The present invention relates to a process for the transmission of information and a computer server using it. It permits ensuring that the person operating a terminal is an authorized or entitled person. It applies in particular to the verification of the identity of the person which has access to a remote service, no matter what terminal is used. It permits authenticating the identification of the user, authenticating the transaction, verifying the integrity of this transaction by completing it with the amount of said transaction, the quantity bought, the name of the product or service acquired, thereby to permit the payment for goods or services, on line, which is to say in the course of a communication between remote computer systems.
The fields of application of the invention are for example the control of access, the provision of confidential information to the proper party, the certification of transactions or payment for goods or services on a computer network.
The practice of remote transactions on a network poses, independently of encryption, the problem of authentication of the person doing it, of the integrity of the transaction and of its confidentiality. In numerous applications (electronic commerce, remote banking, telecommuting, internal security of enterprises, security of for-pay databases, for example) and on all supports (local or remote computer networks, for example, respectively, the community networks called “Intranet” or “Internet”, voice servers, for example), this problem is crucial.
The security devices and processes known to the prior art, like those disclosed in U.S. Pat. No. 5,442,704, which use a memory card, impose important and costly material constraints.
Other software devices, based on encryption systems, ensure the confidentiality of the data without guaranteeing the authentification of the person.
Other devices using an authentification means, known as an “authentifier” or a “token”, which computes from data received in the course of a transaction and from a secret key which it keeps in its memory, a dynamic password. These devices again require important and costly material constraints.