SECURE INFORMATION EXCHANGE
FIELD OF THE INVENTION
This invention relates to a system for secure information exchange and, more particularly, but not exclusively, to a system for personal identification that can be used to verify the age and place of residence of a person. The invention extends further to a method for secure information exchange and, more particularly, but not exclusively, a method for verifying the age and place of residence of an individual.
BACKGROUND TO THE INVENTION
The prevention of access by unauthorised users to Internet web sites containing unsuitable or restricted content is difficult to achieve. One of the reasons for this is that, when accessing restricted material on the Internet, it is common practice for a user to input his age on a form. Such access does not require a face-to-face encounter with another person, and there is thus no way of verifying the veracity of the user's age that has been input by the user via a keyboard. This methodology does not actually prevent access to the restricted material, but rather serves only to allow the proprietor of the restricted material to escape liability for any unauthorised access thereto by under-age users.
In order to overcome this problem, it is possible to furnish each authorised user with a password, but such a method is unnecessarily expensive and difficult to manage, particularly for applications where access to such Internet websites is legislated solely on the basis of the user's age, or the user's place of residence.
CONFIRMAΠON copy
The advent of legislation that requires proof of age and residence for users of Internet web sites, particularly online casinos and adult content sites, has created a need for an efficient and simple method of electronic age and residence verification. As far is the applicant is aware, there is no known electronic method to verify the age or place of residence of a person, based on a token or the like.
There is also a requirement for electronic age verification for purposes of purchasing smoking materials, alcoholic beverages, gaining admission to a nightclub, or the like, where such activities are usually age restricted.
It is known that current methods of conducting commercial transactions in an online environment such as the World Wide Web of the Internet are unsatisfactory. The reason is that a majority of all commercial transactions across the Web are processed as Mail Order/Telephone Order (MOTO) credit card purchases. Such a transaction only requires that a purchaser provide a credit card number and a corresponding expiry date. The cardholder is not required to authorise the transaction either by means of a signature or by presentation of the credit card. Due to the ease with which credit card numbers and expiry dates may be intercepted, fraudulent MOTO transactions are easy to conduct, particularly on the Internet, as compared to mail order transactions.
The above situation is disadvantageous for merchants because current credit card legislation favours a purchaser who can simply claim that a charge relating to a particular transaction is fraudulent, the so-called "charge back", thereby placing the onus on the merchant to prove the legitimacy of the purchase. In many instances, this burden of proof is exceedingly difficult, if not impossible, to discharge.
A more secure form of on-line commercial transaction is one that is processed as a " card present" transaction, in which confirmation is provided of the authenticity of the transaction. In order to process a transaction as a card present transaction, it is firstly necessary to identify a card presented for settlement of a transaction. All credit cards have an integral magnetic stripe on the rear thereof, which contains
data relating to an identity of the credit card holder, and to a corresponding bank account held at a financial institution. This data is stored in different tracks on the magnetic stripe. In particular, track "2" of the magnetic stripe contains the bank account number, the card expiry date and a verification code which is known, variously, as a Card Verification Value ("CW") or Card Validation Code ("CVC"). This data is also stored on track "1", along with a billing address corresponding to the cardholder. By convention, however, financial institutions require that the data be read off track "2".
OBJECT OF THE INVENTION
In accordance with this invention there is provided a system and a method for secure information exchange that will, at least partially, alleviate the above- mentioned difficulties and disadvantages.
SUMMARY OF THE INVENTION
In accordance with this invention there is provided a system for secure information exchange, comprising: a token having an integral storage memory with personal data relating to a token holder stored therein; a reader co-operable with the token, the reader being associated with a computer workstation and being operable to read the personal data contained in the integral storage memory thereof; an application server having at least a portion of the same personal data stored therein; and an open communication channel between the reader and the application server.
Further features of the invention provide for the system to include a display facility capable of displaying in a perceptible form at least a portion of the personal data read from the integral storage memory of the token, for the system to include a communication means responsive to the reader to transmit at least a portion of the
personal data read from the integral storage memory of the token along the open communication channel to the application server, for the open communication channel to be the Internet, for the application server to be an Internet Web server, for the system to include an encryption facility for encrypting the at least a portion of the personal data read from the integral storage memory of the token prior to transmission thereof to the application server, for the communication means and the encryption facility to be a stored program executable in the computer workstation.
Still further features of the invention provide for the token to be a magnetic stripe card, for the reader to be a magnetic stripe card reader, and for the personal data to be stored in a number of tracks on the magnetic stripe, for the encryption facility to encrypt the personal data according to a Data Encryption Standard ("DES") algorithm, and for a communication between the communication means and the application server to be a secure communication, preferably according to a Secure Socket Layer (SSL) standard.
In accordance with one aspect of the invention, there is provided for the personal data to include any one or more of, a name, a date of birth, an address, a driver's licence particulars, a gender, one or more physical particulars, and an identification number of the token holder.
In accordance with a further aspect of the invention there is provided for the token to be a payment token, for the personal data to include payment token data stored in track 2 of the magnetic stripe, for the payment token data to include an identity of a payment token holder, a corresponding bank account held at a financial institution, an expiry date of the payment token, and a verification code, for the computer workstation to operate under control of an application software program, for the application software program to be operable by the token holder to input data relating to a commercial transaction and to the payment token to be used for settlement of the commercial transaction, for the encryption facility to also encrypt the commercial transaction data, and for the communication means to transmit the
encrypted data to a transaction server and to receive a transaction status therefrom, the transaction status being an approved status if the commercial transaction is approved, and a declined status if the commercial transaction is declined.
There is also provided for the transaction server to authenticate the payment token, for the transaction server to authenticate the payment token by at least determining whether the expiry date of the payment token has passed and determining whether the payment token has been stolen, for the communication means to instruct payment of a purchase price corresponding to the commercial transaction if the status of the transaction is an approved status, and for the communication means to notify the token holder if the status of the commercial transaction is a declined status.
The invention extends to a method for secure information exchange, comprising the steps of: providing a token having an integral storage memory with personal data relating a token holder stored therein; reading the personal data contained in the integral storage memory; and transmitting at least a portion of the personal data read from the integral storage memory of the token to an application server along an open communication channel, the application server having at least a portion of the same personal data stored therein.
There is also provided for displaying in a perceptible form at least a portion of the personal data read from the integral storage memory of the token, for encrypting the at least a portion of the personal data read from the integral storage memory of the token prior to transmission thereof to the application server, and for transmitting the at least a portion of the personal data to the application server and for encrypting the at least a portion of the personal data prior to transmission thereof to the application server by means of a stored program executable in a computer workstation.
There is further provided for storing the personal data in a number of tracks of a magnetic stripe of a magnetic card token, for encrypting the personal data according to a Data Encryption Standard ("DES") algorithm, and for communicating with the application server by means of a secure communication, preferably according to an SSL standard.
In accordance with one aspect of the invention there is provided for including in the personal data any one or more of, a name, a date of birth, an address, a driver's licence particulars, a gender, one or more physical particulars, and an identification number of the token holder.
In accordance with a further aspect of the invention there is provided for the token to be a payment token, for including payment token data in the stored personal data of the token, for storing the payment token data in track 2 of the magnetic stripe of the magnetic card token, for including in the payment token data an identity of a payment token holder, a corresponding bank account held at a financial institution, an expiry date of the payment token, and a verification code, for operating the computer workstation under control of an application software program, for operating the application software program to input data relating to a commercial transaction and to the payment token to be used for settlement of the commercial transaction, for also encrypting the commercial transaction data, and for transmitting the encrypted data to a transaction server and receiving a transaction status therefrom, the transaction status being an approved status if the commercial transaction is approved, and a declined status if the commercial transaction is declined.
There is still further provided for authenticating the payment token, for authenticating the payment token by at least determining whether the expiry date of the payment token has passed and determining whether the payment token has been stolen, for instructing payment of a purchase price corresponding to the commercial transaction if the status of the transaction is an approved status, and
for notifying a token holder if the status of the commercial transaction is a declined status.
BRIEF DESCRIPTION OF THE DRAWINGS
Preferred embodiments of the invention are described below, by way of example only, and with reference to the accompanying drawings, in which:
Figure 1 is a functional representation of a first embodiment of a system for secure information exchange according to the invention; and
Figure 2 is a functional block diagram of a second embodiment of a system for secure information exchange according to the invention.
DETAILED DESCRIPTION OF THE INVENTION
Referring to Figure 1 , a system for secure information exchange is indicated generally by reference numeral (1 ).
Although the invention will be described with particular reference to personal identification, it is to be clearly understood that the scope of the invention is not limited to this particular application.
The system (1) includes a token in the form of a magnetic strip card (2) associated with a person to be identified, a magnetic strip reader (3), an Internet-enabled computer workstation (4) operating under control of an executable software program, and a display facility in the form of a video display monitor (5) connected to the computer workstation.
The magnetic strip card (2) has an integral storage memory in the form of a magnetic strip (not shown) thereon. The magnetic strip reader (3) receives the magnetic strip card (2) and reads card data that is stored on the magnetic strip (not
shown). The card data stored on the magnetic strip (not shown) is personal data relating to the person to be identified. In this embodiment, the magnetic strip card (2) is a driver's licence conforming to a well-known standard of the American Association of Motor Vehicle Administrators (AAMVA). According to this standard, the magnetic strip is divided into three physical tracks, each of which contains a specific set of personal data of a person, as follows:
Track No. Track Data
1 State or Province, City, Last name, First name, Street address.
2 Driver's licence no., Expiry date, Date of birth.
3 Zip or Postal code, Class, Restrictions, Endorsements, Sex, Height, Weight, Hair colour, Eye colour, Identity number.
The software program provides a communication means (7) that enables card data read from the magnetic strip (not shown) of the magnetic strip card (3) to be transmitted to an application server (6) associated with an Internet website, for reasons which will become clearer in the description that follows. The software program also provides an encryption facility (8) for encrypting the card data read from the magnetic strip (not shown) prior to transmission thereof to the application server (6). The application server (6) compares the card data corresponding to either one or both of an age and a residence of the person to be identified, against known reference criteria, and returns a status response to the computer workstation (4). The status response is an approved status if both the age and residence data read from the magnetic stripe (not shown) on the card (2) match the reference criteria, and a declined status if either one or both the age and residence data do not match the reference criteria.
In use, when the age and residence of a person is to be identified, a driver's licence of the person, as described above, is swiped through the magnetic strip reader (2). The magnetic strip reader (2) reads the card data that is stored on the various tracks of the magnetic strip (not shown) and passes the data to the computer workstation (4). The card data relating to the age and residence of the
person to be identified is encrypted by the encryption facility (8) according to a Data Encryption Standard algorithm with a unique encryption key per transaction. The encrypted data is transmitted by the communication means (7) to the application server (6) where it is validated by comparing the encrypted data against known reference criteria that are programmed in the application server. The validation criteria relate to certain requirements that must be made by the encrypted data. As an example, the criteria may specify that the age of the person to be identified must exceed 18 years of age, and that the person's residence must in the United States of America but not in the state of California.
Once the card data has been verified in a manner as described above, the application server (6) returns a status response to the computer workstation (4) in the form of an approved status if the card data complies with the reference criteria, and a declined status, otherwise. If the returned status response is an approved status, the application server enables a desired Internet website for access by the identified person. Access to the Internet website has prevented if the returned status response is a declined status
The age and residence of the person to be identified, which is read from the magnetic strip (not shown on the magnetic strip card (2) may also be displayed by the software program in a perceptible form on the video display monitor (5). This mode of operation may be conveniently employed where access to a desired Internet website is not required. In this mode, the system (1 ) may be used locally, without requiring communication to an application server (6) in order to provide quick identification and age verification of users in applications such as the purchase of alcohol or tobacco, or access to places of adult entertainment.
Numerous modifications are possible to this embodiment without departing from the scope of the invention. In particular, the computer workstation (4) may communicate with the application server (6) by means of any open communication channel other than the Internet. Further, although DES is currently the standard method for encrypting transactions, this is likely to change to the 3DES algorithm in
the near future. The encryption algorithm used by the system for personal identification (1), which is implemented as part of the software program, is easily upgradeable to this new standard. Still further, a different token, such as a smart card, may be used as a storage medium for personal data of a person to be identified, with the magnetic strip reader (3) being replaced by a smart card reader. Yet further, the token may be some other form of identification other than a driver's licence.
This embodiment of the invention there provides a system for verification of a token holder's age or place of residence over an open network on the basis of a personalised token.
Referring now to Figures 2, a further embodiment of a system for secure information exchange is indicated generally by reference numeral (10).
The system (10) includes transaction input means in the form of an Internet- enabled computer workstation (11 ) operating under control of an executable software program. The functionality of the software program enables a purchaser to input data relating to a commercial transaction and to a payment token, such as a credit card (12), to be used for settlement of the commercial transaction. The credit card (12) is a magnetic stripe card that has an integral storage memory in the form of a magnetic stripe (not shown) thereon. The system (10) also includes a magnetic stripe card reader (13) connected to the computer workstation (11 ), which receives the purchaser's credit card (12) and reads card data that is stored on the magnetic stripe. The software program also provides an encryption facility (14) for encrypting the data relating to the commercial transaction data and to the credit card. The encrypted data is transmitted to a transaction server (15) that returns a transaction status to the computer workstation (11), the transaction status being an approved status if the transaction server approves the commercial transaction, and a declined status if the commercial transaction is declined by the transaction server.
The credit card data read by the magnetic stripe card reader (13) relates, inter alia, to an identity of the credit card holder, and to a corresponding bank account held at a financial institution. In addition, track "2" of the magnetic stripe contains the bank account number, the card expiry date and a verification code which is known, variously, as a Card Verification Value ("CW") or Card Validation Code ("CVC").
In use, in order to conclude a commercial transaction, a user enters data relating to the commercial transaction on the computer workstation (11 ) of the system (10). The credit card (12) is the swiped through the magnetic stripe card reader (13). The credit card data which is stored on track "2" of the magnetic stripe (not shown) is read by the magnetic stripe card reader (13) and is passed to the computer workstation. The transaction data and the credit card data is encrypted by the encryption facility (14) according to a Data Encryption Standard algorithm with a unique encryption key per transaction. The software program executing in the computer workstation (11 ) then emulates the functionality of a standard point-of- sale device as follows:
• the encrypted data is passed to the transaction server (15) where it is validated by checking that the expiry date has not passed and that the credit card number is not contained in a database of stolen cards;
• a transaction status is then received back from the transaction server (15) by which the transaction is either approved or declined;
• where the transaction is approved, the software communicates with a merchant server (not shown) and an acquiring financial institution (not shown) to execute payment for the commercial transaction; and
• where the transaction is declined, the user is notified on the computer workstation (11 ).
It will be appreciated by those skilled in the art that reading of the track "2" data of the credit card (12), as described above, which data appears exclusively on the magnetic stripe (not shown) on the credit card, constitutes a unique identification of the card and the commercial transaction can then be processed as a "card present" transaction.
Numerous modifications are possible to this embodiment without departing from the scope of the invention. In particular, the data entry device (10) may communicate with the transaction server, the merchant server, and the acquiring and issuing financial institutions by means of any open communication channel other than the Internet.
The invention therefore provides a system for secure information exchange over a public communication such as the Internet on the basis of a personalised token such as a driver's licence or a credit card.