Method for securing contactless transactions

1 . A method for securing a transaction of a contactless service, said service ( 11 ) being stored in a mobile terminal ( 10 ), said transaction involving the mobile terminal, a contactless reader ( 12 ) and a remote server ( 13 ), said server storing at least one sensitive piece of data and/or function of the service necessary for the execution of the transaction, said terminal comprising a security module ( 14 ), said method being characterized in that the terminal also stores a contactless security application ( 15 ) and in that it comprises the following steps, executed by the mobile terminal: a first value (α) for determining a session key is received (E 41 ) by the security application from the contactless reader, a second value for determining a session key (β) and a first one-time password (OTPin) calculated by the server by means of a secret key (K s ) shared with the security element are received (E 49 ) from the server, said first one-time password being sent (E 51 ) to the security module, the second value for determining a session key, and an authentication message (MAC) for authenticating at least the first one-time password, are sent (E 58 ) to the contactless reader, said authentication message being intended to be verified by the reader and said first and second determination values being used by the server and by the reader to calculate (E 50 , E 61 ) a session key (K sess ), said key being intended to be used to secure the exchanges between the reader and the server. 2 . The method for securing a transaction as claimed in claim 1 , comprising a step of obtaining (E 56 ) an authentication status from the security module, said status being obtained by comparing the first one-time password with a second one-time password calculated by the security module by means of the secret key shared with the server, the status being positive if the first and second one-time passwords are identical, the status also being used by the security element for calculating the authentication message. 3 . The method for securing a transaction as claimed in claim 1 , further comprising a step of receiving from the reader, and retransmitting to the server, a secret value (Val) obtained by encrypting the authentication message and the authentication status by means of the session key. 4 . The method for securing a transaction as claimed in claim 1 , further comprising the following steps: receiving (E 49 ) from the server a first signature calculated on the basis of at least one identifier of the security element and a signature key belonging to the server, sending (E 58 ) said signature to the reader, receiving (E 62 ) from the reader, and retransmitting (E 63 ) to the server, a second signature calculated on the basis of at least the identifier of the security module and a signature key belonging to the server. 5 . The method for securing a transaction as claimed in claim 1 , wherein the one-time password is calculated by encrypting, by means of a secret key (K s ) shared by the security element and the server, a counter which is incremented at each session. 6 . The method for securing a transaction as claimed in claim 1 , comprising, if the exchanges between the reader and the server are encrypted by means of the session key, the following steps: receiving from the reader an information message belonging to the service and intended for a user of the terminal, said message having been sent from the server to the reader, sending said message to the service, said message being displayed on a user interface of the terminal. 7 . The method for securing a transaction as claimed in claim 1 , comprising, when the exchanges between the reader and the server have been encrypted by means of the session key, the following steps: receiving from the service a piece of data input by the user, said piece of data having been requested by the server, sending the input piece of data to the contactless reader, said input piece of data being intended for transmission to the server. 8 . A mobile terminal adapted for securing a transaction of a contactless service, said terminal storing said contactless service, said transaction involving the mobile terminal, a contactless reader ( 12 ) and a remote server ( 13 ), said server storing at least one sensitive piece of data and/or function of the service necessary for the execution of the transaction, said terminal comprising a security module ( 14 ), said terminal being characterized in that it stores a security application ( 15 ) and in that it further comprises: first receiving means ( 105 ), arranged to receive a first value (α) for determining a session key from the contactless reader, second receiving means ( 106 ), arranged to receive from the server a second value for determining a session key (β) and a first one-time password (OTPin) calculated by the server by means of a secret key (K s ) shared with the security element, sending means ( 107 ), arranged to send to the contactless reader the second value for determining a session key and an authentication message (MAC) for authenticating at least the first one-time password, said authentication message being intended to be verified by the server and said first and second determination values being used by the server and by the reader to calculate a session key (K sess ), said key being intended to be used to secure the exchanges between the reader and the server. 9 . A system for securing a transaction of a contactless service, comprising a mobile terminal adapted for securing a transaction of a contactless service, said terminal storing said contactless service, said transaction involving the mobile terminal, a contactless reader ( 12 ) and a remote server ( 13 ), said server storing at least one sensitive piece of data and/or function of the service necessary for the execution of the transaction, said terminal comprising a security module ( 14 ), said terminal being characterized in that it stores a security application ( 15 ) and in that the mobile terminal further comprises: first receiving means ( 105 ), arranged to receive a first value (α) for determining a session key from the contactless reader, second receiving means ( 106 ), arranged to receive from the server a second value for determining a session key (β) and a first one-time password (OTPin) calculated by the server by means of a secret key (K s ) shared with the security element, first sending means ( 107 ), arranged to send to the contactless reader the second value for determining a session key and an authentication message (MAC) for authenticating at least the first one-time password, said authentication message being intended to be verified by the server and said first and second determination values being used by the server and by the reader to calculate a session key (K sess ) said key being intended to be used to secure the exchanges between the reader and the server; and the system further comprises: a contactless reader ( 12 ) adapted for communicating with the security application of the mobile terminal, and comprising: second sending means arranged to send the first value for determining the session key to the security application, third receiving means arranged to receive the second value for determining the session key, means for calculating the session key, arranged to calculate the session key on the basis of the first and second values for determining the session key, a remote server ( 13 ), adapted for storing at least one sensitive piece of data and/or function of the payment application, and comprising: third sending means arranged to send the first value for determining the session key to the mobile terminal, calculation and sending means, arranged t