, procédé dans lequel, lors de l'achat :2. Method according to claim 1, wherein said payment is intended for another user of said network, called seller (2), said seller and said customer each being provided with a banking organization (7, 6), the banking organization of the customer at least being accessible digitally, using said personal identification code, process in which, upon purchase:
- on transmet ledit code d'autorisation au vendeur par ledit réseau,- said authorization code is transmitted to the seller by said network,
- on associe ledit code d'autorisation et un code d'identification personnel permanent du vendeur, permettant un accès à son organisme bancaire,- we associate said authorization code and a permanent personal identification code of the seller, allowing access to his banking organization,
- on transmet ledit code d'autorisation et ledit code d'identification du vendeur auxdits moyens de traitement centralisés,said authorization code and said seller identification code are transmitted to said centralized processing means,
- on associe lesdits codes d'identification du vendeur et du client grâce audit code d'autorisation.- the said identification codes of the seller and the client using the authorization code.
3. Procédé selon la revendication 1 , dans lequel ledit code d'autorisation est préalablement élaboré par le client lui-même, et transmis, directement ou indirectement, auxdits moyens de traitement centralisés avec le code d'identification dudit client.3. The method of claim 1, wherein said authorization code is previously developed by the customer himself, and transmitted, directly or indirectly, to said centralized processing means with the identification code of said customer.
4. Procédé selon la revendication 1 , dans lequel ledit code d'autorisation est temporaire et/ou pour un montant donné.4. The method of claim 1, wherein said authorization code is temporary and / or for a given amount.
5 . Procédé selon la revendication 2, dans lequel on transmet au vendeur et/ou à son organisme bancaire des informations sur l'arrivée et/ou l'origine des fonds, lesdites informations étant constituées du code d'autorisation du client et/ou du montant des fonds.5. Method according to claim 2, in which information on the arrival and / or the origin of the funds is transmitted to the seller and / or to his banking organization, said information consisting of the client authorization code and / or the amount funds.
6. Procédé selon la revendication 2, dans lequel, à réception dudit code d'autorisation par lesdits moyens de traitement centralisés (8) :6. Method according to claim 2, in which, on receipt of said authorization code by said centralized processing means (8):
- on transmet à l'organisme bancaire (6) du client une requête préalable en autorisation de transfert associée au montant des fonds et/ou au code d'identification du vendeur,- a prior request for transfer authorization associated with the amount of funds and / or the seller's identification code is sent to the customer's banking organization (6),
- on informe le client de la dite requête,- the client is informed of the said request,
- on transmet sa réponse aux moyens de traitement centralisés (8) avant d'autoriser ou non ledit transfert de fonds en fonction de ladite réponse.- its response is transmitted to the centralized processing means (8) before authorizing or not authorizing said transfer of funds as a function of said response.
7. Procédé selon la revendication 6, dans lequel on transmet auxdits moyens de traitement centralisés, en réponse à la requête en autorisation de transfert de fonds, une information de séquestre desdits fonds, on transmet ladite information de séquestre au vendeur, on s'assure par échange d'informations numériques avec un organisme de livraison (21) de la bonne réception par le client du produit et/ou service acheté avant d'effectuer ledit transfert de fonds.7. The method of claim 6, wherein it transmits to said centralized processing means, in response to the request for authorization of transfer of funds, escrow information of said funds, it transmits said escrow information to the seller, it is ensured by exchange of digital information with a delivery organization (21) of the good reception by the customer of the product and / or service purchased before carrying out said transfer of funds.
8. Installation de sécurisation d'une opération de paiement effectuée pour l'achat à distance de produits et/ou services sur un réseau (24) de communications d'informations numériques par un utilisateur dudit réseau, dénommé client (3), muni d'un code d'identification personnel permanent destiné à permettre la réalisation de transferts de fonds, ladite installation comprenant :8. Installation for securing a payment transaction carried out for the remote purchase of products and / or services on a digital information communications network (24) by a user of said network, known as a client (3), provided with '' a permanent personal identification code intended to allow the transfer of funds, said installation comprising:
- des moyens de traitement centralisés (8), munis d'un ou plusieurs fichiers, dits d'identification, permettant la mémorisation, en association avec ledit code d'identification, d'au moins un code d'autorisation propre audit client et valable pour un nombre limité d'opérations de paiement, avant l'achat,- centralized processing means (8), provided with one or more so-called identification files, allowing the storage, in association with said identification code, of at least one authorization code specific to said customer and valid for a limited number of payment transactions, before purchase,
- de premiers moyens d'échanges d'informations permettant la transmission dudit code d'autorisation sur ledit réseau, lors de l'achat, - de seconds moyens d'échanges d'informations permettant la transmission dudit code d'autorisation auxdits moyens de traitement centralisés, lesdits moyens de traitement centralisés étant prévus aptes à permettre l'exploitation du ou desdits fichiers d'identification pour autoriser la mise au jour du code d'identification associé au code d'autorisation transmis de façon à pouvoir effectuer un transfert de fonds.- first means of exchanging information allowing the transmission of said authorization code over said network, during the purchase, - second means of exchanging information allowing the transmission of said authorization code to said processing means centralized, said centralized processing means being provided capable of allowing the exploitation of said identification file or files to authorize the updating of the identification code associated with the authorization code transmitted so as to be able to transfer funds.
9. Installation selon la revendication 8 dans laquelle ledit paiement est destiné à un autre utilisateur dudit réseau, dénommé vendeur (2), ledit client et ledit vendeur étant chacun muni d'un organisme bancaire (7, 6), l'organisme bancaire du client au moins étant accessible de façon numérique à l'aide dudit code d'identification personnel, et dans laquelle lesdits premiers moyens d'échanges d'informations sont prévus aptes à transmettre ledit code d'autorisation du client au vendeur, ladite installation comprenant en outre des premiers moyens de traitement décentralisés (30), prévus aptes à associer audit code d'autorisation un code d'identification personnel permanent du vendeur, permettant un accès à son organisme bancaire, lesdits seconds moyens d'échanges d'informations, étant prévus aptes à permettre la transmission, directement ou indirectement, dudit code d'autorisation et dudit code d'identification du vendeur auxdits moyens de traitement centralisés, lesdits moyens de traitement centralisés étant prévus aptes à associer lesdits codes d'identification du vendeur et du client grâce audit code d'autorisation.9. Installation according to claim 8 wherein said payment is intended for another user of said network, called seller (2), said customer and said seller being each provided with a banking organization (7, 6), the banking organization of at least the customer being accessible digitally using said personal identification code, and in which said first means of exchanging information are provided capable of transmitting said authorization code from the customer to the seller, said installation comprising in in addition to the first decentralized processing means (30), provided capable of associating with said authorization code a permanent personal identification code of the seller, allowing access to his banking organization, said second means of exchanging information, being provided capable of allowing the transmission, directly or indirectly, of said authorization code and said seller identification code to said centralized processing means, said centralized processing means being provided capable of associating said identification codes of the seller and of the customer thanks to said authorization code.
10. Installation selon la revendication 9, comprenant des seconds moyens de traitement décentralisés (33), aptes à permettre l'élaboration dudit code d'autorisation par le client lui-même, et des moyens d'échanges d'informations entre ledit client et/ou son organisme bancaire, d'une part, et, d'autre part, lesdits moyens de traitement centralisés (8), dits troisièmes moyens d'échanges d'informations, aptes à permettre la transmission dudit code d'autorisation avec ledit code d'identification du client.10. Installation according to claim 9, comprising second decentralized processing means (33), able to allow the development of said authorization code by the client himself, and means for exchanging information between said client and / or his banking organization, on the one hand , and, on the other hand, said centralized processing means (8), called third means for exchanging information, able to allow the transmission of said authorization code with said customer identification code.
11. Installation selon la revendication 8, dans laquelle ledit code d'autorisation est temporaire et/ou pour un montant donné.11. Installation according to claim 8, wherein said authorization code is temporary and / or for a given amount.
12. Installation selon la revendication 9, dans laquelle lesdits seconds moyens d'échanges d'informations sont également prévus aptes à permettre la transmission au vendeur et/ou à son organisme bancaire d'informations sur l'arrivée et/ou l'origine des fonds, lesdites informations étant constituées du code d'autorisation du client et/ou du montant des fonds.12. Installation according to claim 9, in which said second means for exchanging information are also provided capable of allowing the transmission to the seller and / or to its banking organization of information on the arrival and / or the origin of the funds, said information consisting of the client's authorization code and / or the amount of funds.
13. Installation selon la revendication 9, comprenant : - des moyens d'échanges d'informations entre ledit client et/ou son organisme bancaire, d'une part, et, d'autre part, lesdits moyens de traitement centralisés, dits troisièmes moyens d'échanges d'informations, aptes à transmettre à l'organisme bancaire du client une requête préalable en autorisation de transfert associée au montant des fonds et/ou au code d'identification du vendeur,13. Installation according to claim 9, comprising: - means for exchanging information between said client and / or his banking organization, on the one hand, and, on the other hand, said centralized processing means, called third means exchange of information, capable of transmitting to the customer's banking organization a prior request for authorization of transfer associated with the amount of funds and / or the seller's identification code,
- des moyens pour informer ledit client de ladite requête, lesdits troisièmes moyens d'échanges d'informations étant prévus aptes à transmettre sa réponse aux moyens de traitement centralisés avant d'autoriser ou non ledit transfert de fonds en fonction de la réponse donnée. means for informing said client of said request, said third means for exchanging information being provided capable of transmitting their response to the centralized processing means before authorizing or not authorizing said transfer of funds as a function of the response given.
14. Installation selon la revendication 13, dans laquelle :14. Installation according to claim 13, in which:
- lesdits troisièmes moyens d'échanges d'informations sont prévus aptes à transmettre auxdits moyens de traitement centralisés, en réponse à la requête en autorisation de transfert de fonds, une information de séquestre desdits fonds, - lesdits seconds moyens d'échanges d'informations sont prévus aptes à transmettre ladite information de séquestre au vendeur, directement ou indirectement,- said third means of exchanging information are provided capable of transmitting to said central processing means, in response to the request for authorization of transfer of funds, sequestration information of said funds, - said second means of exchanging information are provided capable of transmitting said escrow information to the seller, directly or indirectly,
- ladite installation comprend en outre des moyens de traitement répartis, aptes à permettre de s'assurer par échanges d'informations numériques avec un organisme de livraison de la bonne réception par le client du produit et/ou service acheté avant d'effectuer ledit transfert de fonds. - Said installation also comprises distributed processing means, capable of making it possible to ensure, by exchanging digital information with a delivery organization, that the customer has correctly received the product and / or service purchased before carrying out said transfer of funds.
PCT/FR2002/003122 2001-09-13 2002-09-13 Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network WO2003025869A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP02785496A EP1425724A1 (en) 2001-09-13 2002-09-13 Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0111861A FR2829601B1 (en) 2001-09-13 2001-09-13 METHOD AND INSTALLATION FOR SECURING A PAYMENT OPERATION CARRIED OUT FOR THE REMOTE PURCHASE OF PRODUCTS AND / OR SERVICES OVER A DIGITAL INFORMATION COMMUNICATION NETWORK
FR01/11861 2001-09-13

Publications (1)

Publication Number Publication Date
WO2003025869A1 true WO2003025869A1 (en) 2003-03-27

Family

ID=8867254

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2002/003122 WO2003025869A1 (en) 2001-09-13 2002-09-13 Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network

Country Status (3)

Country Link
EP (1) EP1425724A1 (en)
FR (1) FR2829601B1 (en)
WO (1) WO2003025869A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9740949B1 (en) 2007-06-14 2017-08-22 Hrl Laboratories, Llc System and method for detection of objects of interest in imagery

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999007121A2 (en) * 1997-07-29 1999-02-11 Netadvantage Corporation Method and system for conducting electronic commerce transactions
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
WO2000075888A1 (en) * 1999-06-03 2000-12-14 Global Payment Advisors An automated payment system for execution and settlement of network purchase transactions
WO2001033522A1 (en) * 1999-11-05 2001-05-10 American Express Travel Related Services Company, Inc. Systems and methods for facilitating commercial transactions between parties residing at remote locations
FR2803961A1 (en) * 2000-01-19 2001-07-20 Ghislain Moret Securing of transactions carried out over the internet, uses non-reusable secret code generated by purchaser to identify purchaser to vendor and to third parties such as banks
WO2001065502A2 (en) * 2000-02-29 2001-09-07 E-Scoring, Inc. Systems and methods enabling anonymous credit transactions

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999007121A2 (en) * 1997-07-29 1999-02-11 Netadvantage Corporation Method and system for conducting electronic commerce transactions
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
WO2000075888A1 (en) * 1999-06-03 2000-12-14 Global Payment Advisors An automated payment system for execution and settlement of network purchase transactions
WO2001033522A1 (en) * 1999-11-05 2001-05-10 American Express Travel Related Services Company, Inc. Systems and methods for facilitating commercial transactions between parties residing at remote locations
FR2803961A1 (en) * 2000-01-19 2001-07-20 Ghislain Moret Securing of transactions carried out over the internet, uses non-reusable secret code generated by purchaser to identify purchaser to vendor and to third parties such as banks
WO2001065502A2 (en) * 2000-02-29 2001-09-07 E-Scoring, Inc. Systems and methods enabling anonymous credit transactions

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9740949B1 (en) 2007-06-14 2017-08-22 Hrl Laboratories, Llc System and method for detection of objects of interest in imagery

Also Published As

Publication number Publication date
EP1425724A1 (en) 2004-06-09
FR2829601B1 (en) 2007-03-09
FR2829601A1 (en) 2003-03-14

Similar Documents

Publication Publication Date Title
EP1442557B1 (en) System and method for creating a secure network using identity credentials of batches of devices
WO1999066705A1 (en) Telepayment method, using a mobile radiotelephone, for purchase of an article and/or service
EP1412926B8 (en) Method for managing purchase of broadcast digital contents and means for downloading same
WO2016110589A1 (en) Method of processing a transaction from a communication terminal
WO1999023617A2 (en) Method for transmitting data and implementing server
EP0616714B1 (en) Data processing system using a set of memory cards
WO2015059389A1 (en) Method for executing a transaction between a first terminal and a second terminal
WO2020064890A1 (en) Method for processing a transaction, device, system and corresponding program
WO2007125252A1 (en) Method and system for managing an electronic payment
FR3049137A1 (en) METHOD FOR MANAGING INTELLIGENT CONTRACTS WITH AND WITHOUT DIGITAL IDENTITY THROUGH A DECENTRALIZED COMPUTER NETWORK
WO2003025869A1 (en) Method for making secure a payment operation carried out for remote purchase of goods and/or services on a communication network
EP4074005A1 (en) Transaction authentication method, server and system using two communication channels
FR2823882A1 (en) Commercial transaction using prepayment card over the Internet, uses personal computer or mobile phone, certification center validates data contained on prepayment card
FR2806229A1 (en) Internet electronic banking transaction technique sending part bank card sequence across Internet with rest sequence memorized and two sets reunited providing control.
WO2001073706A1 (en) Payment system not revealing banking information on the public or quasi-public network
CA2946145C (en) Methods for processing transactional data, and corresponding devices and programs
WO2005088568A1 (en) Micropayment method and device
EP2911365A1 (en) Method and system for protecting transactions offered by a plurality of services between a mobile device of a user and an acceptance point
WO2009077705A1 (en) Method and system for transferring objects
WO2022254002A1 (en) Method for processing a transaction, device and corresponding program
WO2022136236A1 (en) Method for creating a payment instrument for a third-party beneficiary
FR2830099A1 (en) Data processing unit for an electronic purse, manages data exchange and maintains local and central balance data
FR2831361A1 (en) Secure transmission of electronic transaction information between the parties involved by creation of encrypted physical electronic transaction tokens containing relevant information, which are used via a service provider
EP3223219A1 (en) Transaction transfer method, transaction method and terminal using at least one of same
EP3371760A1 (en) Method for verifying identity during virtualization

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2002785496

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002785496

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP