FR3084502A1 - SECURING TRANSACTIONS - Google Patents

Abstract

The invention relates to a system (S1) comprising separate smart cards (2a, 2b), each one comprising: a connection module for establishing a wireless connection (CN) with each other smart card; a verification module to verify that a wireless connection is established or has been previously established with at least one other smart card; a processing module (MU6) configured so that if a wireless connection (CN) is established or has been previously established with said at least one other smart card, the processing module processes a transaction in progress in a normal mode ( MD1) and, if not, the processing module processes the transaction in progress in a secure mode (MD2) in which at least one additional security action is applied compared to the normal mode.

Description

Invention background

The invention relates to the field of transaction processing by electronic devices and relates more particularly to the securing of transactions, in particular of payment transactions, carried out by a smart card.

In a known manner, the holder of a bank card can use his card to carry out bank transactions, such as payment transactions for example, in association with a bank account.

In general, a bank card (payment card, debit card, etc.) is designed to cooperate with a device external to this card, otherwise called terminal or reader, to carry out a bank transaction such as a transaction of payment. To do this, the bank card can be configured to communicate with the external terminal (automatic teller machine (ATM), or payment terminal, for example) by contact, using external contacts placed on the card for this purpose. , and / or in contactless mode, using a radio frequency antenna integrated in the card.

The EMV standard (for "Europay Mastercard Visa") is the standardized protocol used today mainly in the world to secure payment transactions made by smart cards. The EMV protocol was designed to reduce the risk of fraud during a payment transaction by allowing authentication of both the smart card and its holder. This authentication process uses a combination of cryptograms (or encrypted keys) and digital signatures and possibly requires the entry of a secret code (commonly called PIN code) by the card holder.

Depending on the type of card used, the situation, or even the amount considered, an EMV card can work online or offline. In online mode, an EMV card communicates, via the reader, with the corresponding issuing entity (the bank that issued the card, for example) in order to verify in particular that the transaction in progress is legitimate. On the other hand, if the EMV card operates in offline mode, it can apply pre-recorded verification criteria to decide whether the transaction should be authorized or refused.

The completion of a transaction online makes it possible in particular to implement security mechanisms making it possible to identify risky situations and to trigger an appropriate security response. The smart card issuer can for example detect abnormal behavior during an online transaction and decline the transaction or trigger additional verification checks.

In addition, in order to secure remote banking transactions (purchase on a website, for example), certain bank cards are now configured to generate and display on a screen with which they are equipped, a dynamic security code (called DCW) , also called dynamic cryptogram, which changes during the life of the card. The computer processing system of the financial service of the transaction (of the card issuer) is able to check the validity of this dynamic security code DCW, depending for example on a time parameter, to validate or not the transaction . The use of such a dynamic security code makes it possible to ensure that the user actually has in his possession the bank card concerned at the time of the transaction. If stolen, the dynamic security code has limited utility since the validity of this code is only temporary.

Despite the current security mechanisms mentioned above, bank cards and their holders remain vulnerable to attack and malicious behavior. With the exception of certain specific cases, it is not possible today to effectively protect a user against fraudulent use of his bank card when it is stolen from him. If a third party steals a bank card, he can for example use the dynamic DCW cryptogram generated by the card to carry out remote payment transactions. Similarly, nothing protects a user today when a malicious third party steals the bank card and the associated PIN code.

There is therefore today a need for a security mechanism making it possible to effectively protect smart cards, and in particular bank cards (in particular of EMV type), against theft and fraudulent acts.

Subject and summary of the invention

To this end, the present invention relates to a system comprising a plurality of separate smart cards, each smart card being configured to carry out payment transactions and comprising:

- a connection module configured to establish a wireless connection with each other smart card;

a verification module configured, upon detection of a predefined event, to verify that a wireless connection is established or has been previously established with at least one other smart card from said plurality of smart cards;

- a processing module configured so that:

o if a wireless connection is established or has not been previously established with said at least one other smart card, said processing module processes a payment transaction in progress according to a normal mode; and o if no wireless connection is established or has not been previously established with said at least one other smart card, said processing module processes the current payment transaction in a secure mode, according to which at least one action additional security is applied compared to normal mode.

The present invention thus makes it possible to secure the operation of each smart card in the system. A user can, for example, carry a first smart card with him (in a pocket, his jacket, etc.) and a second smart card in a bag or suitcase that he keeps nearby (Le. A few meters maximum). When the user wishes to use one of these smart cards, it works either in normal mode or in secure mode, depending on whether a wireless connection is possible or not between the two smart cards in the system.

The ability of smart cards to establish a wireless connection together depends in particular on the distance between them. Thus, if a criminal steals one of the smart cards in the system, the stolen card can no longer connect to the other smart card in the system, which means that the stolen card is configured in secure mode, thus significantly limiting the use that can be made of it by the perpetrator.

According to the secure mode, the stolen smart card implements one or more securing actions in order, for example, to secure a transaction in progress (a payment transaction for example). The perpetrator therefore has only a limited time to use the card, whether to make a remote payment by generating a dynamic DCW code or by making a payment by contact or without contact (in the case in particular where the perpetrator has also stole the PIN code from the card). Insofar as fraudulent uses generally occur after a certain lapse of time from the theft of a card, the legitimate owner is therefore effectively protected against fraudulent use of his cards.

According to a particular embodiment, said predefined event corresponds to the reception of an instruction in response to the actuation of an actuator of said smart card or corresponds to the detection of the initiation of the current payment transaction .

According to a particular embodiment, each wireless communication is of the BLE (for Bluetooth Low Energy) or Zigbee type.

According to a particular embodiment, the connection module is configured, when establishing a wireless connection with another smart card, to authenticate said other smart card.

According to a particular embodiment, the connection module is configured to periodically establish said wireless connection with each other smart card;

wherein the verification module is configured to determine that a wireless connection has been previously established with another smart card among said plurality of 15 smart cards if a time has elapsed between a most recent old connection with said other smart card puce, and a current instant, is greater than or equal to a predetermined threshold duration.

According to a particular embodiment, the processing module is configured so that, according to the secure mode, at least one of the following additional securing actions is carried out:

- the processing module rejects the current transaction;

the processing module blocks the display of a dynamic cryptogram on a screen of said smart card;

the processing module refuses the current payment transaction if the amount of said transaction exceeds a first predefined threshold value;

the processing module refuses the current payment transaction if a cumulative amount of previous transactions carried out by said smart card exceeds a second predefined threshold value;

the processing module refuses the current payment transaction if a number of transactions carried out by said smart card since the establishment of a previous wireless connection with said at least one other smart card exceeds a third predefined value; and

- the processing module accepts the current payment transaction only if a biometric verification to authenticate a user is successfully carried out by said smart card.

According to a particular embodiment, said plurality of smart cards is a pair composed of a first smart card and a second smart card, the verification module of each smart card being configured, upon detection of a predefined event, to verify that a wireless connection is established or has been previously established with said other smart card; and in which the processing module of each smart card is configured so that:

o if a wireless connection is established or has been previously established with the other smart card, said processing module processes a payment transaction in progress according to the normal mode; and o if no wireless connection is established or has been previously established with said other smart card, said processing module processes the current payment transaction according to the secure mode.

According to a particular embodiment, each smart card of said plurality of smart cards is an EMV card, the current payment transaction being of the EMV type.

According to a particular embodiment,

According to a particular embodiment,

According to one embodiment, the invention is implemented by means of software and / or hardware components. In this context, the term "module" can correspond in this document to a software component, a hardware component or a set of hardware and software components.

A software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or of software capable of implementing a function or a set of functions, as described below for the module concerned.

In the same way, a hardware component corresponds to any element of a hardware assembly (or hardware) capable of implementing a function or a set of functions, according to what is described below for the module concerned. It can be a programmable hardware component or with an integrated processor for running software, for example an integrated circuit, etc.

The invention also relates to a corresponding treatment method. In particular, the invention relates to a processing method implemented by a system comprising a plurality of separate smart cards, each smart card being configured to carry out payment transactions and comprising a connection module configured to establish a connection. wirelessly with each other smart card, the method comprising:

- Verification, upon detection of a predefined event, that a wireless connection is established or has been previously established with at least one other smart card among said plurality of smart cards;

- processing of a payment transaction in progress, including:

o if a wireless connection is established or has been previously established with said at least one other smart card, processing of the current payment transaction in a normal mode; and if no wireless connection is established or has previously been established with said at least one other smart card, processing of the current payment transaction in a secure mode, according to which at least one security action additional is applied compared to normal mode.

It will be noted that the various embodiments mentioned above in relation to the system of the invention as well as the associated advantages apply in a similar manner to the treatment method of the invention.

According to a particular embodiment, each wireless communication is of the BLE or Zigbee type.

In a particular embodiment, the different steps of the processing method are determined by instructions from computer programs.

Consequently, the invention also relates to a computer program on an information medium, this program being capable of being implemented in at least one device such as a smart card, this program comprising instructions adapted to the implementation of the steps of a treatment method as defined in this document.

The invention also relates to a recording medium (or information medium) readable by a computer, and comprising instructions of a computer program as mentioned in this document.

The computer programs mentioned in this document can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other desirable form.

In addition, the recording media mentioned in this document can be any entity or device capable of storing the program. For example, the support may include a storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or else a magnetic recording means, for example a floppy disc or a disc. hard.

On the other hand, the recording media can correspond to a transmissible medium such as an electrical or optical signal, which can be routed via an electrical or optical cable, by radio or by other means. The program according to the invention can in particular be downloaded from a network of the Internet type.

Alternatively, the recording media can correspond to an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.

The invention also relates individually to each smart card of the system of the invention. Thus, the invention relates in particular to a smart card, called the first smart card, configured to carry out payment transactions, said first smart card 20 comprising:

- a connection module configured to establish a wireless connection with at least one other smart card;

- a verification module configured, upon detection of a predefined event, to verify that a wireless connection is established or has been previously established with said at least one other smart card;

- a processing module configured so that:

o if a wireless connection is established or has been previously established with said at least one other smart card, said processing module processes a payment transaction in progress according to a normal mode; and o if no wireless connection is established or has not been previously established with said at least one other smart card, said processing module processes the current payment transaction in a secure mode, according to which at least one action additional security is applied compared to normal mode.

The invention also relates to a corresponding processing method. More particularly, (The invention relates to a processing method, implemented by a smart card, called first smart card, configured to carry out payment transactions and comprising a connection module configured to establish a wireless connection with at least another smart card, the method comprising:

verification, upon detection of a predefined event, that a wireless connection is established or has been previously established with said at least one other smart card;

- processing of a payment transaction in progress, including:

o if a wireless connection is established or has been previously established with said at least one other smart card, processing of the current payment transaction in a normal mode; and o if no wireless connection is established or has previously been established with said at least one other smart card, processing of the current payment transaction 15 according to a secure mode, according to which at least one security action additional is applied compared to normal mode.

The various embodiments described above apply by analogy to said first smart card, and to the processing method implemented by this 20 · first smart card, as defined above.

Brief description of the drawings

Other characteristics and advantages of the present invention will emerge from the description given below, with reference to the appended drawings which illustrate exemplary embodiments thereof without any limiting character. In the figures:

FIG. 1 schematically represents a system comprising two smart cards, according to a particular embodiment of the invention;

- Figure 2 schematically shows the structure of a smart card of the system shown in Figure 1, according to a particular embodiment of the invention;

- Figure 3 is a diagram schematically representing the steps of a processing method according to a particular embodiment of the invention;

- Figure 4 is a diagram schematically representing the steps of a processing method according to a particular embodiment of the invention;

- Figure 5 is a diagram schematically representing the steps of a processing method according to a particular embodiment of the invention; and

- Figure 6 shows schematically a system comprising three smart cards, according to a particular embodiment of the invention.

Detailed description of several embodiments

As indicated above, the invention relates to securing transactions carried out by an electronic device such as a smart card and relates in particular to securing payment transactions, of the EMV type for example.

The invention proposes to secure transactions, in particular banking transactions (payment for example), by coupling together at least two smart cards, this coupling (or pairing) being used to prevent malicious use of each of these cards. The number of smart cards in the system can be adapted as appropriate.

The invention, according to different embodiments, thus implements a system comprising at least two smart cards configured to carry out each of the transactions (payment transactions for example). Each smart card is capable of establishing a wireless connection with the other smart card (s) in the system. This connection (or pairing) can be, for example, of the BLE (for Bluetooth Low Energy) or Zigbee type. Each smart card in the system can be configured as follows: when said smart card, known as the first smart card, detects that a wireless connection is established (or has been previously established) with the other smart card (s) of the system, it operates in normal mode to process a transaction in progress. If, on the other hand, no wireless connection is established (or has not been previously established) with the other chip card (s) in the system, the first chip card operates in secure mode.

According to the secure mode, the first smart card processes a transaction more securely than in normal mode, by applying (performing) at least one additional security action compared to normal mode. Various security actions can be envisaged as explained below (rejection of the transaction, additional verifications of the biometric or other type, application of a threshold value concerning the number of connectionless transactions, the cumulative amount of connectionless transactions, etc. ).

Each smart card in the system therefore works reciprocally (or reversibly), in the sense that they can each check whether there is a wireless pairing with at least one other smart card in the system in order to configure accordingly the way which it operates, ie either in normal mode or in secure mode. In the absence of coupling with another smart card (or smart cards) of the system, a smart card can thus implement one or more additional security actions compared to the normal mode, in order to limit the security risks, especially when processing a transaction in progress.

The invention also relates to a smart card belonging to such a system, as well as the corresponding processing methods implemented by the system of the invention and implemented individually by each smart card of the invention.

Other aspects and advantages of the present invention will emerge from the exemplary embodiments described below with reference to the drawings mentioned above.

In this document, examples of implementation of the invention are described in the context of securing payment transactions (of the EMV type for example) implemented by a plurality of smart cards belonging to the same system. It is understood that the invention also applies more generally to other types of transaction, in particular financial or banking transactions, such as direct debit, transfer or debit transactions. The invention can be applied to other types of transactions such as authentication transactions for example.

Chip cards, other than bank cards, can also be used to carry out any transactions in the context of the invention. In addition, the invention can also be implemented in electronic devices (smartphone, tablet, PC, etc.), other than smart cards, and belonging to the same system.

Unless otherwise indicated, the elements common or analogous to several figures bear the same reference signs and have identical or analogous characteristics, so that these common elements are generally not described again for the sake of simplicity.

FIG. 1 schematically represents the structure of an SI system comprising a plurality of smart cards, namely: two smart cards denoted 2a and 2b in this example. The two smart cards 2a, 2b are in this example bank cards, that is to say smart cards configured to carry out banking (or financial) transactions, such as payment transactions for example. It is subsequently assumed that these are payment transactions according to the EMV protocol.

As described in more detail below, the smart cards 2a and 2b have an identical general structure, although variants are possible.

As described in more detail later, the SI system can comprise, according to a variant, 3 separate smart cards (or more), in accordance with the invention.

In this example, the smart card 2a comprises the following elements: a first processor 6a, a second processor 8a, external contacts 10a, a rewritable nonvolatile memory 12a, a first radiofrequency (RF) antenna 14a, a second RF antenna 16a, a display (screen) 18a and an actuator 20a. According to a particular example, the smart card 2a comprises the external contacts 10a and / or the second RF antenna 16a, either of which may be absent as the case may be.

The first processor 6a is configured to process transactions, such as EMV type payment transactions in this example. The first processor 6a can use the external contacts 10a to communicate by contact with the outside of the smart card 10a. As shown in FIG. 1, the smart card 10a is for example configured to cooperate with an external terminal T by using the external contacts 10a. In this example, the terminal T is a payment terminal, the latter being used for example by a merchant in a point of sale. This terminal T is capable of interacting according to the EMV protocol with the smart card 10a and, if necessary, of sending transaction data to the bank issuer IS of the card 10a when a payment transaction is carried out in line.

The first smart card 2a in this example complies with ISO standard 7816, although other implementations are possible.

The first processor 6a can also be configured to communicate in contactless mode with the terminal T using the RF antenna 16a. In this example, the RF antennas 14a and 16a are separate although it is possible, according to a variant, that these two antennas form a single RF antenna (ATI and AT2 are then identical).

Contact cooperation and contactless cooperation, between a smart card and an appropriate external reader, are known per se and will not be developed further in this document for the sake of simplicity.

The second processor 8a is configured to establish a wireless connection CN through the RF antenna 14a with the outside of the smart card 6a, and more precisely with the second smart card 2b in this example. This CN connection constitutes a coupling, or pairing, between the smart cards 2a and 2b.

In this example, this CN wireless connection is of BLE type (for "Bluetooth Low Energy", also called Bluetooth Smart), although other wireless communication technologies are possible such as conventional Bluetooth, Zigbee or proprietary technologies for example. Establishing a CN wireless connection, of the BLE type for example, is possible between the smart cards 10a and 10b if these cards are located close to each other, i.e. a few meters maximum in this case. BLE technology is particularly suitable in that it saves the energy expended by smart cards 2a and 2b to couple together. The type of communication is however adaptable depending on the case.

The rewritable non-volatile memory 12a constitutes a recording medium (or information medium) conforming to a particular embodiment, readable by the smart card 10a (and more particularly by the processors 6a and 8a), and on which is recorded a computer program PG1 according to a particular embodiment. This computer program PG1 includes instructions for the execution of the steps of a processing method according to particular embodiments described below.

In this example, the memory 12a also includes personal data (or personalization data) DTla specific to the smart card 2a and to its user. DTla personal data can include the PAN number (for “Permanent Account Number”), the expiration date, and possibly a static CW cryptogram when such a cryptogram is used (which is not the case in the example shown in Figure 1 because the smart card 2a generates dynamic DCW cryptograms). This personal data can be used by the smart card 2a to implement a payment transaction.

In the example considered here, the smart card 2a can process an ongoing payment transaction in different ways. According to a first example, the smart card 2a can cooperate with the terminal T to carry out a payment transaction, in contact mode or in contactless mode. According to another example, when a user wishes for example to remotely make a payment on a website, the smart card 2a is content to generate and display a dynamic code DCW on its screen 18a under the control of the processor 6a which is in in charge of processing transactions.

According to a particular example, the processors 6a and 8a form a single processor.

Furthermore, in the example considered here, the smart card 2a comprises the display 18a for displaying dynamic DCW cryptograms. The generation and display of a dynamic DCW cryptogram can be triggered upon detection of a predefined event, such as the actuation of the actuator 20a or, in other words, upon receipt of an instruction in response to the actuation of the actuator 20a. This actuator 20a, with which the smart card 2a is fitted, can be actuated by any user and can correspond, for example, to a mechanical or touch button. Alternative embodiments are however possible in which the smart card 2a is devoid of the actuator 20a (case of a card with a static CW cryptogram, for example).

According to a variant, no display is present, the smart card 2a then being provided with a static CW cryptogram which appears on the card.

As already indicated, the second smart card 2b has a structure identical to the first smart card 2a. Thus the information presented in this document with reference to the first smart card 2a, in particular in relation to FIG. 1, applies in a similar way to the second smart card 2b.

More specifically, as shown in FIG. 1, the smart card 2b comprises the following elements: a first processor 6b analogous to the processor 6a, a second processor 8b analogous to the second processor 8b, external contacts 10b analogous to the external contacts 10a, a memory non-volatile rewritable 12b analogous to memory 12a, RF antennas 14b and 16b analogous respectively to antennas 14a and 16a, and a display (screen) 18b analogous to display 18a. According to a particular example, the smart card 2b comprises the external contacts 10b and / or the second RF antenna 16b, either of which may be absent as the case may be.

In this example, the second smart card 2b comprises in its memory 12b a computer program PG2 similar to the computer program PG1.

In this example, the second smart card 2b includes in its memory 12b personal data (or personalization data) DTlb. As with DTla data, DTlb personal data may include the PAN number (for “Permanent Account Number”) and the expiration date of the smart card 2b, as well as possibly a CW static cryptogram when such cryptogram is used. This personal data can be used by the smart card 2b to implement a payment transaction.

The personal data DTlb of the smart card 2b can be identical or different from the personal data DTla of the smart card 2a. In other words, the smart cards 2a and 2b can be clone cards (embedding identical personal data), or can be twin cards (embedding different personal data) in the sense that they can cooperate together according to the invention but are not identical (for example, they are not associated with the same bank account and therefore have different PAN numbers).

It will be understood that certain elements generally present in a chip card, and more particularly in a bank card, have been deliberately omitted from this document because they are not necessary for the understanding of the present invention.

It will further be understood that the smart cards 2a and 2b shown in FIG. 1 constitute only one example of embodiment, other implementations being possible within the framework of the invention. Those skilled in the art will understand in particular that certain elements of the smart cards 2a and 2b are described here only to facilitate the understanding of the invention with reference to a particular example, these elements not being necessary to implement [Invention.

The processors 6a and 8a controlled by the computer program PG1, collectively implement (or possibly only one of the processors 6a and 6b implements) a certain number of modules represented in FIG. 2, namely: a 20 MU2 connection module, MU4 verification module and processing module

MU6.

The connection module MU2 is configured to establish a wireless connection with each other smart card of the system SI, namely, with the second smart card 2b in this example. As already indicated, the wireless connection is of the BLE type in this example.

The verification module MU4 is configured to verify whether there is a wireless CN connection between the first smart card 2a and the second smart card 2b. In other words, the verification module MU4 is configured to verify that a wireless connection is established with at least one other smart card of the system SI, namely, with the second smart card 2b in this example. According to a particular example, the verification module MU4 is configured to verify that a wireless connection has been previously established with the other smart card 2b of the system SI, for example within a predefined period of time. According to a particular example, the verification module MU4 is configured to verify that a wireless connection is established or has been previously established with the other smart card 2b of the system SI.

The verification module MU4 can be configured to carry out the verification indicated above on detection of a predefined event, such as for example the detection of the initiation of a transaction (a payment transaction for example) or even the reception an instruction for example in response to actuation of actuator 20a.

The processing module MU6 is configured to operate the first card 2a, either according to a first processing mode called “normal mode” (denoted MD1 thereafter), or according to a second processing mode known as “secure mode” (denoted MD2 thereafter).

More specifically, the MU6 processing module is configured so that:

- if a wireless connection is established (or, if applicable, has been previously established) with the other smart card 2b, the processing module MU6 processes a payment transaction in progress according to the normal mode; and

- if no wireless connection is established (or, where applicable, has not been previously established) with the other smart card 2b, the processing module MU6 processes the current payment transaction according to the secure mode, in which at least one additional security action is applied compared to the normal mode.

In other words, if a wireless connection with the other smart card 2b is detected by the verification module MU4, the processing module MU6 processes a payment transaction in progress according to the normal mode, and otherwise, according to the secure mode.

The operation of the MU2-MU6 modules of the smart card 2a will appear more precisely in the embodiments described below with reference to FIGS. 36. It will be understood that the MU2-MU6 modules as represented in FIG. 2 represent only one example of non-limiting implementation of the invention.

According to the example envisaged here, the second smart card 2b (FIG. 1) is configured to execute modules analogous to the modules MU2, MU4 and MU6 (FIG. 2), so that the latter are not described in more detail for the sake of concern. of simplicity.

A particular embodiment is now described with reference to Figure 3. More specifically, the smart cards 2a and 2b shown in Figures 1-2 each implement a processing method by executing the computer programs PG1 and PG 2.

It is considered in this example that the smart card 2a detects (S2) a predefined EVT event. In response to this EVT event, the smart card 2a proceeds to step S4 of verification. This EVT event can correspond, for example, to the reception of an instruction in response to the actuation of the actuator 20a of the smart card 2a, or even to the detection of the initiation of a payment transaction In progress.

During the verification step S4, the smart card 2a verifies that a wireless connection CN is established with the other smart card 2b of the system SI. In this case, the first smart card 2a can be configured to communicate with the second smart card 2b during the verification step S4 in order to determine whether a CN coupling can be established between the smart cards 2a and 2b ( coupling attempt during step S4 of verification).

According to another example, the smart card 2a checks in S4 that a wireless connection CN has been previously established with the other smart card 2b of the system SI. In this case, the smart cards 2a and 2b may possibly have established a CN connection together, 15 at the initiation of one or the other of the smart cards 2a and 2b, before carrying out the verification step S4 .

According to another example, the smart card 2a checks in S4 that a wireless connection CN is established or has been previously established (for example in a predetermined period of time) with the other card 2b of the system SI.

As already indicated, the CN wireless connection shown in FIG. 1 constitutes a coupling (or pairing) between the first card 2a and the second card 2b. This coupling can be achieved by BLE or Zigbee technology for example, other examples being possible. This coupling is only possible if the smart cards 2a and 2b are within communication range from each other, that is to say if the smart cards 2a and 2b are close enough together. on the other to communicate together without contact using their RF antennas 14a and 14b. During this CN coupling, the first smart card 2a can authenticate the second smart card 2b by executing an appropriate authentication technique, the latter implying for example the use of cryptographic dice previously stored in the memory of the smart cards. bullet 2a and 2b. In a particular example, this CN coupling includes mutual authentication of the smart cards 2a and 2b.

According to a particular example, the first smart card 2a performs, before the verification step S4 or during the verification step S4, an attempt to establish a connection CN with the second smart card 2b. This CN connection can succeed or fail depending in particular on the distance which separates the smart cards 2a and 2b during this attempt. If these cards are out of range because they are too far from each other, the connection attempt fails.

If the first smart card 2a detects in S4 that a wireless connection CN is established (or, if necessary, has been previously established) with the other smart card 2b, the method proceeds to step S6. Otherwise (no CN wireless connection), the method proceeds to step S8.

During step S6, the smart card 2a operates in normal mode denoted MD1. According to a particular example, the smart card 2a then processes a payment transaction in progress in accordance with the normal mode MD1.

During step S8, the smart card 2b operates in secure mode denoted MD2. This MD2 mode is characterized in that it is more secure than the normal MD1 mode. The smart card 2a then processes a payment transaction in progress according to the secure mode MD2. In a particular example, the smart card 2a performs, according to this secure mode MD2, at least one additional security action compared to the processing in normal mode MD1, to secure the current payment transaction. The security action (s) applied in secure MD2 mode may vary depending on the case.

According to the secure mode MD2, at least one of the following additional security actions is for example carried out by the first smart card 2a:

- the MU6 processing module rejects the current payment transaction;

the processing module MU6 blocks the display of a dynamic cryptogram DCW on the screen 18a of the smart card 2a (which in itself constitutes secure processing of a payment transaction in progress);

the processing module MU6 refuses the current payment transaction if the amount of said transaction exceeds a first predefined threshold value VI;

the processing module MU6 refuses the current payment transaction if a cumulative amount of previous transactions carried out by the first smart card 2a exceeds a second predefined threshold value V2;

- the processing module MU6 refuses the current payment transaction if a number of transactions carried out by the first smart card 2a since the establishment of a previous wireless connection (i.e. the most recent last connection recent) with the other smart card 2b exceeds a third predefined value V3; and

- the processing module MU6 accepts the current payment transaction only if a biometric verification to authenticate a user is successfully carried out by the first smart card 2a. In the latter case, the first smart card 2a uses for example an on-board biometric sensor (not shown) to acquire a biometric signature (fingerprint, retinal imprint, etc.) of a user.

As already indicated, it is assumed here that the current payment transaction is of the EMV type, although other examples are possible.

It should be noted that the operation of the smart cards 2a and 2b is reversible (or reciprocal). In other words, the smart cards 2a and 2b are interchangeable in their interactions, in the sense that the first smart card 2a can play the role of the second smart card 2b, and vice versa. Each card in the SI system is configured to perform steps S4-S8 upon detection (S2) of a predefined EVT event.

The present invention thus makes it possible to secure the operation of each smart card 2a and 2b of the SI system. A user can for example carry his first smart card 2a on his person (in a pocket, his jacket, etc.) and the second smart card 2b in a bag or suitcase which he keeps nearby (Le. A few meters maximum ). When the user wishes to use one of these smart cards 2a, 2b, it works either in normal mode MD1, or in secure mode MD2, depending on whether or not a CN wireless connection is possible between the cards bullet 2a, 2b. The ability of smart cards 2a and 2b to establish a CN wireless connection together is a function in particular of the distance between them. Thus, if a criminal steals one of the smart cards 2a-2b, the stolen card can no longer connect to the other smart card of the SI system, which means that the stolen card is configured in mode secure MD2, thus significantly limiting the use that can be made of it by the perpetrator. As already indicated, according to the secure mode MD2, the stolen smart card implements one or more securing actions in order, for example, to secure a transaction in progress (a payment transaction for example). The perpetrator therefore has only a limited time to use the card, whether to make a remote payment by generating a dynamic DCW code or by making a payment by contact or without contact (in the case in particular where the perpetrator has also stole the PIN code from the card). Insofar as fraudulent uses generally occur after a certain lapse of time from the theft of a card, the legitimate owner is therefore effectively protected against fraudulent use of his cards.

In the case for example where the smart card 2a is stolen, the other smart card 2b is also configured in secure mode MD2. According to a particular example, this other card can be configured to switch back to normal mode MD1 in response to a secure instruction from the user or from the IS transmitter, for example on detection of a code or of a transmitted dice. via a card man / machine interface or via an appropriate terminal capable of configuring the card.

Particular examples of implementation of the invention are now described below.

A particular embodiment is now described with reference to FIG. 4. More specifically, the smart cards 2a and 2b shown in FIGS. 1-2 each implement a processing method by executing the computer programs PG1 and PG 2.

It is considered in this example that the smart cards 2a, 2b periodically establish (S20) a connection without CN between them. This CN connection can be initiated either always by one of these cards, or in turn (once in two, for example), or randomly on the initiative of any of the cards. The smart cards 2a and 2b establish (S20) for example a CN wireless coupling every n minutes (n being equal to 5, 10 or 30 minutes for example).

During each CN coupling, the smart cards 2a, 2b can authenticate each other by using, for example, respective cryptographic keys K1, K2. This authentication allows each smart card to ensure that the coupling is carried out with the other smart card of the IS system.

It is assumed that the first smart card 2a detects in S22 an event EVT1 corresponding here to the actuation of the actuator 20a (FIG. 1).

In response to this event EVT1, the smart card 2a determines (S24) the time DR which has elapsed between an instant tl, during which the last wireless connection CN has been made with the second smart card 2b (ie the most recent CN connection), and a current instant t2. To do this, each smart card in the SI system can be configured to trigger an internal clock each time a CN wireless connection is established with the other smart card in the SI system.

During step S24, if the smart card 2a detects that this duration DR = t2 - tl exceeds a predetermined threshold duration DRT, the method continues at step S26, Otherwise, the method continues at step S28.

In other words, the smart card, 2a determines in S24 that a wireless connection CN has been previously established with the other smart card 2b of the system SI if a time DR elapsed between an old most recent connection (at an instant tl) with the other smart card 2b, and a current instant t2, is greater than or equal to a predetermined DRT threshold duration 5.

During step S26, the smart card 2a operates according to the normal mode MD1 as already explained with reference to step S6 (FIG. 3). The smart card 2a can thus process a payment transaction in progress according to the normal mode MD1, for example by generating then displaying a dynamic cryptogram DCW, or even, by cooperating 10 with the external terminal T (FIG. 1) to implement a payment transaction according to the EMV protocol.

On the other hand, during step S28, the smart card 2a operates according to the secure mode MD2 as already explained with reference to step S8 (FIG. 3). The smart card 2a can thus process a payment transaction in progress according to the secure mode MD2, 15 by performing at least one additional security action compared to the normal mode MD1, as already described above. If it is detected (S24) that the DR duration exceeds the predetermined DRT threshold duration, this means that the authentication of the user has failed and that a significant security risk is detected. The implementation of the secure mode MD2 therefore makes it possible to limit the security risks.

A particular embodiment is now described with reference to FIG. 5. More specifically, the smart cards 2a and 2b shown in FIGS. 1-2 each implement a processing method by executing the computer programs PG1 and PG 2.

It is considered in this example that each smart card 2a, 2b is configured to establish a wireless connection CN with the other smart card of the system SI on detection of an event EVT2.

For example, it is considered that the smart card 2a detects (S40) a predefined EVT2 event, corresponding for example to one of the EVT (S2, FIG. 3) or EVT1 (S22, FIG. 4) events previously described.

In response to this EVT2 event, the smart card 2a attempts to establish a wireless connection CN with the other smart card 2b of the SI system.

During a verification step S44, the smart card 2a determines whether a wireless CN connection has been able to be established between the smart cards 2a and 2b at the end of the connecting step S42.

SU is detected (S44) that the connection attempt S42 has been successful, the process continues at step S46, during which the smart card 2a operates in normal mode MD1 as already described previously with reference to steps S6 (figure 3) and S26 (Figure 4).

If, on the other hand, it is detected (S44) that the connection attempt S42 has failed, the method continues at step S48, during which the smart card 2a operates in secure mode MD2 as already described previously with reference in steps S8 (Figure 3) and S28 (Figure 4).

The smart card 2a thus processes a payment transaction in progress, either according to the normal mode MD1 if a wireless connection CN has been established (S42) with the other smart card 2b, or according to the secure mode MD2 if no CN wireless connection could be established (S42) with the other smart card 2b.

In the embodiments described above, the invention is described in the context of an SI system composed of a pair of smart cards 2a and 2b. However, as indicated above, the invention applies more generally to a system comprising at least two separate chip cards capable of establishing CN wireless connections in pairs to implement the processing method of the invention.

According to a particular embodiment represented in FIG. 6, a system S2 analogous to the system SI comprises 3 smart cards 2a, 2b and 2c, each of these cards 20 presenting the structure and the configuration of the smart cards 2a and 2, such as previously described with reference to Figures 1-5.

Each smart card in the S2 system is configured to establish (or at least attempt to establish) a wireless CN connection with each other smart card in the S2 system, similar to steps S20 (FIG. 4) and S42 (FIG. 5). According to an example, if any smart card of the system S2 detects that a wireless connection CN has been established with all the other smart cards of the system S2, then it operates in the normal mode MD1, and if not, it operates in MD2 secure mode. According to another example, if any smart card of the system S2 detects that a wireless connection CN has been established with at least one other smart card CN of the system S2, then it operates in the normal mode MD1, and otherwise, it operates in MD2 secure mode.

The principle of the invention can thus be generalized to a system of x smart cards, x being an integer greater than or equal to 2:

- if a CN wireless connection is detected with at least y other smart cards in the system, then the normal mode MD1 is activated (y being a configurable integer between 1 and x);

- otherwise, the secure mode MD2 is activated.

For example, x = 3 and y = 2.

A person skilled in the art will understand that the embodiments and variants described above only constitute nonlimiting examples of implementation of the invention. In particular, a person skilled in the art can envisage any adaptation or combination of the embodiments and variants described above in order to meet a very specific need.

Claims (12)

5 1. System (SI; S 2) comprising a plurality of separate smart cards (2a, 2b, 2c), each smart card being configured to carry out payment transactions and comprising: - a connection module (MU2) configured to establish a wireless connection (CN) with each other smart card; 10 - a verification module (MU4) configured, upon detection of a predefined event (EVT), to verify that a wireless connection is established or has been previously established with at least one other smart card among said plurality of cards smart; - a processing module (MU6) configured so that: O if a wireless connection (CN) is established or has been previously established with said at least one other smart card, said processing module processes a payment transaction in progress according to a normal mode (MD1); and o if no wireless connection (CN) is established or has not been previously 20 established with said at least one other smart card, said processing module processes the current payment transaction according to a secure mode (MD2), according to which at least one additional security action is applied compared to the normal mode. 2. The system as claimed in claim 1, in which said predefined event corresponds to the reception of an instruction in response to the actuation of an actuator of said smart card or corresponds to the detection of the initiation of the transaction. Payment in progress. 30 3. The system of claim 1 or 2, wherein each wireless communication is of the BLE or Zigbee type. 4. System according to any one of claims 1 to 3, in which the connection module is configured, when establishing a wireless connection (CN) with another smart card, to authenticate said other card to chip. 5. System according to any one of claims 1 to 4, in which the connection module is configured to periodically establish a said wireless connection with each other smart card in which the verification module is configured to determine that a wireless connection has been previously established with another smart card among said plurality of 10 smart cards if an elapsed time (DR) between a most recent old connection with said other smart card, and a current instant, is greater than or equal to a predetermined threshold duration (DRT). 6. System according to any one of claims 1 to 5, in which the processing module is configured so that, according to the secure mode, one of the following additional securing actions is carried out: - the processing module (MU6) rejects the transaction in progress; - the processing module (MU6) blocks the display of a dynamic cryptogram on a screen of said smart card; 20 - the processing module (MU6) refuses the current payment transaction if the amount of said transaction exceeds a first predefined threshold value; - the processing module (MU6) refuses the current payment transaction if a cumulative amount of previous transactions carried out by said smart card exceeds a second predefined threshold value; 25 - the processing module (MU6) refuses the current payment transaction if a number of transactions carried out by said smart card since the establishment of a previous wireless connection with said at least one other smart card exceeds a third preset value; and - the processing module (MU6) only accepts the current payment transaction 30 if a biometric verification to authenticate a user is successfully carried out by said smart card. 7. System according to any one of claims 1 to 6, wherein said plurality of smart cards is a pair composed of a first smart card (2a) and a second smart card (2b), the module verifying each smart card being configured, upon detection of a predefined event, to verify that a wireless connection is established or has been previously established with said other smart card; and in which the processing module of each smart card is configured so that: o if a wireless connection is established or has been previously established with the other smart card, said processing module processes a payment transaction in progress according to the normal mode; and if no wireless connection is established or has been previously established with said other smart card, said processing module processes the current payment transaction according to the secure mode. 8. System according to any one of claims 1 to 7, in which each smart card of said plurality of smart cards is an EMV card, the payment transaction 15 in progress being of EMV type. 9. Processing method implemented by a system (SI; S2) comprising a plurality of separate smart cards (2a, 2b, 2c), each smart card being configured to carry out payment transactions and comprising a connection module (MU2) 20 configured to establish a wireless connection with each other smart card, the method comprising: - Verification (S4), upon detection of a predefined event (EVT), that a wireless connection (CN) is established or has been previously established with at least one other smart card among said plurality of smart cards; 25 - processing of a payment transaction in progress, including: o if a wireless connection (CN) is established or has been previously established with said at least one other smart card, processing (S6) of the current payment transaction in a normal mode (MD1); and if no wireless connection (SN) is established or has previously been established with said at least one other smart card, processing (S8) of the current payment transaction in a secure mode (MD2) , according to which at least one additional security action is applied compared to the normal mode. 10. The method of claim 9, wherein each wireless communication is of the BLE or Zigbee type. 11. Computer program (PG1, PG2) comprising instructions for executing the steps of a processing method according to claim 9 or 10 when said program is executed by a computer. 12. Recording medium readable by a computer on which a computer program (PG1, PG2) is recorded comprising instructions for the execution of the 10 steps of a treatment method according to claim 9 or 10.