1. Field of the Invention
An object of the present invention is a method of secured payment. In the invention, this payment will be done by means of a smart card in keeping for example with bank security protocols. A banking method of this kind has all the guarantees of resistance to fraud. It is furthermore accepted by the entire banking profession. The aim of the invention is to further the use of this type of payment because it is more reliable in the field of business transactions.
2. Description of the Prior Art
The prerequisite to a payment is a commercial transaction. A transaction of this kind essentially comprises the definition of references of an article to be acquired or a service to have performed and the communication of the corresponding price. The customer in paying the price obtains, in return, the article or service. In a smart-card payment, the references of the transaction are communicated to a payment terminal which prepares a payment message. This payment message comprises the designation of the article or service and the price to be paid. It furthermore comprises information such as the date and time of the transaction. The payment message also comprises the designation of the tradesman's bank references. These bank references are used for the transfer, to the tradesman's bank account, of the sum paid to him. The only information that is strictly essential in such a payment message is the price and the tradesman's bank references as well as those of the paying party or payer.
The payment message includes a final argument which is the designation of the customer's bank account and his agreement to the payment of the price. The bank account designation is obtained by the insertion of a smart card of the customer into the tradesman's terminal, which is also a smart-card reader. The signalling of the customer's assent is a complex operation. Indeed, however easy it may be for the customer to give his assent to the payment of the price, it is equally necessary for the tradesman to be sure firstly that the smart card inserted into his terminal is an authorized smart card and secondly that the holder of this smart card is truly its legal holder.
The first operation is performed during an authentication operation. In this context, the terminal exchanges information with the smart card to ascertain that the smart card is not a falsified smart card. In a second stage, the smart card performs a verification to ascertain that the bearer is the legal bearer. In the second operation which, if necessary, may be placed before the first one, the bearer of the card keys in a PIN (personal identification number) identification code on the terminal keyboard. The smart card uses this PIN to ascertain that is being used in a normal way. In a third stage, it is also possible for the smart card to authenticate the reader, i.e. to ascertain that it is an authorized reader. The authentication of the reader by the smart card is of the same type as the authentication of the smart card by the reader.
In carrying out this operation, by keying in his PIN code, the bearer performs two operations. A first operation, as stated here above, consists in showing that he is the true holder of the smart card. Secondly, the fact of keying in the right PIN code is legally considered to be an agreement to make payment.
Once these operations are performed, the payment message is constituted in its entirety. The payment message explicitly or implicitly comprises the following information: the tradesman's bank account number, the amount of the transaction, the customer's bank account number. It may comprise other pieces of information such as the date of the transaction, the nature of the transaction as well as an operation number giving an indication, for the terminal, of the number of operations processed during the day up to this last operation. This payment message is then sent in a telephone call, generally at night, to a payment center. In the payment center, the payment is made. The payment message is converted into a payment.
In certain cases, given the large amounts involved in the transactions, the payment message has to be authorized by a prior authorization from the payment center. In this case, a real-time connection is set up at the payment center during the period when the customer has keyed in his PIN code. During this connection, the amount available in the customer's account is verified or can be verified and can furthermore be reserved for payment of the concerned transaction. During these night telephone calls, or else these random calls requesting authorization, the memory of the payment terminal is updated with the communication of the numbers of blacklisted smart cards to this terminal. These cards may be blacklisted for example because their true owner has stopped their validity on detecting their theft.
This very complicated procedure therefore requires the distribution to tradesmen of a substantial set of means, payment terminals and regular telephone links. This distribution is a fairly lengthy operation. Consequently, certain tradesmen may lack such equipment. Furthermore, in certain cases, the payment cannot be made by smart card because, quite simply, the vending party is not a tradesman. For example, an ordinary private individual cannot obtain payment by smart card (with all the security entailed therein) for the sale of an article or service of any kind. In another field, that of mail-order sales, the tradesman himself is not physically present and even less so are his payment devices.
In an earlier French patent application FR 98 08717 filed on 3 Jul. 1998, a method was devised for making a third party, in this case a mobile telephony operator, carry out some of the operations referred to here above which are performed for example by a conventional payment terminal. This type of operation may entail the drawback, for the mobile telephony operator, of making him a party to the transaction. This service is no longer limited to the simple conveyance of speech data or computer data but to the performance of certain operations of verification, certification or authentication in which his responsibility is involved. Furthermore, by acting in this way, the fact that there are numerous mobile telephony operators means that he has to conclude contracts with each of them and, when the payment operation is launched, it means that the paying party has to choose the operator with whom the transaction will be made. The method described in this patent application furthermore leads to the need for the duplicating, in a control circuit of the mobile telephone, of secret type data elements of a bank smart card. A procedure of this kind may come provoke hesitation and reluctance.
In the present invention, this problem has been resolved by using a mobile telephone carried by a customer and provided, firstly, with a security control circuit, for example of the SIM (secure identification module) type and, secondly, an associated smart-card reader. The fact that the mobile telephone is held by the client does not means that the customer is necessarily its owner. It only means that the mobile telephone has been made available to this client at least temporarily for the payment phase.
Then, at the time of the transaction, a prepayment message is caused to be sent to a payment center. Instead of the customer's bank particulars and the result of the authentication and of the checking of his bearer code and instead of the procurement of his assent, the prepayment message sent by the tradesman comprises the mobile telephone number of the using customer.
Thus, the payment center makes contact, of its own accord and on its own responsibility, with this mobile telephone. When the link is set up, the mobile telephone obtains the execution, by the SIM security circuit, of the verification protocol normally performed by a payment terminal. As an alternative, the mobile telephone itself comprises a secure program to carry out this protocol. This secured program is not necessarily loaded or executed in the SIM circuit. Through this mode of action, the mobile telephone, during the telephone session, becomes a smart-card electronic payment terminal for a single specified operation. The invention then has the particular feature wherein the regular and unexpected updating of the temporary payment terminal thus constituted can be done in a simple way. Instead of sending a list of blacklisted smart cards, during the call, the mobile telephone sends the number of the smart card that is inserted into its reader. If this card is authorized, the sequence of normal operations of the terminal is undertaken by the smart-card reader of the mobile telephone.