AU2018282255A1 - System and method for secure transmission of data and data authentication - Google Patents

System and method for secure transmission of data and data authentication Download PDF

Info

Publication number
AU2018282255A1
AU2018282255A1 AU2018282255A AU2018282255A AU2018282255A1 AU 2018282255 A1 AU2018282255 A1 AU 2018282255A1 AU 2018282255 A AU2018282255 A AU 2018282255A AU 2018282255 A AU2018282255 A AU 2018282255A AU 2018282255 A1 AU2018282255 A1 AU 2018282255A1
Authority
AU
Australia
Prior art keywords
unique code
code
bank account
server
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2018282255A
Inventor
Giuseppe Biagio Italiano
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Settsplus Pty Ltd
Original Assignee
Settsplus Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2017905086A external-priority patent/AU2017905086A0/en
Application filed by Settsplus Pty Ltd filed Critical Settsplus Pty Ltd
Publication of AU2018282255A1 publication Critical patent/AU2018282255A1/en
Assigned to GlobalX NewCo Pty Ltd reassignment GlobalX NewCo Pty Ltd Request for Assignment Assignors: "C" SOLUTIONS PTY LTD
Assigned to SettsPlus Pty Ltd reassignment SettsPlus Pty Ltd Amend patent request/document other than specification (104) Assignors: GlobalX NewCo Pty Ltd
Abandoned legal-status Critical Current

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Abstract A system comprising a server in remote communication with a computer system of a financial institution and at least one client device via a computer network. A processor is coupled to the server that is configured to receive from the client device, via the computer network, client account data identifying at least one bank account held at the financial institution and execute a code correlation procedure to generate or determine at least one unique code corresponding to the client account data. The processor is further configured to send to the computer system of the financial institution, via the computer network, instructions that comprise the unique code and cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference associated with the financial transaction to contain the unique code. An end user may then obtain the unique code by viewing the bank account's transaction history. Ref Server Client 108 -------- 106 Acctdata Server Processor Figure 1

Description

SYSTEM AND METHOD FOR SECURE TRANSMISSION OF DATA AND DATA AUTHENTICATION
Field [0001] The present invention relates to information security, and more particularly, to secure transmission and authentication of data.
Background [0002] In cryptography, a cipher is used for encrypting and decrypting data. To encrypt a block of data, a cipher performs an algorithm that encrypts the data using one or more cryptographic keys that uniquely determine the execution of the algorithm. The process is executed in reverse to decrypt the encrypted data. A cryptographic key must be kept secret so that only the relevant persons who are authorised to encrypt and decrypt data using the key may do so.
[0003] A symmetric-key cipher is a cryptography algorithm wherein the same secret key is used for both encryption and decryption purposes. Symmetric-key ciphers come in many forms but they are commonly implemented in computer systems using block ciphers. A block cipher uses a deterministic algorithm that operates on fixed-length groups of bits, each group being called a block, using an unvarying transformation that is governed by the relevant symmetric key. When a symmetric key has been generated, it must be sent securely to each of the parties who intend to use it so that only they may use it to encrypt and decrypt data using the block cipher. If an unauthorised person is able to intercept the delivery of the key, then the security of the cipher is compromised.
[0004] An asymmetric cipher (for example, a public-key cryptography system) uses a different key for encryption and decryption. However, in many cases computer systems that implement asymmetric ciphers still need to ensure secure and confidential delivery of cryptographic keys. For example, in public-key cryptography systems a private key must be generated for each user of the system and paired with the relevant public key that is used to encrypt data sent to the user. If the private key is not generated on the
2018282255 17 Dec 2018 user’s computer system, then the key must be sent to the user in a secure manner so that it cannot be intercepted.
[0005] Secure transmission of confidential and sensitive information is important in a wide variety of private and commercial contexts. For example, in the conveyancing industry important information relating to pending and completed property transactions frequently needs to be sent and received securely between persons involved in the transaction. This may include vendors, purchasers, lenders, solicitors and conveyancing practitioners. In certain jurisdictions (e.g., Australia) a conveyancing practitioner is normally required to provide a disbursement authority (DA) form to a vendor prior to settlement of a property sale. The information on the DA form includes the details of the bank account where the sale proceeds are to be transferred on settlement of the transaction. The form needs to be sent to the vendor for their review and signature and returned to the practitioner securely once signed. If the DA form is unlawfully intercepted, then it may be fraudulently altered causing the sale proceeds to be sent to the wrong account on completion.
[0006] Erroneous financial transactions can also take place as a result of human error. For example, in the conveyancing industry when a practitioner receives a signed DA form from a vendor they are commonly required to enter the bank account details specified on the form for the sale proceeds into their practice management system. The bank account details may also be entered into a transaction hub provided by an e-conveyancing platform. For example, in Australia the account details may be entered into the Property Exchange Australia (PEXA) platform. A key feature of the PEXA system is that it facilitates the transferring of funds between banks and bank accounts as part of the settlement process via the Reserve Bank of Australia. Typographical errors made during the data entry process by the practitioner may cause sale proceeds to be sent to the wrong account on deal completion and, in certain cases, lead to irrecoverable financial losses.
[0007] In this context, there is a need for improved systems and methods for delivering items of data, such as cryptographic keys, and for verifying the authenticity and integrity of data entered into computer systems.
2018282255 17 Dec 2018
Summary [0008] According to the present invention, there is provided a system comprising: a server in remote communication with a computer system of a financial institution and at least one client device via a computer network; and a processor coupled to the server, wherein the processor is configured to: receive from the client device, via the computer network, client account data identifying at least one bank account held at the financial institution;
execute a code correlation procedure to generate or determine at least one unique code corresponding to the client account data; and send to the computer system of the financial institution, via the computer network, instructions that comprise the unique code and cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user may obtain the unique code by viewing the bank account’s transaction history.
[0009] The processor may be further configured to:
receive from the client device, via the computer network, client account data identifying first and second bank accounts held at the financial institution;
execute the code correlation procedure such that the unique code corresponds to data comprised in the client account data that identify either the first or the second of the bank accounts;
split the unique code into first and second unique code segments; and send to the computer system of the financial institution, via the computer network, instructions comprising the first and second unique code segments, wherein the instructions cause:
the first bank account to be credited or debited with a first financial transaction and a lodgement reference associated with the first financial transaction to contain the first unique code segment; and the second bank account to be credited or debited with a second financial transaction and a lodgement reference associated with the second financial transaction to contain the second unique code segment.
2018282255 17 Dec 2018 [0010] The processor of the server may be further configured to:
receive from a client device, via the computer network, a first unique code and unauthenticated account data identifying at least one bank account held at a financial institution; and execute the code correlation procedure to generate or determine a second unique code corresponding to the unauthenticated account data, such that the unauthenticated account data may be authenticated by comparing the first and second unique codes.
[0011] A processor of the server may be configured to:
receive, via the computer network, a document in digital form from a client device; and encrypt the document using a cipher to generate an encrypted document, wherein an encryption key used by the cipher comprises or is derived from the unique code.
[0012] A processor of the server may be configured such that the encrypted document is sent by email to an end user, via the computer network, in response to an instruction received from a client device.
[0013] A processor of the server may be configured such that the encrypted document is made available for remote viewing or download from the server, via the computer network, by an end user.
[0014] The server may be configured such that the end user may sign the encrypted document on the server using a digital certificate or electronic signature.
[0015] The system may further comprise a storage device having a database of personal information relating to one or more end users stored on the storage device and the processor may be further configured to:
receive from the client device, via the computer network, personal information relating to an unauthenticated end user; and
2018282255 17 Dec 2018 execute the code correlation procedure and send the instructions if, and only if, the personal information relating to the unauthenticated end user is stored in the database.
[0016] The system may further comprise a storage device and the code correlation procedure may comprise a cryptographic hash function that transforms the client account data into a message authentication code using an encryption key stored on the storage device, wherein the unique code comprises the message authentication code.
[0017] A processor of the server may be configured to modify the encryption key stored on the storage device periodically.
[0018] The cryptographic hash function may comprise:
initialising a symmetric key block cipher with an iteration count value in combination with a random bit sequence, the client account data and the encryption key;
repeatedly encrypting a source bit sequence using the symmetric key block cipher a number of times equal to the iteration count value to generate an encrypted bit sequence; and combining together the iteration count value with the random bit sequence and the encrypted bit sequence to form the message authentication code.
[0019] The cryptographic hash function may comprise:
initialising the symmetric key block cipher using an iteration count value equal to 64;and concatenating together the iteration count value, random bit sequence and encrypted bit sequence to form the message authentication code.
[0020] The symmetric key block cipher may be a Blowfish block cipher configured to operate in electronic codebook (ECB) mode.
[0021] The cryptographic hash function may be a Bcrypt hashing function.
[0022] The code correlation procedure may be configured such that:
2018282255 17 Dec 2018 the unique code comprises a random bit sequence generated or assigned to the client account data; and a correlation between the client account data and the random bit sequence is recorded in a data structure stored on the storage device.
[0023] The client account data received from the client device may comprise:
a code identifying a branch of the financial institution;
an account number of the bank account; and an account name of the bank account.
[0024] The present invention also provides a method comprising:
performing a code correlation procedure to generate or determine at least one unique code that corresponds to client account data identifying at least one bank account held at a financial institution; and sending instructions, via a computer network, to a computer system of the financial institution, wherein the instructions comprise the unique code and cause:
the bank account to be credited or debited with at least one financial transaction; and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user having access to the bank account may obtain the unique code by viewing the bank account’s transaction history.
[0025] The method may further comprise:
splitting the unique code into first and second unique code segments; and sending to the computer system of the financial institution, via the computer network, instructions comprising the first and second unique code segments, wherein the instructions cause:
a first bank account to be credited or debited with a first financial transaction and a lodgement reference associated with the first financial transaction to contain the first unique code segment; and a second bank account to be credited or debited with a second financial transaction and a lodgement reference associated with the second financial transaction to contain the second unique code segment,
2018282255 17 Dec 2018 wherein the first and second bank accounts are each held at the financial institution.
[0026] The method may further comprise:
receiving from a client device a first unique code and unauthenticated account data identifying at least one bank account held at a financial institution;
performing the code correlation procedure to generate or determine a second unique code corresponding to the unauthenticated account data; and comparing the first and second unique codes to authenticate the unauthenticated account data.
[0027] The present invention also provides a computer-readable non-transitory medium storing executable instructions which, when executed by a computer system, cause the computer system to:
perform a code correlation procedure to generate or determine at least one unique code that corresponds to client account data identifying at least one bank account held at a financial institution; and send instructions, via a computer network, to a server of the financial institution, wherein the instructions comprise the unique code and cause:
the bank account to be credited or debited with at least one financial transaction; and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user having access to the bank account may obtain the unique code by viewing the bank account’s transaction history.
Brief Description of Drawings [0028] Embodiments of the invention will now be described by way of example only with reference to the accompanying drawings, in which:
Figure 1 is a block diagram of a system according to an example embodiment of the invention;
Figure 2 is a flowchart of a method according to an example embodiment of the invention;
2018282255 17 Dec 2018
Figure 3 is a flow diagram of a method according to an example embodiment of the invention;
Figure 4 is a block diagram of a system according to a further example embodiment of the invention;
Figure 5 is an example bank account statement showing a transaction history;
Figure 6 is an example disbursement authority form that may be used in the conveyancing industry; and
Figure 7 is a block diagram of a system according to a further example embodiment of the invention.
Description of Embodiments [0029] The present invention provides for secure delivery of data including data comprising private cryptographic keys. In particular, the systems and methods herein disclosed operate by receiving account data identifying a bank account of an end user recipient and generating or determining a code that corresponds uniquely to the account data. The unique code may comprise a bit sequence that is configured for use as a cryptographic key with cipher systems.
[0030] The unique code is delivered securely to the recipient by sending instructions that include the code to the financial institution where the bank account is held. These instructions cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference associated with the financial transaction to contain the unique code. The end user recipient may then obtain the code by viewing the transaction history maintained by the relevant financial institution for the account.
[0031] Once retrieved, the recipient may use the unique code as a cryptographic key with one or more cipher systems, including symmetric-key block ciphers, to participate in secure message and data exchanges with another person who also has access to the code. This includes sending and receiving confidential and sensitive documents in digital form. For example, in the conveyancing industry the unique code may be used by one or more vendors, purchasers, lenders, solicitors and conveyancing practitioners involved in a property sale and purchase to share financial and other documentation relating to the transaction securely. In particular, a conveyancing practitioner may use
2018282255 17 Dec 2018 the unique code to encrypt and send to a vendor a disbursement authority form in digital format (e.g., PDF) which the practitioner has pre-filled on the vender’s behalf. The vendor may then use the unique code to decrypt, review and sign the form before re-encrypting and returning it back to the practitioner.
[0032] The systems and methods herein disclosed also enable the accuracy and veracity of data and information manually entered into computer systems by human operators to be confirmed. In particular, the present invention enables the accuracy of manually entered bank account data to be verified. For example, when a conveyancing practitioner receives a signed disbursement authority form from a vendor, the practitioner is commonly required to enter the bank account details supplied on the form into their practice management system. This manual data entry process is typically required in the conveyancing industry so that the final responsibility for ensuring that the bank details are correct rests with the practitioner. The unique code that was previously generated and sent to the vendor may be provided on or with the disbursement authority form. To verify the bank account data received and entered into the management system by the practitioner, a second unique code corresponding to the entered account data may be generated or determined using the same code correlation procedure as before. The second unique code may then be compared with the one that was provided with the disbursement authority form to determine whether or not the bank account details are correct. If the two codes do not match, then the practitioner will know that either a data entry mistake has been made or that the disbursement authority form supplied to them is fraudulent.
[0033] The present invention may be implement using one or more computer systems, including cloud-based and similar server-oriented systems. For example, referring to Figure 1 there is provided a system 100 that comprises a server 102 in remote communication with a server, or similar computer system, of a financial institution 104 and at least one client device 106 via a computer network 108.
[0034] The server 102 may comprise a dedicated host that is exclusively responsible for performing the functions of the system 100. In other examples, the server 102 may comprise a shared server responsible for performing multiple processes and threads one or more of which are configured to implement the system 100.
2018282255 17 Dec 2018 [0035] A processor 110 is coupled to the server 102. The processor 110 may comprise any device that is capable of executing programmed instructions relating to arithmetic, logical and/or I/O operations and includes both physical and virtual processors. The processor 110 may, for example, comprise an arithmetic logic unit (ALU), a control unit and a plurality of registers. The processor 110 may be a single core processor executing a single pipeline of instructions or a multi-core processor simultaneously executing multiple pipelines. In other examples, the processor 110 may comprise a microcontroller or a programmable logic array (PLA).
[0036] A storage device 112 may also be coupled to the server 102 that has at least one encryption key 114 stored on the storage device 112. The storage device 112 may comprise a volatile or non-volatile memory device, such as RAM, ROM, EEPROM or flash memory, a magnetic or optical disk, a network attached storage (NAS) device or any other device capable of storing data. The storage device 112 may be integrated within the server 102 and be connected directly to the principal motherboard of the server 102 or integrated into the processor 110. In other examples, the storage device 112 may be external to the server 102 and be in communication with the server 102 via a wired or wireless communication means such as, for example, a USB cable, optical fibre, ethernet or WiFi.
Secure data transmission [0037] The processor 110 may be configured to receive from the client device 106, via the computer network 108, client account data 116 identifying at least one bank account held at the financial institution. The client account data 116 may, for example, comprise a code identifying a branch of the relevant financial institution, such as a bank state branch (BSB), sort code or routing number. The client account data 116 may also comprise the account number of the bank account and the account name of the bank account.
[0038] The processor 110 is further configured to execute a code correlation procedure that performs a one-way function to transform the client account data 116 into a unique code that comprises a message authentication code 118. A copy of the message authentication code may be stored on the storage device 112.
2018282255 17 Dec 2018 [0039] It will be understood that a one-way function is a mathematical process that is easy to compute on every input but impossible, or at least computationally hard, to invert given the image of a random input. It will also be understood that a message authentication code (sometimes known as a ‘tag’) is a short piece of information that is used to authenticate a message or dataset. The message authentication code confirms that the message originates from the stated sender and has not been altered during transmission. A message authentication code, therefore, protects a message's data integrity as well as its authenticity by allowing the person who possess the secret key to detect any changes to the message content.
[0040] Once the message authentication code 118 has been generated, the processor 110 executes to send to the server of the financial institution 104, via the computer network 108, instructions that comprise the message authentication code 118. The instructions cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference 120 associated with the financial transaction to contain the message authentication code 118. An end user having access to the bank account may then obtain the message authentication code 118 by viewing the bank account’s transaction history. As used herein, “instructions” is intended to have a purposive meaning and includes any data that causes the server of the financial institution 104 to carry out the aforementioned steps. For example, the instructions may include one or more alphanumeric codes or hexadecimal strings that triggers the debit or credit to be created by the server and causes the message authentication code 118 that is provided with, or encoded in, the instructions to be added into the associated lodgement reference 120.
[0041] The one-way function that is executed by the processor 110 to transform the client account data 116 into the message authentication code 118 may comprise a cryptographic hash function. The cryptographic hash function may receive the secret key 114 and client account data 116 as inputs to the function and generate a bit sequence that is derived uniquely from these inputs on a one-way basis. The generated bit sequence comprises the message authentication code 118.
[0042] The cryptographic hash function executed by the processor 110 may comprise, or may be a derivative of, the password hashing algorithm known as Bcrypt. For
2018282255 17 Dec 2018 example, the function may cause the processor 110 to: (i) initialise a symmetric key block cipher with an iteration count value in combination with a random bit sequence, the client account data 116 and the secret key 114; (ii) repeatedly encrypt a source bit sequence using the initialised symmetric key block cipher a number of times equal to the iteration count value to generate an encrypted bit sequence; and (iii) combine together the iteration count value with the random bit sequence and the encrypted bit sequence to form the message authentication code 118 (for example, by concatenating these data together).
[0043] In accordance with the conventional form of the Bcrypt algorithm, the symmetric key block cipher used by the hash function may be a Blowfish block cipher configured to operate in electronic codebook (ECB) mode. The iteration count value may be 64 and the random bit sequence may be a random cryptographic ‘salt’ as is commonly used by one-way password hashing functions.
[0044] The encryption key 114 that is stored on the storage device 112 and used by the hash function may be periodically modified by the server 102 to further improve the security of the system 100. For example, the encryption key 114 may be updated on a monthly or weekly basis or a unique expiry date may be set for the encryption key 114. A different encryption key 114 may be also generated for each and every bank code (e.g., BSB number) included in client account data 116 provided to the server 102.
[0045] In use, the message authentication code 118 that is obtained by the user of the client device 106 may be used as a cryptographic key for secure transmission of data and information with one or more other persons and devices using a broad variety of cipher systems. This includes symmetric-key ciphers such as AES (Advanced Encryption Standard), DES/3DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), Blowfish and Twofish.
[0046] In one example, a user of the client device 106 may be a vendor of real property who may use the system 100 to exchange data with a conveyancing practitioner involved in a sale of the property. In such examples, the processor 110 of the server 102 may implement a web-based user or application interface that enables the vendor to access and interact with the system 100 using a client-side application executing on their personal computer or smart device. To access the server 102, the practitioner may
2018282255 17 Dec 2018 initially provide the vendor with an access code and instructions that direct the user to the web interface. This access code may be randomly generated and provided to the vendor by the practitioner when they first contact the vendor in writing.
[0047] The interface may initially invite the vendor to enter the access code provided to them and certain items of identifying personal information. For example, the vendor may be requested to enter their name, address and/or date of birth. Once received, the server 102 may authenticate the vendor’s identity by confirming the legitimacy of the access code and querying a database of pre-collected personal information stored on the storage device 112 to confirm that the personal information supplied matches an authorised user in the database.
[0048] In other examples, the server 102 may also implement a two-factor authentication process to confirm the vendor’s identity. For example, the user interface may invite the vendor to supply their mobile telephone number. Once provided, a further access code may then be generated by the server 102 and sent to the vendor’s telephone by SMS which the user must enter correctly into the interface to complete the identification process. A digital certificate may also be generated for the vendor and sent to them as part of the identification process. This digital certificate may subsequently be used by the vendor for electronically signing documents encrypted and sent using the system 100.
[0049] The system 100 may also be configured such that the vendor (and other users) must pay to use the system 100. The server 102 may, therefore, also be in communication with an external payment gateway (not shown) and require the vendor to make a payment to complete the identification process. For example, the server 102 may interface with a commercially-available payment gateway, such as PayPal or Stripe, so that the vendor may pay a user fee with a credit or debit card.
[0050] Once the vendor’s identity has been successfully authenticated, the user interface may then invite the vendor to provide the client account data 116 identifying the bank account where sale proceeds of the property transaction are to be sent on settlement. Referring to Figure 3, the client account data 116 received by the server 102 (Box 302) is transformed by the processor 110 of the server 102 into a message authentication code 118 using the one-way function (Box 304). Once generated, the
2018282255 17 Dec 2018 message authentication code 118 may then be delivered to the vendor by sending instructions that comprise the message authentication code 118 to a server of the financial institution 104 where the bank account is held (Box 306).
[0051] When the instructions are received at the financial institution (Box 308), the instructions cause the bank account to be credited or debited with a financial transaction (Box 310). For example, the instructions may cause the bank account to be credited with a payment of a negligible or zero value. The instructions also cause a lodgement reference 120 associated with the transaction to contain the message authentication code 118. The vendor may then obtain the message authentication code 118 by reviewing the transaction history associated with their bank account. For example, referring to Figure 5 there is shown an example transaction history provided on a bank account statement 50 wherein a payment in the sum of $0.50 has been credited to an account. The lodgement reference associated with the payment contains a message authentication code consisting of the string of ASCII characters 1F2B573CD92E.
[0052] In other examples, to further secure the delivery of the message authentication code 118 to the vender the system 100 may allow the vendor to provide client account data 116 to the server 102 identifying first and second bank accounts that the vendor has access to. For example, the vendor may wish to provide details of a savings account and a credit card account held at a financial institution. The one-way function executed by the processor 110 may then transform data comprised in the client account data 116 identifying the particular bank account that is to be credited or debited on completion into the message authentication code 118 using the encryption key 114. Once generated, the processor 110 may then split the message authentication code 118 into first and second code segments and send instructions to the financial institution that include both code segments. These instructions then cause the first bank account to be credited or debited with a first financial transaction and a lodgement reference associated with the first financial transaction to contain the first code segment. The instructions also cause the second bank account to be credited or debited with a second financial transaction and a lodgement reference associated with the second financial transaction to contain the second code segment. The vendor may then retrieve both
2018282255 17 Dec 2018 code segments by inspecting their bank account records and join the segments together to obtain the complete message authentication code 118.
[0053] Once the vendor has retrieved the message authentication code 118, the vendor and practitioner may then exchange data and information connected with the property transaction securely by using the message authentication code 118 as a private key with a cipher system. For example, the practitioner may encrypt a disbursement authority form that they have completed on the vendor’s behalf in digital form using the private key and send the form to the vendor. The form may specify the account data 116 identifying the bank account where the practitioner understands the sale proceeds are to be sent on completion. The form may also include the message authentication code 118 derived from these account data 116 using the secret encryption key 114. An example of a disbursement authority form 600 in this format is shown in Figure 6.
[0054] The encrypted form may be sent to the vendor by email, fax or another delivery method. In one example, the server 102 may provide a web-based interface or service that allows the practitioner to upload the document which is then encrypted and sent by email to the vendor. In other examples, the server 102 may be configured such that the vendor may receive a notification that the disbursement authority form has been uploaded and encrypted and allow the vendor to download a copy of the form at their convenience. The server 102 may ensure that a copy of the encrypted and delivered form is retained on the server 102 so that the practitioner and vendor may each refer to and retrieve further copies of the document at a later date.
[0055] When the vendor has obtained the pre-filled disbursement authority form, they may decrypt and review it to confirm that the information on the form is all accurate. The vendor may then sign the finalised form before re-encrypting it using the message authentication code 118 and returning it to the practitioner. In one example, the server 102 may provide a web-based interface that enables the vendor to review and sign the disbursement authority form online using an electronic signature. For example, the interface may allow the vendor to use the digital certificate that was provided to them during the user identification process to sign the form electronically.
2018282255 17 Dec 2018
Data verification and authentication [0056] When a signed disbursement authority form has been received by a conveyancing practitioner and decrypted (again, using the message authentication code 118 as the decryption key), the practitioner may then be required to enter the bank account details provided on the form into their practice management system. These account details may subsequently be used by an e-conveyancing system that the practice management system interfaces with to automatically credit the bank account with the sale proceeds on completion. It is possible that a mistake may be made by the practitioner when undertaking this data entry process. It is also possible that the disbursement authority form that they have received may be fraudulent. For example, if the form is received by email then a fraudster may have hijacked the email account of the vendor and used it to send a counterfeit form containing bank account details of the fraudster.
[0057] The present invention may, therefore, also comprise systems and methods that enable the information given on the disbursement authority form and entered into the practice management system to be verified and authenticated. For example, referring to Figure 4 there is shown a system 400 according to a further example embodiment of the present invention. The system 400 is identical to the system 100 depicted in Figure 1 save that the server 102 depicted is in communication, via the computer network 108, with a client device 402 on which a practice management system used by a conveyancing practitioner is executing.
[0058] In use, when the practitioner enters bank account data 404 given on a disbursement authority form into their practice management system, they may also enter the message authentication code 406 specified on the form. The unverified account data 404 and message authentication code 406 will then be transmitted to the server 102. The processor 110 of the server 102 may then execute a code generation procedure that transforms the unverified account data 404 into a second message authentication code 408. To generate the second message authentication code 408, the code generation procedure uses the same one-way function and encryption key 114 that was used to generate the message authentication code 406 on the form.
2018282255 17 Dec 2018 [0059] The second message authentication code 408 may then be compared with the authentication code 406 to confirm that the form has been legitimately sent by the vendor and that the bank account details have been entered into the practice management system by the practitioner without error. This comparison exercise may be carried out by the processor 110 automatically or it may be carried out by the practitioner by manual inspection. If the two authentication codes 406, 408 do not match, then the practitioner will know that either a data entry mistake has been made or that the disbursement authority form supplied to them was fraudulent. Because the generation of the second message authentication code 408 takes place only on the server 102, the encryption key 114 advantageously remains on the server 102 at all times and is never required to be transmitted or disclosed to any external systems or devices.
[0060] In the example depicted in Figure 4, the client device 402 on which the practice management system executes is separate to the server 102. However, in other examples the practice management system may be a cloud-based application that executes directly on the server 102 that the practitioner may access and use via a web-based user interface.
[0061] Further, in the examples depicted the single encryption key 114 on the storage device 112 is used for both (i) generating the message authentication code 118 used for secure transmission of the disbursement authority form between the vendor and practitioner, and (ii) generating the message authentication code 408 that is subsequently used for verifying and authenticating the bank account data entered into the practitioner’s practice management system. However, in other examples of the present invention the system 100 may comprise two different encryption keys stored on the storage device 112, wherein one key is used for secure data exchanges and the other key is used for data verification and authentication.
[0062] In other examples, the system 400 may be configured such the details of the bank account 404 where the sale proceeds are to be sent on completion are provided to the server 102 directly by the vendor who is involved in the relevant property transaction and then authenticated. The client device 402 may, therefore, be a computer system used by the vendor and the unverified account data 404 and message authentication code 406 may be supplied to the server 102 directly by the vendor, via the computer
2018282255 17 Dec 2018 network 108, using a web-based interface. Once received, the processor 110 of the server 102 may execute a code generation procedure that uses the one-way function to transform the unverified account data 404 provided by the vender into the second message authentication code 408 using the encryption key 114 stored on the storage device 112. The second message authentication code 408 may then be compared with the authentication code 406 entered by the vendor to confirm that the bank details 404 have been entered accurately.
[0063] Referring to Figure 2, a further example embodiment of the present invention provides a method 200 for the secure delivery of a unique code, such as a message authentication code, for use as a cryptographic key. The method 200 may comprise performing a code correlation procedure to generate or determine a unique code that corresponds to client account data identifying at least one bank account held at a financial institution (Box 202). For example, the method 200 may comprise performing a one-way function, such as a cryptographic hash function, that transforms the client account data into at least one message authentication code using an encryption key.
[0064] The method 200 may further comprise sending instructions, via a computer network, to a server of the financial institution, wherein the instructions comprise the unique code and cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user having access to the bank account may obtain the unique code by viewing the bank account’s transaction history and subsequently use the unique code as a cryptographic key for secure data transmission (Box 204). For example, the method 200 may comprise sending instructions that comprise the message authentication code such that the associated lodgement reference contains the message authentication code. The message authentication code received by the end user may then be used as a cryptographic key for secure transmission of data using a broad variety of cipher systems.
[0065] The operations of the method 200 may be implemented by one or more software modules embodied in a non-transitory computer-readable medium storing computer-executable instructions for performing operations of the method.
2018282255 17 Dec 2018 [0066] The functions and methods that are used by the code correlation procedure to generate the unique code in the present invention are not limited to cryptographic hash functions. For example, referring to Figure 7 there is shown a system 700 according to a further example embodiment of the invention. The system 700 is materially the same as the system 100 depicted in Figure 1 save that a database is stored on the storage device 112 that comprises a table 702 of key-value pairs. Each key in the table 702 comprises account data and each value comprises a unique code that corresponds to the relevant account data. The table 702 may be implemented using a flat or relational database such as an SQL-type database.
[0067] In use, when the server 102 receives account data 116 from the client device 106, the code correlation procedure may generate a random bit sequence and then insert the account data 116 and random bit sequence as a single key-value pair into the table 702. In other examples, the table 702 may contain a plurality of pre-generated keys each comprising a random bit sequence. When the account data 116 is received, one of the pre-generated keys may be selected and the account data 116 may then be written into the table 702 as the value for the selected key.
[0068] The table 702, therefore, serves to record the correlation between the account data 116 and the unique code 704 generated or assigned to the account data 116. Once recorded, the unique code 704 may then be sent to an end user for use as a cryptographic key. For example, the unique code 704 may be sent to a vendor who is involved in a property transaction and used as a symmetric key with a block cipher for sending/receiving encrypted DA forms to/from a conveyancing practitioner.
[0069] The system 700 may also be used to authenticate data. More particularly, the system 700 may be configured to receive from a client device a unique code and unauthenticated account data identifying at least one bank account held at a financial institution. For example, the client device may be the conveyancing practitioner’s personal computer and the unique code and unauthenticated account data may be provided on a DA form sent from the vendor to the practitioner and manually entered into their computer. Once received, a lookup operation may then be performed wherein the table 702 is queried to determine a unique code in the table 702 (if any) that corresponds to the unauthenticated account data. The unique code that is retrieved
2018282255 17 Dec 2018 from the table 702 may then be compared with the unique code that is received from the client device to confirm the accuracy and veracity of the unauthenticated account data.
[0070] The systems and methods herein disclosed provide a significant improvement to, secure data transmission technologies, including cipher systems. In particular, by transforming bank account data into a unique code (for example, by generating a corresponding message authentication code using a one-way function) the present invention enables a cryptographic key to be generated (the unique code) that is derived from and uniquely corresponds to the relevant bank account. The unique code may, therefore, be delivered securely to a recipient who has access to the bank account by crediting or debiting the account and causing a lodgement reference associated with the financial transaction to contain the unique code. Once received, the unique code may be used as a key with cipher systems (including symmetric key block ciphers) for secure data exchanges. Further, the unique code may also subsequently be used to verify and authenticate information exchanged between parties and entered into computing devices that interface with the systems herein disclosed.
[0071] The present invention has been described with particular reference to example use cases in the conveyancing industry but it will be understood that the invention has application and utility in a broad variety of different private and commercial contexts.
[0072] For the purpose of this specification, the word “comprising” means “including but not limited to”, and the word comprises has a corresponding meaning.
[0073] The above embodiments have been described by way of example only and modifications are possible within the scope of the claims that follow.

Claims (20)

  1. Claims
    1. A system comprising:
    a server in remote communication with a computer system of a financial institution and at least one client device via a computer network; and a processor coupled to the server, wherein the processor is configured to: receive from the client device, via the computer network, client account data identifying at least one bank account held at the financial institution;
    execute a code correlation procedure to generate or determine at least one unique code corresponding to the client account data; and send to the computer system of the financial institution, via the computer network, instructions that comprise the unique code and cause the bank account to be credited or debited with at least one financial transaction and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user may obtain the unique code by viewing the bank account’s transaction history.
  2. 2. The system according to claim 1, wherein the processor is further configured to: receive from the client device, via the computer network, client account data identifying first and second bank accounts held at the financial institution;
    execute the code correlation procedure such that the unique code corresponds to data comprised in the client account data that identify either the first or the second of the bank accounts;
    split the unique code into first and second unique code segments; and send to the computer system of the financial institution, via the computer network, instructions comprising the first and second unique code segments, wherein the instructions cause:
    the first bank account to be credited or debited with a first financial transaction and a lodgement reference associated with the first financial transaction to contain the first unique code segment; and the second bank account to be credited or debited with a second financial transaction and a lodgement reference associated with the second financial transaction to contain the second unique code segment.
    2018282255 17 Dec 2018
  3. 3. The system according to claim 1 or 2, wherein the processor of the server is further configured to:
    receive from a client device, via the computer network, a first unique code and unauthenticated account data identifying at least one bank account held at a financial institution; and execute the code correlation procedure to generate or determine a second unique code corresponding to the unauthenticated account data, such that the unauthenticated account data may be authenticated by comparing the first and second unique codes.
  4. 4. The system according to any one of the preceding claims, wherein a processor of the server is configured to:
    receive, via the computer network, a document in digital form from a client device; and encrypt the document using a cipher to generate an encrypted document, wherein an encryption key used by the cipher comprises or is derived from the unique code.
  5. 5. The system according to claim 4, wherein a processor of the server is configured such that the encrypted document is sent by email to an end user, via the computer network, in response to an instruction received from a client device.
  6. 6. The system according to claim 4, wherein the server is further configured such that the encrypted document is made available for remote viewing or download from the server, via the computer network, by an end user.
  7. 7. The system of claim 6 wherein a processor of the server is configured such that the end user may sign the encrypted document on the server using a digital certificate or electronic signature.
    2018282255 17 Dec 2018
  8. 8. The system according to claim 1, wherein the system further comprises a storage device having a database of personal information relating to one or more end users stored on the storage device and the processor is further configured to:
    receive from the client device, via the computer network, personal information relating to an unauthenticated end user; and execute the code correlation procedure and send the instructions if, and only if, the personal information relating to the unauthenticated end user is stored in the database.
  9. 9. The system according to claim 1, wherein:
    the system further comprises a storage device; and the code correlation procedure comprises a cryptographic hash function that transforms the client account data into a message authentication code using an encryption key stored on the storage device, wherein the unique code comprises the message authentication code.
  10. 10. The system according to claim 9, wherein a processor of the server is configured to modify the encryption key stored on the storage device periodically.
  11. 11. The system according to claim 9 or 10, wherein the cryptographic hash function comprises:
    initialising a symmetric key block cipher with an iteration count value in combination with a random bit sequence, the client account data and the encryption key;
    repeatedly encrypting a source bit sequence using the symmetric key block cipher a number of times equal to the iteration count value to generate an encrypted bit sequence; and combining together the iteration count value with the random bit sequence and the encrypted bit sequence to form the message authentication code.
  12. 12. The system according to claim 11, wherein the cryptographic hash function comprises:
    initialising the symmetric key block cipher using an iteration count value equal to
    64;and
    2018282255 17 Dec 2018 concatenating together the iteration count value, random bit sequence and encrypted bit sequence to form the message authentication code.
  13. 13. The system according to claim 11 or 12, wherein the symmetric key block cipher is a Blowfish block cipher configured to operate in electronic codebook (ECB) mode.
  14. 14. The system according to any one of claims 9 to 13, wherein the cryptographic hash function is a Bcrypt hashing function.
  15. 15. The system according to claim 1, wherein the system further comprises a storage device and the code correlation procedure is configured such that:
    the unique code comprises a random bit sequence that is generated or assigned to the client account data; and a correlation between the client account data and the random bit sequence is recorded in a data structure stored on the storage device.
  16. 16. The system according to claim 1, wherein the client account data received from the client device comprises:
    a code identifying a branch of the financial institution;
    an account number of the bank account; and an account name of the bank account.
  17. 17. A method comprising:
    performing a code correlation procedure to generate or determine at least one unique code that corresponds to client account data identifying at least one bank account held at a financial institution; and sending instructions, via a computer network, to a computer system of the financial institution, wherein the instructions comprise the unique code and cause: the bank account to be credited or debited with at least one financial transaction; and a lodgement reference associated with the financial transaction to contain the unique code, such that an end user having access to the bank account may obtain the unique code by viewing the bank account’s transaction history.
    2018282255 17 Dec 2018
  18. 18. The method of claim 17, wherein the method further comprises:
    splitting the unique code into first and second unique code segments; and sending to the computer system of the financial institution, via the computer network, instructions comprising the first and second unique code segments, wherein the instructions cause:
    a first bank account to be credited or debited with a first financial transaction and a lodgement reference associated with the first financial transaction to contain the first unique code segment; and a second bank account to be credited or debited with a second financial transaction and a lodgement reference associated with the second financial transaction to contain the second unique code segment, wherein the first and second bank accounts are each held at the financial institution.
  19. 19. The method of claim 17 or 18, wherein the method further comprises: receiving from a client device a first unique code and unauthenticated account data identifying at least one bank account held at a financial institution;
    performing the code correlation procedure to generate or determine a second unique code corresponding to the unauthenticated account data; and comparing the first and second unique codes to authenticate the unauthenticated account data.
  20. 20. A computer-readable non-transitory medium storing executable instructions which, when executed by a computer system, cause the computer system to:
    perform a code correlation procedure to generate or determine at least one unique code that corresponds to client account data identifying at least one bank account held at a financial institution; and send instructions, via a computer network, to a server of the financial institution, wherein the instructions comprise the unique code and cause:
    the bank account to be credited or debited with at least one financial transaction; and
    2018282255 17 Dec 2018 a lodgement reference associated with the financial transaction to contain the unique code, such that an end user having access to the bank account may obtain the unique code by viewing the bank account’s transaction history.
AU2018282255A 2017-12-20 2018-12-17 System and method for secure transmission of data and data authentication Abandoned AU2018282255A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2017905086 2017-12-20
AU2017905086A AU2017905086A0 (en) 2017-12-20 Method and system for verifying that a user has authority to use a financial instrument to distribute a message authentication code

Publications (1)

Publication Number Publication Date
AU2018282255A1 true AU2018282255A1 (en) 2019-07-04

Family

ID=67068216

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2018282255A Abandoned AU2018282255A1 (en) 2017-12-20 2018-12-17 System and method for secure transmission of data and data authentication

Country Status (1)

Country Link
AU (1) AU2018282255A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217640A (en) * 2020-10-15 2021-01-12 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217640A (en) * 2020-10-15 2021-01-12 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system
CN112217640B (en) * 2020-10-15 2023-04-18 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system

Similar Documents

Publication Publication Date Title
US20220231857A1 (en) Hash-based data verification system
US10853801B2 (en) Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
US11949791B2 (en) Hash contract generation and verification system
US9785938B2 (en) Tokenizing sensitive data
TWI454111B (en) Techniques for ensuring authentication and integrity of communications
KR20220016910A (en) Key recovery using encrypted secret share
US20130042111A1 (en) Securing transactions against cyberattacks
CN115358746A (en) Secure remote payment transaction processing including consumer authentication
GB2549118A (en) Electronic payment system using identity-based public key cryptography
SG177349A1 (en) Method for safely and automatically downloading terminal master key in bank card payment system and the system thereof
US10657523B2 (en) Reconciling electronic transactions
JP2023535013A (en) Quantum secure payment system
CN113015991A (en) Secure digital wallet processing system
WO2022087791A1 (en) Digital asset transaction control method and apparatus, terminal device, and storage medium
US20220300962A1 (en) Authenticator App for Consent Architecture
AU2018282255A1 (en) System and method for secure transmission of data and data authentication
US20200175512A1 (en) Key Generation in Secure Electronic Payment Systems
WO2020091841A1 (en) Account assertion
CN110505063B (en) Method and system for ensuring security of financial payment
US20200402047A1 (en) Registry maintaining processed user requests

Legal Events

Date Code Title Description
PC1 Assignment before grant (sect. 113)

Owner name: GLOBALX NEWCO PTY LTD

Free format text: FORMER APPLICANT(S): "C" SOLUTIONS PTY LTD

HB Alteration of name in register

Owner name: SETTSPLUS PTY LTD

Free format text: FORMER NAME(S): GLOBALX NEWCO PTY LTD

MK1 Application lapsed section 142(2)(a) - no request for examination in relevant period