Method and system for secure entry of identification data for the authentication of a transaction being performed by means of a self- service terminal

The invention claimed is: 1. A method for secure entry of identification data (PIN) for the authentication of a transaction which is performed by a self-service terminal (ATM), comprising the following steps: corresponding, with a secure server that is a first network-side unit, to a first data set comprising first elements from which the identification data (PIN) are derived, a second set of data with second elements is generated, each of the second elements is unambiguously assigned to one of the first elements, whereby from the second elements such input data (PIN) can be generated which represents a bijection of the identification data (PIN); wherein the first elements are selected from the values 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 of a numerical keypad and the second elements are selected from A, B, C, D, E, F, G, H, I, J of a predetermined scheme; the unambiguous assignment of the second elements to the first elements is communicated by the secure server over the network-side to the self-service terminal (ATM), is displayed on a monitor (DISP) that is physically connected to the self-service terminal (ATM), and is not communicated out of the network-side; wherein the assignment of the second data set to the first data set is generated by a pseudo-random assignment of the second elements to the first elements before any execution of a new transaction; displaying at a user terminal (MD) that is physically separated from the self-service terminal (ATM), is not a network-side unit, and that is assigned with a user (CSM) of the self-service terminal (ATM), the second elements but not the first elements whereby the assignment remains deposited only on the network-side; entering the input data (#PIN) represented only by second elements by the user (CSM) at the user terminal (MD); and the input data (#PIN), by means of an application program (MBA), transmitting to one or more computerized units (SRV; PINSRV) connected to the self-service terminal (ATM), wherein said units manage the unambiguous assignment of the second elements to the first elements and perform the authentication of said transaction. 2. The method of claim 1 , wherein the user terminal is a smart phone (MD), comprising a touch screen, wherein the second elements are displayed on the touch screen, and wherein the input data (#PIN) are entered on the touch screen by the user (CSM). 3. The method of claim 1 , wherein the user terminal (MD) comprises a camera and that for checking whether or not the user terminal (MD) is in a vicinity of the self-service terminal (ATM), a graphical code is displayed on the screen (DISP); wherein the graphical code is captured, and scanned, by the camera of the user terminal (MD); and wherein characteristics of the detected graphic codes are transmitted from the user terminal (MD) to one or more of the computerized units (SRV; PINSRV) that are connected to the self-service terminal (ATM) and that manage the characteristics of graphic codes and perform the authentication of the transaction. 4. A system for authenticating and executing a transaction at a self-service terminal (ATM) of the system, wherein for authenticating the transaction by a secure entry of identification data (PIN), the system comprises one or more computerized units (SRV; PINSRV) connected to the self-service terminal (ATM), and comprising the following system components: a first computerized unit (PINSRV) configured, in correspondence to a first data set comprising first elements from which the identification data (PIN) are derived, to generate a second set of data with second elements, each of which is unambiguously assigned to one of the first elements, whereby, from the second elements such input data (#PIN) can be generated, which represent a bijection of the identification data (PIN); wherein the first elements are selected from the values 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 of a numerical keypad and the second elements are selected from A, B, C, D, E, F, G, H, I, J of a predetermined scheme; wherein the assignment of the second data set to the first data set is generated by a pseudo-random assignment of the second elements to the first elements before any execution of a new transaction; a monitor (DISP) structurally connected to the self-service terminal (ATM) and configured to display the unambiguous assignment of the second elements to the first elements, wherein the first computerized unit (PINSRV) and the self-service terminal (ATM) are network-side units and the unambiguous assignment is retained only on the network-side; a user terminal (MD) structurally separated from the self-service terminal (ATM) and isolated from the network-side, and assigned to a user (CSM) of the self-service terminal (ATM) and configured to display the second elements and not the first element thus to allow the user (CSM) to enter the input data (#PIN) at the user terminal (MD); and wherein an application program (MBA) that is implemented on the user terminal (MD) is configured to transmit over a mobile network distinct from the network-side the input data (#PIN) to a second computerized unit (SRV) that performs the authentication of the transaction, and wherein the first computerized unit (PINSRV) is configured to manage the unambiguous assignment of the second elements to the first elements. 5. The system of claim 4 , wherein the user terminal is a mobile user terminal or a smart phone (MD), comprising a touch panel or touch screen and being configured to display the second elements according to a predetermined scheme, at the touch screen to allow the user (CSM) to enter the input data (#PIN) on the touch screen instead of entering the identification data (PIN). 6. The system of claim 4 , wherein the user terminal (MD) comprises a camera and in that, for checking whether the user terminal (MD) is located in the vicinity of the self-service terminal (ATM), the monitor (DISP) of the self-service terminal (ATM) being configured to display a graphical code in that the camera of the user terminal (MD) being configured to capture the graphic code; and the user terminal (MD) is configured to transmit characteristics of the detected graphic codes to one or more of the computerized units (SRV; PINSRV) that are connected to the self-service terminal (ATM) and that is configured to perform the authentication of the transaction and manage the characteristics of graphic codes.