DESCRIPTION

Technical field of the invention

The present invention generally relates to the field of the digital identity of a user of a mobile electronic device or of a personal computer.

More particularly, the present invention concerns a method and electronic system to enable a remote operation by using a secure point-to-point connection, such as for example a payment operation between two subjects.

Prior art

The authentication procedure in which the identity of a subject who has been identified in a previous identification step is verified is well known: in the authentication step it is verified in real time that the subject (using a smartphone or a personal computer) who wants to use a particular service is actually the one he/she has claimed to be in the previous identification step.

For example, the service can be to access a bank account, sign a contract remotely, or open a bank account.

The use of strong authentication procedures is known which use the combination of at least two factors of a different type to increase the level of security with which the subject is identified, in particular by using a factor known to the subject to be identified (for example, a password) and a factor associated to a physical object belonging to the user (for example, his/her face).

Digital payment systems such as for example PayPal, Amazon Pay, Apple Pay or Satispay are known, which have the advantage of allowing the payment for a good or service purchased online simply by clicking on a button indicating the payment by means of one of the systems indicated above, without requiring entering the data of a credit card and exploiting an account which was previously created by the user.

The Applicant has observed that the known payment systems have the following drawbacks: they do not ensure with sufficient certainty that the recipient of the payment is correct and/or that he/she is actually who he/she claims to be; they do not enable a cash payment with a sufficient level of security.

Brief summary of the invention The present invention concerns a method and electronic system to enable a remote operation by means of a point-to-point connection as defined in the appended claims 1 and 8 and by preferred embodiments thereof described in dependent claims 2 to 6 and 9-11 .

The Applicant has perceived that the method and electronic system to enable the remote operation in accordance with the present invention have the following advantages: they increase the certainty that the recipient of the remote operation (e.g. a payment) is correct and/or he/she is actually who he/she claims to be; they allow obtaining a medium-high level of security for a cash payment; they comply with EIDAS regulations (Electronic Identification Authentication and Signature), Ell Regulation no. 910/2014.

The basic idea is to generate a unique operation identifier which contains information indicative of the type of point-to-point connection operation (for example, a money payment command) between a first electronic device associated with a first subject and a second electronic device of a second subject (or between the first electronic device and a point of sale or a website of an online virtual shop) and also contains a user identifier, then to share said unique operation identifier between the first electronic device and the second electronic device (or to share it with the point of sale or with the website of the online virtual shop), therefore the digital identity of the subject who requested the payment is verified by means of the first electronic device, then the digital identity of the subject associated with the second electronic device is verified (or the identity of the point of sale/virtual shop website has been previously certified) by means of an authentication sub-system in order to establish a secure point-to-point connection between the first electronic device and the second electronic device (or between the first electronic device and the point of sale/website of the virtual shop).

It is also an object of the present invention a non-transitory computer-readable storage medium as defined in appended claim 7.

It is also an object of the present invention a computer program comprising software code portions adapted to perform the steps of the authentication method according to claims 1 -6, when said program is run on at least one computer.

Brief description of the drawings

Additional features and advantages of the invention will become more apparent from the description which follows of a preferred embodiment and the variants thereof, provided by way of example with reference to the appended drawings, in which: Figure 1 shows a block diagram of an electronic system to enable a payment by means of a point-to-point connection according to a first embodiment of the invention; Figure 2 shows in more detail a part of the electronic system of figure 1 ;

Figures 3A-3B show a trend over time of the messages exchanged between the various components of the electronic system to enable the payment according to the first embodiment of the invention;

Figure 4 shows a block diagram of an electronic system to enable a payment by means of a point-to-point connection based on a second embodiment of the invention; Figures 5A-5B show a trend over time of the messages exchanged between the various components of the electronic system to enable the payment based on the second embodiment of the invention.

Detailed description of the invention

It should be noted that in the description below, identical or similar blocks, components or modules, even if they appear in different embodiments of the invention, are indicated by the same numerical references in the figures.

For the purpose of explaining the invention, a money payment operation is taken into consideration in figures 1 and 3A-3B and the payment of a good or service is taken into consideration in figures 4 and 5A-5B, but more generally the invention can also be applied to other types of operations, such as for example for: enabling the transfer of a digital file containing important information; enabling the exchange of documents in digital format; enabling a protected communication channel between two connected users via a telecommunications network (e.g. Internet); activating a tracked communication between a user and a device loT.

With reference to figure 1 , it is shown an electronic system 1 to enable a payment of money by means of a point-to-point connection according to a first embodiment of the invention.

In particular, in Figures 1 and 3A-3B of the first embodiment, a payment that is a transfer of money between two subjects is considered, wherein the transfer of money is requested by a first subject 7-1 by means of a first electronic device 8-1 , while the payment is received by a second subject 7-2 to whom a second electronic device 8-2 belongs.

More generally, for example, the payment may be one of the following: a transfer of money between two subjects; a transfer of money between a subject and a point of sale, for example for the purchase of a good (for example, a food product) or service (for example, a medical examination, a financial product, a holiday); a transfer of money between a subject and a virtual shop, for the purchase of a good (for example, a book in digital format) or of a service (for example, a medical examination, a financial product, a holiday, a digital file to download containing important information).

The electronic system 1 comprises a first electronic device 8-1 , a second electronic device 8-2, a first authentication sub-system 10, a second message sharing sub-system 20, a first payment server device 9-1 and a second payment server device 9-2.

The authentication sub-system 10 comprises a plurality of electronic devices, which are connected by means of a medium-long distance telecommunications network, for example the Internet network using the TCP/IP protocol, with a client-server architecture and use of Web Services.

According to the first and second embodiments of the invention, the authentication sub-system 10 has the function of dynamically generating (by means of a server device 105 which will be illustrated below) a unique operation identifier that contains information indicative of the type of payment operation requested by the subject 7-1 and contains a user identifier identifying the users involved in the payment operation, i.e. the subjects 7- 1 and 7-2 in the case of a money transfer command between them or the subject 7-1 and a point of sale 108 in the case of a payment command for a good or service.

The term "dynamically generated unique operation identifier" means that the value of the operation identifier changes with each request for a new payment operation by the subject 7-1 .

The use of the unique operation identifier allows to make the payment operation tracked and verifiable, as the unique operation identifier is secure because it contains the recipient's information and therefore only the correct recipient will be able to be successfully identified, thus starting the type of operation required only in case that the recognition of the digital identity of both parties (i.e. the subject 7-1 and the subject 7-2) has been successfully performed, as will be explained in more detail below.

For example, the unique operation identifier is a unique code associated with a web link or contained in a bar code or a QR code, in which said code contains information indicative of the type of payment operation requested and contains the identifier of the users involved in the payment operation, such as for example a transfer of money between two subjects or the payment for the purchase of a good or service.

Advantageously, an asymmetric encryption (i.e. using a public and a private key) of the generated value of the operation identifier is performed to protect the operation identifier transmitted by the first electronic device 8-1 to the second electronic device 8- 2: in this way the encrypted value of the operation identifier is anonymous, i.e. the information contained in the operation identifier cannot be interpreted by a human being since they are not clear, while they can be interpreted by the second electronic device 8- 2 in which the decryption of the received operation identifier is performed (by means of a public key).

For example, in the case of entering the operation identification code within a website, the operation identification code is regenerated each time the web page is loaded, allowing a secure connection between the user and the service towards which the payment will be made.

Furthermore, according to the first and second embodiments, the authentication sub-system 10 has the further function of authenticating a subject 7-1 to whom the first electronic device 8-1 belongs, or of verifying the digital identity of the subject 7-1 , by means of a voice and/or facial and/or eye type biometric control.

Furthermore, according to the first embodiment, the authentication sub-system 10 has the further function of authenticating a subject 7-2 to whom the second electronic device 8-2 belongs, or of verifying the digital identity of the subject 7-2, by means of a voice and/or facial and/or eye biometric control.

In particular, in the first embodiment, the authentication sub-system 10 is configured to receive a message indicative of a request to generate a payment operation identifier, and is configured to generate a unique operation identifier containing information indicative of the type of payment operation and contains a user identifier identifying the subject 7-1 (who requested the payment) and the subject 7-2 (who receives the payment).

Furthermore, in the first embodiment, the authentication sub-system 10 is configured to transmit, towards the first electronic device 8-1 , a message carrying a value of said generated unique operation identifier.

Furthermore in the first embodiment the authentication sub-system 10 is configured to receive a request message requesting the verification a digital identity of the first subject 7-1 , therefore the authentication sub-system 10 is configured to perform a positive or negative verification of the digital identity of the first subject 7-1 .

For example, the digital identity of the first subject 7-1 is verified by means of the authentication sub-system 10 made as described in figure 2 illustrated below.

Furthermore, in the first embodiment, the authentication sub-system 10 is configured to transmit, towards the first electronic device 8-1 , a confirmation message confirming the positive verification of the digital identity of the first subject 7-1 , in case that the digital identity of the first subject 7-1 has been successfully verified; alternatively, the authentication sub-system 10 is configured to transmit, towards the first electronic device 8-1 , a message of negative verification of the digital identity of the first subject 7-1 , in case of a negative verification of the digital identity of the first subject 7-1 .

Furthermore in the first embodiment the authentication sub-system 10 is configured to receive a request message requesting the verification of the digital identity of the second subject 7-2, therefore the authentication sub-system 10 is configured to perform a positive or negative verification of the digital identity of the second subject 7-2.

For example, the digital identity of the second subject 7-2 is verified by means of the authentication sub-system 10 made as described in figure 2 illustrated below.

Furthermore, in the first embodiment, the authentication sub-system 10 is configured to transmit, towards the second electronic device 8-2, a confirmation message confirming the positive verification of the digital identity of the second subject 7-2, in case that the digital identity of the second subject 7-2 has been successfully verified; alternatively, the authentication sub-system 10 is configured to transmit, towards the second electronic device 8-2, a message of negative verification of the digital identity of the second subject 7-2, in case of a negative verification of the digital identity of the second subject 7-2.

The authentication sub-system 10 has the additional function of enabling the payment requested by the subject 7-1 .

In particular, in the first embodiment, the authentication sub-system 10 is configured to receive a request message requesting the authorisation of the payment operation, and is configured to generate an authorisation granted or denied to make said payment operation, respectively as a function of the positive or negative verification of the digital identity of the second subject 7-2.

Furthermore, in the first embodiment, the authentication sub-system 10 is configured to transmit, towards the first electronic device 8-1 and/or towards the second electronic device 8-2, a message indicative of a positive or negative confirmation to a point-to-point connection between the first electronic device 8-1 and the second electronic device 8-2, as a function respectively of the authorisation granted or denied to transfer money.

In the second embodiment, the authentication sub-system 10 is configured to receive a message carrying a value indicative of an amount of money associated with the payment of the good or service and is configured to generate an authorisation granted or denied to make said payment of the good or service, as a function respectively of a positive or negative verification of the digital identity of the first subject 7-1 .

Furthermore, in the second embodiment, the authentication sub-system 10 is configured to transmit, towards the first electronic device 8-1 , a message indicative of a positive or negative confirmation to a point-to-point connection between the first electronic device 8-1 and the point of sale 108, as a function respectively of an authorisation granted or denied to pay for the good or service.

The first electronic device 8-1 may be of the fixed type (e.g., a personal computer or totem) or of the mobile type (e.g., a smartphone, tablet, or laptop) and belongs to the subject 7-1 .

For the purposes of explaining the invention, it is considered below for simplicity’s sake that the first electronic device 8-1 is of the mobile type, in particular it is a smartphone on which a particular application is installed to perform a part of the method of the first, second and third embodiments of the invention.

The electronic device 8-1 comprises a loudspeaker, a microphone, a processing unit (e.g., a microprocessor), a medium-long distance signal transceiver (e.g., 2G/3G/4G/5G mobile radio-type wireless signals) and, preferably, a camera and a voice assistant 2-1 .

Preferably, the electronic device 8-1 comprises a voice assistant 2-1 which has the function of interpreting the language of the human being and of communicating with him.

The voice assistant 2-1 is a software application (i.e. a software program) run by means of the processing unit of the electronic device 8-1 , such as for example the Google Assistant application for smartphones or tablets using the Android operating system, or the Siri application for iPhone or iPad or the Cortana Voice Assistant for Personal computers with Windows operating system: in this case, the voice assistant 2-1 and the electronic device 8-1 are made as a single electronic component (for example, a smartphone or iPhone or a Personal computer).

Alternatively, the voice assistant can be made with a dedicated electronic device separate from the electronic device 8-1 , such as for example Google Home or Amazon Echo (or Echo dot) with Alexa.

In particular, in the first and second embodiments the first electronic device 8-1 is configured to transmit, towards the authentication system 10, a message indicative of a request to generate an identifier of a payment operation requested by a first subject 7-1 associated with the first electronic device 8-1 .

Furthermore, the first electronic device 8-1 is configured to receive a message carrying a value of a unique operation identifier that contains information indicative of the type of payment operation requested by the subject 7-1 and contains a user identifier identifying the subjects 7-1 and 7-2 involved in the payment operation, therefore the first electronic device 8-1 is configured to transmit, towards the authentication system 10, a request message requesting the verification of a digital identity of the first subject 7-1 .

Furthermore, the first electronic device 8-1 is configured to receive a confirmation message confirming the positive verification of the digital identity of the first subject 7-1 and is configured to generate a request to share the operation identifier with the second electronic device 8-2.

Furthermore, the first electronic device 8-1 is configured to transmit, towards the second electronic device 8-2, a message carrying a value of the operation identifier.

Finally, the first electronic device 8-1 is configured to receive a message indicative of a positive or negative confirmation to a point-to-point connection between the first electronic device 8-1 and the second electronic device 8-2.

The second electronic device 8-2 may be of the fixed type (e.g., a personal computer or totem) or of the mobile type (e.g., a smartphone, tablet, or laptop) and belongs to the subject 7-2.

The foregoing considerations relating to the first electronic device 8-1 are applicable analogously to the second electronic device 8-2, i.e. this comprises a loudspeaker, a microphone, a processing unit (e.g., a microprocessor), a medium-long distance signal transceiver (e.g., 2G/3G/4G/5G mobile radio-type wireless signals) and, preferably, a camera and a voice assistant 2-2.

For the purposes of explaining the invention, it is considered below for simplicity’s sake that the second electronic device 8-2 is of the mobile type, in particular it is a smartphone on which the particular application is installed to perform another part of the method according to the first embodiment of the invention.

In particular, in the first embodiment the second electronic device 8-2 is configured to receive the message carrying the value of the operation identifier and is configured to extract therefrom the information indicative of the type of payment operation (i.e. money transfer) and extract the value of the user identifier identifying the subjects 7-1 and 7-2, thus detecting that the payment operation (money transfer) was requested by the subject 7-1 (by means of the first electronic device 8-1 ) towards the subject 7-2.

Furthermore, in the first embodiment, the second electronic device 8-2 is configured to transmit, towards the authentication system 10, a request message requesting the verification of the digital identity of the second subject 7-2 associated with the second electronic device 8-2.

Furthermore, in the first embodiment, the second electronic device 8-2 is configured to receive a confirmation message confirming the positive verification of the digital identity of the second subject 7-2 and is configured to transmit, towards the authentication system 10, a request message requesting the authorisation of the payment operation.

Finally, the second electronic device 8-2 is configured to receive a message indicative of a positive or negative confirmation to a point-to-point connection between the first electronic device 8-1 and the second electronic device 8-2.

According to the first embodiment, the message sharing sub-system 20 is connected with the first electronic device 8-1 and with the second electronic device 8-2, by means of a medium-long distance telecommunications network (for example, the Internet network or a mobile radio network).

In the first embodiment, the message sharing sub-system 20 has the function of forwarding, from the first electronic device 8-1 to the second electronic device 8-2, a message carrying the unique operation identifier that contains a payment or money transfer command and contains a user identifier identifying the subjects 7-1 and 7-2 involved in the payment operation.

The message sharing sub-system 20 is thus separated from the authentication sub-system 10, i.e. is external thereto.

For example, the message sharing sub-system 20 is implemented with an e-mail message, a WhatsApp message, a short text message (SMS), or other message exchange systems. The first payment server device 9-1 is a payment gateway that is located at a bank or a financial institution managing payment systems and has the function of managing the payment requested by the first subject 7-1 ; in particular, the first payment server device 9-1 manages a bank account belonging to the first subject 7-1 .

The first payment server device 9-1 is therefore an electronic device comprising a medium-long distance signal transceiver for exchanging data with the authentication subsystem 10 and for directly exchanging data with the second payment server device 9-2.

The second payment server device 9-2 is a payment gateway that is located at a bank or a financial institution managing payment systems and has the function of managing the payment towards the second subject 7-2 (first embodiment) or the payment at the place where the point of sale 108 is located (second embodiment); in particular, the second payment server device 9-2 manages a bank account belonging to the second subject 7-2, or it manages a bank account that is associated with the point of sale 108.

The second payment server device 9-2 is therefore an electronic device comprising a medium-long distance signal transceiver for exchanging data with the authentication sub-system 10 and for directly exchanging data with the first payment server device 9-1 .

With reference to figure 2, the authentication sub-system 10 is shown in more detail.

The authentication sub-system 10 may be implemented, for example, as described in PCT patent application having filing number PCT/IB2021/055428 filed on 21 June 2021 in the name of the same Applicant.

In particular, the authentication sub-system 10 can be realized as illustrated in figure 3 or in figure 5 of the PCT patent application indicated above, using an operating server device 105, a first authentication server device 56, a second authentication server device 106, an electronic human language processor 3 and a paid service delivery application 4: by means of these devices the digital identity of the subjects 7-1 , 7-2 is verified using a voice (or voice/facial, or voice/facial/eye) type biometric authentication that makes the comparison between a sample voice profile (or a sample voice/facial profile, or a sample voice/facial profile + sample eye code) generated in real time and a reference voice profile (or a reference voice/facial profile, or a reference voice/facial profile + reference eye code) that has been previously stored under secure conditions in a profiling procedure, in which the reference voice profile (or the reference voice/facial profile, or the reference voice/facial profile + reference eye code) has been divided into two (or more) portions stored in the first and second authentication server devices 56, 106 (and in any additional authentication server devices).

In case that the authentication sub-system 10 is such as to authenticate the subject 7-1 by means of a biometric control, the subject 7-1 has been identified in a previous profiling procedure in a security condition, in which personal data of the subject has been acquired, such as for example his/her name, surname, telephone number, identity card and in which a reference voice profile (or the reference voice/facial profile, or the reference voice/facial profile + reference eye profile) of the subject 7-1 has been generated.

The term "reference voice profile" means a reference profile of the digital identity of the subject 7-1 associated with the reference digital audio track of the voice of the subject 7-1 , wherein said reference digital audio track has been previously acquired by the subject 7-1 and stored in a profiling procedure and under secure conditions, and wherein said reference voice profile has been stored in one or more devices of the enabling sub-system 10: the reference voice profile has therefore been previously verified and is considered reliable.

Advantageously, in addition to the voice signal of the subject 7-1 , in the profiling procedure one or more images representative of the face of the subject 7-1 are acquired, thus generating a "reference voice/facial profile" which is a combination of the reference digital audio track with biometric data associated with the face of the subject 7-1 , in which said reference voice/facial profile has been previously acquired and stored in the profiling procedure under secure conditions, and in which said reference voice/facial profile has been stored in one or more devices of the enabling sub-system 10; for example, in the profiling procedure a video recording is acquired in which at least the face of the subject 7-1 is framed and he/she pronounces aloud a defined phrase, thus generating the reference voice/facial profile.

The term "reference eye code" means a unique code that is generated as a function of at least one biometric parameter of the eyes of the subject 7-1 , by means of a suitable algorithm that takes as input one or more parameters associated with the eyes of the subject 7-1 , in which said reference eye code has been previously acquired and stored in the profiling procedure under secure conditions.

Thus, the term "reference voice/facial profile + reference eye code" means data associated with a combination of the reference digital audio track of the voice of the subject 7-1 , of biometric data associated with the face of the subject 7-1 , and of one or more biometric parameters of the eyes of the subject 7-1 (e.g., iris colour, sclera colour, corneal colour, eye diameter, distance of the pupil from the inner corner of the eye, distance of the pupil from the outer corner of the eye, eyebrow size and shape).

The term "sample voice profile" means a sample profile of the digital identity of the subject 7-1 associated with the sample digital audio track of the voice of the subject 7-1 , in which said sample digital audio track is generated by means of the conversion from analog to digital of the voice of the subject 7-1 acquired in real time (i.e. during the first payment enabling step which will be illustrated below) by means of the microphone integrated in the electronic device 8-1 .

The term "sample voice/facial profile" means data associated with a combination of the sample digital audio track of the voice of the subject 7-1 and of biometric data associated with the face of the subject 7-1 , the latter generated by means of an image of the face of the subject 7-1 acquired in real time (i.e. during the first payment enabling step which will be illustrated below) by means of a camera integrated into the electronic device 8-1.

The term "sample eye code" means a unique code that is generated in real time (i.e. during the first payment enabling step that will be illustrated below) as a function of at least one biometric parameter of the eyes of the subject 7-1 , by means of a suitable algorithm that takes as input one or more parameters associated with the eyes of the subject 7-1 .

Thus, the term "sample voice/facial profile + sample eye code" means data associated with a combination of the sample digital audio track of the voice of the subject 7-1 , of biometric data associated with the face of the subject 7-1 , and of one or more biometric parameters of the eyes of the subject 7-1 (e.g., iris colour, sclera colour, corneal colour, eye diameter, distance of the pupil from the inner corner of the eye, distance of the pupil from the outer corner of the eye, eyebrow size and shape).

For more details regarding the verification of the digital identity of a subject, please refer to patent application PCT/IB2021/055428, which is considered incorporated within the present disclosure.

For more details regarding the generation of a sample/reference eye code, please refer to Italian patent application no. 102021000011753 filed on May 7, 2021 in the name of the same Applicant, which is considered incorporated within the present disclosure. With reference to figures 3A-3B, it is shown a trend over time of the messages exchanged between the several components of the electronic payment enabling system 1 according to the first embodiment of the invention.

Figures 3A-3B thus show how the payment enabling method is implemented according to the first embodiment of the invention, by means of suitable software programs run on respective processing units of the first electronic device 8-1 , of the second electronic device 8-2, of the electronic devices forming the authentication subsystem 10 and of the electronic devices of the message sharing sub-system 20.

It can be observed that there are two steps over time: a first payment enabling step between the initial instant to and the instant t19, in which the identification of the subject 7-1 is performed by means of the verification of his/her digital identity, then a sharing of the unique operation identifier containing a money transfer command and a user identifier identifying the users involved in the payment operation is made, and finally the identification of the subject 7-2 is performed by means of the verification of his/her digital identity; a subsequent second step of actual payment comprised between the instant t20 and the instant t33, in which the transfer of money between a bank account of the subject 7-1 and a bank account of the subject 7-2 is performed.

In the first step, the authentication sub-system 10 has thus the function of managing the authentication of the subjects 7-1 , 7-2 and of generating the value of the operation identifier, while in the second step it has the additional function of managing the actual payment relating to the money transfer: therefore, the term "authentication and payment management sub-system 10" will be used later to indicate the double function performed by the sub-system 10.

For simplicity’s sake it is assumed that the electronic device 8-1 is a smartphone provided with an integrated front camera 2 and that the service requested is the transfer of a defined amount of money from the bank account of the subject 7-1 to the bank account of the subject 7-2.

It is also assumed that the message sharing sub-system 20 is implemented by means of the WhatsApp smartphone software application.

At the initial instant to the subject 7-1 starts a suitable software application on his/her smartphone 8-1 and begins the first payment enabling step: the processing unit of the smartphone 8-1 generates (for example after touching an icon represented on the touch screen of the smartphone 8-1 ) a request to generate an identifier of a money transfer command from the subject 7-1 to the subject 7-2.

Subsequently, the medium-long distance wireless transceiver of the smartphone 8-1 transmits, towards the authentication and payment management sub-system 10, a message carrying a request to generate the identifier of the money transfer command.

At the instant t1 (subsequent to tO) the authentication and payment management sub-system 10 receives said message of the request to generate the identifier of the money transfer command and a unique operation identifier is thus generated, by means of the server device 105 of the authentication and payment management sub-system 10, which contains information indicative of a money transfer command and contains a user identifier identifying the subjects 7-1 and 7-2 involved in the money transfer operation: the value of the generated operation identifier is thus stored in a memory associated with the server device 105, in which the memory can be internal to the server device 105 or can be connected externally thereto.

At the instant t2 (subsequent to t1 ) the authentication and payment management sub-system 10 transmits, towards the smartphone 8-1 , a message carrying the value of said generated operation identifier.

At the instant t3 (subsequent to t2) the smartphone transceiver 8-1 receives the message carrying the value of the operation identifier, therefore said message is forwarded to the processing unit of the smartphone 8-1 .

At the instant t4 (subsequent to t3) the processing unit of the smartphone 8-1 generates a request for verification of the digital identity of the subject 7-1 and forwards it to the wireless transceiver of the smartphone 8-1 , therefore the wireless transceiver of the smartphone 8-1 transmits, towards the authentication and payment management subsystem 10, a message indicative of a request for verification of the digital identity of the subject 7-1 .

At the instant t5 (subsequent to t4) the authentication and payment management sub-system 10 receives the message indicative of the request for verification of the digital identity of the subject 7-1 and a positive verification of the digital identity of the subject 7- 1 is performed by means of the authentication and payment management sub-system 10.

For example, the verification of the digital identity of the subject 7-1 is performed by controlling a voice biometric profile of the subject 7-1 , by performing a comparison between a sample voice profile of the subject 7-1 generated in real time and a reference voice profile of the subject 7-1 generated in a previous profiling step under secure conditions, wherein the reference voice profile has been stored in part in a memory associated with the server device 56 and in part in a memory associated with the server device 106, wherein said comparison can be made in the server device 105 or in the smartphone 8-1 , as described in detail respectively in figure 3 or figure 5 of the patent application PCT/IB2021/055428.

At the instant t6 (subsequent to t5) the authentication and payment management sub-system 10 transmits, towards the smartphone 8-1 , a confirmation message confirming the positive verification of the digital identity of the subject 7-1 .

At the instant t7 (subsequent to t6) the wireless transceiver of the smartphone 8-1 receives the confirmation message confirming the positive verification of the digital identity of the subject 7-1 , therefore said confirmation message is forwarded to the processing unit of the smartphone 8-1 .

At the instant t8 (subsequent to t7) the processing unit of the smartphone 8-1 generates a request to share with the second smartphone 8-2 (and therefore with the second subject 7-2) the operation identifier containing the money transfer command and the user identifier identifying the subjects 7-1 and 7-2, therefore at the instant t9 (subsequent to t8) the wireless transceiver of the smartphone 8-1 transmits, towards the second smartphone 8-2 through the message sharing sub-system 20, a WhatsApp message carrying the value of the operation identifier containing the money transfer command and the user identifier identifying the subjects 7-1 and 7-2.

At the instant t11 (subsequent to t9) the second smartphone 8-2 of the second subject 7-2 receives, by means of a medium-long distance wireless transceiver, the WhatsApp message that carries the value of the operation identifier containing the money transfer command and containing the user identifier identifying the subjects 7-1 and 7-2, therefore said WhatsApp message is forwarded to the processing unit of the smartphone 8-2.

Subsequently, the processing unit of the smartphone 8-2 decodes the value of the operation identifier by decrypting the operation identifier, therefore extracts therefrom the information indicating that it is the money transfer command and detects that the money transfer is from the subject 7-1 to the subject 7-2.

In other words, the processing unit of the smartphone 8-2 detects that the operation identifier has been transmitted from the smartphone 8-1 of the subject 7-1 (previously identified) to the smartphone 8-2 of the subject 7-2 (who has not yet been identified) and that the money transfer command is from the subject 7-1 towards the subject 8-2: in this way the smartphone 8-2 detects that the subject 7-1 has requested (by means of his/her smartphone 8-1 ) a money transfer to the subject 7-2 to whom the smartphone 8-2 belongs, that is, the request for money transfer towards the subject 7-1 has been associated with the subject 7-2.

Subsequently, the processing unit of the smartphone 8-2 generates a request for verification of the digital identity of the subject 7-2 and forwards said request to the wireless transceiver of the smartphone 8-2.

At the instant t12 (subsequent to t11 ) the wireless transceiver of the smartphone 8-2 transmits, towards the authentication and payment management sub-system 10, a message carrying said request for verification of the digital identity of the subject 7-2.

At the instant t13 (subsequent to t12) the authentication and payment management sub-system 10 receives the message carrying said request for verification of the digital identity of the subject 7-2 and a positive verification of the digital identity of the subject 7- 2 is performed by means of the authentication and payment management sub-system 10.

The verification of the digital identity of the subject 7-2 is performed similarly to that indicated above of the subject 7-1 , to which reference is made for more details.

At the instant t14 (subsequent to t13) the authentication and payment management sub-system 10 transmits, towards the smartphone 8-2, a confirmation message confirming the positive verification of the digital identity of the subject 7-2.

At the instant t15 (subsequent to t14) the wireless transceiver of the smartphone 8-2 receives the message indicative of the confirmation of the positive verification of the digital identity of the subject 7-2, therefore said message is forwarded to the processing unit of the smartphone 8-2.

Subsequently, the processing unit of the smartphone 8-2 generates a request for authorisation to transfer money from the subject 7-1 to the subject 7-2 and forwards said authorisation request to the wireless transceiver of the smartphone 8-2.

Subsequently, the wireless transceiver of the smartphone 8-2 transmits, towards the authentication and payment management sub-system 10, a request message requesting an authorisation to transfer money from the subject 7-1 to the subject 7-2.

At the instant t16 (subsequent to t15), the authentication and payment management sub-system 10 receives the message carrying said request for authorisation to transfer money and the authorisation is granted to transfer money between the subject 7-1 previously identified and the subject 7-2 also previously identified: in fact, a secure point-to-point connection has been successfully established between the first smartphone 8-1 of the subject 7-1 and the second smartphone 8-2 of the subject 7-2, since both the digital identity of the subject 7-1 and the digital identity of the subject 7-2 have been previously successfully verified, and moreover the subject 7-2 has actually certified his/her identity and confirmed that he/she is the person authorised to receive the money transfer.

At the instant t17 (subsequent to t16) the authentication and payment management sub-system 10 transmits, towards the smartphone 8-1 and towards the smartphone 8-2, a respective message indicative of a positive confirmation to a point-to-point connection between the smartphone 8-1 and the smartphone 8-2, which are therefore connected directly to each other in a secure manner.

At the instant t18 (subsequent to t17) the smartphone 8-1 receives said message indicative of the positive confirmation to the point-to-point connection and similarly at the instant t19 (subsequent to t17) the smartphone 8-2 receives said message indicative of the positive confirmation to the point-to-point connection.

At the instant t20 the second step begins, in which the transfer of money is performed by means of the control performed by the authentication and payment management sub-system 10.

In particular, at the instant t20, the payment authentication and management subsystem 10 (which in the first payment enabling step received the information relating to the type of money transfer operation between the subject 7-1 and the subject 7-2 and successfully performed the verification of the digital identity of the two subjects 7-1 , 7-2) transmits, towards the second payment server device 9-2, a message indicative of a request for information of the bank account of the subject 7-2.

At the instant t21 (subsequent to t20) the transceiver of the second payment server device 9-2 receives said message indicative of the request for information on the bank account of the subject 7-2 and forwards the message to the processing unit of the second payment server device 9-2, therefore the processing unit of the second payment server device 9-2 receives data indicative of the bank account of the subject 7-2, such as for example the number of his/her bank account; subsequently the processing unit of the second payment server device 9-2 forwards the data indicative of the bank account of the subject 7-2 to the transceiver of the second payment server device 9-2, which transmits (towards the authentication and payment management sub-system 10) a message carrying said data indicative of the bank account of the subject 7-2. At the instant t23 (subsequent to t21 ) the authentication and payment management sub-system 10 receives the message carrying said data indicative of the bank account of the subject 7-2, thus at the instant t24 (subsequent to t23) the authentication and payment management sub-system 10 transmits, from the server device 105 towards the first payment server device 9-1 , a message indicative of a request for transfer of money from the bank account of the subject 7-1 to the bank account of the subject 7-2, wherein said message also comprises the data indicative of the bank account of the subject 7-2.

At the instant t25 (subsequent to t24) the transceiver of the first payment server device 9-1 receives the message indicative of the money transfer request and forwards said message to the processing unit of the first payment server device 9-1 , therefore the processing unit of the first payment server device 9-1 receives the data indicative of the bank account of the subject 7-1 .

Subsequently, the processing unit of the first payment server device 9-1 forwards the data indicative of the bank account of the subject 7-1 to the transceiver, which transmits (towards the second payment server device 9-2) a message carrying said data indicative of the bank account of the subject 7-1 .

At the instant t27 (subsequent to t25) the transceiver of the second payment server device 9-2 receives said message carrying the data indicative of the bank account of the subject 7-1 , which are forwarded to the processing unit of the second payment server device 9-2.

Subsequently, the processing unit of the second payment server device 9-2 generates a message indicative of a confirmation of an occurred money transfer from the bank account of the subject 7-1 to the bank account of the subject 7-2 and forwards said message to the transceiver of the second payment server device 9-2, which transmits towards the first payment server device 9-1 said message indicative of a confirmation of an occurred money transfer.

At the instant t29 (subsequent to t27) the transceiver of the first payment server device 9-1 receives said message indicative of the confirmation of occurred money transfer, therefore said message is forwarded towards the authentication and payment management sub-system 10.

At the instant t30 (subsequent to t29) the authentication and payment management sub-system 10 receives said message indicative of the confirmation of occurred money transfer, thus at the instant t31 (subsequent to t30) the authentication and payment management sub-system 10 transmits, towards the smartphone 8-1 and towards the smartphone 8-2, a respective message indicative of a confirmation of occurred money transfer.

At the instant t32 (subsequent to t31 ) the smartphone 8-1 receives said message indicative of the confirmation of occurred money transfer and similarly at the instant t33 (subsequent to t31 ) the smartphone 8-2 receives said message indicative of the confirmation of occurred money transfer.

It should be noted that in figure 3A it has been shown that first the recognition of the identity of the subject 7-1 has been performed and subsequently the generation and sharing of the operation identifier are performed, but the opposite is also possible, that is, first the generation and sharing of the operation identifier are performed and subsequently the recognition of the identity of the subject 7-1 is performed.

With reference to Figure 4, it is shown an electronic system 101 to enable a payment of money by means of a point-to-point connection based on a second embodiment of the invention.

In the second embodiment, the subject 7-1 makes a payment for a good at a point of sale 108, again using a point-to-point connection with the point of sale.

The term "point of sale" 108 refers to a station (for example, a cash register) at a physical place (for example, a shop, a supermarket) where there are products for sale (for example, food products) that can be purchased by the subject 7-1 who goes to the point of sale 108, by making the payment at a cash register inside the point of sale 108 through a cashier 107 or by means of an automated cash register that does not require the presence of the cashier.

The electronic payment enabling system 101 of the second embodiment of figure 4 therefore differs from the electronic payment enabling system 1 of the first embodiment of figure 1 in that there is a point of sale 108 in place of the second electronic device 8-2 and in that there is a cashier 107 in place of the second subject 7-2.

Furthermore, the electronic payment authorisation system 101 differs from the electronic payment authorisation system 1 in that the identity of the point of sale 108 has been successfully verified in a registration step prior to that in which the payment operation is performed by the subject 7-1 , therefore during the first payment enabling step the verification of the digital identity of the point of sale 108 that is believed to be reliable is not performed and the generated operation identifier is thus used to identify the identity of the subject 7-1 and to associate a payment request therewith. The second payment server device 109 of the second embodiment has a function similar to the second payment server device 9-2 of the first embodiment, i.e. the second payment server device 109 is a payment gateway that is located at a bank or a financial institution managing payment systems and has the function of managing the payment towards the second point of sale 108; in particular, the second payment server device 109 manages a bank account belonging to the point of sale 108.

The point of sale 108 is provided with a suitable reader or with a software application capable of acquiring (for example with an optical scan) a graphic or textual representation containing the operation identifier that contains the command for the payment of a good or service and contains the user identifier identifying the subject 7-1 and the point of sale 108, in which the graphic representation containing the identifier is for example a bar code or a QR code (Quick Response).

In particular, in the second embodiment, the first electronic device 8-1 is configured to receive the confirmation message and generate therefrom a request to share the operation identifier with a point of sale 108, is configured to display, on its screen, data that contain the operation identifier containing the payment command and the user identifier identifying the subject 7-1 and the point of sale 108, and is configured to receive a message indicative of a positive or negative confirmation to a point-to-point connection between the first electronic device 8-1 and the point of sale 108.

Furthermore, in the second embodiment, the point of sale 108 is configured to acquire, by means of an optical reader, said displayed data containing the operation identifier that contains the payment command and the user identifier, is configured to extract from the displayed data the value of the operation identifier and detect that the payment was requested from the first subject 7-1 towards the point of sale 108, and is configured to transmit, towards the authentication and payment management sub-system 10, a message carrying a value indicative of an amount of money associated with the payment of the good or service.

Furthermore, in the second embodiment, the authentication and payment management sub-system 10 is configured to receive said message and generate therefrom an authorisation granted to make said payment of the good or service, and is configured to transmit, towards the first electronic device 8-1 , a message indicative of a positive confirmation to a point-to-point connection between the first electronic device 8- 1 and the point of sale 108. With reference to Figures 5A-5B, it is shown a trend over time of the messages exchanged between the several components of the electronic payment enabling system 101 based on the second embodiment of the invention.

Figures 5A-5B therefore show how the payment enabling method is implemented based on the second embodiment of the invention.

It can be observed that there are two steps over time: a first payment enabling step comprised between the initial instant to and the instant t119, in which the identification of the subject 7-1 is performed by means of the verification of his/her digital identity and a generation and sharing of the operation identifier containing a money payment command and containing a user identifier identifying the users involved in the payment operation, i.e. the subject 7-1 and the point of sale 108, are performed; a subsequent second step of actual payment comprised between the instant t200 and the instant t303, in which the payment of money of a good or service is made.

The operation between the instants to and t8 of figure 5A is the same as that illustrated above for figure 3A, with the difference that data in graphic or textual form containing an operation identifier containing a money payment command (instead of the money transfer command) and containing a user identifier identifying the subject 7-1 and the point of sale 108 (instead of the subjects 7-1 and 7-2) are generated and displayed on the screen of the smartphone 8-1 .

It is assumed that the data displayed (containing the operation identifier of the money payment command and the user identifier) are represented with a bar code, that the point of sale 108 is a cash register of a grocery shop in which there is a cashier 107 provided with an optical bar code reader and that the subject 7-1 wants to pay for a food product at the cash register 108.

At the instant t109 (subsequent to t8), data (for example, a bar code) that contain the operation identifier containing the money payment command and the user identifier identifying the subject 7-1 and the point of sale 108 are displayed on the screen of the smartphone 8-1 .

At the instant t110 (subsequent to t109) the cashier 107 scans the bar code displayed on the screen by means of an optical reader connected with the cash register 108, therefore the bar code containing the operation identifier is acquired, the value of the operation identifier containing the money payment command and containing the user identifier identifying the subject 7-1 and the point of sale 108 is extracted therefrom (by means of an optical reader or cash register processing unit). It is thus detected (by scanning the bar code) that the operation identifier was transmitted by the smartphone 8- 1 of the subject 7-1 and that the payment command is from the subject 7-1 towards the point of sale 108: in this way the cash register 108 detects that the subject 7-1 requested (by means of his/her smartphone 8-1 ) a payment of money towards the cash register 108, that is, the request for payment towards the point of sale 108 was associated with the subject 7-1 .

At the instant t114 (subsequent to t110), the cash register 108 transmits, towards the payment authentication and management sub-system 10, a message carrying a value indicative of the amount of money associated with the payment for a good or service requested by the subject 7-1 , which in the case considered is the payment for a food product.

At the instant t116 (subsequent to t114), the payment authentication and management sub-system 10 receives the message carrying said value indicative of the amount of money associated with the requested payment and the authorisation to pay for the good or service is granted, which in the case considered is the payment for a food product: in fact, a secure point-to-point connection has been successfully established between the smartphone 8-1 of the subject 7-1 and the cash register 108, since the digital identity of the subject 7-1 has been previously successfully verified and moreover the payment request has been previously associated with the subject 7-1 of the smartphone 8-1.

At the instant t117 (subsequent to t116), the payment authentication and management sub-system 10 transmits, towards the smartphone 8-1 and towards the cash register 108, a respective message indicative of a positive confirmation to a point- to-point connection between the smartphone 8-1 and the cash register 108, which are therefore connected directly to each other in a secure manner.

At the instant t118 (subsequent to t117) the smartphone 8-1 receives said message indicative of the positive confirmation to the point-to-point connection and similarly at the instant t119 (subsequent to t117) the cash register 108 receives said message indicative of the positive confirmation to the point-to-point connection.

The operation of the second step between the instants t200 and t303 of figure 5B is similar to that illustrated above between the instants t20 and t33 of figure 3B, with the difference that there is the cash register 108 in place of the second smartphone 8-2 and that the second payment server device 9-2 is the bank in which a bank account of the shop in which the cash register 108 is located has been opened.

Advantageously, an asymmetric encryption of the generated value of the operation identifier is performed to protect the operation identifier displayed on the screen of the electronic device 8-1 : in this way the encrypted value of the operation identifier is anonymous, that is, the information contained in the operation identifier cannot be interpreted by a human being observing the screen of the electronic device 8-1 since they are not clear, while they can be interpreted by the optical reader and/or by the point of sale 108 in which the decryption of the acquired operation identifier is performed (by means of a public key).

According to a third embodiment of the invention (not shown in the figures), the point of sale 108 is replaced by a website of an e-commerce online virtual shop to which the subject 7-1 connects, using his/her electronic device 8-1 .

The identity of the virtual shop has been successfully verified in a registration step prior to that in which the online payment operation is performed by the subject 7-1 , therefore during the first payment enabling step the verification of the digital identity of the virtual shop that is believed to be reliable is not performed and therefore the generated operation identifier is used to identify the identity only of the subject 7-1 and to associate with him/her the online payment request.

In this case, the second embodiment is modified so that at the instant t109 the medium-long distance transceiver of the electronic device 8-1 transmits, towards the website of the virtual shop, a data packet (for example, on an Internet network with TCP/IP protocol) that carries the operation identifier containing the payment command for a good or service requested by the subject 7-1 and contains the user identifier identifying the first subject 7-1 and the website.

At the instant t110 the website of the virtual shop receives said data packet, extracts (from the data packet) the value of the operation identifier and then extracts (from the value of the operation identifier) the payment command for a good or service and the user identifier identifying the first subject 7-1 and the website.

At the instant t114, the website of the virtual shop transmits, towards the authentication and payment management sub-system 10, a data packet carrying a value indicative of the amount of money associated with the requested payment for the good or service. The operation from the instant t116 continues similarly to what is illustrated above for the second embodiment.