The current large-scale development of payment means using mobile terminals (such as mobile telephones) is making it necessary also to develop appropriate means for securing such transactions, owing to the non-secured character of these terminals unlike “classic” secured transaction terminals.
Indeed, an offer of the possibility of paying for example with one's mobile phone should be accompanied by securing means suited to this mode of payment and especially means for securing the entry of the confidential code, classically used to validate a payment.
Currently, there are known techniques of payment through a mobile terminal using a payment accessory that is connected to the mobile terminal, offering a device that replaces the well-known classic transaction terminal.
This payment accessory connected to the mobile telephone serving as a payment terminal is used for example to read the data of a bank card and transmit this data to the mobile terminal (for subsequent transmission to a secured server for example).
The utility of such a payment accessory lies in its low cost and its ease of use (it can be connected for example through a jack to the audio output of the mobile terminal).
One example of such a payment accessory is illustrated in FIG. 1 in which a payment accessory 10 can be seen, connected to a mobile telephone 11 to enable the reading of a bank card 12.
Then, classically, after having read the data of the bank card through the payment accessory, the mobile telephone asks the user to enter his confidential code at the mobile terminal itself, which does not have the level of security required for bank data.
At present, there are a number of techniques for securing the entry of a confidential alphanumerical code into a non-secured terminal.
For example, there is a technique known as “RevoPIN” described in the patent document WO2010131218_A1, in which a one-time virtual keypad is transmitted to the mobile telephone by a secured server, the keys of the virtual keypad being permutated as compared with a “classic” keypad. This virtual keypad is displayed by the mobile telephone and it is on this virtual keypad that the user enters his PIN code. The code which is then transmitted to the secured server is therefore actually a permutated code, and the secured server can retrieve the original PIN code by means of the one-time virtual keypad that it generates itself for the transaction.
This technique makes it possible to avoid transmitting the user's PIN code to the server but does not give an adequate level of security.
Indeed, since the permutated code information and the virtual keypad are present and therefore potentially accessible on the mobile terminal, the PIN code can be retrieved for example by a malicious application which has access, on the mobile terminal, to these two pieces of information.
Besides, in the case of a PIN code with redundancy of digits, this type of solution gives rise to entropic loss since it is possible, from the permutated code, to deduce the presence and the relative position of the digits of the initial code.
There is therefore a real need to secure these prior-art techniques for entering confidential alphanumerical codes into a non-secured terminal.