CN101647220A - The PIN piece is replaced - Google Patents

The PIN piece is replaced Download PDF

Info

Publication number
CN101647220A
CN101647220A CN200880010010A CN200880010010A CN101647220A CN 101647220 A CN101647220 A CN 101647220A CN 200880010010 A CN200880010010 A CN 200880010010A CN 200880010010 A CN200880010010 A CN 200880010010A CN 101647220 A CN101647220 A CN 101647220A
Authority
CN
China
Prior art keywords
data
token
encryption
information
pin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200880010010A
Other languages
Chinese (zh)
Inventor
C·沃穆勒
S·R·耶鲁
P·凯提拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Semtek Innovative Solutions Inc
Original Assignee
Semtek Innovative Solutions Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Semtek Innovative Solutions Inc filed Critical Semtek Innovative Solutions Inc
Publication of CN101647220A publication Critical patent/CN101647220A/en
Pending legal-status Critical Current

Links

Images

Abstract

Be provided for carrying out the system and method for token transactions.In one embodiment; the present invention makes regulation to handling token transactions; comprise the password that receives the encryption that is used for debit card transactions; wherein said password uses the debit card information protection of encrypting; use the debit card information clear crytpographic key of the encryption of debit card; use the debit card information of the reality of debit card to regenerate password, and pass on the password that regenerates and be used for subsequent transaction and handle.The present invention is suitable for implementing with the token of the other types except that the debit card token equally.The present invention can implement in password comprises the situation of PEN piece, and described PEN piece is used for the plain text PIN of described token by combination or the PIN and the token information of encryption generates.

Description

The PIN piece is replaced
Priority document
[0001] to require Application No. be 11/550 to the application, the rights and interests of 387 patent application, this application is filed on October 17th, 2006 by commonly-assigned us, this application is whole incorporated herein by reference thus, and it number is the rights and interests of 60/888,066 patent application that the application also requires U.S. Provisional Patent Application.
Technical field
[0002] some embodiments of the present invention relate to Secure Transaction and access authorization.
Background technology
[0003] token system is used with numerous embodiments in contemporary society, thereby provides and control the visit of many forms.Can comprise physical access (entering) by the visit that token is controlled and controlled by token usually to room, building, zone etc.; Electronic access to server and data file; Electronic account visit etc.Another access stencil by token control is to implement trading ability, and described transaction for example is credit transaction, debit's transaction and other financial transactions.Credit card, debit card, debit card, loyalty card or member card (loyalty card) with other with buy relevant token and be used to provide prepared visit fund to the consumer.This transaction can strengthen purchase facility, enlarge consumer's loan etc.
[0004] along with the development of contemporary society, our token has appearred.Early stage token comprises physical objects, for example coin, file and other physical objects.An example of simple physics object token is the famous subway token of being made by the New York subway system.The similar coin of this simple token and can buy in the ticket booth and be used for control and enter subway system.The example that another kind is used to the simple physics token of permitting visiting is the early stage railway token that is used for the British Rail system in the exploitation of 19th century.This token is the physical objects of coin for example, and the locomotive technician is required to have this token before entering the particular section of railway.When train arrived described section terminal, the driver stayed this token to insert coins a little and can use this token so that walk next train of another circuit.Because a given railway section has only a token, so token system helps to guarantee to have only in preset time a train on the described section of track.
[0005] the railway token system makes headstock possibility of collision minimum, but this simple token has limited the ability that train is followed mutually along given section equally.Like this, system development is that token and ticket are signed system.In this system, if train arrives ticket checking point and has token, then the driver is given the ticket label passing through, and token is stayed put in case another train that travels in the same direction arrives this section.Safety device is set correctly to be sent to guarantee that ticket is signed.Along with the development of technology, it is to comprise that electronic signal sends with the visit of control to the section of railway that physics token and ticket are signed system development.
[0006] another example of the token of allowance visit is debit card, credit card and debit card.Some give the credit to Edward Bei Lami (Edward Bellamy) with " invention " of credit card, and he is described credit card in the novel Looking Backward (seeing backward) in his 19th century.The U.S. that early stage credit card was reported as in 20 beginnings of the century is used by fuel corporation and West Union (western union) company.To mid-terms in 20th century, big Lay club (Diners Club) has made the debit card that is used for trader's shopping, and shortly after that debit card has also appearred in American Express Co..These cards are seen everywhere in our society now, and they allow client relatively easily to do shopping and conclude the business.Early stage card embossment has client's number of the account, and this client's number of the account manually is converted to receipt via the carbon transfer processing.The card in the present age or token develop into the electronic mechanism that uses the storage data, comprise for example magnetic stripe, RFID label and smart card and chip card technology.
[0007] other examples of token comprise the identity card (ID) of government issued, for example pilot's certificate and passport.This token can also be used to control in many ways visit.For example, passport can be used to control the visit to country and zone.Passport can also be used to as the proof holder citizenship file with have work and the special permission chance.Pilot's certificate is the token of another kind of form, and it allows to have drives privilege and allow to enter the mechanism that requires identity, residence or age evidence.Other examples of token can also comprise bank draft, security, cash and other token projects relevant with finance.Further the token example can comprise the token that is used for physical access and safety, and for example key, card are close, RF or LC card, RFID token, turn pike transponder etc.
[0008], token is used for various access stencils has obtained to welcome and developed into the technology that has up-to-date exploitation at various commercial and industrials as described in these exemplary examples.Token is not limited to these examples, but can adopt various forms and use various means and with the various forms of visits of multitude of different ways control, management or ruling.Yet, a chance that unfavorable aspect is the swindle system of token visit.For example, the token of stealing or forgery is normally used for obtaining undelegated visit.In fact, Federal Trade Commission's report credit card and debit card swindle annual cost holder and card issuer multi-billion dollar.
Summary of the invention
[0009] according to one or more embodiment of the present invention, various features and function can be provided to facilitate or be convenient to various forms of token transactions.Particularly, according to an aspect of the present invention, for example various forms of ciphered data safe practices can be implemented to think that token data provides safety measure with token system.In one embodiment, can be from the information of various forms of tokens at token from encrypting on one's body and can being used to when the data acquisition facility of token reading of data reads encrypted in data.
[0010] for example, in an application, can comprise that encrypting module is to encrypt the data that read from token.Preferably, in one embodiment, it is encrypted so that extra safety measure to be provided that data read out from token.In one embodiment, in order further to strengthen fail safe, comprise the encrypting module of cryptographic algorithm and key with data acquisition facility (can be included in the terminal) is packaging together and this packing is avoided or stop interpolater (tamperer) that cryptographic algorithm is carried out reverse engineering with the acquisition key.If safety measure can also be provided to be used for destroy, change or give disabled enciphered message when attempting to distort.
[0011] data acquisition facility can be configured to export the secure data flow of the token data that comprises encryption.In one embodiment, data acquisition facility can be configured to the token data of encrypting with the encapsulation of the form identical with traditional unencryption system and form, thereby makes form and the form that the transaction bag can the terminal expectation be sent to terminal.By this way, in one embodiment, data acquisition facility can plug and play ground compatible terminal or other trading processing equipment.This embodiment can be so that be upgraded to the trading processing network and do not need to comprise the data security feature downstream equipment is carried out a large amount of improvement renovations.
[0012] for example, for the situation of bank card, replacement head can be provided the magnetic stripe reader that comprise encryption function packaging together with read head.Thereby encrypting head can have the identical shaped factor and can be configured to export and make new head can easily replace existing with non-encrypted identical signal of tradition to need not a large amount of modifications with upgrade data deriving means or terminal.Certainly, in other embodiments, be not intended to have plug and play compatibility and data acquisition facility, terminal and other equipments and can be designed as and be suitable in given application, intercoming mutually with various forms.
Another feature that [0013] can provide according to the present invention is a secure transaction module, and one in a plurality of functions of this secure transaction module is to be used for data decryption.For example, in one embodiment, one or more points that secure transaction module can be provided in the trading processing network are sentenced being decrypted by the deciphering of data acquisition facility ciphered data or to ciphered data on token.Therefore, this decipher function can be used to obtain the plain text token data so that the transaction finish.Secure transaction module can be placed in suitable some place on the network according to for example internet security with in the factor that obtains the expectation of plain text information along the some place of network.
[0014] for example, in one embodiment, secure transaction module for example can be included in the network router of gateway and sentence the deciphering of some or all token data that provide encrypted, thereby is convenient to conclude the business route and processing.Described secure transaction module can also be configured to before another entity data be encrypted once more in sending to the processing network.For example, be convenient to further route and encrypted remainder data is stayed, be decrypted by transaction processor afterwards thereby the secure transaction module at gateway place can be included to decipher the token data of sufficient amount.As another example, gateway can be deciphered whole token data with as providing plain text data so that trading processing to the service of transaction processor and to transaction processor.In such an embodiment, the secure transaction module at gateway place can be used to manage the decryption services of a plurality of transaction location and a plurality of transaction processors.Therefore, gateway can be configured to decipher some or all token data that may be suitable for given trading processing network and given transaction.Gateway can also be configured to encrypt once more some or all of this data before forwarding information to transaction processor.
[0015] in one embodiment, different keys can be used for encrypting the different piece of token data or encrypting token data once more in transaction.The encryption of using a plurality of keys to carry out certain data block can be used to manage the safety of these data blocks and the desired locations place in network selective access to clear data (unencryption) is provided.
[0016] according to another embodiment, extra safety measure can for example PIN (PIN) code or other supplementarys provide by encrypting extra information.For example, PIN code, password, signature, biologicall test can be provided to maybe identify that other information of user also can be encrypted to be provided at the safety measure in this information.Therefore, in one embodiment, encrypting module can be used to encrypt this supplementary.Secure transaction module or deciphering module can be used to decipher PIN (pin) similarly or decipher other supplementarys that are used for suitable data processing.Attention is in a tradition is used, and conventional art uses the safety of the PIN in the plain text token data protection bank card business dealing.Yet in one embodiment, the token information of encryption rather than plain text token information are used to protect the safety of personal identification number's code data.Like this; for the function of expectation with the PIN of plain text information protection is provided in the legacy network, feature can be provided to use the token information of encryption to regenerate PIN, deciphering token information, use plain text token information protect PIN safety again and pass on token information and regenerate or the PIN of protection again to transaction processor.In addition, token information can be encrypted once more to guarantee data security.
[0017] more specifically, in one embodiment, personal identification number's code block is generated the safety with the protection PIN.For example, in one embodiment, personal identification number's code block can use conventional art to generate, and for example carries out mathematical combination by PIN and accounts information with input, for example by PIN and accounts information (for example with primary account number) are carried out XOR.Can be encrypted after personal identification number's code block.Accounts information or primary account number (PAN) at first by the embodiment of all or part of encryption in, personal identification number's code block will use the accounts information of encrypting to generate, and therefore comprise the data that can't obtain by traditional PIN verification technique.Like this, can provide a feature to regenerate personal identification number's code block, just look like that personal identification number's code block is to use plain text accounts information, primary account number or other token information to generate.For example, personal identification number's code block can decrypted and decomposition.The accounts information of encrypting can be used for extracting original PIN from personal identification number's code block of deciphering.For example, this can become the accounts information of the encryption of inverse relationship to extract original PIN with personal identification number's code block to finish by using.In addition, the accounts information of encryption can also be decrypted.The accounts information and the original PIN of deciphering can be used to generate new personal identification number's code block, and generating mode is identical by the mode of original generation (for example, by traditional personal identification number's code block generation technique) with described new personal identification number's code block.In one embodiment, personal identification number's code block gateway place in the trading processing network that lives again preferably carries out, and perhaps carries out at certain other home.
[0018] in context, personal identification number's code block can be considered a kind of form of the PIN of the encryption that generates by execution mathematical relationship on the accounts information of PIN and accounts information or encryption.This example has illustrated the safety that can use other PIN encryption technology protection PINs before being sent to the trading processing network.In such an embodiment, accounts information (encrypt or do not encrypt) can be used to encrypt PIN.Above example has also illustrated directly or indirectly using the token data of encrypting to make under the situation of the encrypted or protection safety of PIN similar PIN validation problem may occur, and the PIN checking expection PIN of using the unencrypted token data to encrypt or protect.Like this, in these embodiments, PIN is lived again and can also be implemented to regenerate PIN, as PIN checking expection.For example, PIN can be with the card data encryption of encrypting, be transmitted and be used to handle, encrypt once more to regenerate PIN with the card data decryption encrypted and with pure card data.Therefore, this further example has illustrated to live again and can be implemented to promote to be used for the PIN safety of multiple PIN safe practice that the PIN safe practice comprises for example personal identification number's code block generation, personal identification number's code encryption or other forms of safety.
[0019] according to still a further embodiment, personal identification number's code encryption can be used for the PIN of the encryption of debit card transactions by reception, generate personal identification number's code block with the debit card information of encrypting, encrypting personal identification number's code block and the described transaction of route provides to handle.Preferably, before PIN checking, personal identification number's code block can use the unencrypted debit card information decrypted and regenerate.For example, original PIN can be determined and original PIN is used to regenerate personal identification number's code block with the unencrypted accounts information from personal identification number's code block of deciphering.The personal identification number's code block that regenerates can be encrypted once more, and is passed on and be used for PIN checking or be used for subsequent transaction handling.The debit card information of encrypting can comprise the primary account number that the part of the primary account number of encryption of debit card or PAN or debit card is encrypted.In another embodiment, the debit card information of encryption can be decrypted to produce real account information.That encrypt or actual debit card information can be passed on personal identification number's code block of encrypting once more to be handled to be used for subsequent transaction.Personal identification number's code block is lived again and can be lived again and can carry out in the trading processing network in the execution of gateway place or personal identification number's code block before be transferred to transaction processor.Preferably, personal identification number's code block is lived again and was carried out before the PIN checking.
[0020] the present invention may further include some processing, be used at the terminal encryption debit card information, generate personal identification number's code block and encrypt personal identification number's code block in terminal, and pass on the debit card information encrypted and personal identification number's code block of encryption and be used for trading processing, personal identification number's code block of the debit card information of wherein said encryption and encryption can be used for using actual accounts information to regenerate personal identification number's code block before the PIN checking.For example, the debit card information of encrypting (for example primary account number of Jia Miing) can be used for regenerating original PIN from personal identification number's code block, and the unencrypted debit card information can use to regenerate personal identification number's code block with the PIN that regenerates afterwards.If necessary, personal identification number's code block can be encrypted once more, so that the follow-up trading processing entity that is sent to.According to one embodiment of present invention, personal identification number's code block is lived again and can be carried out at the gateway place before being transferred to transaction processor.Personal identification number's code block is lived again and can also be carried out in the trading processing network.
[0021] in another embodiment of the present invention; a kind of method that is used to protect token transactions safety comprises and receives the Crypted password that is used for token transactions; wherein said password uses the token information encryption of encrypting; the described password of use encrypting of token decrypts information, use actual token information once more the password encrypted once more of Crypted password and passing on to be used for follow-up trading processing.The token information of encrypting can comprise the identifier of the whole or local cypher of token.Described token can be debit card, loyalty card, other bank cards or business card or other tokens.Described password can be PIN or other identifiers and the user that provides card to be used to conclude the business preferably suitable for discriminating.Though the password encryption of other types can be used, in one embodiment, the password of encryption can be personal identification number's code block, and itself can be encrypted.
[0022] in another embodiment, the token transactions system comprises deciphering module and encrypting module again, described deciphering module is configured to receive the token information of the token information of encryption and the encryption that deciphering receives to produce the token information of deciphering, described encrypting module again is configured to the token information behind the deciphering module receiving and deciphering and receives PIN or the personal identification number's code block that generates or encrypt with the token information of encrypting, and the token information that described encrypting module again is further configured to using encryption regenerates PIN or personal identification number's code block, and uses the token information after the deciphering to encrypt PIN or personal identification number's code block once more.A plurality of token readers can be comprised and be configured to read token data and encrypt some or all token data produce to encrypt in the described token data.Deciphering module and encrypting module can be connected to gateway communicatedly, and described gateway is configured to token information and PIN information are routed to transaction processor from the token reader.
[0023] other features of the present invention and aspect will become from the detailed description below in conjunction with accompanying drawing obviously, and described accompanying drawing has illustrated feature according to an embodiment of the invention by way of example.Summary of the invention is not intended to limit the scope of the invention, and scope of the present invention only is defined by the following claims.
Description of drawings
[0024] the present invention according to one or more different embodiment is described in detail with reference to the following drawings.Described accompanying drawing is provided to only be used for illustration purpose and only describes typical or exemplary embodiment of the present invention.These accompanying drawings are provided to be convenient to reader's the understanding of the present invention and should be regarded as restriction to width of the present invention, scope or application.Should be noted that these accompanying drawings are not necessarily drawn in proportion for clear and explanation simply.
[0025] Fig. 1 is the diagram that explanation can be implemented an example of trade network of the present invention;
[0026] Fig. 2 is the diagram that the execution mode of feature that according to one embodiment of present invention can be related with the present invention is described;
[0027] Fig. 3 illustrates the operational flowchart that can carry out the process of safe token transactions according to one embodiment of present invention;
[0028] Fig. 4 illustrates wherein to use gateway to be used for route according to one embodiment of present invention the diagram of the processed example of concluding the business;
[0029] Fig. 5 is the operational flowchart that the example process of using a plurality of encryption key operation transaction according to one embodiment of present invention is described;
[0030] Fig. 6 is illustrated as the block diagram of an illustrative embodiments of encryption and decryption of a plurality of assemblies that each assembly uses the token data of separate keys;
[0031] Fig. 7 illustrates to be used for for example block diagram of the exemplary configuration of the data acquisition facility of data acquisition facility 113 according to one embodiment of present invention;
[0032] Fig. 8 is the diagram that illustrates according to one embodiment of present invention in the exemplary flow of the data encryption of deriving means;
[0033] Fig. 9 is the diagram that another example of data encryption according to another embodiment of the invention is described;
[0034] Figure 10 and 11 is diagrams of an exemplary application of explanation data encryption according to an embodiment of the invention and token signature character;
[0035] Figure 12 is the operational flowchart that the example process that is used to operate in token data encrypted on the token according to one embodiment of present invention is described;
[0036] Figure 13 is the operational flowchart that the example process in the source that is used to detect suspicious swindle transaction according to one embodiment of present invention is described;
[0037] Figure 14 illustrates to be used to use time stab information to detect the operational flowchart of the process of potential fraud according to one embodiment of present invention;
[0038] Figure 15 is some or all the operational flowchart of example process that the excessive data that is used to encrypt PIN data for example according to one embodiment of present invention is described;
[0039] Figure 16 illustrates to be used to decipher for example operational flowchart of the example process of the extraneous information of PIN data according to one embodiment of present invention;
[0040] Figure 17 is the block diagram that the exemplary application that is used for the PIN encryption according to one embodiment of present invention is described;
[0041] Figure 18 is the operational flowchart that the example process of the PIN transaction that is used to encrypt is described;
[0042] Figure 19 is explanation can be returned the example of wrong false results according to the PIN checking of an exemplary arrangement a diagram;
[0043] Figure 20 is the operational flowchart that the example process of the account that can be used for facilitating token transactions according to one embodiment of present invention and PIN information encryption is described;
[0044] Figure 21 is the operational flowchart of the explanation personal identification number's of being used for code block according to an embodiment of the invention example process of living again;
[0045] Figure 22 is the functional block diagram that explanation can be used for the exemplary functions structure that personal identification number's code block lives again;
[0046] Figure 23 is the diagram that according to an embodiment of the invention batch of settlement process usually is described;
[0047] Figure 24 is the diagram of an explanation feasible encryption technology according to an embodiment of the invention;
[0048] Figure 25 illustrates to be used to handle batch operational flowchart of the process of clearing according to one embodiment of present invention that some of them or whole account data are encrypted;
[0049] Figure 26 is the explanation diagram that is used for the example process of data encryption according to an embodiment of the invention;
[0050] Figure 27 illustrates the diagram that is used to carry out this encrypted process according to this embodiment of the invention;
[0051] Figure 28 is the operational flowchart that the process of a part that is used to encrypt number of the account according to one embodiment of present invention is described;
[0052] Figure 29 comprises Figure 29 A, 29B and 29C, and Figure 29 illustrates to use according to one embodiment of present invention to replace the diagram that form produces password and transforms the example of PAN (primary account number);
[0053] Figure 30 is the diagram of the encryption of explanation PAN according to an embodiment of the invention;
[0054] Figure 31 illustrates the operational flowchart that is used to encrypt the example process of freely selecting data according to one embodiment of present invention;
[0055] Figure 32 comprises Figure 32 a and 32b, is to illustrate to use according to one embodiment of present invention to replace the diagram that form produces password and transforms the example of PAN;
[0056] Figure 33 is an explanation diagram of freely selecting the encryption of data according to an embodiment of the invention;
[0057] Figure 34 is the operational flowchart that the process that is used to start new model more or other command modes according to one embodiment of present invention is described;
[0058] Figure 35 is the operational flowchart that the example process that is used to encrypt some or all token data according to one embodiment of present invention is described;
[0059] Figure 36 illustrates to use according to one embodiment of present invention whether definite token of checking character is the operational flowchart of the example process of order token;
[0060] Figure 37 is the diagram that the example process that is used for the operational order token according to one embodiment of present invention is described;
[0061] Figure 38 is the operational flowchart of explanation example process according to an embodiment of the invention, and wherein gateway or other downstream entities receive order transaction and return command information;
[0062] Figure 39 is explanation receives the example process of this command information at the transaction processing server place a operational flowchart;
[0063] Figure 40 is the diagram of the exemplary computer system that explanation can the executive software assembly.
[0064] described accompanying drawing is not intended to exhaustive or limits the invention to the form of disclosed strictness.Should be appreciated that the present invention can make amendment and change in practice, and the present invention is only limited by claim and equivalent thereof.
Embodiment
[0065] the present invention points to a kind of system and method, and described method is used to provide the system of being convenient to various forms of token visits.In one embodiment, described system is provided for striding a plurality of systems and a plurality of method of the safe token visit of communication media.
[0066] before describing the present invention in detail, be useful to implementing that exemplary environments of the present invention is described.A this example is the transactional cards network, and it comprises and is used to be convenient to buy or the token of other transaction.Fig. 1 is the diagram that explanation can be implemented an example of trade network of the present invention.With reference now to Fig. 1,, an example of trade network is the token network that can be used to authorize and settle accounts the purchase of extensive stock and service.The illustrated examples of the execution mode of this trade network be used to make things convenient for trader and other firms, bank and other financial institutions and individual carry out with and between purchase-transaction and debit card, credit card and the debit card transactions network of bank transaction.In general, in this trade network, client uses debit card, credit card, debit card or other tokens symbol as his or she identity, perhaps will be the sign of the account of described transaction payment as him or she.Token is accepted by the trader usually, and accounts information is read and is used for the described transaction of credit.The trader may require pilot's certificate or other forms of sign to verify buyer's identity in conjunction with the token of distribution.
[0067] afterwards, token data is sent to a suitable financial institution or a plurality of financial institution or other entities to handle.In one or more steps, processing can comprise account mandate, check and approve and settle accounts.Example among Fig. 1 has illustrated that token 101 can be used so that transaction by client.As described, in this exemplary environment, the example of token 101 can comprise that debit card, debit card, credit card, loyalty card maybe can be used for other tokens of discerning such as projects such as client, client's account and other relevant informations.As further example, for example the card of credit or debit card can comprise the various forms of technology of storing data, for example magnetic stripe technology, processor or smart card techniques, barcode technology or be used on token the other technologies of coding number of the account or other signs or information.Like this, the token of appropriate coding can comprise the various forms of information about the buyer, for example buyer's identity, information, the bank of issue or other financial institution, expiration day etc. relevant with buyer's account.
[0068] only as an example of token 110, can use the credit card that comprises conventional magnetic stripe on the side.Conventional magnetic stripe can comprise the data of three tracks.Further to this example, ISO/IEC standard 7811 regulations that bank uses: track 1 is 210 bits of per inch (bpi, per inch bit numbers), and preserves 79 6 the read-only characters in add parity position; Track 2 is 75bpi, and preserves 40 4 add parity position characters; And track 3 is 210bpi, and preserves 107 4 add parity position characters.The most traditional credit card uses track 1 and 2 to be used for financial transaction.Track 3 is read/write track (comprising PIN, country code, the monetary unit of encryption, the quantity of mandate), but the use of track 3 between each bank not by standardization.
[0069] in traditional credit card token, Information on the track 1Be included in two kinds of forms.Form A is left card publisher's proprietary use.Form B comprises following content:
Start mark: 1 character
Format code=" B ": 1 character (only being letter)
Primary account number: the upper limit to 19 character
Separator: 1 character
Country code: 3 characters
Name: a 2-26 character
Separator: 1 character
Expiration day or separator: 4 characters or 1 character
Freely select data: abundant character is to fill dominant record size (79 characters altogether)
End mark: 1 character
LRC (LRC), the checking character of a kind of calculating of form: 1 character
[0070] form that is used for track 2 may be embodied as following content:
Start mark: 1 character
Primary account number: the upper limit to 19 character
Separator: 1 character
Country code: 3 characters
Expiration day or separator: 4 characters or 1 character
Freely select data: abundant character is to fill dominant record size (40 characters altogether)
LRC:1 character
[0071] though to have the credit card of magnetic stripe data only be an example that can be used for the token of this and other environment, for clear and discussion easily, this exemplary environments is described to the execution mode of credit card in this article usually.
When [0072] entering a transaction, the trader may require client to show his or her form of payment, and this is credit card in this example.Client shows the token 101 (for example credit card) that uses in transaction terminal 104 to the trader.In one embodiment, credit card can be got or be placed as by data acquisition facility 103 and read by the magnetic stripe reader brush.At the credit card that uses magnetic stripe is in the current example of token 101, data acquisition facility 103 can comprise various ways in order to any one of the magnetic stripe reader that from credit card, extracts data.In other embodiment or execution mode, other forms of data acquisition facility 103 or reader can be used for from token 101 acquired informations.For example, bar-code scanner, intelligent card reading, RFID reader, near field apparatus and other mechanisms can be used to obtain some or all data of being associated and being used to conclude the business with token 101.
[0073] data acquisition facility and terminal 104 are write to each other, terminal 104 can comprise any one in the multiple terminal, comprises for example selling post terminal, accessing points terminal, granting station, ATM, terminal, personal computer, work station, mobile phone, PDA, hand-held computing device and other data input devices.Though in many application, data acquisition facility 103 is physical separation with terminal 104, be in terminal 104 and write to each other, in other environment, these article can be arranged in same enclosure or at integrated shell.For example, those can be from for example pacifying the terminal that intelligence (Ingenico) company, Verifone company, Apriva company, Linkpoint company, Hypercom company and other companies obtain.
[0074] example of continuation credit card, client or cashier can use the brushing card device brush to get client's credit card, and described brushing card device reads the card data and passes on cashier's machine or the other-end 104 of described data to the cashier.In one embodiment, magnetic stripe reader or other data acquisition facilities 103 and terminal 104 physical separation, but and terminal 104 write to each other.In other environment, these article can be arranged in same enclosure or be arranged in integrated shell.For example, in the current execution mode at retail center, magnetic stripe reader can be placed near on client's the sales counter, and electronics coupled is to the cashier's machine terminal.The cashier's machine terminal can also have the magnetic stripe reader that the sales force uses.
[0075] the client ID that may be required to show a kind of form is printed on his or her identity on the token 101 with checking.For other transaction, debit card transactions for example, the user may be required to key in PIN or other identify clauses and subclauses.
[0076] continue current credit card example, terminal 104 can be configured to print receipt (or can show the signature page or leaf on display screen) and client can be needed as his or her purchase signature, and therefore another other evaluation of level of purchase is provided.In some environment, terminal 104 can be configured to store the transaction record that is used to hold the record with the Objective of Report.And in some environment, transaction record can be held to be used for account clearing after a while.
[0077] common, before transaction was checked and approved, the one or more entities of terminal 104 from trading processing network 123 were sought and are authorized.For example, the trader can seek from other entities that merchant bank, the bank of issue, clearinghouse maybe can be used to check and approve this transaction and check and approve.Therefore, depend on token type, the mechanism that relates to and other factors, trading processing network 123 can be that single entity or mechanism or its can be a plurality of entities or mechanism.As further example, in one embodiment, the trading processing network can comprise one or more processors or clearinghouse, so that represent the bank of issue and merchant bank's cleaning transaction.The trading processing network also comprises these banks of issue and merchant bank.For example, the one or more entities as Global Payments, Visa, company of American Express (American Express) etc. can be the parts of trading processing network.In these entities each all can have one or more processing servers with the operation transaction.
[0078] in some cases, check and approve the final clearing that can also form transaction, described clearing cause suitable fund to be transferred ownership to finish transaction.Yet in other embodiments, mandate can only be that the clearing of mandate and real account can take place in subsequent transaction simply.For example, mandate can be verified the validity of customizing messages, for example number of the account, expiration day, Customer Name and limited credit, thus determine whether to check and approve this transaction.When a series of one or more transaction of being checked and approved are sent to (a plurality of) suitably during mechanism that are used for the clearing of transfer fund or other accounts, clearing can be finished.
[0079] as shown in Figure 1, can comprise gateway 120 so that in the trading processing network 123 a suitable entity or a plurality of entity and from the route of transaction, mandate and the clearing of this entity or a plurality of entities.For example, under the situation that the trader receives credit card from numerous different institutions, gateway can use from token 101 and obtain and be delivered to the BIN (bank identification number) of gateway 120 transaction is routed to (a plurality of) mechanism that is associated with given BIN.Shown in flow arrow 122, not that all transaction all must be routed through gateway 120.Transaction can adopt other paths to arrive a suitable entity or a plurality of entity in the trading processing network 123.In addition, the term gateway of Shi Yonging is not restricted to conventional gateway and uses herein, but wide in range to any server or the computing system of enough containing any or repertoire that is configured to carry out described function.Only be the convenient term gateway that uses.
[0080] though only use a frame explanation trading processing network 123 in the block diagram environment of Fig. 1, this frame can be represented to conclude the business and be routed to authorize or the single entity of clearing or may relate to is authorized and the network of a plurality of entities of clearing.The communication of each inter-module in exemplary environments can use the multiple communication technology form and the agreement that may be considered to suitable given environment to be transmitted wired or wirelessly.As an example, current available credit card is handled network and protocol architecture can be used as the environment that can implement embodiments of the invention.In fact, in one embodiment of the invention, various features of the present invention and function can be implemented in current or the trading processing network left over so that enhanced features to be provided, and reduce network foundation simultaneously and construct needed change or upgrading rank.
[0081] described exemplary environment thus, the present invention is described with this exemplary environments in this article often.Provide description in the context of exemplary application, to be described to allow various feature of the present invention and embodiment according to this environment.After reading this specification, a those of ordinary skill of this area will know how can implement the present invention in different and alternative environment.
[0082] the present invention is directed to the system and method for being convenient to the token visit, and in one embodiment, be provided for the safety measure of the enhancing of token visit.Particularly, with regard to example and relevant environment, an embodiment provides safety measure for financial transaction.An embodiment in this exemplary application is transferred to banking network in some or all token data (credit card, debit card, debit card or other tokens) and is used to authorize or settle accounts the encryption that described token data is provided before.Deciphering can be carried out at the one or more suitable some place along the transaction path restoring some or all initial data, thereby makes financial institution can determine whether authorized transactions or finish settlement process.
[0083] Fig. 2 and 3 is diagrams of the illustrative embodiments of the feature that is associated with embodiments of the invention according to exemplary environments of explanation and function.Fig. 2 is the diagram that the execution mode of feature that according to one embodiment of present invention can be related to the present invention is described.Fig. 3 is the operational flowchart that the process that is used to facilitate safe token transactions according to one embodiment of present invention is described.With reference now to Fig. 2 and 3,, in step 86, read by data acquisition facility 113 from the data of token 111.As mentioned above, token 111 can adopt numerous any one in multi-form, comprises the above-mentioned example of discussing with reference to the token among the figure 1 101.
[0084] in addition, in one embodiment, coded data can be during token 111 be made or is produced or encrypted when data being write on the token 111 in the token 111.Though token data is called as " on token " with expression " in token ", or is encoded on the token of token 111 for example or is coded in the token, these terms do not mean that hint or require specific physical structure to be used for the digital coding token.
[0085] in step 88, can comprise that the encrypting module 132 of one or more cryptographic algorithm is used to encrypt some or all token data.Though can occur in a plurality of differences place along data flow according to encryption of the present invention, it is preferred encryption being taken place as early as possible or realize in data read cycle.Therefore, in one embodiment of the invention, encrypting module follows data closely and obtains in data path.Preferably, afterwards, described data can be encrypted the fail safe with enhanced system as early as possible after it is read.
[0086] prevent to duplicate, browse or protection that other are distorted in order further to strengthen fail safe and to provide, encrypting module 132 can be packed in the same shell with data acquisition section.Further, encrypting module can be loaded into epoxy resin and iron and steel or other and distorts in the security component so that the protection to preventing to distort to be provided.Therefore, in one embodiment, whole data acquisition facility can be packaged in anti-distorting in the encapsulation.As the specific example of this situation, consider to be convenient to the exemplary application of the present invention of safety credit card transaction.In this exemplary application, data acquisition facility 113 may be embodied as magnetic stripe reader, and this magnetic stripe reader has magnetic read head or the read/write head that is used for extracting from token 111 data.In the present embodiment, can use epoxy resin or other embeddings or encapsulant and iron and steel or strong tubing that encrypting module 132 and magnetic head is packaging together so that the protection of distorting of preventing to the unit to be provided.For example, encrypting module 132 and read head can be packaged as and make possible interpolater cannot or hardly decompose described unit and carry out reverse engineering or steal encryption key near plain text data stream or to cryptographic algorithm, do not distort mark and do not need to destroy described unit or stay.As further example, encrypting module 132 can be embodied on the single substrate or encapsulates in single chip and with read head.In addition, data detection circuit can be included in the identical Chip Packaging similarly with amplifier (or other data read electronic devices).Encrypting module can further be implemented so that it does not store or transmit the plain text accounts information and protect described information with further help.
[0087] in another embodiment, pin or other contacts can provide the pre-position in encapsulation.Epoxy resin, resin or other Embedding Materials can be electric conducting materials, thereby produce current path between two or more pins.Control logic (for example, processor) in the head can measure stride each pin between the resistance in each path.Therefore, if attempt opening device or detection circuit obtaining key, algorithm or other enciphered messages, then one or more contacts between resistance will be changed.Like this, can detect invasion.In one embodiment, resistance value is used as key to generate encryption key or other information by processor.Therefore, if Embedding Material is compromised, then resistance changes, and this changes key again, influences the final key that generates of processor thus.Like this, encrypting module is incited somebody to action the not effective enciphered data of regeneration.In addition, because encryption key is generated by control logic by using the key based on resistance value, so encryption key is from obtaining before generating.In use, thus encryption key can generate in real time effective key is not stored in the head.Storage key has not increased another safety measure.Various alternative contact configurations can be provided.For example, the pin of change length can be provided in around the periphery of the circuit board that holds control logic.In one embodiment, the pin in the scope of about 1/2mm to 1mm is provided at the array or centers on described periphery and the contact Embedding Material.In one embodiment, the A/D of processor (analog/digital) port can be used for the resistance value of measurement processor.In another embodiment, described contact can be extended to the end in the side equally.In this application, if a people attempts to cut off head to obtain key, then pin will be cut off, and change the resistance in path therebetween.
[0088] in one embodiment, Embedding Material produces with mode heterogeneous or the mode that is not easy to duplicate or uses.Therefore, for example, if material behavior changes in manufacture process or different application, then described material can not easily be removed and be replaced, and keeps the function that produces correct key simultaneously.For example, amorphous or inhomogeneous material can be used so that the conductive properties of described material can change on its volume or between the different application, makes that thus described material is difficult to remove and replace with identical characteristics.As another example, conductive shield or pattern can be used and be embedded in the described material so that unique character to be provided.For example, can use carbon fiber shielding, have conductive traces the mylar template, receive the pipe and other conducting elements and pattern.
[0089] like this, these encapsulation and packing technique can be used for the integrality of protected data stream and cryptographic algorithm and key.In addition, in the example of this credit card applications and other are used, head or other data read parts usually with the precision manufacturing of specific degrees reading accurately and write operation.Like this, the device of removing or distort suitable encapsulation brings difficulty when obtaining the necessary accurate and accurate rank decomposer of suitable read/write ability can for possible interpolater.Like this, this example illustrated encrypting module 132 how can be 113 integrated with data acquisition facility, packing or implement to prevent the specific safety measure of distorting to provide.
[0090] as mentioned above, encrypting module 132 can be implemented some or all data that are associated with token 111 to encrypt.Therefore, the data of being exported by the data acquisition facility of the encrypting module with activation can comprise the data flow of bulk encryption or have enciphered data and the data flow of the combination of plain text data.In other words, in one embodiment, encrypting module may be implemented as the specific data item of only optionally encrypting token data.In addition, in one embodiment, it may be necessary or the plain text data stream of expectation to provide for given application that the present invention can be implemented to forbid encrypting module 132 or to get around encrypting module 132.
[0091] for the process of optionally encrypting some or all token data is described better, considers the example credit card trade once more.In this transaction, may expect encrypted card number of the account (or at least a portion of described card number of the account), keep other specific token information with plain text simultaneously.As further example, consider current credit card trade, wherein client brushes his or her credit card by magnetic stripe reader and information is sent to terminal 114, selling post terminal for example, thus start described transaction.In these transaction, selling post terminal transfer of data is used for authorizing to trading processing network 123, and in many cases, prints receipt that is used for client's signature and the receipt that is used for customer files.
[0092] because of the specific part that may expect in using this and other to use particular denomination information authorized transactions and this information is provided on various receipts, so in these were used, expectation was left plain text so that these operations with the specific part of token information.Therefore, in one embodiment, encrypting module 132 can be implemented the selective encryption with the specific part that token data is provided, and other parts with token data are left plain text or unencrypted state simultaneously.Consistent with above example, in one embodiment, thereby encrypting module 132 is implemented with the encryption section number of the account specific safety measure to accounts information is provided.In one embodiment, though can use other encryption technologies, encrypt and to use the triple des encryption to finish.
[0093] operable another exemplary encryption technology is basic key derivation (BDK) technology, for example derivation unique secret key of each transaction (Derived Unique Key PerTransaction) or DUKPT technology.According to DUKPT, can produce unique key and be used for each transaction.DUKPT dynamically produces new key.In DUKPT, can generate new key, the fail safe of enhanced system for each transaction.Some agreements generate for every (n) inferior transaction provides new key, but need key exchange process.DUKPT can be implemented and think that each transaction (being n=1) produces new key and do not need tediously long exchange process.By DUKPT, the recipient uses transaction data and the new key of cipher key shared (BDK) generation before.By this derivation agreement, foundation key can be shared or be input to terminal (for example being input in the read head shell) before by utilization via key custodian technology.
[0094] derive by each continuous key, described key is used for the encryption and decryption data.After transaction was finished, new key can be dropped based on the key generation and the old key that use before.This new key can be used for concluding the business next time, and described key derivation process can continue similarly to be used for subsequent transaction.In one embodiment, basic key derivation is used from the described process of beginning together with initial transaction key one.Terminal can use the initial transaction key to start and the contacting and can use key chain as described above afterwards of main frame.
[0095] encrypting module in this illustrative embodiments 132 can be configured to last several bit digital of bank identification number and number of the account are left plain text on demand.May expect so in some applications because make bank identification number be in plain text make terminal, gateway or other route assemblies in the system can use this plain text bank identification number to come suitably the route transaction is used to check and approve and settle accounts.In addition, as described in this example, the last 4-digit number of number of the account is left plain text can allows these information to be printed on the receipt and maybe can carry out physical examination and other staff relatively check by the cashier.As further example, client's name can be left plain text to allow his or her name and be printed on the receipt or to be checked so that discern by the cashier on terminal.As another example, in one embodiment, encrypting module is left plain text to be recognized as the expression effective range by terminal with the first digit of bank identification number.As these example explanations, may expect or require as given application, the present invention can be implemented to select encrypted token data field any or whole (or part of these data fields).Though use terminology bank identifier or BIN in the presents sometimes, the traditional B IN that is used on the bank card can be instigated in this term, perhaps more generally refer to be used to discern any route character, string or other information of token source or route transaction.Similarly, the terminology bank card can be used in reference to token, for example credit card, debit card, loyalty card, Payment Card etc., and no matter it still is other entities (for example American Express, Master Card, Visa company etc.) or authority releases by bank, and no matter it is magnetic stripe card or other forms.
[0096] in step 94, obtains and be transferred to terminal 114 to promote transaction by encrypting module 132 ciphered data by data acquisition facility 113.In the application according to exemplary environments, terminal 114 for example can comprise that cashier's machine or other sell station or selling post terminal.In other environment, terminal 114 can suitably be embodied as the other-end that comprises for example a plurality of checkpoints terminal, customs's station terminal, accessing points terminal, selling post terminal or be suitable for given application.
[0097] in the application of selling post terminal, in one embodiment, terminal 114 can be the terminal of swiping the card, for example by VERIFONE, and those portable or workbench terminals that INGENICO and other mechanisms provide.Other selling post terminal can comprise for example air pump, ATM, vending machine, remote payment terminal etc.As another example, terminal can comprise the token reader of getting in touch with personal computer communication or be used for other calculation elements of shopping (for example internet shopping or online bank transaction).As further example, in one embodiment, terminal can comprise magnetic stripe reader (comprising one or more read heads), keyboard (for example, being used for PIN input or other users input) and display.Therefore, in the present embodiment, terminal 114 is integrated in the same encapsulation or shell with data acquisition facility 113.Described terminal is can also be with cashier's machine or other selling posts or accessing points station integrated or write to each other.
[0098] in one embodiment, the data that are transferred to terminal 114 preferably encapsulate in the mode that terminal 114 may be expected.Therefore, any one in numerous encapsulation format all can be adopted by this and other communication channels in the chain transaction.Yet in one embodiment, thereby data acquisition facility 113 can be implemented in the mode with terminal 114 compatibilities and encapsulates or formatted data, described terminal 114 may be with do not comprise encryption function before already present data acquisition facility use.As one of this consideration concrete example, relate to the exemplary application of credit card trade again.In this exemplary environments, a large amount of magnetic stripe readers of current existence, it provides the plain text token data of the specific format of terminal expectation to existing terminal.Therefore, data acquisition facility can be configured to enciphered data, with the tandem arrangement encrypted in the home position of the plain text data of its replacement, calculate again verification and, comprise any mark or LRC and be transferred to described terminal.Afterwards, described terminal can be operating as transaction regular trading (for example unencryption transaction).In one embodiment, described terminal can the described checking data of verification (for example with odd even, LRC and mould 10 verifications), and when described checking data was generated once more by the encrypting module that uses the encryption string that inserts, this checking data should be correct.If the token fault then can be exported bad reading state.
[0099] therefore, only (for example at magnetic stripe reader) provides data encryption can cause data and terminal is incompatible and incompatible with the remainder of network in some applications at the data acquisition facility place.Like this, present embodiment encapsulates the encryption section of data and the plain text part of data together with the encapsulation format identical with the data that not so are presented to terminal 114.Like this, transaction (being credit card trade in this example) can its common mode be finished and is not needed terminal staging.As further example to this, consider above-mentioned example, but the individual number of the account of supposing credit card now is encrypted as follows: first six digits numeral or bank identification number are left plain text, and ensuing six bit digital are encrypted, and the back 4-digit number of number of the account is left plain text.Therefore, in this example, encryption can be implemented so that original six bit digital of encrypted number of the account are replaced by (promptly six) enciphered digital of equivalent, and this six bit encryptions numeral is placed on the identical position of six plain texts numerals occurring in the number of the account with data flow.As a result, the original package form of track data is uninfluenced, and the data acquisition facility (no matter being new equipment or refreshing apparatus) with encrypted feature can be integrated in the network and with the terminal compatibility of expectation from the data of non-encrypted magnetic stripe reader.
[0100] in another embodiment, ciphered data can the signal format output identical with the signal format of conventional terminal expectation.For example, in exemplary environments, conventional magnetic stripe reader comprises read head, and this read head reads magnetic conversion and the dateout conversion string as the expression track data.In this environment, terminal 114 is supposed to receive the conversion string with given signal format (being in specification signal level or scope) from described head.Therefore, in the present embodiment, encrypting module 132 can further be configured to data stream encrypted is converted to a series of conversions of the signal level that is in the terminal expectation.Like this, in this example, present embodiment allows data acquisition facility 113 to communicate by letter with the conventional terminal equipment and does not need change or upgrading terminals.
[0101] continue this example, in one embodiment, described head is configured to read the data of magnetic code and exports a series of data conversions.Described conversion can be converted to a series of characters of expression track data by encrypting module 132.If in application, be suitable for, then encrypting module 132 can further be configured to generate LRC and verification and.Therefore, encrypting module 132 produces the track data character string.Encrypting module 132 further is configured to resolve this track data and is used for encrypting with the suitable part of selecting these data.For example, encrypting module 132 can select the part accounts information to be used for encrypting, and covers other data simultaneously, for example BIN and expiration day.In one embodiment, thus encrypting module 132 can be configured to again encapsulation of data is in the form bag identical with clear data it.Afterwards, encrypting module 132 can be configured to this data are converted to not so in the conversion that does not have to be read under the situation of encryption technology head output.Therefore, in this example, the mode formatted (from the angle of layout and signal) of data flow 135 to expect from the terminal 114 of conventional head.
[0102] in the embodiment of encrypting module and head or the encapsulation of other data acquisition facilities (or integrated or comprise), head unit can be used for existing non-encrypted head is replaced with the encryption head, and described encryption head comprises encrypting module and with the form dateout identical with non-encrypted.Therefore, in one embodiment, it is compatible or comprise encryption function by non-encrypted head being replaced with the encryption head that is configured to export compatible data format that existing terminal or other trading processing equipment can easily be upgraded to PCI.Because output is compatible in the present embodiment, therefore described head can be replaced and can not influence terminal 114.
[0103] in one embodiment, as described, encryption technology can be encapsulated in the smart card module encapsulation together with a technology.Encrypting head module can sealedly distort with prevention.Head module can comprise that for example sealed electronic device is to provide encryption, power management capabilities and to be used for the intelligence interface of any terminal/POS environment.The encryption head can for example be replaced the existing read head in the conventional POS device; Be connected the outside POS device that is connected to via RS232 or USB port or other wired or wirelessly; Or for example use I2C or SPI method to be integrated in the described device.Be installed in the terminal in case encrypt head, then its new function can be configured to still transparent (" hiding ").As following further discussion, described function can be in resting state all the time before being activated via the order token.
[0104] encrypting head can be configured to optionally encrypt track 2 card data based on BIN number and POS/ system requirements etc.Described data can be used odd even, LRC and mould 10 check test accuracy.If card is failed by odd even or LRC verification, then export " bad reading " state.If cartoon has been crossed other verifications and passed through mould 10 verifications, then block the BIN number and be used to visit encryption parameter and key.In one embodiment, terminals are successfully decoded and the encrypted card data at every turn, and counter all can be rised in value.In one embodiment, can set up different counters and for specific BIN or BIN scope refresh counter.In one embodiment, six digit counters are enough to allow enough " uniqueness " in each transaction.In one embodiment, two rightmost numerals are exported together with card data (for example, in PVV (pin validation value) field or other fields), are used by deciphering module.
[0105] shown in Fig. 2 be secure data flow 135, some of them or total data were encrypted by encrypting module 132 before being transferred to terminal 114.In step 94, secure data flow 135 is transferred to terminal 114 to promote transaction.Like this, terminal 114 can suitably use or some or all elements of transfer of data stream 135 to implement transaction.Continue the example that credit card is sold, for example the terminal 114 of the selling post terminal or the terminal of swiping the card can use this transaction data to think that transaction obtains the authorization, obtains user's input (for example pressing "Yes" sells to check and approve) and print receipt (or communicate by letter with printing receipt with cashier's machine or other devices) or finish transaction.
[0106] in step 96, terminal 114 routes data to trading processing network 123 with suitably for obtaining the authorization or check and approve from the transaction of one or more entities.Some or all data that provide in the secure data flow 135 can be provided data flow 137 by terminal 114 routes, and can be increased the excessive data that may be fit to trading environment or type to provide.In one embodiment, transaction data stream 137 is data identical with secure data flow 135 and has same format with it.In one embodiment, transaction data stream 137 can be formatted as with the compatible form of existing trading processing equipment or be formatted as given application or network may be expected or the extended formatting that is fit to by terminal 114.For example, in one embodiment, it is packed and send to conventional terminal 114 that secure data flow 135 can be followed the conventional terminal standard, and handled and output according to its conventional criteria by terminal 114.As another example, data flow 135 can by terminal 114 receptions and terminal 114 can be configured to be provided for and compatible encapsulation and the Signal Regulation of downstream equipment.In another embodiment, in order to work together with the trading processing left over equipment, the replacement terminal with compatible data acquisition facility 113 (integrated or other modes) can be provided to and trading processing network plug and play compatibility.
[0107] in some environment, the link between terminal 114 and (a plurality of) transaction processor is comparatively safe.Like this, in one embodiment, terminal 114 can be before the transmission that is used for trading processing data decryption.Though undeclared, terminal 114 can comprise decipherment algorithm and the key that is used for data decryption before transmission thus.Decrypted data can be held or be formatted as the identical form of form with the transaction processor expectation.In addition, terminal 114 can comprise that encrypting module is to encrypt some or all data by terminal 114 outputs.Therefore, described data can the encrypted or encryption once more in end before transmission.In one embodiment, thereby terminal handler, ASIC or be used to deciphers or other control logics of enciphered data and be associated key can if it be distorted with the secured fashion encapsulation, then key or other enciphered messages are wiped automatically or are damaged.In another embodiment, data acquisition facility can encapsulate with secured fashion together with terminal assembly.
What [0108] illustrate in the example that provides among Fig. 2 is gateway 120, and this gateway 120 can be used for route data stream equally.As above described with reference to figure 1, gateway 120 can comprise or not be included in the transaction route, and this depends on application or transaction and network configuration and participant and other parameters, for example complexity of network and available route option.For example, under a plurality of terminals 114 can be used to carry out situation from the transaction of the credit card of a plurality of distribution authoritative institution, gateway function is route transaction data between the element of terminal and trading processing network usefully.
[0109] equally as described above with reference to Figure 1, as used herein, term " gateway " is widely used for illustrating the entity in the transaction flow, for example server or other treatment systems, described entity can be included to carry out for example functions such as route, interface connection, form or protocol conversion, storage, buffering.For example, in one embodiment, gateway can be assembled so that various terminals 114 are connected with each entity in trading processing network 123 or the trading processing network 123.Further, in one embodiment, gateway can be included to provide the interface between each entity that is included in the transaction.With regard to exemplary environments, on the one hand, gateway can provide the common interface between a plurality of traders and the terminal 114 thereof, and on the other hand, gateway can provide the common interface between a plurality of traders and each bank, mechanism or other entities.Can be included in function in the gateway 120 and can be for example protocol translation, data formatting, impedance matching, rate transition, Fault Isolation, signal conversion, buffering and storage, route or collaborative work between the transaction participant is provided or signal post must or other useful functions.
[0110] gateway can use hardware, software or its combination to realize.In one embodiment, gateway 120 is implemented as the one or more processing unit that are configured to move the software application that is used for gateway function.In the one or more embodiment described in the presents, for example encrypt, the function of the storage of deciphering, key and other correlation functions often is illustrated as and carries out at the gateway place or carried out by gateway.This specification comprises a plurality of execution modes, and wherein a plurality of functions are used separation module or carried out by the equipment that gateway calls or visits.For example, in one or more embodiments, these functions are described to by can be used as a gateway part or being carried out by the secure transaction module of gateway access.Those of ordinary skill in the art is with clear after reading this specification, and this discussion can represent that the same apparatus of carrying out gateway function can also comprise hardware or the software module that is used to carry out these encryptions, deciphering or other functions.
[0111] alternatively, separation module can get in touch with gateway communication and the function of described separation module call, visit by gateway or use to carry out encrypt, deciphering or other correlation functions.In fact, in one embodiment, one or more equipment that separate are provided to carry out various deciphering, encryption, key storage and upgrade and other functions, and suitable transaction data is routed to suitable equipment to be used for processing.This equipment self can use hardware-software or its combination to realize, and can be coupled to get in touch with gateway communication.As described herein, this equipment (being also referred to as secure transaction module sometimes) can be associated with a plurality of entities except that gateway, comprises the bank of issue, merchant bank, clearinghouse, trader and other entities that can be associated with trading processing network 123.
[0112] in step 98, information encrypted is decrypted to handle described transaction.In example illustrated in fig. 2, transaction data stream or other suitable transaction data are routed to authorizes or other one or more trading processing network 123 entities of checking and approving carrying out.In this illustrated example, deciphering occurs in this network or this mechanism sentences plain text information can be restored so that trading processing.The present invention can be implemented to provide with arbitrfary point in process of exchange place and may be suitable for specifying security purpose or specify the desired decipher function of security purpose.For example, in case transaction data arrives the safe handling network, then may be suitable in this network data decryption and be plain text, because described network is safe data manipulation.As another example, in case transaction arrives clearinghouse, secure transaction module can or be clearinghouse's decryption information at bank clearing decryption information of living in, and described transaction is transferred to the bank of issue to finish.As another example, described transaction can remain encryption and can locate decrypted to be used for processing in the bank of issue before it arrives the bank of issue.Decrypted to be used for the situation of operation or other processing (or being used for other purposes) before information arrives its ground the most all day, described information can be encrypted once more to be used for subsequent transmission.
[0113] as another example, the connection self between gateway 120 and the trading processing network 123 can be safe connection.In this case, may be desirably in transaction data stream is routed to before the trading processing network 123 at gateway 120 places its part or all deciphering.In this example further, consider a kind of credit card trade, wherein whole accounts information is encrypted.Thereby what may expect in this case is to make gateway deciphering accounts information be convenient to route to obtain bank identification number.Connect by safety, decrypted information can be left plain text to be delivered to trading processing network 123.In another embodiment, gateway can be configured to encrypt once more some or all of decrypted information before route.
[0114],, also may be desirably in the gateway place and have available secure transaction module with the described transaction of deciphering by this gateway route even be the situation of plain text at route data as another example.Like this, (or quite concentrating under the situation of a plurality of gateways) decrypting process of concentrating can be implemented so that (or in predetermined a plurality of positions) are a plurality of transaction operation deciphering of a plurality of traders and a plurality of publishers a position.In this application, the deciphering of concentrating can be implemented so that concentrated key management or concentrated other cryptographic algorithm or information to be provided.
[0115] therefore, for the situation that illustrates that two feasible deciphering are arranged, a deciphering module is illustrated as deciphering module 122A that is associated with trading processing network 123 and the deciphering module 122B that is associated with gateway 120.Because these examples are used for explanation, so the deciphering of some or all information can be carried out at the one or more somes place that may be suitable for given transaction along network.Equally further go through as following, other encryption and decryption of various level of using one or more keys to be used for a plurality of parts of data can be comprised, thus route and the operation being convenient to conclude the business in the mode of safety.
[0116] for example, gateway can be configured to the decrypted transaction data flow, determines route or other particular gateway information (for example reading the bank identification number that is used for route), and encrypted described data once more before data are transferred to trading processing network 123.In addition, in aforesaid another embodiment, the part of bank identification number or this bank identification number can be left plain text, thereby described gateway or other networking components can be implemented with deciphering in the middle of described transaction makes based on plain text bank identification number route and encrypt once more to be not used in and determine this route.
[0117] in another embodiment, secure transaction module is configured to decipher accounts information, and described secure transaction module can be configured so that do not store the plain text accounts information for security purpose.Therefore, in the present embodiment, equipment can be configured to receive information encrypted, carries out deciphering and passes on plain text information and do not store the local replica of plain text information.Yet in one embodiment, the hash of accounts information or other token data can be maintained at secure transaction module and sentence and make described module can check the transaction of duplicating.In another embodiment, secure transaction module can be configured to provide data to be used for report or record maintenance purpose.For example, secure transaction module can provide hash, trading account, trader ID, Termination ID, trade date etc. to be used to report Transaction Information or other data.
[0118] in one embodiment, because swiping the card of each encryption is unique, therefore the trade fair of each encryption that " upsets " from trader's quilt generates unique hash-code.The hash that is stored in the secure transaction module can be used to verify that follow-up encryption transaction is not " recurrence " transaction in the early time.This is former comprehends establishment, yet, do not use in the execution mode of same gateway at " trader A " and " trader B ", because hash is not stored in the gateway of separation, so the H-TDES that duplicates transaction can not be hunted down.Therefore, in one embodiment, the secure transaction module of locating at different gateways (or handle network in) can be configured to share the hash-code that has generated that is used for the comparison purpose (for example, share mutually information or information is provided to central storage facility) to detect the swindle transaction.When implementing signature detection, identical situation exists.In one embodiment, the identifier of signature detection generation uniqueness or data flow are with the expression original cards.In order to detect card or other frauds of being brushed, signed data can be shared between secure transaction module.
[0119] in one embodiment, bank identification number or other process informations can be with first secret key encryption and account or other information with second secret key encryptions.In the present embodiment, thus the entity of gateway or other appointments can be provided first key makes it can decipher other trading processing information that bank identification number maybe can be used for providing in transaction its service.For example, encrypted and gateway is preserved under the situation of this key (transaction modules for example safe in utilization) in bank identification number, and transaction is routed to gateway to decipher bank identification number and to determine route.In one embodiment, the route of transaction can be determined based on the entity that keeps key.In addition because number of the account or other information is with second secret key encryption, so this information can't help the gateway deciphering but with encrypted form by so that transaction.By this embodiment, may be embodied as and make second key not be stored in the gateway place or be not kept at the gateway place, therefore make that accounts information more is difficult to be jeopardized safety at the gateway place.Like this, in one embodiment, described system may be embodied as and makes second encryption key only be stored in the safety measure that the trading processing network is sentenced to be provided the enhancing of accounts information.As another example, the whole numerals except that first numeral of BIN all can be encrypted.First bit digital of BIN is left the route that plain text can be used to be convenient to terminal or other processing unit.
[0120], in one embodiment, can exist a plurality of keys to manage different encryption functions as another example.In addition, in one embodiment, the present invention may be implemented as and makes the encryption level carried out by encrypting module and type by different key managements, and in some cases, manages by order token (following further discussion).Therefore, in one embodiment, hierarchical key management can be established to comprise master key, OEM (original equipment manufacturer) key, trader's key and terminal key.In one embodiment, master key can use during making encrypting module with supervisory sequence number, and is used for generating and activates OEM key and order card.The OEM key can be used for generation and be used for the different encryption levels order card of (for example being used for different B IN scope); And can be used for generating and activation trader's key and order card.For example, the trader can be configured to whole terminals of trader are used identical key and order card, makes terminal can encrypt primary account number.Trader's key can also be used for generating and activated terminals key and order card.Terminal key can in conjunction with corresponding order card use with describe to encrypt in each track freely select data.
[0121] in one embodiment, key can be managed automatically and be safeguarded by the key management module that can be used as service or equipment.As service, key can be by trader's telemanagement.Each trader's terminal or set of terminal can be allocated for the unique secret key of the card data of decrypt encrypted.
[0122] because these examples is used to explanation, so a plurality of different encryption and decryption situations can be provided, can be being suitable for given application or being suitable for fail safe in some or all data or the mode of the aspiration level of privacy, with the different piece of different secret key encryption data and provide suitable deciphering or encryption once more.
[0123] in step 99, provides the authorization response of expression licensing status from trading processing network 123.For example, checked and approved the place in transaction, this mandate be passed to terminal 114 and can be stored in described terminal or be stored in storage device that terminal is associated in, be used for record and keep purpose or further transaction.For example, consider the application in credit card trade once more, when carrying out initial transaction, terminal 114 is sought from trading processing network 123 usually and is authorized and in case be authorized to, then in data file or other databases store transaction information with the settlement of transactions after being used for.Therefore, in this example, terminal 114 can store the information that is associated with the transaction that is authorized to be used for step 100 explanation after clearing.
[0124] in one embodiment, can provide the management tool case to be used for the telemanagement of terminal and service.Various access mechanisms can be provided, and for example comprise that the XML API (application programming interfaces) that provides interface for entity is to extract crucial report information and in the ability of using or do not provide under the situation of utility command card the remote administration terminal state from secure transaction module and key management module.Can comprise following information by the obtainable report data of API: the safety that is used for the important statistics of a plurality of terminals, a plurality of terminals is integrated, the quantity of the number of times of swiping the card of each terminal, unaccepted credit card and various other key tolerance.
[0125] Fig. 4 illustrates according to one embodiment of present invention, wherein uses gateway to be used for route, the diagram of the processed example of concluding the business.As mentioned above, transaction data stream 137 is routed to trading processing network 123 and is used for trading processing, and the deciphering 122 suitable points that can occur in the trading processing network are sentenced the safety of guaranteeing transaction data.Can be sent out back terminal to promote described transaction after the suitable authorization response 139.
[0126] as mentioned above, various situations can be implemented the encryption with some or all token data that the one or more keys of use are provided, and the deciphering of the suitable some place in the trading processing chain is so that the safety operation of transaction.For eigen is described further, another exemplary embodiment is described now.For the further instruction of this exemplary embodiment is provided, with exemplary environments and more specifically with the credit card trade discussion.Fig. 5 illustrates to use a plurality of encryption keys to operate the operational flowchart of the example process of transaction according to one embodiment of present invention.With reference now to Fig. 5,, in step 40, token is read.Particularly with regard to this example, the token that reads in step 40 is a credit card, and more specifically, track 1 and 2 data can be read from credit card by magnetic stripe reader or other data acquisition facilities 103.
[0127] in step 42, the part of credit card information is by first secret key encryption.Particularly, in this example, the primary account number (being called PAN in some applications) that reads from token is with first secret key encryption.As mentioned above, in one embodiment, only the part of number of the account or PAN is encrypted, and other parts are left unencryption simultaneously.First key that can be used for encrypting number of the account (or its part) can and be assigned to suitable decryption device so that data manipulation rightly by any one selections of many technology.In one embodiment, Termination ID is used to first encryption key.Just, Termination ID itself is first key that first key or Termination ID can be used to generate or discern this part that is used to encrypt number of the account.For example, Termination ID can be used to generate key jointly with random number generator, replacement form or other algorithms.As another example, Termination ID can be as the address or other identifiers that are stored in the suitable key in form or the database.Use Termination ID can provide flexibility and the following feature that further specifies as encryption key or as the means of discerning encryption key.
[0128] in step 44, in the present embodiment, the another kind of encryption taken place.Particularly, in the present embodiment, the different piece of number of the account is with second secret key encryption.For example, bank identification number or its part are used second secret key encryption.In some applications, bank identification number (being sometimes referred to as BIN) is the part of number of the account.For example, in some credits card, BIN is the first six digits numeral of number of the account.
[0129] in one embodiment, second key can be based on the key of trader ID, and perhaps it can be other keys that certain may suitably be selected and distribute.Based on the key of trader ID can be trader ID itself or the key that generates from trader ID or by the key (being discussed about Termination ID as above) of trader ID identification.Like this, as the result of step 42 and 44, token data is encrypted so that the part of number of the account is encrypted with first key (for example from Termination ID) and bank identification number is encrypted with second key (for example from trader ID).
[0130] in step 46, appropriate coded data is routed and is used for authorizing.This data can be packed with various data format compatibilities, comprise conventional bank card business dealing form.In addition, in one embodiment, described data can be exported on the signal level of terminal 114 expectations.This data can or cannot be changed by the terminal of for example terminal 114, and this depends on described transaction.
[0131] in this example, gateway 120 is used to the route being convenient to conclude the business.Like this, in this example, described data are routed to gateway 120 to be used for further operation.Because the encryption in this example occurs in data acquisition facility 113 places, so in one embodiment, because some or all of accounts information are with one or more secret key encryptions, so from the selling post, authorize the route of point or other-end 114 to finish via unsafe network.
[0134] though the routing device that uses in the trading processing in this example and other examples is described to gateway, any of routing device, module or mechanism that can be considered suitable for numerous quantity of given application or environment all can be implemented or utilize so that conclude the business route or operation.Therefore, the term gateway is used to usually describe this equipment or module.
[0135] in step 48,, gateway 120 determines that suitable route makes the transaction can be processed thereby receiving transaction data and continue as transaction.In this example, because bank identification number is encrypted, and this number is used to determine route that real bank identification number can be determined to be used for route so gateway is at first deciphered bank identification number.For example, gateway can be carried out deciphering by information being sent to the secure transaction module that is used to decipher.As described in step 50, in case decrypted, gateway 120 is routed to suitable mechanism with described transaction.In one embodiment, gateway can use identical or different keys to encrypt bank identification number once more.
Notice that [0136] in an above-mentioned embodiment, bank identification number is with the secret key encryption based on trader ID.Therefore, gateway can use to be included in and suitably carry out the deciphering of bank identification number about trader's information in the transaction data.For example, gateway can be provided the database by the encryption key of trader ID index.Like this, gateway can use suitable trader ID to retrieve suitable decruption key from described form, thereby carries out the bank identification number deciphering.Be used to produce in another example of encryption key at trader ID, similar algorithms can provide at the gateway place to generate correct decruption key based on trader ID, deciphers thereby carry out BIN.
[0137] before described transaction is routed to suitable mechanism, gateway 120 can be as being suitable for transaction or as concluding the business and desirably encrypt BIN once more or it is left plain text.Notice that in one embodiment, preferably the secure transaction module at gateway place is not visited first key of the remainder that is used to encrypt accounts information.Like this, safety measure can be provided to forbid or stop the deciphering of the responsive accounts information at gateway 120 places.Change kind of a mode and say, a plurality of keys that use to separate come the appropriate section of enciphered message to make it possible to use and distributing key, and described key can the difference place in trade network provides the ability of the selectivity deciphering of control information.
[0138] in step 52, suitable mechanism receives by the transaction of gateway route and with the first of the first secret key decryption number of the account.Follow above first key and be based on the example of Termination ID, described mechanism can use the information about Termination ID to produce key again and suitable deciphering is provided.In case decrypted, described mechanism can determine whether to authorize described transaction and appropriate responsive is provided, as explanation in the step 54.Therefore, in one embodiment, Termination ID (can index according to the ID of deriving means or the ID of terminal 114) or other identifiers are attached to data flow enabling decryption device (authorized organization place in this example), thus identification terminal ID and obtain the correct key that is used to decipher thus.
[0139] in step 56, described terminal can be used for clearing afterwards by store transaction.For example, with regard to exemplary credit card trade, mandate can be stored to be used for batch clearing purpose.In this case, because described terminal is only visited by the data acquisition facility information encrypted, keep encrypting so be stored in the information that is used for clearing afterwards in the settlement file.Therefore, described system can be implemented to keep during follow-up batch of clearing or other settlement operations or to strengthen Information Security.
[0140] Fig. 6 illustrates that a plurality of keys of the separation that is used for each assembly carry out the block diagram of an illustrative embodiments of encryption and decryption to a plurality of components of token data.With reference now to Fig. 6,, and with consistent about the above example of Fig. 5 explanation, encrypting module 132 visits also utilize at least two keys, key 11 and key 12.In given application, more keys that can exist encrypting module 132 to use based on the execution mode of reality.Yet in order to meet above-mentioned example, wherein the part of number of the account is with first secret key encryption, and bank identifier is with second secret key encryption, so two keys, key 11 and key 12 are illustrated and use.
[0141] still follow above example, encrypting module 132 uses key 11 to encrypt the part (for example part of PAN) of number of the account so that the safety measure in the number of the account to be provided.Encrypting module 132 uses key 12 to encrypt bank identification number (for example another part of PAN) so that extra safety to be provided to token data.In many application, the part that bank identification number or other similar numbers are numbers of the account, this encryption is similarly number of the account extra safety is provided.Described data are packed and be sent to described terminal to promote described transaction as secure transaction data.
[0142] in present embodiment or other embodiment, do not need to carry out any or two encrypting steps at data acquisition facility 113 places, and can replace with by terminal 114 or at another some place and carry out along communication channel.Yet, as mentioned above, in a preferred embodiment, carry out encryption to protect described information better near the source of data as far as possible or as far as possible.
[0143] continues above example, the transaction data that terminal 114 routes are handled by a suitable mechanism or a plurality of mechanism.Consistent with exemplary environments, route can be finished and arrive on the trading processing network 123 by gateway 120 or other means, and described trading processing network 123 can comprise that one or more entities are to carry out mandate or settlement function.As described above with reference to Figure 5, gateway 120 utilizes suitable secret key decryption to comprise the part of the data of bank identification number (or other route datas among other embodiment).Therefore, deciphering module 128B and suitable key 12 are illustrated as the part of gateway 120 or are associated with gateway 120.Deciphering module 122B visits suitable key 12 to carry out suitable deciphering.
[0144] though gateway 120 addressable keys only have been described, other embodiment can be included in can be by the additional keys of gateway 120 visits in the transactional services.For example, given gateway 120 can be served more than a trader and each trader and can be had he or she self cipher key sets.Further implement this example, each trader can have a plurality of terminals 114 and a plurality of data acquisition facility 113.Further, can be used separately as among given terminal and trader's the embodiment of unique secret key at Termination ID and trader ID, the gateway 120 of operating these transaction can be provided a plurality of keys can decipher and the different transaction data of route from multiple source.
[0145] as the explanation of this example, particular encryption of no matter being implemented and deciphering what state, can have a plurality of embodiment, wherein each in gateway 120, trading processing network 123 and the encrypting module 132 can be visited a plurality of keys that may be suitable for given configuration.
[0146] continuation is above has determined suitable route with reference to figure 5 described examples, and gateway 120 is routed to transaction data trading processing network 123 now, is used for suitable action.Because can't help the gateway deciphering with the part of the number of the account of first secret key encryption,, and therefore kept about the safety measure of this data so this data are left ciphertext.In addition, in one embodiment, gateway 120 can be encrypted bank identification number (or other data that may be decrypted at gateway 120 places) once more to provide extra safety with trading processing network 123 communication period.This encryption once more can use identical or different key to carry out.
[0147] at trading processing network 123 places, deciphering module 122A can retrieve suitable key, is key 11 in this example, with the remainder of deciphering number of the account, thereby further handles described transaction.In addition, gateway 120 can encrypt bank identification number once more and need these data with the embodiment that solves described transaction in, trading processing network 123 can also be deciphered this part data to finish described transaction.In this case, trading processing network 123 can use the suitable key that is used for this deciphering, for example uses key separately in the present embodiment.
[0148] trading processing network 123 can have a plurality of keys that are used for these situations with reference to as described in the gateway 120 as above, and described situation for example trading processing network 123 is handled the transaction of a plurality of traders, terminal, data acquisition facility etc.As mentioned above, trading processing network 123 can be made up of to handle a transaction or to be made up of a plurality of entities that have certain interconnect level therebetween single entity.Therefore, when trading processing network 123 comprised a plurality of entity, transaction data can send to another entity suitably to handle described transaction from an entity in the trading processing network 123.Like this, the deciphering in the trading processing network 123 can place any entity of these entities that may be fit to given network, configuration or situation.For example, comprise among the embodiment of a plurality of entities that have secure communication therebetween at trading processing network 123, the decryption information when information that may be desirably in enters described network can freely be shared in suitable a plurality of inter-entity because described network is secure network and plain text communication.Alternatively, deciphering and encrypting once more can suitably take place utilizing data at given entity place, and before being delivered to another entity by communication channel protected data once more.
[0149] in one embodiment, described system can be configured to from the conclude the business processing entities of appointment of terminal 114 direct routes.For example, described system can be configured to make terminal 114 given transaction can be routed to payment processor, the bank of issue, merchant bank or other designated entities.Described route can be carried out by gateway or other intermediate servers, but routed path at least to a certain extent can be scheduled.For example, use BIN scope or other data identifiers, can specify the routed path that is used for token or set of tokens.As further example, the publisher can specify the transaction of the particular card of its distribution to get around payment and handle the bank clearing service and be routed directly to the bank of issue.
[0150] secure transaction module can be implemented in many ways to finish desired character as herein described and function.In one embodiment, secure transaction module is configured to receive following information to conclude the business from gateway:
Gateway identifier/key
Hostid (ID)
Trader ID
Terminal number
Track I
Track II
Track III
[0151] these elements are further specified in one embodiment.Gateway key element can be predefined key, and it is not carried out in the place beyond gateway location to guarantee described service to secure transaction module by gateway passes.Hostid can be the insider transaction ID that main frame (gateway) provides, and it and response message return together.For example, it can be used for the protective measure of gateway: response message is at the transaction that registers to secure transaction module before.Trader ID and Termination ID can be provided or generated (for example at gateway after terminal/POS device receives described transaction) by gateway by terminal.In one embodiment, the plain text track data is returned, and enciphered data is by specifying decrypted and returning.
[0152] in one embodiment, secure transaction module can be configured to data are sent to the transaction monitor module.The transaction monitor module can be configured to be used for the master data base of Secure Transaction.In one embodiment, described database does not comprise the personal information or the credit card information that can be used to discern stealing or swindle transaction.For example, in one embodiment, secure transaction module provide following information to the transaction monitor module:
Trade date/time
Founder ID (what gateway, processor etc. produce source data)
Trader ID (hash of the trader ID that maybe will be determined etc.)
Termination ID (the maybe hash of Termination ID that will be determined etc.)
·Auth#
·Ref#
The hash of the track data of encrypting
The hash of the PAN that encrypts
The hash of the PAN of deciphering
Trading volume
Type of transaction (credit is sold, debt-credit, invalid, reimbursement, order card etc.)
* the transactional marking of Jia Miing
Notice in one embodiment that [0153] each transaction all is routed passes through secure transaction module.Whether in some applications, this is supposed to or requires, be to encrypt transaction or plain text transaction and secure transaction module to carry out this definite because gateway be can not determine transaction.Therefore, in such an embodiment, secure transaction module can also obtain " plain text transaction " to determine which trader is using encryption.For the trader who uses encryption, secure transaction module can determine whether they are using other not use the terminal of encryption.Secure transaction module can also be configured to determine whether the terminal that is activated makes its encryption " close " and no longer encrypt now.
[0154] as running through discussed in this article, various embodiment of the present invention attempt to provide data encryption feature so that extra fail safe to be provided near the Data Detection place or at Data Detection point place.As described in about magnetic stripe token environment, this embodiment can be implemented with at the data detection circuit place or be used to find out other control logic places from the data of magnetic field model of being detected by read head data encryption is provided.Fig. 7 illustrates to be used for for example block diagram of the exemplary configuration of the data acquisition facility of data acquisition facility 113 according to one embodiment of present invention.With reference now to Fig. 7,, the data acquisition facility in the illustrated examples comprises the Data Detection control logic 152 that is used to detect from the data of token 111.Preferably, in one embodiment, Data Detection control logic 152 is configured to read or detect the data from token 111, and if suitably, then described data are converted to available form.
[0155] like this, Data Detection control logic 152 embodiment comprises transducer control logic 154 and data transaction control logic 156.In such an embodiment, transducer control logic 154 can be configured to sensing, detects or read the data from token 111, and the electronic signal of this data of transmission expression is to conversion and control logical one 56.Conversion and control logical one 56 can be configured to thereby described data transaction, reformatting or change are made itself and downstream components compatibility.For example, consider that once more exemplary token comprises the situation of the magnetic stripe that has coded data on it.In such an embodiment, transducer control logic 154 can utilize magnetic transducer technology for example to realize the magnetic information that is coded in the described magnetic stripe to read.Because the output of magnetic transducer can be analog signal, perhaps can have and make itself and incompatible characteristic or the character of data manipulation control logic, so embodiment can also comprise that conversion and control logical one 56 is with suitably format or translation data.For example, conversion and control logical one 56 can comprise that analog to digital converter is to be converted to detected data the digital data stream with the Digital Logical Circuits compatibility.
[0156] in above example, transducer control logic 154 comprises that magnetic transducer is to read magnetic stripe data.As this example explanation, in other were used, other control logics can be utilized to scan, to read or to extract the data from token 111 based on the type of the data at token 111 places or form.For example, transducer control logic 154 can comprise that optical pickocff is with reading optical data element (comprising for example bar code), RFID transponder, near field communication means or be used to read other similar transponders and other devices of sensing element.In one embodiment, use the data from token 111 of the form different to be converted to track data by data acquisition facility or terminal with traditional bank card track data.For example, the data acquisition facility that is configured to receive discontiguous token (for example RFID token) can be accepted data and with its encryption, and described data were formatted as track data before sending to terminal 114.In another embodiment, terminal 114 can be accepted to be in the data of the form except that the form of track data and described data are encapsulated rightly to be used for the processing equipment in downstream.
[0157] no matter whether embodiment comprises transducer control logic 154 and conversion and control logical one 56, and preferably Data Detection control logic 152 output has the data with the form of for example data encryption control logic 160 compatibilities such as circuit downstream such as grade.Discuss about different embodiment as this paper, data acquisition facility 113 can be implemented to comprise the feature of encryption from token 111 detected some or all data.Like this, data encryption control logic 160 can be included to encrypt the data designated item, thereby the data security measure is provided.Any one all can be used for some or all data item are carried out data encryption in the multiple encryption algorithms.In addition, memory or other data storages 164 can be provided to preserve and can be used in the one or more encryption keys in the ciphering process or store other data or information as required.
[0158] in one embodiment, key can generate at data acquisition facility 113 places.In another embodiment, key can be downloaded or be provided to data acquisition facility 113 to be included in the memory 164.Therefore, in one embodiment, key generates control logic 166 and can be included to provide generation to be used in the function of the key in the ciphering process.For example, as discussed in more detail below, order card and other technologies can be used to impel system to generate new key.Like this, key generates control logic 166 and can responsively generate key and this key is provided to crypto key memory 164, is used by data encryption control logic 160.
[0159] as mentioned above, in one embodiment, data encryption control logic and Data Detection control logic 152 are fully packed to provide at the safety measure of distorting device.In addition, crypto key memory 164 and key schedule control logic 166 can be packaged in the same module similarly so that the safety measure at a plurality of stealing keys or key schedule to be provided.In fact, in one embodiment, with reference to figure 7 described arbitrarily or repertoire can with described packaging together.Though do not illustrate in Fig. 7, power management capabilities can also be comprised and be packed.
[0160] the data encapsulation control logic 170 of employing ciphered data and plain text data (if present) also has been described in the example arrangement of Fig. 7, and its with described data with the acceptable form encapsulation of downstream components.For example, in an above-mentioned embodiment, data encapsulation control logic 170 can be used for credit card, debit card, debit card and other similar tokens encryption and plain text data be reformatted as the form identical with the output format of the conventional magnetic stripe reader that does not have encrypted circuit.Like this, in such an embodiment, electronic data deriving means 113 can output format can be by the transaction data of the other-end identification of using in conventional selling post terminal, accessing points terminal, cashier's machine and the industry.
[0161] data output control logic 174 also has been described among Fig. 7, this data output control logic 174 can be included to format rightly the data that are transferred to terminal 114 or other upstream devices.For example, data output control logic 174 can provide appropriate signals to regulate, with described data formatting to be the appropriate signal level of being accepted by the receiver at terminal 114 places.As data acquisition facility 113 be positioned at terminal 114 away from the further example of position, data output control logic 174 can provide suitable line driver (or as another example, providing radio transmitter in wireless environment) with the communication channel of passing selection data to be sent to terminal 114.As another example, data output control logic 174 can also be configured to provide the dateout of the form encryption identical with the form of being exported by conventional or passive magnetic head.
[0162] signature detection control logic 168 also has been described among Fig. 7, this signature detection control logic 168 can be included to provide the evaluation measure of token 111 by detecting the signature that is associated with the data of described token.Various signature detection algorithms, circuit or technology can be used to determine the signature of token data, and this signature can be compared with the known signature of given token to determine whether described token is believable.As an example, in one embodiment, signature detection is used and can be obtained from the Semteck Innovative Solutions company in Santiago of California
Figure A20088001001000441
Authenticate technology is carried out.Other authenticate technologies can be used for alternate embodiment.
[0163] signature detection and evaluation can be carried out and can long-rangely carry out in other embodiments in this locality in electronic data deriving means 113.In another embodiment, detected and signature is identified when the downstream equipment place carries out when data, signature detection occurs in the data acquisition facility 113, and wherein downstream equipment place maintenance data base or other infrastructure may be more practical with the evaluation of supporting a large amount of signatures.The signature detection technology that is used for all kinds token is known to those skilled in the art.As an example of these technology, the patent of people's such as Mos U.S. Patent number 5,770,846 provides the example of definite token signature.
[0164] as shown in Figure 7, the signature that is detected by signature detection control logic 168 can be transferred to data encapsulation control logic 170, is used for being included in data flow.In one embodiment, described signature can be encapsulated in the data flow.For example, in one embodiment, signature be encapsulated in track 1 if not since in the data field of this signature and conductively-closed to keep and regular trading is handled the compatible form of equipment.However, encryption method and data are placed and still can be changed to be fit to specific application.
[0165] in alternative embodiment, signed data can be walked around data encapsulation control logic 170 and be sent to terminal 114 or other upstream devices with independent encapsulation or from other encapsulation of token data stream.As further embodiment, as the result of signature detection control logic 168 and the signed data that produces can also use one or more encryption keys encrypted and passed on to be used for further processing as enciphered data.In one embodiment, it is encrypted that signed data can use the key identical with token data.Yet in alternative embodiment, different keys is used for decrypted signature data and token data.In another embodiment, signature can be used as key to encrypt some or all in the token data.
[0166] though show among Fig. 7, can provide communication interface to handle by data acquisition facility from the token data in the source of replacement with permission according to a plurality of embodiment.For example consider the situation according to a kind of like this exemplary environments, wherein data acquisition facility is to be configured to read magnetic stripe data (for example via one or more gaps of reading) and to being coded in some or all magnetic strip reader of encrypting in the card data on the track.Further considering provides data-interface to receive the data strip purpose situation from the source except the magnetic stripe token.For example, RFID, near field or other wireless reader can be provided to the radio token sensing token data from compatibility.Sensed data can be sent to token reader or data acquisition facility 113 from wireless reader.In these embodiments, some or all data that receive via this communication interface can be encrypted and be forwarded as token transactions.Particularly, in one embodiment, thereby hide or transparent encryption can be used the unprocessed form that can keep data.In another embodiment, thus can carry out reformatting makes data encrypted or become predetermined format or specified format.As an example of this situation, thereby the track data that can be encapsulated as once more from bank card from the data that RFID is with allows the RFID band to be used to finish credit card or other bank card business dealings.
[0167], considers the example of the RFID band that is used to pay the bill as can be used to allow data acquisition facility to obtain the further example of data conditions to communication interface from other tokens.In this example, can be sent to read head from the data of RFID reader and be used for encrypting and being formatted as data flow.In another example, no wire pin encryption device or PED can be connected by interface, and click data can be sent to data acquisition facility and encrypts and encapsulate together with the PIN of input.In one embodiment, as these example explanations, data acquisition facility can be used to allow other tokens to receive terminal equipment and using under the concealed encrypted situation, allow other tokens to receive terminal existing or that leave over.
[0168] have some common bus structure though the architecture among Fig. 7 is illustrated as, other architecture and configuration are expected.In fact, after reading this specification, those of ordinary skill in the art will know how to use this or alternative architecture to implement feature and the function that illustrates among these different embodiment.
[0169] Fig. 8 is the explanation diagram that is used for carrying out at the deriving means place exemplary flow of data encryption according to an embodiment of the invention.Particularly, example illustrated in fig. 8 provides from the encryption of the data of token 111 selections and with plain text data and enciphered data and encapsulates again, is used to be transferred to terminal 114.With reference now to Fig. 8,, data read from token 111 in reading of data frame 212.For example, foundation is with reference to figure 7 described architecture, and Data Detection control logic 152 or other kindred organizations can be from token 111 reading of data.
[0170] in frame 214, is selected for encryption from the proper data item of the data of collecting.Not being selected for ciphered data can be transmitted to be used for encapsulation, as flow arrow 216 explanations.In functional block 218, encrypting module is from memory or other storage devices are retrieved one or more keys and the data of these secret key encryptions selections of use frame 220.In frame 222, ciphered data encapsulates to be transferred to terminal 114 with plain text data.Fig. 9 is the diagram that another example of data encryption according to another embodiment of the invention is described.Opposite with example illustrated in fig. 8, the example among Fig. 9 has illustrated in the encapsulation of data stream and has comprised Termination ID and trader ID.In the illustrated embodiment, Termination ID 224 and trader ID 226 can be locally stored at data acquisition facility 113 places and when being suitable for given data format, its selected being included in the data that are transmitted.Though undeclared among Fig. 9, Termination ID 224 or trader ID 226 can also be encrypted before transmission is used for trading processing.The encryption of these projects can be finished by the public keys of two projects or the key identical with encrypting the employed key of token data.In addition, the key that separates can be used for encrypting the arbitrary or whole of these projects.
[0171] illustrated as these examples, different keys and data item (for example Termination ID 224 and trader ID 226) can be included in the encrypting module 132.Perhaps otherwise be provided in the data acquisition facility 113.In one embodiment, arbitrary in these data item or all can the memory that the point of certain in manufacture process place stores into encryption technology is associated before data acquisition facility 113 is assigned to the destination of its use in.Like this, these projects can also be embedded into and pack into rightly to avoid or to stop distorting and detecting of these projects.
[0172] as described in the presents other places, specific embodiment can use Termination ID 224 or trader ID 226 as encryption key or as the means of determining encryption key.As these example explanations, as the replacement to Termination ID 224 or trader ID 226, other data item can be used for this purpose.
[0173] as above with reference to as described in the figure 7, in an embodiment of the present invention, " fingerprint " that is associated with token or signature can be used to identify token.For example, for magnetic stripe data, the flux polarity in the magnetic data or the reversal of magnetism of density or change are placed on the medium with certain uncertainty usually.For example, in some cases, the timing of data can comprise variation or fluctuation.In other words, the interval between the conversion can change between each conversion and between each card.In addition, because these variations and the characteristic of flux mode, so be difficult to produce again or duplicate from original token exactly be enough to keep the magnetic stripe data of identical characteristics to new token.Like this, these conversion characteristicss produce unique level in magnetic stripe data.
[0174] variation of other characteristics or token data, card data or other characteristics also can be used to discern the fingerprint or the signature of given token.For example, remaining [sic.] noise technique by the exploitation of the University of Washington of St. Louis can be the another kind of technology that is used to discern the token signature.Other token data systems that comprise optical storage of data, biologicall test, RFID label etc. can use signature technology to identify described token similarly.
[0175] therefore, in one embodiment, use the token of signature to identify to unite with some encryption of whole token data and think that token transactions provides the safety measure of enhancing.For example; except encrypting some or all token data to protect its globality at possible leakage; described token signature can also contrast the known of described token or the signature that is verified is detected and verification to determine whether described token is whether believable token or described token may be swindle token, for example copies of original token.Figure 10 and 11 is diagrams of an exemplary application of explanation eigen according to an embodiment of the invention.With reference now to Figure 10 and 11,, in step 240, receive token data from token 111.For example, in one embodiment, can be used for from token 111 acquisitions, detection or reading of data as above Data Detection control logic 152 illustrated in fig. 7.As token is the further example of magnetic stripe card, and magnetic read head and data switching logic can be used to read and provide the expression of token data.
[0176] in step 242, specific token data is selected for encryption.As already discussed, some or all token data can be selected for encryption based on a plurality of factors, the particular data that these factors comprise for example desired level of security, have a plain text be used to report, the expecting degree of evaluation, route etc., or allow to meet the trading processing network.
[0177] in step 244, data are encrypted.As described about various other embodiment, in this step, encryption key is obtained and use selected secret key encryption data.Equally as described, a plurality of keys can be used to encrypt a plurality of data blocks.Ciphered data can be provided encapsulation to be transferred to terminal 114.
[0178] in step 246, the token signature is determined.As previously discussed, multiple different technology can be used for signing definite.In the illustrated embodiment, to reuse encryption key encrypted in step 248 for this signature.In one embodiment, being used for the key of ciphering signature can be different with the key that is used to encrypt token data.In step 252, the token data of encryption and the encapsulation of the signature of encryption are to allow these projects to be provided for trading processing.
[0179] in step 254, the data of encapsulation are sent out and are used for handling.For example, with regard to exemplary environments, the data of encapsulation can be sent to the trading processing network to authorize current transaction.Further according to this example, the data of encapsulation can be routed by terminal 114 to promote to finish described transaction.
[0180] in step 256, the data of encapsulation by can be in step 258 the suitable trading processing entity of decrypted signature receive the authenticity of signature verification and in step 262, whether token 111 is effectively made judgement in step 260 based on the authenticity of signature.If effectively, then transaction can be passed on based on token data itself and is used for further processing, as described in step 264.On the other hand, if it is invalid to sign, then transaction can be vetoed, as described in step 266.
Notice that [0181] signed data and token data encapsulation are unnecessary to be transferred to the different disposal entity in the individual data encapsulation.In the embodiment that substitutes, signed data can transmit dividually and can be provided for suitable trading processing entity with the expression that is used to identify and identify state and be used for final mandate.In addition, as described in flowline 250, the plain text token data of not encrypting can also be transmitted with transaction data packed being used for.About as described in other embodiment, for example other data of Termination ID, trader ID etc. can or be sent out so that trading processing discretely with the transaction data encapsulation as equally.
[0182] in one embodiment, signature deciphering and evaluation can occur in the same entity and or even be used for the same equipment of authorized transactions.Alternately, signature deciphering and identifying can take place in the equipment that separates and even take place at the burble point place in the network of authorized entity.Same note in one embodiment, the evaluation of signature can be clear and definite or/do not identify.Alternately, the evaluation of signature can be used as weight factor, figure of merit and maybe can be used to provide other scorings of the rate of signature to be provided.These embodiment are based in the application that magnetic stripe data is determined useful at for example signature, the absolute precision in wherein detecting and the moment of flux transmission may be difficult to obtain.Like this, for given card, the signature of itself may be at a read operation to change in to a certain degree between the read operation next time.Therefore, identify that scoring can be used to show the level of confidence of identifying signature.Threshold value or other technologies can be used for identification and for example cut off scope, and below the scope, signature will be confirmed as not identified at this.
[0183] in one embodiment, thus signature decryption device or module can be for example allow transaction is being routed to the evaluation of signing at the gateway place before being used for authorizing of trading processing network with gateway 120 location.This embodiment can avoid the unnecessary route and the operation of trading processing network 123.In addition, be configured at gateway under some or all the situation of token data of decrypt encrypted, this function can be separated to keep or identify the function binding with signature.If signature is not is not checked and approved or grade is lower than certain threshold level, then notice can turn back to terminal 114 with the rejection transaction, and does not need further processing.In these embodiments, swipe the card once more and can under mistake reads the situation of equipment or the bad evaluation failure that causes of swiping the card, be allowed to.In another embodiment, signed data can be sent out in independent transaction before the transmission of the account data that startup is used for authorizing.
[0184] can in the position that has the single of signature database or separate, finish because of signature verification, so identifying, can between a plurality of mechanisms, share signature, the facility of sharing provides the level of the data security in the accounts information simultaneously, because cannot use the encryption key that is used to encrypt accounts information.
[0185] in one embodiment, gateway 120 can be configured to receive the transaction request from the multiple arrangement of application encipher module.Transaction data can be configured to comprise one or more parts.In one embodiment, transaction data comprises two parts: token data and control data.In one embodiment, these parts can use different secret key encryptions.Like this, in the present embodiment, gateway can be configured to not have the control data key except that the key that is used to decipher token data, and therefore the safety measure in the described data is provided.Yet the information that the key that deciphering controll block is provided to gateway is included in wherein with detection may be useful to application-specific and transaction.For example, in one embodiment, card signature or other tokens signature can be included in can controll block by the gateway deciphering in.
[0186] in one embodiment, the result that identifies of signature can be sent to and ask the private key of the transaction processing server that is transferred to encrypt with transaction together with other control informations.Like this, gateway can be carried out signature verification and transaction processing server and can determine whether to accept transaction based on any other information that described signature or signature level can be visited together with transaction processing server.
[0187] in addition, signature can be sent to the signature verification module together with account data that encrypt or hash.Described system can be configured to use the PAN (or other token data items) of encryption or hash so that signature is indexed to be used for comparison.Like this, in one embodiment, signature database can be configured to preserve ciphered data rather than responsive plain text information.In one embodiment, by safety database, database can addressable a plurality of entities, allow the bank clearing place to identify, keep the safety measure in the token data simultaneously.Therefore, signature blocks (for example as the part of secure transaction module or other) can be configured to carry out signature and identify, and transaction is routed to signature blocks and is used for identifying.Can keep signature database and upgrade signature database for a plurality of entities from multiple source.
[0188] in one embodiment, have one or more equipment or module and can be used to provide standard interface with a plurality of trading processing entities with the gateway of deciphering (and in certain embodiments for again encrypt) routing iinformation, signing messages, token data or other information.Gateway can also be configured to provide the standard interface with terminal 114.In addition, gateway can be configured to provide a plurality of interfaces to terminal 114 being used for trading processing entity 123, this may be suitable for promoting the flexibility of communicating by letter between these entities.Therefore, deciphering in the middle of gateway not only can be used to provide, encrypt and route again, the mode of interface unanimity between the different entities that makes in the network can also be provided.
[0189] in one embodiment, the present invention can be configured to use the operation that presents the token of data with plain text or encrypted form.For example, in one embodiment, token can be included in originally ciphered data on one's body of token.As further example, token data or its part can be encrypted before data are embedded on the token.Like this, level of security can be provided for the token data of bottom, even token is lost, steals, duplicated or damages.For example, providing the enciphered data advantage that (in manufacturing place or its elsewhere) can provide on token is to prevent that some people from using the card reader browsing data or reading and store data to be used for improper purpose.
[0190] considers another example, consider that once more token 111 is the situations with bank card of magnetic stripe.The bank customer of having lost card may have sensitive information, for example his or her name or the number of the account that jeopardizes.In addition, in some cases, the swindler uses magnetic stripe reader to come from the card copy data to be used to swindle purpose.Some or all of encrypting described data before writing magnetic stripe allow the specific safety measure in the described data.
[0191] in these embodiments, come in handy or pay the bill comprising of trading processing one or more entities of mechanism of relating to of expecting have the ability of this initial encrypted data of deciphering.This decryption capabilities will allow the trading processing entity to restore raw information (for example accounts information) to finish transaction.In addition, in certain embodiments, terminal 113 or other local devices can have to decipher to the ability of the described data of small part (for example, the last 4-digit number of expiration day, number of the account or user's name) thinks that the operator provides the local ability of identifying.In other embodiments, these data item can be left plain text (and can't help encrypting module encrypt) to allow this evaluation on card.
[0192] be used for data acquisition facility or be used for other local embodiment of chain transaction at encrypting module, this ciphered data can be encrypted once more by encrypting module 132.Like this, in some applications, may expect provides two-layer deciphering, thereby the data that provided by encrypting module 132 of decipher only are not also deciphered the initial data of encrypting on token.This original token encrypt can be for example by before data are write token or encrypt described data via the encryption technology that embeds token and finish.For example, smart card or chip card token can be provided, and it is included in and makes data acquisition facility can obtain to carry out the function of encrypting before the described data.
[0193] in one embodiment, Chong Zu information can be left the operation of plain text to allow conventional selling post, accessing points or other-end to equip on the token 111.In the embodiment that substitutes, the full detail on the token is an enciphered data.
[0194] in one embodiment, when original token data is encrypted,, encryption key make the initial data can be decrypted thereby can being stored and offering suitable processing entities.In addition, can generate hash-code.Hash-code can be used to produce digital finger-print or signature from data.Hash-code can use displacement method of substitution and other technologies to produce signature, and signature is commonly called hashed value.Therefore, in one embodiment, hash-code can be used as the encryption key that is used to encrypt initial data.In addition, thereby hash-code can be used as fingerprint to identify initial data based on follow-up deciphering, and hash-code can be used in processing entities and sentence the data of confirming recovery.Therefore, in such an embodiment, thereby hash function can be provided for processing entities make processing entities can with decrypted data once more hash to obtain correct hash-code.In a preferred embodiment, hash-code or hash function are can calculate the one-way operation of minimizing possibility of the specific data input of the hashed value that produces expectation with calling oneself the computer hacker.In such an embodiment, thus can extremely difficult forgery hashed value.
[0195] Figure 12 is the operational flowchart that the example process that is used to operate in the token data of encrypting on the token according to one embodiment of present invention is described.With reference now to Figure 12,, in step 442, reading encrypted data from token.Just, in one embodiment, for example the data acquisition facility of data acquisition facility 113 can be used to from the token reading of data.This exemplary embodiment is applied to some or all token data that read with data encryption in step 442, although some or all this data self-encryption in fact.Therefore, in step 444, comprise that some or all token data of token data of encryption are encrypted.This can for example use encrypting module 132 or other similar devices to realize.As described in reference to other embodiment, output can be encapsulated as and be suitable for handling the multiple form of network (comprising conventional terminal) and in step 446, the data of encapsulation are sent out and are used for handling from the data of data acquisition facility.
[0196] in step 448, ciphered data is decrypted.For example, in this step, by the decrypted token data of encrypting module 132 ciphered data with the original encryption that obtains once more in step 442, to read (together with may on the token and any plain text data that in step 442, reads).Token data with original encryption, this initial data now can be decrypted to obtain actual account number or to have other actual token data of plain text form.Therefore, in one embodiment, the key that is used for encrypting token data is used to decipher these data to obtain raw information originally now.As mentioned above, in one embodiment, be assigned with or be provided to suitable transaction processor and make in this position and can decipher thereby be used for this encrypted secret key.From a plurality of embodiment that ciphered data generates, in step 450, hash-code can use identical hash function to be generated once more at hash-code.Afterwards, the hash-code that is generated can use in step 452 with inquiry and be used for decruption key at step 454 data decryption.
[0197] in foregoing one or more embodiment, Termination ID, trader ID or other identification strings can be used to some or all of enciphered data, and these data are encrypted for transaction.As briefly touch upon, use identification string or encryption key can be so that the identifications in the source of suspicious swindle transaction.Figure 13 is the operational flowchart that the example process that is used to detect suspicious swindle transaction source according to one embodiment of present invention is described.For the ease of the explanation of this example process, illustrate according to the encryption of using Termination ID as encryption key.Yet after reading this specification, those of ordinary skill in the art will know that replaceable form how to use encryption key implements present embodiment and other embodiment.
[0198] with reference now to Figure 13, in step 60, the token data of encrypted (for example being encrypted by the encrypting module in the data acquisition facility 113 132) is received by the trading processing entity.For example, described token data can be received by the designated entities in gateway 120, the trading processing network 123 or other transaction processors.Thereby this is designated to carry out the entity of deciphering recovery card data.Remember that in the situation of this example, fraud is suspicious.Can be based on for example specifying key to fail rightly data decryption and throwing doubt upon.Therefore,, in step 64, from database, retrieve encryption key in order to locate the source of suspicious swindle data, data decryption in step 66, and in step 68 the verification data validity.Validity check can be used for determining for example effectively whether number of the account is decrypted, and whether the information of deciphering mates other records, and whether mates other validity checks that can be used.
[0199] if the key that retrieves does not cause effective deciphering, then another key is retrieved and the process continuation.This process is repeated to be detected at step 68 place until effective deciphering.In case detect effective deciphering, then in step 70, the key that causes correct detection is identified in step 70 and this key is used to locator data source in step 72.For example, because data are encrypted with Termination ID, return reading of data and carry out the terminal of encrypting so the position of correct key can be used to point to.
[0200] in another embodiment of the present invention, for example supplementary such as time information or positional information can be included in the transaction data to come the marker transactions data with date, time or positional information.This information can be retrieved or be obtained by other control logics that for example terminal 113 maybe can embed or be included in the data acquisition facility 113.For example, real-time clock can be included in the trading processing equipment with suitably with date and time information flag transaction data.
[0201] similarly, global positioning system (GPS) or other positions determine that technology can be used to recognizing site and position code is embedded in the data flow.In addition, positional information be introduced in the process of encryption mask generation, because in one embodiment, decryption services is known the position of terminal.Therefore, if another position is stolen or sell and moved to terminal, then positional information will be invalid, make that described terminal is unavailable.Similarly, locating information can by in hard coded or the flush mounting so that its can be packaged together with transaction data.This may be useful under the situation that for example portable unit of mobile phone, PDA, smart phone or other portable terminal devices is used to conclude the business.Portable encapsulation transportation and the tracking means of the DIAD that the additional examples of portable terminal device can comprise the portable cashier's machine that is used in the portable device of checking out of the mechanism that hires a car, the large-scale retail market, for example used by the UPS driver are only enumerated some examples.In fact, after reading this specification, those of ordinary skill in the art will know how the other-end of these and any amount can be used among present embodiment and other embodiment.
[0202] positional information is can be useful among a plurality of embodiment of movable termination at for example selling post, accessing points or other-end.In such an embodiment, this information can be utilized the scene with the checking transaction.In addition, time stab information can be used for checking similarly when transaction takes place.As further embodiment, time stamp can also be used to stride a plurality of transaction comparing datas to determine whether that potential fraud takes place.For example, in the situation that token data had been replicated and had been used to carry out a plurality of transaction, these have identical time stab information or or even the generation of a plurality of transaction of identical positional information can discern potential fraud.In addition, the time stab information in the transaction can be compared with the current date and time information in the transaction processing server and expired transaction is rejected or proposes other inquiries.That can look for novelty in this case, swipes the card.
[0203] Figure 14 illustrates according to one embodiment of present invention, uses time stab information to detect the operational flowchart of the process of potential fraud.With reference now to Figure 14,, in step 462, time information obtains from for example clock or other data sources.In step 468, data are labeled information and send to and want processed transaction in period.In one embodiment, the time stamp data can also be encrypted.
[0204] the specified point place in the trading processing network, transaction data is received to be used for processing, as step 312 explanation.In step 314, period information by verification to determine whether it is effective time stamp.For example, information can be at before transaction by verification to detect the reproduction of given time stamp.In addition, information can at real-time clock by verification with determine transaction whether with treatment system in the same time clock successfully compare.For example, whether transaction data arrives in the reasonable time of its time stamp frame under the situation of considering network delay to understand to carry out verification.If invalid, then in step 316, can require to swipe the card once more and carry out verification once more.If effectively, then transaction can be passed on further to handle, as the explanation of step 318.
[0205] under the situation of invalid time stamp verification, the swindle warning can be vetoed and be triggered to transaction in step 322 in step 320.Though undeclared, the number of times of swiping the card again (comprising zero degree) of appointment can be allowed to before final rejection or swindle warning triggering.
[0206] in one embodiment, cause having the time stamp of certain retardation if swipe the card again, the duration between retardation equals to swipe the card for twice, then this can represent the stationary problem of time stamp clock or server clock or unusual network delay.This can provide tolerance to determine whether allowing described transaction and can trigger investigation to the source of stationary problem or delay.
[0207] except time stamp or positional information, counter can be held the usage quantity of equipping in the processing chain to follow the tracks of, for example electronic data deriving means 113 and terminal 114.Therefore, the count value of trading time period can with compare with the potential fraud of verification based on the count value of expection of transaction before.The transaction data of the usefulness again that is write down by swindle property ground before this can help to test.Just, in one embodiment, real-time counting information can be embedded in the count value of data flow and this transaction in order to checking to guarantee appropriate increment counting by data acquisition facility or terminal (or be used for both count value).
[0208] counter can also be used to upgrade or change the encryption key that is used to enciphered message.Just, rotating encryption key or other similar changes can carry out based on date and time information, positional information or counter.For example, make the counter increment can be with each transaction, and, similarly change and carry out to obtain suitable decruption key based on counter at the transaction processing server place so that encryption key produces predetermined or confirmable change.This rolling or more the execution mode of new key extra safety measure can be provided.Therefore for example, key will change and more be difficult to duplicate and the output of data acquisition facility will change when each input token data.Therefore, in the example of bank card, repeatedly brush the each follow-up different pieces of information output of swiping the card that bank card will cause same card, because encryption key all changes at every turn.As a result, if data are stolen at terminal or other server places and attempted to be used again implementing swindle or to duplicate transaction, then this will be convenient to swindle and detect.In other embodiments, key can be designated as behind the given number of times of login or change after the preset time section.
[0209] described with reference to figure 5 and 6 as in the example above, the present invention may be implemented as sequence number or other identifiers that comprises data acquisition facility or terminal, and transaction data is used for follow-up deciphering to allow correct key to be retrieved.Therefore, using Termination ID to encrypt under some data conditions in the total data, described Termination ID (or allow to determine Termination ID code) is included in the data flow so that the identification of suitable decruption key, or is sent to decryption entity.In one embodiment, terminal recognition number can be sequence number or other identification strings of being associated with data acquisition facility.Particularly, in one embodiment, thereby this identifier can be unique can provide additional functionality as described below to given data acquisition facility.For example, as will be discussed further, sequence number or unique identifier can be used to follow the tracks of moving and using of electronic data deriving means.For example, if the electronic data deriving means is stolen, misapplied or use with swindle way, then Termination ID, sequence number or other information of being included in the transaction data can be used to detect undelegated use.As another example, the enciphered data that receives can be deciphered to seek the key of the described data of correct deciphering at some keys.When this key was identified, Termination ID (it is described key or is used to obtain described key in this example) can be determined.Now, by the known Termination ID that is produced by deciphering, the source of suspicious fraud can be determined.
[0210] in one embodiment, Termination ID can be a sequence number or to other strings of electronic data deriving means uniqueness.In another embodiment, Termination ID can connect the electronic data deriving means or and integrated selling post, accessing points or the other-end of electronic data deriving means be unique.Under the situation that terminal can be write to each other with a plurality of data acquisition facilities, can be selected in order to the distribution of a Termination ID of the subclass of independent each data acquisition facility of identification, data acquisition facility uniquely or the terminal that only is associated or a plurality of ID based on the enforcement target of expectation with one or more data acquisition facilities.
[0211] discussed above is that token data can be in whole or in part, uses that one or more keys are encrypted thinks that various token transactions provide the various embodiment of safety measure.Above-mentioned example comprises that token 111 is for example application of the bank card of credit card, debit card or debit card.By such as these transaction and particularly under the situation of debit card or atm card, PIN or PIN are normally used for identifying described transaction (or the checking holder is the holder who is authorized to).
[0212] for for use PIN identity code, other users data input or that the user provides or generally the transaction of other excessive datas extra safety measure is provided, may expect that these supplementarys are encrypted equally.Like this, according to one embodiment of present invention, this extra data (for example some or all of PIN data) are encrypted.According to such embodiment of exemplary application explanation, wherein token 111 is atm card or debit card, and the excessive data person's of being to use that will be encrypted PIN code now.Generally speaking, according to one embodiment of present invention, the PIN code can be received by PIN keyboard or other similar data input units, and the PIN code is encrypted and comprise that (packed or other) is in transaction data.
[0213] Figure 15 is some or all the operational flowchart of example process that illustrates according to one embodiment of present invention, is used to encrypt the excessive data of PIN data for example.Figure 16 illustrates according to one embodiment of present invention, is used to decipher for example operational flowchart of the example process of the extraneous information of PIN data.Figure 17 is the block diagram that illustrates according to one embodiment of present invention, is used for the exemplary application of PIN encryption.With reference now to Figure 15,16 and 17,, in step 180, token data is read.For example, foundation wherein token 111 is exemplary application of debit card, and for example the data acquisition facility 113 of the magnetic stripe reader of end can be used to read magnetic stripe data from debit card.In one embodiment, data acquisition facility 113 can comprise that encrypting module 132 is to provide the encryption to some or all token data.This encryption can for example be carried out according to the various embodiment that discuss in the presents.The step of encrypting token data is by the explanation of the step 182 among Figure 15.
[0214] for the example of debit card transactions, when concluding the business, the holder imports his or her PIN 141.This uses PIN code keypad 140 usually or allows other devices of user's amount of imports external information (being PIN in the case) to finish.Therefore, in step 184, the PIN of input is accepted by PIN code keypad 140.
[0215] in step 186, the PIN of input uses in the multiple encryption technology any one to encrypt.Partly or entirely PIN can encrypt in this step.In one embodiment, for example the module of encrypting module 132 provides PIN code keypad 140 to carry out the PIN encryption.In one embodiment, encryption can be used and be stored in the memory or carry out based on the encryption key that the parameter of any amount generates, and parameter for example be above parameter of encrypting discussion about token data.For example, for security purpose, key can be stored or result from the head-shield.In another embodiment, the PIN data can use the token data that reads from token 111 some or all encrypt.For example, in one embodiment, number of the account, user name or other one or more data fields from token 111 can be passed to encrypting module 132B to carry out the PIN data encryption, as flow arrow 143 explanations.Yet, notice that passing communication channel provides plain text account or other token information may provide this information damaged chance to PIN code keypad 140.Like this, in a preferred embodiment, the encrypted and illustrative embodiment of described information uses the PAN of encryption to encrypt PIN.
[0216] therefore, in a preferred embodiment, the token information of encryption is passed to encrypting module 132B with as key, thereby encrypts the PIN data.More specifically in one embodiment, the encryption section of token 111 is used as the encryption key of encrypting module 132B.Like this, the PIN data in this exemplary embodiment use the encryption section of PAN to encrypt.For the ease of discussing, all the other that PIN is encrypted illustrate that according to the discussion of this exemplary embodiment it is encrypted as encryption key that wherein PIN uses the PAN (or PAN of part encryption) that encrypts.
[0217] the PIN data of Jia Miing can be transferred back to encrypting module 132 being encapsulated in the secure data flow 135, or are passed to terminal 114 and carry out trading processing to be used for follow-up transmission.The selection of these replacements is by flow arrow 141 explanations.Though in Figure 17, be illustrated as the piece of separation, data acquisition facility 113 and PIN keyboard 140 can be integrated into one the device or in a shell.Yet in certain embodiments, and in the existing application of the numerous routines that can implement this technology, PIN keyboard 140 can physically separate with data acquisition facility 113.Like this, transmit ciphered data from data acquisition facility via flowline 143 and provide safety measure to PIN keyboard 140, if with plain text account identification code or other information encryptions PIN data, this safety measure does not just exist.In addition, as mentioned above, extra safety measure is provided and does not use plain text PAN can help to protect PAN to avoid infringement near seedbed encryption token data as far as possible or as far as possible.
[0218] in step 188, transaction is sent out to be used for processing.In the terminal 114 quilt application that comprise of for example selling post or accessing points terminal, transaction can be routed through terminal concurrence and deliver to trading processing network 123, shown in flow arrow 137.As mentioned above, encrypt among the embodiment at the token that does not use PIN keyboard 140, the token data of encryption and PIN data can be encapsulated as once more can with the desired format of downstream device compatibility.For example, in one embodiment, the token of encryption and PIN data are encapsulated as the same format used by the selling post of routine or accessing points equipment once more so that the compatibility with the conventional treatment network to be provided.
[0219] continue referring to figs. 16 and 17, in certain embodiments, can comprise gateway 120 so that from conclude the business one or more suitable entity the trading processing network 123 of trader or other selling posts or accessing points route.Like this, the example shown in Figure 16 comprises that gateway 120 is to provide this routing function.In addition, in the example shown in Figure 17, various decryption oprerations are illustrated as and occur in (for example in gateway data center) in gateway 120 places or the gateway 120.As above in other embodiments as described in, this deciphering does not need to occur in gateway 120 places (in fact specific application may even not comprise gateway 120), but deciphering can occur in suitable trading processing entity place or may be fit to other local generations of given security consideration along channel.In one embodiment, the deciphering at gateway 120 places can allow gateway to decipher token data (and in some cases, deciphering the PIN data) to be used for route and other purposes.In fact, the deciphering at gateway place can be used for ciphered data is turned back to the plain text form being handled by network 123, thereby another mechanism that obtains with the compatibility of conventional treatment server is provided.
[0220] consistent with current example, in step 24, gateway 120 receives transaction data 137 and is used for handling.In one embodiment, gateway 120 can be used to decipher or arrange that the deciphering of PIN is so that trading processing.In the present embodiment, in an application, gateway 120 can be routed to PIN secure transaction module 145 with deciphering.In the application that substitutes, the function of secure transaction module 145 can be included in the gateway 120 or as the part of gateway 120.
[0221] in one embodiment, secure transaction module 145 can comprise that deciphering module 144 comprises for example PIN, PAN or other section data that may be encrypted or whole data item with deciphering.Secure transaction module 145 can also be implemented as the function that comprises encryption (or encrypting once more) data.Like this, encrypting module 146 can be included to be provided for the excessive data safety of the follow-up route of trading processing network 123.Though undeclared, secure transaction module 145 can comprise that visit is used for the storage device of key storage etc.
[0222] continue Figure 16, in step 26, deciphering module 144A is used to decipher PAN or its part of being encrypted by data acquisition facility 113.In step 28, the PAN of encryption (being encrypted by the encrypting module 132A at data acquisition facility 113 places) is used to the PIN of enabling decryption of encrypted.This step can be included in as mentioned above at the PAN that encrypts and be used for embodiment that PIN is encrypted.
[0223] PIN that will have an encrypted form in expectation is delivered among the embodiment of trading processing network 123, and gateway 120 (or in illustrative example, more specifically, secure transaction module 145) is encrypted PIN once more in step 30.This encryption once more can use the plain text PAN that is obtained by the deciphering in the step 26 to carry out.
[0224] therefore, now gateway has the PAN of encryption, and it is encrypted by encrypting module 132A, and the PIN of encryption once more that encrypts with plain text PAN.In step 32, the PAN of encryption and the PIN that encrypts once more are routed to trading processing network 123 to be used for final processing.The processing entities deciphering PAN in the trading processing network 123 and the PAN of use deciphering afterwards decipher PIN to carry out final mandate.One authorizes, and the affirmation of transaction just can be routed and turn back to terminal 114.
[0225] in above-mentioned example, the PIN data are used the PAN information encryption of encrypting.Yet, because in this exemplary application, the PIN information that 123 expectations of trading processing module receive is encrypted by plain text PAN, so the PAN that example use illustrated in fig. 16 is encrypted carries out the deciphering of the PIN that encrypts with acquisition plain text PIN, thereby encrypts the secret key encryption that plain text PIN makes plain text PIN expect with trading processing network 123 once more with plain text PAN afterwards.Yet in order to obtain to be used to decipher the plain text PAN of PIN, the PAN of encryption is decrypted and be used for transmission afterwards once more at the gateway place equally.These extra steps can be included to allow the PAN that encrypts to be used to the PIN encryption, thereby provide extra safety measure for the PAN data during the PIN ciphering process.As this example explanation, other data can be used to encrypt the PIN that PIN and PAN encrypt and also live again at the gateway place.
[0226] the PIN replacement process need not take place at the gateway place, and can occur in other positions in the network.For example, in one embodiment, deciphering is carried out at credit card issuer, and credit card issuer can be configured to decipher various data item, comprises and for example freely selects data, PIN, PAN, vibration data (warble) (signed data) etc.Yet in one embodiment, the credit card issuer key can not obtain in terminal.Therefore, can reorientate key for decryption entity, decryption entity is a credit card issuer in this example.In one embodiment, this can by based on secret key decryption and once more enciphered data finish, described key produces based on the BIN information that is used to card or selects.In other words, partly or entirely can being used to of BIN obtains key to encrypt described data once more, wherein the key that is obtained with and bank's compatibility of being associated of described BIN.
[0227] as mentioned above, these deciphering are with encrypting step can be in other some places execution along communication channel once more.As those of ordinary skill in the art after having read this specification institute clearly, various decryption/encryption steps can be in a plurality of somes place execution along the suitable given application of network.Same attention in another embodiment, is encrypted once more and need be carried out by gateway 120.This interchangeable selection may be useful, and for example the communication between gateway 120 and trading processing network 123 is passed in the application of secure communication channel.In other words, in some applications, gateway 120 can be the part of secure communication network, perhaps even be included as the part of trading processing network 123.In another embodiment, bank or other clearing entities can be provided the PAN information of encryption and directly use this decrypts information PIN.
[0228] though replaces or PIN reorientates and illustrates that those of ordinary skills will recognize that these contents can be used to other message areas after reading this specification with PIN.For example, PIN itself or can encrypt by this way and replace in conjunction with the PIN information of the PIN piece that generates for example by PIN and PAN.In one embodiment, the PIN piece is by carrying out the XOR generation with PIN and PAN (being preferably the PAN of encryption).Can be encrypted after the PIN piece and pass on deciphering after being used for and encryption once more.Therefore, replace though repeatedly be illustrated as PIN in the presents, this process can be used to PIN information, for example PIN itself or PIN piece.
[0229] in some environment or execution mode, transaction processor or other processing entities can estimate to receive the PIN of encryption, and this PIN uses plain text accounts information (for example plain text PAN) to encrypt.Like this, use the token information encryption PIN that encrypts to cause subsequent transaction to handle the mistake deciphering of operating period PAN.For this situation is described better, Figure 18 and 19 has presented the example of PIN encryption and a difficult problem that proposes with the PAN encryption PIN that encrypts.
[0230],, is thought of as the example that debit card or other similar tokens are encrypted PIN for the example that illustrates that PIN encrypts with reference now to Figure 18.In illustrated example, consider to have the token 111 of number of the account (being sometimes referred to as primary account number or PAN) 5123-4567-8901-2345.For the purpose of this example, this number of the account is stored as the plain text information on the token 111.In account, PAN or other token information unencrypted systems, when swiping the card in step 502, terminal receives number of the account 5123-4567-8901-2345.In step 504, terminal sends to the PIN keyboard with this accounts information that receives, and states accounts information in this keyboard place and can be used to encrypt PIN.Therefore, in step 505, when the user imported PIN, the plain text accounts information was used in step 506 to encrypt PIN.In one embodiment, PIN is encrypted or guarantee that safety and PIN piece can be encrypted by generating the PIN piece.For example, in one embodiment, accounts information uses to generate the PIN piece with PIN.As further example, in one embodiment, accounts information is merged, is connected or mathematical combination with PIN, and in certain embodiments, accounts information is merged, is connected or mathematical combination with other characters, thereby generates the PIN piece.As further example, in one embodiment, accounts information and PIN XOR are to produce the PIN piece.In a word, in this case, user's PIN is encrypted with user's accounts information.
[0231] in step 508, transaction is routed so that handle.For example, transaction can be to buy, withdraw cash or other token transactions, and transaction data is used for trading processing by suitable route.According to the debit card example of presents many places explanation, this route for example will arrive trading processing network 123 and arrive trading processing networks 123 so that handle and can further for example pass through gateway 120.
[0232] in this exemplary transaction, remembers that PIN encrypts with the plain text accounts information and protects safe.Like this, when the checking of the PIN in the trading processing network 123 receives the PIN piece of plain text accounts information and encryption, the PIN piece of encrypting can be decrypted recovering actual PIN and at by the actual PIN of the token of identification checking, thereby guarantee to be the correct PIN of described card input.It is interior or outside that the PIN checking can occur in hardware security pattern (HSM).Because as mentioned above, the plain text accounts information is used to encrypt PIN, and this plain text accounts information is used to decipher PIN similarly and generates checking.
[0233] in step 512, if be verified, then number of the account and PIN or PIN piece are sent out and are used for handling.Because transaction is verified, so PIN can be held encryption to be used for further processing.Based on desired processing, may be unnecessary or do not expect to pass on that the PIN piece of encrypting handles.Therefore, in one embodiment, only accounts information is passed on together.In another interchangeable embodiment, accounts information and plain text PIN can be sent out and be used for further processing.
[0234] sum up this situation, accounts information is read from card, and described information is used to encrypt the PIN by user's input.Because the PIN of the accounts information that reads and encryption is sent together and is used for handling from card, thus identical accounts information can be used in the follow-up treatment step suitably deciphering PIN, thereby verify that correct PIN is transfused to.In the encrypted embodiment of above-mentioned these tokens, the PIN checking of mistake may appear.Figure 19 is explanation can be returned the example of wrong false results according to the PIN checking of an exemplary arrangement a diagram.With reference now to Figure 19,, considers and identical example described in above Figure 18 that the token 111 (for example debit card token) that wherein has number of the account 5123-4567-8901-2345 is swiped the card at the magnetic strip reader place.In the embodiment of magnetic head or other checkout gear enciphered datas, terminal receive look be included in original token 111 on the different data of data.For example, in situation shown in Figure 19, last 12 bit digital of accounts information are encrypted.Therefore, in step 514, terminal receives 5123-0011-2233-4455.As mentioned above, in one embodiment, can expect the preceding 4-digit number of accounts information is left plain text to be used for the route purpose.Yet same as above-mentioned, can pressing according to transaction, trading processing network or other factors arbitrarily or all of account or other token information expected to encrypt.
[0235] in step 516, data are obtained with encryption device and are sent the accounts information of encryption to the PIN encryption device.This example with Figure 18 is opposite, and terminal sends the data that read from token 111 among Figure 18.Because send to the data of PIN encryption device encrypted (or part is encrypted), so in step 518, the PIN of input is used to generate the PIN piece in the accounts information of this encryption and the step 505.When the user imported his or her PIN at step 505 place, in one embodiment, PIN can be encrypted.PIN (no matter whether encrypting) can combine to produce the PIN piece with the accounts information of encrypting.Though undeclared is independent step, the PIN piece that produces can be encrypted so that further protect safety.
[0236] in step 520, transaction is routed and is used for handling.In one embodiment, this as above finishes on refer step 508 described ground like that.In step 522, decoding tool can be used to decipher accounts information and return original accounts information: 5123-4567-8901-2345.This deciphering can for example be carried out via one or more deciphering modules 122 as carrying out the ground as described in Anywhere in the presents.
[0237] in step 524, the suitable entity that the PIN piece of plain text accounts information and encryption is sent in the trading processing network 123 is used for handling.As above refer step 510 is described, and this entity uses accounts information deciphering PIN piece, the recovery PIN that receives and verifies its correctness.Yet you remember that in this case the PIN piece uses the information from token 111 of at first being encrypted to produce.Like this, recover PIN according to conventional art and will cause described PIN is decomposed into the digital different numeral of importing with the user in step 505, described conventional art is based on being used for the real account information that PIN recovers.Therefore, unless accidental unanimity, in step 526, PIN is confirmed as incorrect and the result is returned mistakenly, the expression Fail Transaction.This will cause the cancellation of concluding the business usually.Like this, even imported correct PIN, but because the accounts information of encrypting is used to generate the PIN piece, so wrong PIN is regenerated and verify failure inadequately.
[0238] like this,, there are some schemes like this, wherein only insert the processing mistake that encryption device (for example encrypting head) can cause using the debit card transactions of this PIN encryption and decryption technology in terminal as the explanation of these examples.Plurality of proposals can be implemented handling this situation, and in these schemes each all can have different value, and this depends on trading processing network 123, and token is via described trading processing network 123 checkings.For example, the PAN that encrypts is sent to HSM or PIN checking, and the indication PIN authentication module PAN that uses the PAN that encrypts to be used for PIN deciphering and deciphering to be used for trading processing be a kind of feasible scheme.In some application or environment, this scheme can cause the software that uses in a plurality of existing entity in spreading all over various trading processing networks 123 and the reconstruct of system.Like this, at some environment or in using, this may be stubborn or unpractical solution.In another embodiment, consider another kind of solution, wherein said solution can be implemented before Transaction Information being assigned to the various entities that can verify PIN or HSM.Only as an example of this situation, described solution can be implemented at for example gateway 120, and can further be implemented to allow existing trading processing network infrastructure to handle PIN or other similar transaction under the situation that does not change or upgrade.An example of this situation illustrates in Figure 20.
[0239] Figure 20 is the operational flowchart that the example process of the account that can be used for facilitating token transactions according to one embodiment of present invention and PIN (PIN) information encryption is described.With reference now to Figure 20,, consider above-mentioned identical example, wherein token 111 has accounts information 5123-4567-8901-2345.Encrypt by (in head or other any positions), the terminal receiving encryption key, as above refer step 514 is described.This step 528 explanation in Figure 20.Similarly, in step 530, data acquisition facility sends to the PIN encryption device with the accounts information of encrypting.In step 505, the user imports PIN.Described PIN can use one or more secret key encryptions.Replacedly, PIN does not need encrypted in this step.In step 532, use the accounts information of PIN and encryption to produce the PIN piece.Described PIN piece can also be encrypted.Similarly, transaction is routed and is used for handling in step 534, and can comprise the accounts information of encryption, PIN piece and other transaction data of encryption.
[0240] because number of the account is encrypted, so deciphering module can be used to decipher accounts information and return plain text information.In one embodiment, this can finish deciphering module place or other any positions at gateway 120 in trading processing network 123, and this depends on described transaction, application or environment.In this example, implement a solution, wherein in step 538, the PIN piece is regenerated is used for subsequent treatment.Preferably, in one embodiment, thereby the PIN piece by regenerate make HSM expectation be used for generated in step 538 by the PIN piece of the token of identification.The example how the PIN piece can be regenerated will further describe below.
[0241] in step 540, transaction is routed and is used for handling.In one embodiment, the accounts information of deciphering is sent to suitable entity to handle debit card or other token transactions with the PIN that regenerates.Therefore, in step 542, HSM receives plain text accounts information: 5123-4567-8901-2345.HSM also receives the PIN piece of that regenerate or up-to-date encryption.If PIN encrypts in step 505, then HSM or PIN authentication module are deciphered the PIN from the PIN piece.It can also decipher PIN, and uses the accounts information checking PIN information that receives, thereby verifies described transaction.
[0242] because the PIN piece is regenerated based on original accounts information, so in step 544, suppose that the user imports correct PIN in step 505, then PIN checking 151 can be verified PIN and return response to the transaction of checking PIN.In a word, as the explanation of this example, in one embodiment, correct PIN piece can regenerate at certain the some place in transaction before Transaction Information is routed to suitable HSM.In application-specific, thereby benefit that provides can be provided is to allow checking entity or HSM for encrypting and unencrypted account trading checking PIN or other similar information for this.In one embodiment, this can do not change or upgrade be used for encrypting or the situation of processing that the unencryption pattern is verified or process under finish.
[0243] as mentioned above, for step 538, exemplary arrangement is carried out living again of PIN piece can be by the PIN piece of correct verification to provide.The example that the PIN piece is lived again is described now.Figure 21 is the operational flowchart of the explanation PIN of the being used for piece according to an embodiment of the invention example process of living again.Figure 22 is the functional block diagram that explanation can be used for the exemplary functions structure that the PIN piece lives again.Illustrate in the example as Figure 22 that the PIN piece is lived again and 148 can be carried out at gateway 120 places before being routed to trading processing network 123.This PIN piece is lived again can be for example by carrying out in conjunction with account deciphering 122 of expecting like that together.Understand after reading this specification that as those of ordinary skills this sharp function can be positioned in the transaction flow Anywhere, this depends on described application or execution mode.Still with reference to Figure 21 and 22, in illustrated example, the PIN piece PIN piece 549 that module 148 receives original accounts information 547, the accounts information of encrypting 548 and encrypts of living again.
[0244] in step 550, the live again PIN piece of the described encryption of module 148 deciphering of PIN piece.In step 552, the module of living again uses the accounts information of encrypting to determine original PIN (if perhaps encrypt at step 550 place then be the PIN of original encryption).For example, can use and encrypt accounts information execution and the opposite operation of operation that is used to produce the PIN piece, so that recover PIN.
[0245] because in scheme shown in Figure 180, verification system is contemplated that the PIN piece that uses PIN and plain text accounts information to produce, so in step 554, the PIN piece new PIN piece of PIN generation that module 148 is used the PAN (original PAN 5123-4567-8901-2345) of deciphering and recovered of living again.Particularly, according to described example, new PIN piece can generate by original PIN (obtaining in step 552) is combined with plain text PAN (deciphering by the place of the step 536 among Figure 20 obtains).Described operation can proceed to for example step 540 now, and transaction herein is routed to HSM or other processors that is used for PIN checking 151.As mentioned above, because new PIN piece uses the plain text accounts information of deciphering to produce, so hypothesis PIN is suitably imported, then the processing at step 542 place will cause suitable substance P IN checking.Though above example according to the debit card with PIN checking or other similar cards is illustrated, in these embodiments, other tokens can use together with other demo plants.Though be illustrated in the trading processing network, PIN checking 151 can be carried out in expectation or other positions that require.
[0246] in one embodiment, web portal can be provided to be used for other entities in office terminal, data acquisition facility (can be included in terminal), gateway, secure transaction module and the Secure Transaction processing chain equally.Described inlet also can be used for being provided at one or more end to the user who authorizes and encrypts or remove abilities such as encryption, change key, renewal enciphered message.Described inlet also can be used for video data and about other statisticss of use of terminal, transaction, card and card etc.For example, in one embodiment, web portal is provided to allow the trader to control its terminal becomes substituting of order token.
[0247] instrument panel display can be included in inlet, thereby gives the trader state or the scanning of statistics to its terminal, comprises for example fail safe, integrality, encrypted state, the number of times of swiping the card, the unaccepted number of times of card etc.As another example, the inlet of the bank of issue can be provided to give the bank of issue and check statistics on its card or other information and stick into capable trading ability with it, perhaps offer the trader to facilitate or to forbid to its card encryption (thereby require the trader so to do, or send a command to one or more terminals) to start or remove and encrypt.Terminal can also be implemented as the repeatedly login that allows each account by each user's safety right; Instrument panel display visually shows each terminal that has identity information; The ability of closing a terminal in real time is provided, and this can be derived from any transaction realization of sequence number in one embodiment by refusal; And for example ability of the threshold value of analytical grade is set by terminal/sequence number, geographic area etc.
[0248] in another embodiment, web portal can be used to allow the user to generate order token or update command token.For example, in one embodiment, the order card can use order of inlet quilt and carrying to trader or other users.In another example, printer or other token writing stations can be provided to allow trader or other users to produce his or she token at this.In addition, multiple technologies can be provided to allow to use web portal to upgrade existing order card.
[0249] in one embodiment, the return information of transaction, the mandate of for example returning can be indicated finishing of transaction.In another embodiment, mandate can only be the transaction checking and approving and subsequent transaction is used to finish practically transaction, perhaps finish or settlement accounts.For example, according to the example of bank card, initial communication that receives and mandate can only be that checking and approving of transaction and follow-up settlement bargain take place usually so that fund can suitably be distributed to transaction.In some conventional trading processing networks, batch settlement file is maintained at terminal 114 or a plurality of transaction accumulation and storage other trader positions hereof.For example, one day transaction value can be kept in batch settlement file.In order to settle accounts, batch settlement file can be transferred to trading processing network 123 and be used for the account clearing.
[0250] because the trader can accept the bank card from various different financial institution, so batch settlement file can comprise the Transaction Information of handling by more than a transaction processor.For example, the trader can accept card from a plurality of entities, for example Visa, Master Card, American Express Co. etc.In addition, some or all of token information that are used for some or all tokens can be encrypted by electronic data deriving means or other devices when transaction takes place.Like this, the information in batch settlement file can comprise information encrypted, for example the accounts information of Jia Miing (all encrypting or the part encryption) or other information encrypted.
[0251] Figure 23 is the diagram that according to an embodiment of the invention batch of settlement process usually is described.As described, transaction is implemented 190 and send to trading processing network 123 to be used to authorize 192.In one embodiment, some or all of token data can be by terminal 193 storages (for example in batch settlement file 194) when the mandate of waiting for from transaction processor.When authorizing when transaction processor returns, settlement file 194 can be updated to comprise as this transaction that is authorized to conclude the business.At the fixed time, the file that comprises authorized transactions can be sent to transaction processor and is used for batch processing 192.In batch processing, described transaction can be processed and account therefore settled accounts.
[0252] in the conventional treatment network, this batch of clearing technology can be carried out in direct relatively mode, and wherein full detail has the plain text form.For example, by plain text route and accounts information, the transaction in batch settlement file can relatively easily be routed to suitable transaction processor, and the processed and clearing of accounts information are finished.Yet, under some or all encrypted situations of token information, this may require to operate the specific consideration of settlement data to guarantee that suitable deciphering can take place and suitable route takes place between a plurality of different transaction with different traders and different institutions.
[0253] for example, consider one or more embodiment that above-mentioned PAN or other data use Termination ID or trader ID to encrypt.In such an embodiment, be used for given token encryption token information can change between the different traders or even different sales counters in given trader between change.In addition, under the situation of implementation sequence number or other running key technology, token information can change between transaction, even the same token that uses at same end.Like this, this may be in the face of challenge when handling data from this token and be used to settle accounts.Therefore, in one embodiment, decryption services can be included to provide deciphering for the settlement bargain between trader's (or other transaction entities) and mechanism or other transaction processors.
[0254] before describing this decryption technology, a kind of feasible encryption technology is described with reference to Figure 24.Figure 24 is the diagram of an explanation feasible encryption technology according to an embodiment of the invention.With reference now to Figure 24,, the PAN of token data partly is illustrated as a part 271 with bin data 270, account data and the last 4-digit number 272 of number of the account.In this example, six of number of the account sandwich digits 271 use key 275 to encrypt six account numerals 276 of encrypting to produce via encrypting module 274.As mentioned above, in one embodiment, key 275 can for example be trader ID.The accounts information of encrypting 271 ' can be inserted BIN 270 and last four 272 once more and be comprised that with generation partial data is the new PAN 279 of encrypted form.Therefore, in this example, the swiping the card of same card at different traders place will provide the different transaction data 279 of each transaction.Similarly, if usage counter or its scroll techniques, then accounts information even can locate to change same trader.
[0255] Figure 25 illustrates the operational flowchart that is used to handle all encrypted batch process of settling accounts of some or all account datas according to one embodiment of present invention.The example of Figure 25 is illustrated according to the example that illustrates among above Figure 24, wherein the part of PAN utilizes trader ID to encrypt and be encapsulated into once more among the PAN 279 of encryption as key 275, wherein in this example, the PAN 279 of encryption comprises the series connection of plain text data and enciphered data.With reference now to Figure 25,, in step 278, batch data is received.In one embodiment, described batch data is received as batch settlement file that can be text or other similar files and can comprises a plurality of records that are used for a plurality of transaction.
[0256] as described, in one embodiment, and in fact in a preferred embodiment, deciphering as herein described can be carried out at gateway or other server places, and gateway can after suitable information is sent to the transaction processor of appointment.Therefore, gateway can comprise that suitable deciphering and encrypting module maybe can visit this module (being preferably secure access).More specifically, in one embodiment, gateway can send to the Secure Transaction processor and is used for handling criticizing settlement file.
[0257] in step 330, described process verification is to determine whether the given data record in batch settlement file comprises ciphered data.If do not comprise, then described process is finished and plain text data can be transferred to suitable transaction processor be used for clearing.In one embodiment, whether sign can being set in described record, maybe can to make some other indication encrypted or be plain text with the expression data.This does not need to know that at for example intermediate server (for example gateway) whether the number of the account that receives is can be useful in the significant number application of (obviously the reception of invalid number can be represented the existence of encrypting).
[0258] illustrates for mode by example, in one embodiment, for fear of transaction data stream being increased extra character and being convenient to compatibility with the conventional treatment system thus, a kind of technology that is used for the encrypted state of flag data bag is that the expiration day is increased enough big quantity to conclusively show existing of encryption.For example, in one embodiment, the expiration day is increased 12 years.Therefore, in such an embodiment, the expiration day can be as sign and can be by verification to determine encrypted state.An advantage that increases by 12 (or certain other value) year is can easily be recovered by reverse operating the original expiration day.This situation is suitable for current bank card business dealing, because the expiration day of this card is usually in the 2-5 in future.Therefore, when when 12 years of future or more for many years expiration day occur, described system can determine whether described data are encrypted to limit high certainty.As another example, in one embodiment, expiration day or its part can be replaced by sign string, for example all are zero or all are nine.As another example, independent field can be added to described record with the expression data whether some or all encrypted.
[0259] therefore, for the ciphered data collection, in step 332, suitable key is called in data storage.For example, in exemplary embodiment shown in Figure 24, trader ID or the key that is associated with this trader ID are called to decipher described transaction data.In one embodiment, criticize the key of indication that settlement file can comprise the trader who sends file to notify decoding tool to use thus.For example, be included in title in batch settlement file or alternative document information and can represent trader ID or other may be when the suitable key that generates, retrieves or be identified for deciphering useful information.Similarly, each record can also be attached to the information (for example sequence information) that comprises the key that is used to generate, retrieve or determines to be associated with particular transaction.Equally, because different mechanisms can have different encryption standards or requirement, so ciphering process can be based on the information of for example BIN scope or other factors and changed.In these were used, decrypting process (no matter whether being used for batch clearing) can be pruned similarly to realize suitable deciphering.Therefore, in one embodiment, BIN scope (or other factors) can be used to retrieve and be employed the suitable key with (a plurality of) that decipher suitable data item.
[0260] in step 334, uses (a plurality of) secret key decryption data of suitably retrieval and in step 336, return plain text information.In addition, be changed among the embodiment that encrypts with expression in the expiration day, the expiration day can be returned to its original date and be inserted in the data once more.
[0261] occur among the embodiment at gateway place or other intermediate server places in this cash settlement deciphering, server can pass on the transaction processor of concluding the business now, and it is processed in step 337 to conclude the business.Occur in this step under the situation at transaction processor place, data can be used by transaction processor after deciphering.In one embodiment, transaction can separate from whole batch file and send or send to its transaction processor separately independently in subclass.In another embodiment, batch file can be with plain text information by reconstruct and for example send to clearinghouse or other central treatment station are used to handle or send to another route device transaction is routed to its suitable processor.
[0262] be used to carry out among crowd embodiment of clearing deciphering at gateway or other intermediate servers, the encryption once more of data can be used for carrying out before the final clearing these data being sent to transaction processor.For example, specific key system can between gateway 120 and suitable trading processing entity, formulate with guarantee data can encrypted (for example secure transaction module 145) by being associated with server suitably to decipher by the gateway transmission and by the trading processing entity.As an example, secure transaction module 145 can be kept a group key and these keys can be used to encrypt the transaction that will be transferred to this given entity with gateway.After reading this specification, those skilled in the art or those skilled in the art will know how to use other encryption technologies between gateway 120 or other intermediate servers and trading processing entity.
[0263] advantage that can provide in the deciphering of one or more intermediate entities place of for example gateway 120 or other servers execution settlement file is to allow the data of intermediate server acceptance from a plurality of not homologies, and in the embodiment that ciphered data can change between the difference transaction, advantage is to allow the data of intermediate server acceptance from a plurality of transaction.Therefore, in such an embodiment, various ways placed the general format of given transaction processor from the data of homology not thereby server can be used as data formatter.
[0264] as mentioned above, multiple different encryption technology can be utilized so that the encryption to some or all of token data 111, personal identification number's code data or other data to be provided.As several examples only, hash function, replace that form, electronics code book are encrypted, modulo addition can be used to enciphered data.In fact, will be clearly after having read this specification as those of ordinary skill in the art, can utilize any one in the multiple encryption technology.What describe now is one or more technology that can be used to carry out the encryption of different embodiment according to the subject invention.
[0265] Figure 26 is the explanation diagram that is used for the example process of data encryption according to an embodiment of the invention.With reference now to Figure 26,, illustrated example has been described an embodiment, and the part of the data flow 400 that wherein receives is encrypted.More specifically, in illustrated example, the part of number of the account (being sometimes referred to as PAN) is encrypted.In illustrated example, the last 4-digit number 408 and the expiration day 410 of bank identification number 404, number of the account are left plain text, and centre six bit digital 406 of number of the account are encrypted.For the ease of discussing, centre six bit digital 406 of number of the account are called as PAN 406, though they only constitute the part that may be considered to the number of the account string usually.
[0266] with reference to illustrative example, encrypted number of the account part (PAN 406) is made of numeric string 345678.Key in illustrated examples is represented with the hexadecimal form by sequence 4F3C27.As mentioned above, key 411 can be from numerous sources any one, and for example trader ID, Termination ID, sequence number maybe can be identified for other cipher key source of given application.In this example, the core 406 of number of the account is to carry out the PAN 406 ' of mould 10 additions to obtain to encrypt with key 411.In illustrative example, as the result of mould 10 additions, the PAN 406 ' of encryption produces string 798895.
[0267] be the reconstruct data string of PAN 406 ' as data block 400 ' explanation with encryption of the position that is put into original number of the account part 406.In one embodiment, this data can be used as transaction data and are encapsulated once more and transmit, and wherein the part of number of the account is rewritten as the PAN 406 ' of encryption.In another embodiment, the encryption section of PAN 406 ' can be encrypted the PAN 406 that encrypts to produce once more ", this is string 627803 in this example.
[0268] for example, in one embodiment, the encryption section of number of the account 406 uses for example secret key encryption of trader's key.This part of data can be encrypted to strengthen fail safe or extra feature is provided once more with second key.For example, this part data can be encrypted once more with the data of guaranteeing each trader with Termination ID and roll counter and be seemed different and even seem different in the data of swiping the card of same terminal at every turn.Though going up execution second at the encryption section 406 ' of number of the account in example illustrated in fig. 1 encrypts, but other embodiment can expect also other parts of whole data set or data set are carried out this second encrypting step that this may be confirmed as given application is suitable.Therefore, some or all of data block 400 ' can and encapsulate to produce new data block again with second secret key encryption.In addition, this operation be not limited to shown data item (last four and the expiration day of the mid portion of bin, number of the account, number of the account) but can be used on one or more tracks of bank card arbitrarily or total data or other data that can be associated with given token 111, and no matter the token type.
[0269] equally as shown in figure 26 be the expiration day 410 ' of upgrading.As mentioned above, in certain embodiments, sign or other designators can be configured to provide the indication to the subsequent treatment equipment, and no matter whether transaction data comprises ciphered data.In this example, to be increased 12 years encrypted according to given encryption example with expression transaction the expiration day.Reading this discussion back institute clearly, can use the sign or the designator of replacement as the those of ordinary skill in this area.By changing the expiration day (or other token data items) can an obtainable advantage be that designator can be included in data centralization and do not require and comprise extra field.By changing data in a predetermined manner can obtainable another advantage be that initial data can be restored to be used for processing.
What [0270] also illustrate among Figure 26 is the replacement form 419 that can further use in ciphering process.For example, the clauses and subclauses of replacing in the form can provide extra safety measure in ciphering process.For example, when using mould 10 additions to carry out encryption, the possible criminal of fraud can be to given a plurality of encrypted data set reverse operations to determine encryption key.Therefore, using the replacement form to replace key value with table entries is to hinder a kind of mode of some people's reverse operation with the ability of acquisition key information.For example, according to the situation shown in Figure 26, key 411 is made of string 4F3C27 and replaces first clauses and subclauses in the form 419 and comprises and go here and there 143792....In order to use the replacement form, described process determines that at first leftmost numeral is a numeral 4 in the key 411.Therefore, this process will be sought the fourth digit in the suitable clauses and subclauses of replacing form 419, be numeral 7 (amplifying in the drawings to emphasize) in this example, and that numeral of should numeral replacing key.Thereby this process may be implemented as all the other numerals that continue process key in a similar manner replaces given key rightly by replacing the fixed clauses and subclauses of form middle finger.
[0271] in one embodiment, substitution table table entry itself can periodically-varied or is changed often so that further Information Security to be provided.By changing the value of replacing in the form, can require more work to come traceback to seek encryption key.For example, in one embodiment, clauses and subclauses and the identical clauses and subclauses of using random number generator or other algorithms to generate the replacement form can use similar algorithms to generate to duplicate the replacement form at the server place in decrypting end.More specifically, in one embodiment, the seed of random number generator is trader's key itself.Because this example is used for explanation, so a plurality of different configuration can be implemented to fill and to utilize replacement form in the ciphering process.This is used to equally illustrate that substituting other mechanism of replacing form can be implemented further to make the concealment of key or ciphering process.
[0272] in some applications, token data can comprise that mould 10 is checked character or other codes, one or more character so that the verification to data to be provided.In these are used, receiving system will be carried out assigned operation to check to check character whether mate the data that provided on the data that receive.The numeral of the string that for example, receives can with mould 10 additions add together with check its whether obtain 10 verifications of identical mould and.If identical, then this is that the data that receive are effectively indication.Yet in the above-described embodiments, some or all token data are encrypted.At least some parts of described data be used to generate check character or verification and situation under, calculation check and the meeting once more at the receiving terminal place (or on statistics should) leads to errors.Therefore, in one embodiment of the invention, described character or character string are produced again and are inserted in the data flow after encryption, thereby make verification can use ciphered data to occur in the receiving terminal place.This embodiment will usefully make the encryption technology that is identified use with the routine data treatment system, for example, be configured to the data handling system with the operation of unencrypted data set.Substitute as another kind, encrypted data item can be decrypted before the execution error verification.
[0273] in the above a plurality of embodiment, some or all of token data 111 are encrypted to be used for safe transmission.For example, an embodiment relevant with bank card is described to encrypt the part of number of the account, simultaneously bank identification number and other information remained the plain text form.Describe now another embodiment, wherein freely select data also encrypted on the encrypted and card of the part of number of the account.Figure 27 illustrates the diagram that is used to carry out this encrypted process according to this embodiment of the invention.With reference now to Figure 27,, in step 422, token data is read.In this example, token data is from bank card or other track datas that similarly blocks.In step 423, the specified portions of number of the account is encrypted.For example, a kind of consistent with above-mentioned situation, first six bit digital (or BIN) is retained as plain text, next six bit digital encrypted (being PAN 406 in above example), and last several bit digital still are plain text.In step 425, freely select data encrypted and in step 427, ciphered data is used for trading processing with remaining track data by encapsulation once more.
[0274] example of describing now according to Figure 27 is used to carry out an accounts information and a sample situation freely selecting the encryption of data.After having read following description, those of ordinary skill in the art will know how interchangeable encryption technology can be used among present embodiment and other embodiment.Figure 28 is the operational flowchart that the process of a part that is used to encrypt number of the account according to one embodiment of present invention is described.Figure 29 comprises Figure 29 A, 29B and 29C, and Figure 30 illustrates to use according to one embodiment of present invention to replace the diagram that form produces password and transforms the example of PAN.Figure 25 is the diagram of the encryption of explanation PAN according to an embodiment of the invention.
[0275] with reference now to Figure 23,24 and 25, in step 422, token data is read.For example, under the situation of bank card, be read from the data of track 1,2 or 3.Figure 29 has illustrated track data 400 or its a part of example, and it is by last two digits 408, expiration day 410, the service code 412 of the part 406 of bin 404, number of the account, check and 407, number of the account and freely select data 414 to form.In presents and this example, be known as PAN 406 by the encrypted number of the account core of wanting of reference character 406 appointments.Should be noted that number of the account in this example comprise whole sixteen bit numerals 404,406 and 408 and this also be known as PAN sometimes.Yet for this example, PAN 406 refers to the core of number of the account, and this is seven figure place word strings 0292011 in this example.
[0276] in step 423, produces password to be used for encryption after a while.In one embodiment, by producing password with secret key encryption bin 404, last pure digi-tal 408 and expiration day (EXP) 410.Though can use the arbitrary key in a plurality of keys, in one embodiment, the key of use is trader's key K m.This shows that in Figure 29 B wherein key K m is used to encrypt bin, pure digi-tal and expiration day (by string 418 expressions) to produce password 420.In this example, the string of encryption is filled up by 0 416 of beginning before encryption.
[0277] as the result of this operation, produces password 420, can be used to encrypt PAN 406 after it.In one embodiment, because PAN 406 is seven bit digital, so though can expect other interchangeable selections, first seven bit digital of password 420 is used to encrypt PAN 406.Key K m can be from the key of a plurality of not homologies and be stored in the checkout gear for example to be used by encrypting module 132.In one embodiment, though other keys can be used, key K m is trader's key.
[0278] in step 425, replaces form and be used to transform pan 406 to produce the pan 406 ' that has transformed.An example has been described among Figure 29 C, has wherein replaced form 419 and comprise two clauses and subclauses: comprised clauses and subclauses of the string that is used for the odd bits numeral and comprise the second entry of the string that is used for the even bit numeral.In this example, each numeral of PAN 406 by its separately odd number or the even number table entries finding substitute character, thereby be put into its suitable position.Therefore, the first digit of pan 406 will be by the odd number clauses and subclauses.Because this first digit is zero, therefore be first clauses and subclauses (clauses and subclauses 0) of 9 pulled out and placed the pan406 ' that has transformed from replaced form 419 leftmost numeral.Similarly, second digit is the numeral on the even bit and is numeral 2 in this example.Therefore, the 3rd clauses and subclauses (corresponding to the first entry of position 0) from the even number clauses and subclauses of replacing form 419 are placed on the second digit of the pan 406 ' that has transformed.This operation continues the string 9202918 with the pan 406 ' that obtains to be used for having transformed in a similar fashion.
[0279] in step 427, the pan 406 ' that has transformed is encrypted to produce the pan 422 that encrypts.An example process that is used for this illustrates that at Figure 30 the pan406 ' that has wherein transformed encrypts the pan 422 that encrypts to produce with password 420.In one embodiment, the pan 406 ' that has transformed carries out mould 10 additions to produce the pan422 that has transformed that encrypts with password 420.Consistent with current example, password 420 comprises that this string 4FDCC52 and the pan that has transformed comprise string 9202918.Noting, is in the present embodiment of mould 10 additions in encryption, and first seven bit digital of 420 only accesses to your password.The pan of conversion 422 that password 420 and pan 406 ' mould, 10 additions that transformed and generation are encrypted, this is string 3734160 in this example.
[0280] in step 427B, original pan moves a numeral and in step 427C, carries out the pan424 that mould 10 is produced final encryption mutually with the pan 422 that transforms that encrypts.Consistent with shown example, the result of this addition produces string 3753361 pan 424 to be used for final encryption.
[0281] will be clearly after having read this specification as the those of ordinary skill in this area, above process can oppositely be implemented to obtain plain text pan 406 in the end for process of transaction.
[0282] refers back to Figure 27, in described exemplary embodiment, freely select data encrypted equally.Though can being used to encrypt, multiple technologies freely select data (situations of other ciphering process as described herein), with reference now to Figure 26, a kind of example technique of freely selecting data of encrypting of 27 and 28 explanations.Figure 31 illustrates the operational flowchart that is used to encrypt the example process of freely selecting data according to one embodiment of present invention.Figure 32 comprises Figure 32 a and 32b, is to illustrate to use according to one embodiment of present invention to replace the diagram that form produces password and transforms the example of PAN.Figure 33 is an explanation diagram of freely selecting the encryption of data according to an embodiment of the invention.With reference now to Figure 26,27 and 28,, in step 462, the card data are read with the selection data that gain freedom.In the embodiment that the encryption of freely selecting data is performed together with the encryption of other data, freely select data to be read simultaneously.
[0283] in one embodiment, Termination ID and sequence number are used to generate the encryption key that is used for freely selecting data.Therefore, in the present embodiment, in step 464, terminal key and sequence number that system's retrieval is used in this process.As a special example, terminal key Kt illustrates in Figure 32 A.In step 466, terminal key is used to the encryption section token data to obtain pan password 480.In the specific example that illustrates in Figure 32 A, bin number, expiration day number and sequence number 482 are encrypted to obtain password 480 with key K t with the zero padding 484 of beginning.
[0284] in addition, according to situation that may be suitable, sequence number can be used to update service table entries or service code.For example, in one embodiment, service code can be replaced by predetermined beginning numeral (for example 9) and rightmost two numerals are sequence numbers.For example, in exemplary environment, commonly credit card has service code 101.In this example, one of beginning can replace by 9, and thereafter two 01 can be replaced by sequence number.Like this, when detecting 9 in service code beginning numeral, second and the 3rd bit digital are identified as the sequence number that can be used equally.Described sequence number is used and service code afterwards can be by storage (for example, storing 101 into) once more.This can be the another kind of mode of the existence of identification enciphered data.
[0285] in step 468, freely selects data for example to use and freely select data replacement form to transform.Therefore, in the example of Figure 32 b explanation, original free selects serial data 0000041800000 to be replaced by the serial data 486 ' 9090948890909 of freely selecting that has transformed.In one embodiment, can use identical replacement form (being form 419) thus cause the replacement of above acquisition, perhaps can use different replacement forms.
[0286] in step 470, freely select data encrypted.According to the example of explanation, in step 470A, password 480 be used to encrypt replaced freely selects data 486 ' with produce encryption replaced freely select data 492.In one embodiment, this encryption can be finished by password 480 and the mould of freely selecting data 486 ' 10 additions that transformed.
[0287] in step 470B, as piece 406 " shown in, freely select data to move one and freely selects data 492 to encrypt freely to select data 494 with what obtain encryption with having transformed of encrypting.In one embodiment, this encryption can by having transformed of encrypting freely selects data 492 be shifted freely selects data 406 " mould 10 additions carry out and freely select data 494 with the acquisition encryption.
[0288] refer again to Figure 27, note in this example PAN and freely select data encrypted after, in step 427, can carry out the data that replacement is used to conclude the business with encapsulation.Particularly, according to reference to the described example of figure 23-28, can encapsulate ensuing string once more.
[0289] in addition, new mould 10 characters can be generated and new LRC is created in the string shown in the 8th section of appendix C.In addition, sign can be set to that for example the expiration day adds 12.Therefore, in illustrated example, have mould 10 characters of renewal and the data of encapsulation once more of LRC and can seem similar:
4500663753361213=19039130779474182100?。
[0290], extra exemplary encryption and decryption algorithm is described now in order to further specify the feasibility of various cryptographic algorithm.With reference to this example of data description of encrypting track 2, but other data also can be encrypted.In one embodiment, algorithm can check at first whether data exist the order card, and is as described in more detail below.Afterwards, in one embodiment, algorithm generates disposable CTR (counter mode) 3DES stream cipher encrypting piece Ki.In this example, this is finished as described below:
(a) structure KA is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) magnetic stripe reader key counter (MKC)
(ii) freely select data (DD) to fill all the other zones until the LRC character and comprise the LRC character with the card publisher.
(iii) fill all the other zones (0x30) arbitrarily with ' 0 '.
(b) select domain key (DMK) and terminal key (TMK) collection from BIN mask key form * *
(c) encrypt Ka with DMK, obtain piece Kb
(d) with TMK deciphering Kb, obtain piece Kc
(e) encrypt Kc with DMK, obtain piece Kd
(f) 64 piece Kd are expanded to the decimal value of 20 numerals, expand to and obtain piece Ke
(g) remove the stream cipher encrypting piece Ki that leftmost numeral obtains 19 numerals
[0291] in next procedure, encrypted data, (here being the data of track 2) and 3DES stream cipher encrypting piece Ki combination from left to right are:
(a) use mould 10 additions, the digital and digital addition of PAN except that first numeral of 1 to 6 with Ki based on BIN mask key form * * and mould 10 check digits.Use the Ki numeral from the Far Left adjoining land.
(b) use mould mould 12 additions, the moon and the next Ki numeral of will expiring addition
(c) use mould 100 additions, year and the next Ki numeral of will expiring addition
(d) use mould 10 additions, with following three Ki numeral and the addition of three service code numerals.
[0292] generates the new mould 10 that is used for amended data after the described algorithm and check character, join new check digit (mould 10) and the result of this addition is placed track 2 data 5.Make MKC multiply by 2 and place decimal system result in PVV (5 digital pin verifying field) track data field afterwards.Its increases mould 50,000 (in the transition of 49,000 places) and stores new MSC afterwards, removes leftmost numeral and mould 10 numerals and obtains going here and there EPAN.
[0293] for the deciphering according to this example, in first step, decipherment algorithm is at first finished mould 10 verifications on the card data.If verification is passed through, then pass on the data of track 2 in the case of non-decrypting.If verification failure, then described algorithm can verification to see if it is order data.For example, in one embodiment, described algorithm can deduct 5 and use this new mould 10-5 check value verification once more from track data check digit (mould 10).If the verification failure, then it passes on mould 10 check errors with track data.Afterwards, if expiration year is 80, then blocking data is orders.If like this, then can handle described order by the utility command decoding algorithm.
[0294] in order to decipher, algorithm generates disposable CTR (counter mode) TDES stream cipher encrypting piece Ki as described below:
(a) structure KA is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) by divided by 2 PVV, from the MKC of reader from track data.
(ii) freely select data (DD) to fill all the other zones until the LRC character and comprise the LRC character with the card publisher.
(iii) fill all the other zones (0x30) arbitrarily with ' 0 '.
(b) searching terminal key DMK and TMK and retrieve MSC at last
(c) new MSC is compared with the value of last storage
(i) if new MSC greater than old MSC, then preserves new value
If (ii) new MSC is not more than old MSC, then sign duplicates transaction errors
(d) encrypt Ka with DMK, obtain piece Kb
(e) with TMK deciphering Kb, obtain piece Kc
(f) encrypt Kc with DMK, obtain piece Kd
(g) 64 piece Kd are expanded to the decimal value of 20 numerals, expand to and obtain piece Ke
(h) remove leftmost numeral, obtain the stream cipher encrypting piece Ki of 19 numerals
After the described algorithm with the data of track 2 and the from left to right following combination of Ki and plain text data is provided.
(a) use mould 10 subtractions, the Ki numeral is added to the numeral of PAN except that first digit and mould 10 check digits.Use the Ki numeral from the Far Left adjoining land.
(b) use mould mould 12 subtractions, the moon and next Ki digital subtraction will expire
(c) use mould 100 subtractions, year and next Ki digital subtraction will expire
(d) use mould 10 subtractions, following three Ki numerals are deducted three service code numerals.
[0295] use stream cipher to encrypt the ability that PAN can cause disclosing the encryption mask of the card that is used to have identical BIN and expiration day based on trader's key, BIN and expiration day.In one embodiment, the hash-code PAN numeral that is used to encrypt and provide hash table to comprise feasible hash and original PAN at the secure transaction module place.
[0296] in one embodiment, encryption can be performed so that the encryption of data obtains the enciphered data of a plurality of bytes.For example, in one embodiment, six bit digital of encrypting PAN can produce binary data.Byte can be selected and be put back in the described string.In when deciphering, key can be used to generate all possible results, and secure transaction module can be searched the result's that generation obtains PAN.As another example, first account numeral of expression BIN or bank identification number is together with expiration day of card and be used for POS and use last four in the number of the account of the checking of card and receipt printing to keep as plain text.19 numerals of remaining card data can be converted into 8 byte binary values.Time stamp can be increased and the result encrypted.The enciphered data of 8 bytes can be converted into 10 being 20 numerals of base, and rightmost 19 numerals to replace selected cards digital.Last numeral 0 or 1 is added to bank's field.New mould 10 characters are generated and place selected card numeral.The array output of ciphered data and plain text data is to described terminal.
[0297] in another embodiment, the cryptographic block size can be greater than the available figure place of the numeral that will be encoded.In such an embodiment, output feedback mode or the counter mode can application block encrypted.In these methods, the fixed data that comprises the variable of sequence number for example and a part of plain text card data together with for example with each piece output the change value of the counter of increment use the cryptographic algorithm of expectation encrypted.From the carry-out bit of encrypting can with data combination (for example XOR or mould 10 additions) to be encrypted.Scope in card numeral to be encrypted is under the situation of 0-9, as for track 2 data, 3 positions of encryption and each digital XOR of from 0 to 7.Numeral 8 and 9 is left plain text.Because the output feedback mode of block encryption or counter mode require step still less usually, so they may be than additive method more preferably.
[0298] BIN mask key list can be used to allow to select the Encryption Options of BIN scope and the key that is used to install.For example, in one embodiment, key is assigned to the BIN scope based on the BIN mask.The MKC that each clauses and subclauses can comprise BIN mask, domain key, order key, the terminal key that is associated with mask and be used for the BIN mask key counter of swiping the card.The BIN mask can comprise for example 6 bytes.In one embodiment, it is implemented so that comprise any byte location of digital 0-9 and must be complementary with wanting selecteed corresponding card data; Any byte location that comprises 0xA or 0xB will be complementary with the arbitrary value in the corresponding card Data Position; And the byte location that comprises 0xA is with encrypted, and the 0xB position will be left plain text in the output of track 2 data.
[0299] in above-mentioned one or more embodiment, pin keyboard, magnetic stripe reader, RFID transponder, near-field readers, optical scanner and other data acquisition facilities can be configured to or be reconfigured for and comprise some or all of the excessive data that arbitrarily be associated (for example PIN data) of encryption function to encrypt some or all token data and to be used for various types of tokens 111.Can comprise the function of encrypting module 132 encrypting modules such as grade for example with encryption that carry out desired is provided.In addition, as described, memory or other data storages can offer key, algorithm, the firmware that is associated or software, centre and final process result and other enciphered messages.In certain embodiments, expect some or all of described function and particularly, expectation encryption function and storage are packaged in the token reader so that the measure of Information Security to be provided.
[0300] or sometimes, may expect to upgrade or upgrade or some or all key schedules of revising encrypting module, the cryptographic algorithm after upgrading and other changes, modification, increase or the enhancing that are supposed to when having with the key after obtaining for example to upgrade, after upgrading at a time point place.Yet, being embedded among the embodiment of data acquisition facility in some or all of this function, this enhancing may be difficult to implement in mode quick, easy and to one's profit in field.This can aggravate by such fact, i.e. and in application-specific (for example in bank card is used), may have thousands of data acquisition facilities will upgrade and safeguard.
[0301] therefore, in this and other embodiment, technology can be implemented with via downloading or other similar mechanism are carried out this enhancings.For example, in one embodiment, the order token can be provided to provide renewal to enciphered message, and enciphered message for example is key, operative algorithm (for example cryptographic algorithm, key schedule, hash function etc.), data element or other enciphered messages of being stored.For example, in one embodiment, thereby order token to encode when it is read by the electronic data deriving means with command information, can be so that data acquisition facility be updated with new enciphered message.For example, specific character or string can be included in the order card and enter the renewal pattern or accept renewal behind the reading order token with the designation data deriving means.Order on the token information or can be downloaded to data acquisition facility so that necessary renewal to be provided from the information of external source.In another embodiment, the electronic data deriving means can be instructed to download to import route search or to receive via transaction communications data path or other data.For example, after entering more new model, data acquisition facility can be configured to receive and receive information and upgrade to carry out from terminal, gateway, trading processing network entity or other entities.As another embodiment, the electronic data deriving means can be instructed to download to retrieve or to receive via serial or parallel or other FPDP.
[0302] in another embodiment, appropriate command or command string can send so that algorithm, firmware or other software and the items of encryption information that the electronic data deriving means enters new model more or accepts to upgrade from terminal, gateway, trading processing network or other entities.
[0303] in a present described embodiment, the order token is used to start more new model.For present embodiment is described better, be illustrated according to the situation of illustrative embodiments, wherein the application of electronic data deriving means is the magnetic stripe reader that is configured to read bank card.After reading this specification, the those of ordinary skill in this area will know the order token is implemented in how can and using in other situations.
[0304] Figure 34 is the operational flowchart that the process that is used to start new model more or other command modes according to one embodiment of present invention is described.This flow process is illustrated according to exemplary cases, and wherein ordering token is magnetic stripe card.With reference now to Figure 34,, in step 612, order is stuck in that magnetic card reader place is swiped the card and its data are read.In step 614, the data on the order card are by verification and in step 616, and whether specified data represents that card is the order card.For example, in one embodiment, the scope of predetermined BIN number or BIN number is designated as with ordering card and is associated.Like this, in the present embodiment, in step 614, the electronic data deriving means can be configured to search for the bin data storehouse with the BIN information determining to receive whether with database in the card brushed of expression be that the BIN information of order card is complementary.Other characters or serial data can be used to represent whether given card is the order card, yet this example describes according to predetermined BIN or BIN scope.
[0305] if in step 616, determine that the card of being brushed is the order card, then order in step 618 processed.For example, order can be included to update algorithm, key, trader ID, Termination ID, sequence number or other enciphered messages.The several exemplary embodiment that is used for processing command card function below is discussed.Other examples can comprise the order of whole cards or particular card being opened or closing encryption.For example, order can be generated only to influence the card with particular B IN or BIN scope.
[0306] if the card of being brushed is not the order card, then routine operation can take place immediately, and wherein in step 619, data acquisition facility determines whether be sent out with encrypted before being used for processing from the data of token.If not, then in step 620, data are exported with the plain text form.On the other hand, if some or all token data are encrypted, then in step 622, data can encapsulate and be output as token data stream encrypted, once more, as explanation in the step 624.
[0307] Figure 35 is the operational flowchart that the example process that is used to encrypt some or all token data according to one embodiment of present invention is described.As mentioned above, by with reference to one or more embodiment, check character to be included in the token data and block read error or data transmission fault with expression.Therefore, whether in step 632, it is correct to determine it by verification to check character.If correct, then in step 634, suitable key is generated or retrieves, and suitable data are used secret key encryption in step 636.Similarly, as described above, can operate in order to make downstream components, new checking character can produce based on ciphered data in the step 638 and data are output in step 640 and are used for trading processing.In one embodiment, system can be implemented so that incorrect checking character can represent that token is order token (being the order card) with regard to above-mentioned exemplary application.
[0308] Figure 36 illustrates to use according to one embodiment of present invention whether definite token of checking character is the operational flowchart of the example process of order token.Once more, the exemplary application according to bank card provides this description.With reference now to Figure 36,, in step 652, checks character by verification to determine whether it is correct.This is with above identical with reference to the described step 632 of Figure 35.If check character is correct, shown in decision block 654, then continues to add shown in Miru's step 656.For example, in one embodiment, encryption can continue on conventional basis, as above described with reference to Figure 35.On the other hand, if the verification of checking character has disclosed mistake or invalid entries, then card can be tested again.
[0309] in one embodiment, check character to be modified and make the potential existence of known misrepresentation order card.For example, in one embodiment, check digit deducts predetermined value (for example 5) existing with expression order card.Therefore, in the illustrated embodiment, in step 658, value 5 is added to check digit and data are tested again.If test is failure in step 660, then this can represent the mistake in the data.
[0310] on the other hand, if test is passed through with the check digit after upgrading now, then this can be enough affirmations that there is the order card in expression in one embodiment.Yet in another embodiment, extra information can be used to the existence of verification command card or other order tokens.For example, as mentioned above, in one embodiment, BIN or BIN scope are used for the recognition command card.In another embodiment, the specific expiration earning in a day can also be used to the existence of recognition command card.As further example, in one embodiment, it is the order card with the card that expression comprises this data that the expiration day field of order card is set to certain value (for example 80 or 99).Therefore, according to this example, in step 662, the expiration day by verification determining whether it is set to designated value, and in step 664 if then it is identified as the order card and order can be processed rightly.On the other hand, if the expiration day is not a designated value, or another command parameter do not match, and then depends on described embodiment, and mistake produces, as described in step 669.
[0311] Figure 37 is the diagram that the example process that is used for the operational order token according to one embodiment of present invention is described.With reference now to Figure 37,, in step 704, data are read by data acquisition facility.For example, have in the background of exemplary application of order card of magnetic stripe in use, magnetic stripe data is read by magnetic stripe reader.As mentioned above, whether one or more processes can be used for determining whether the card that is being read is the order card, or be the order token in other embodiments, or whether it is conventional or non-order token.
[0312] as mentioned above, in numerous embodiment, data are read from token, even encrypt, data also can be packed so that it comprises suitable field or is in the correct format of expecting as the equipment of the trading processing in the trading processing network at least.Equally, as mentioned above, in one embodiment, the information that is produced by the reading order token can be sent to the downstream equipment to be used for command process.Therefore, in one embodiment, in step 706, data acquisition facility requires user's data input, just looks like that conventional non-order transaction takes place.Therefore, for example, according to the situation of bank card, data acquisition facility can require the user to import trading account so that this data can be inserted into packet be used for the transmission.In interchangeable embodiment, padding data or virtual data can be included to guarantee the data encapsulation that provides complete.In this way, transaction data be can finish and server or other processing equipments are transferred to will order transaction.
[0313] in step 708, data are packed and send to server or other and handle equipment.As discussing, in one embodiment, this data can be according to the form encapsulation of downstream equipment expectation.In addition, in one embodiment, data can be encrypted so that security measures to be provided in being transmitted data.
[0314] in one embodiment, order can be triggered at the data acquisition facility place when data acquisition facility reading order token.Therefore, encryption key, cryptographic algorithm, firmware update and other command informations can directly be provided to data acquisition facility or terminal from the order card.For example, command information can be included in the track data of magnetic stripe card, or extra information can be included in the card so that appropriate command information to be provided.In another embodiment, the token with memory or other data facility can be used to provide command information to upgrade to the token reader.For example, smart card, chip card, ICC etc. can be used for providing command information to upgrade reader.
[0315] in one embodiment, the order token can have the form identical with conventional token, and provides data by same mechanism.In another embodiment, Zhuan Yong order token can be provided.Consider the example of bank card once more, replace the order card with the magnetic stripe that comprises order data, the token of another kind of form can be provided, it can be read by magnetic stripe reader.For example, can provide the circuit card that comprises the track that carries the signal of telecommunication.Track can be spaced along the zone that card is read by reader.The signal of telecommunication can send along track, thereby makes the electromagnetic field of magnetic head sensing track and read this information when it reads magnetic strip information.Therefore, track and provide the use of the control logic of the signal of telecommunication to can be used for providing the order card with desired pattern along track.But this order card can be programmable and overprogram, for example the control logic that is associated with card by programming.In another embodiment, the magnetic transponder can be provided to place near the described head and be used for electromagnetic pulse is sent to described head so that it imitates swiping the card of magnetic card.Described pulse is programmed order data is delivered to described head.Signature or other keys can offer this alternative token to guarantee authenticity.In addition, PIN or other verification techniques can be used for the authenticity of verification command token, user and use location.In another embodiment, the card that comprises the contact can be used for directly electrically contacting with the signal path transferring command information via the physics conduction with read head.Described contact can be fabricated onto the header structure project, for example the insulation board between shell, the track, core or other contact points.In addition, can add contact point and electrically contact, be used for data passes to stick into row with order.
[0316] this information can also be sent to terminal or other downstream equipment (comprising the PIN keyboard) and handle equipment to upgrade.For example, for to key updating, thereby the key set that has upgraded can be passed to transaction processing server or secure transaction module make its have correct key with deciphering by the data acquisition facility ciphered data.As the further example about key updating, in the embodiment of terminal decryption information before message transmission, key can be provided to terminal and be used to decipher purpose.
[0317] these keys can be transmitted to keep its integrality with cipher mode.As another example, other algorithms that wherein new random number generator maybe can be used to generate key are provided as renewal, and this algorithm can upgrade at the data acquisition facility place and send to transaction processing server to upgrade its record with encrypted form in certain embodiments.In the example that data acquisition facility or end generate, new key can be sent to decryption services (for example to secure transaction module) with being similar to message in transaction and can comprise terminal identifier, new key and new sequence starting symbol (it is continuous that sequence number needs not be) at key.Decryption services can be stored the historical key that uses with the transaction of trailing.
[0318] in one embodiment, thus the data that it substituted otherwise provide in conventional token can be provided the updated information that sends to downstream equipment once more.For example, under the situation of bank card, it can be when recognizing that transaction data comprises command information be extracted by gateway or other trading processing entities or server thereby new information can be included as track data.
[0319] in another embodiment, the order token can be used to the trigger data deriving means from terminating gateway trading processing entity or other downstreams transaction equipment retrieval command or other lastest imformations.For example, when order card or other order tokens can produce the transaction that is sent to the downstream device and decoding, the downstream transaction system is retrieved suitable information (for example, the key of renewal, algorithm, firmware etc.) and these is turned back to the electronic data deriving means and is used for upgrading.Preferably, in one embodiment, thereby the project of returning is returned encryptedly security measures is provided.
[0320] the another example of the possible function that can be comprised as an illustration, consideration is used for the example of key updating once more.New key can be included on the order card or the order card can the designation data deriving means from the terminal retrieval key.Replacedly, order card can start transaction, this transaction make new key from another entity for example secure transaction module be sent out.As another example, the order card can only make data acquisition facility or terminal use for example new key set of random number generator generation of key schedule.
[0321] Figure 38 is the operational flowchart of explanation example process according to an embodiment of the invention, and wherein gateway or other downstream entities receive order transaction and return command information.With reference now to Figure 38,, in step 712, transaction is received at the processing entities place.For example, in one embodiment, transaction can be received at gateway 120 places and conclude the business decoded and be determined it and be the order transaction.For example, according to the foregoing description, in step 714, thereby suitable decrypting process can be called or conclude the business and is sent to secure transaction module and makes the data can be decrypted and turn back to gateway or other trading processing entities are used for operation.
[0322], if it is not the order transaction, then can in step 717, be encrypted and be output as effective track data again, and conventional treatment can continue, shown in step 718 in case decrypted.Replacedly, if transaction is the order transaction of determining in the step 716, then command information can be retrieved and suitably be acted on.
[0323] for example, in an above-mentioned embodiment, specific BIN scope is assigned with existing with expression order card and bank card situation.Therefore, in this application, gateway or other trading processing entities can verification BIN to determine whether it should be routed to be used for conventional treatment or whether it is whether order card and command operation should take place.In the BIN scope that is sent out is among the embodiment of plain text, and this information can be determined by gateway or other processing entities when receiving transaction.In the encrypted embodiment of BIN, decryption oprerations (for example shown in the step 714) can take place.Thereby retrieval plain text BIN can carry out suitable judgement.In another embodiment, only a part of BIN need for plain text to judge.This example is used for illustrating how other fields of transaction data can be used to discern the existence of the order transaction that generates by the order token.
[0324] continue with reference to Figure 38, in the present embodiment, command information is retrieved and turns back to data acquisition facility and is used for upgrading, described in step 720.For example, in one embodiment, key, algorithm, firmware update or other command informations can be suitable for order ground and retrieve and turn back to data acquisition facility with updating device.Though show among Figure 38, it is encrypted before being used for upgrading that this information can turn back to data acquisition facility in transmission.
[0325] in one embodiment, information can be returned to specific data acquisition facility or replacedly as be broadcast to one or more data acquisition facilities with being fit to given transaction.For example, the trader may expect to upgrade from the trader ID of a plurality of terminals or key or key schedule and can generate order with (for example gateway place) lastest imformation and this information is broadcast to whole terminals in this trader network again at the server place.Like this, information can be broadcast to whole terminals or the subclass of the terminal that can suitably be discerned.
[0326] in step 722, the local data at gateway or other trading processing entities or server place also can be updated to guarantee that suitable key, algorithm or other information are in position to be used when operating the transaction that is generated by the terminal of upgrading by transaction processor.
[0327] is command information by server retrieves with reference to the process of Figure 38 explanation and sends it back a kind of process of data acquisition facility.In another embodiment, command information can obtain and be used to local update data acquisition facility or terminal before communicating information to server based on token data.Therefore, in the present embodiment, data acquisition facility can be configured to upgrade its local record and information to comprise new command information.This information can be packed to be used for the transmission of step 708 to transaction processing server.As mentioned above, in the exemplary application of bank card business dealing, information can send as track 2 data or other track datas formatted and in one embodiment.
[0328] Figure 39 is the operational flowchart that explanation is used for receiving at the transaction processing server place example process of this command information.With reference now to Figure 39,, in step 712, transaction is received by transaction processor.For example, transaction processor can be gateway 120 or other trading processing entities.
[0329] in one embodiment, the reception of transaction, suitably whether decryption information and definite transaction are that the order transaction can take place as the discussion of refer step 712 to 718.
[0330] in step 724, the command information that is included in the transaction is extracted.Because present embodiment has illustrated command information and has sent to the example of processing server from data acquisition facility, so this step 724 is extracted this command information and is used for upgrading local information in step 726 from transaction.
[0331] in comprising an above embodiment, confirms that transaction can turn back to data acquisition facility and upgrade with affirmation with reference to Figure 33 and 34 contents of discussing.For example, replacement is returned " mandate " or " unauthorized " response to purchase-transaction, server can respond by return command, and its content is other suitable message that " key is updated " or " firmware is updated " or expression command informations such as " encryption are activated " are successfully upgraded at the server place.Otherwise described information in data acquisition facility or end by local update.
[0332] in one embodiment, the command information of encryption is stored as the data in wherein track on the order card.Can use track 1,2 or 3.Notice that in an environment, conventional bank card can have traditional track 2 information with the 75BPI coding.In an embodiment of this environment, order data can be encoded as track 2 data that replace bank card information.In one embodiment, this data can be encoded with higher density, for example encode with 210BPI.Therefore, in such an embodiment, different densities can be used to the existence of sense command card.
[0333] in case order card is swiped the card, then data acquisition facility is taked suitably action and afterwards track data is outputed to the POS device, described track data by special formatization to seem and to feel like effective POS.For example, encrypting and command process is embedded among the embodiment in the head, head is exported command information as track II data to terminal.Be encapsulated as among the embodiment of regular trading data in data, the POS device can not recognize that the order card has been swiped the card and track II data are considered as conventional transaction with credit.
[0334] in one embodiment, thereby system can be implemented for the utility command card, and the user can carry out on the POS device and handle the desired standard step of credit card trade.For example, the user can brush the order card rather than credit card comes the transaction of starting command card.In case the transaction of order card is activated, then transaction is routed to secure transaction module (for example at gateway or trading processing entity place).Secure transaction module data decryption and to discern described transaction be the request of order card.As mentioned above, in one embodiment, this BIN scope of using by verification is finished.In one embodiment, the order card can be configured to use predetermined available BIN or BIN scope.
[0335] the order cartoon cross secure transaction module processed after, in one embodiment, the code that is produced is returned to gateway, informs that the gateway commands card is just processed.In one embodiment, the route of will concluding the business after the gateway turns back to the have DECLINE message terminal of (those command responses of for example summarizing above).Equally, because the coded representation order card that is produced that is received by gateway, so in one embodiment, transaction is not routed to processor and is used for authorizing, but turns back to terminal.
[0336] in one embodiment, though other unit also is possible, below be the tabulation that can when successful identification order card, be provided to the possible display unit of terminal user.Following example comprises that order is to start the example of encrypting, stopping to encrypt or being provided with new encryption key.
RESULT (result)
DECLINE-TOGGLE ON (startup)
DECLINE-TOGGLE OFF (stopping)
DECLINE-SET NEW KEYS (new key is set)
[0337] in one embodiment, to be used to the reason of order card be that vast majority of conventional POS software application is mounted to criticize clearing to DELINE message.Therefore, thus DECLINE message is sent to the POS device makes POS use not memory command transaction in daily batch file.
[0338] handle in order to further specify the order token, consideration can carry out in three functions one of an illustrative embodiments of order card: start, stop and new key is set.Further consider an example, wherein be coded in " stopping " and order the ciphered data on the track (for example, track 3) of card to be:
+0000110064462346304640551309041215709160782147077081
3324442325529605762952169858225050?
Notice in one embodiment that [0339] data can be encoded as j...., but pronounce+..., as the means of distinguishing track data.
[0340] this order of data acquisition arrangement process and format the typical track II data that described data are found on the credit card with imitation.Data acquisition facility stops to encrypt and generating effective track II data afterwards to the POS device.Below be the example of the encryption track II data of generation, it is:
;5151111894206706=18109007592857178221?
[0341] in one embodiment, for example in the embodiment that uses sequence number, each data acquisition facility generates track II data, and it all is unique numbers.Secure transaction module is configured to store the uni-directional hash of this track II data in one embodiment.By above track II example, track data deciphered for:
;5151110302000206=06101015678901234560?
[0342] by checking the key element of track data, secure transaction module is discerned this order to be the TOGGLE OFF (stopping) of specific BIN scope and to remove the key that is used for this specific POS device afterwards.
[0343] result is sent out back gateway and the object code returned tells gateway to return decline, together with the deciphering that is provided by secure transaction module.Show after this terminal that DECLINE-TOGGLE OFF and order block processing and finish now.
[0344] consider another example, wherein the order card is configured to fill order so that new key to be set.In this example, swiping the card of order card generates the track II enciphered data of the uniqueness with particular B IN number.In one embodiment, SET NEW KEYS order can be configured to generate new terminal key when each brush order blocks.This can be used to eliminate to having the needs of many SET NEW KEYS order cards.Continue this example, the user is treated to conventional credit card trade with SET NEWKEYS order card.The user can import trading volume and be sent to gateway to allow transaction.Once more, because in the present embodiment, decline will be received by the POS device, so trading volume is incoherent.
[0345] encrypting module at data acquisition facility place can be configured to use different secret key encryption track datas based on a plurality of factors.Such factor is the BIN scope.In other words, different BIN scopes can be established to use different encryption keys.For example, VISA credit card (VISA) transaction (bin with 400000-499999 scope) can be established using a key set, and Master Card transaction (bin with 500000-599999 scope) can be established to use complete different key set.Similarly, for example comprise new key more, revise cryptographic algorithm, start the command functions of encrypting or stopping functions such as encrypting and can be performed subclass to be used for all transaction or only to be used to conclude the business.For example, BIN here or BIN scope also can be used to set up the application of given order.Therefore, for example, the card publisher can issue the order card of the token setting that is used for himself.
[0346] in addition, this method can be configured to give the flexibility of trader, gateway or a plurality of different types of transaction of processor operations.For example the trader can have loyalty card, stored value card or be routed to different gateways or the credit card of the different shop distribution of inter-process and issued by banks card.The encrypted feature that this function allows management to select different Card Types how to use (or whether it uses) data acquisition facility to use.
[0347] in one embodiment, the signature that is associated with order card (or other order tokens) is used in and allows verification command card before the order transaction.For example, under the situation of magnetic stripe card, the SECURESTRIPE signature can be used for differentiating described card.Other signature technologies except that SECURESTRIPE can be used for the authenticity of verification command card and the appropriate use of order card.Other information can be used for verifying the use of real order token.For example, under the situation of card at given trader, signature can be used to discern the card that belongs to this trader, and the trader ID in the data flow is used to guarantee that the order card is used by the trader who has discerned.Similarly, specific key or other character strings can be inserted in the order token to realize the function of similar signature, guarantee that the order card will only use by the trader of appointment or in the mode of appointment.As have as described in this example of trader ID, other data item can be used to the use of distinguishing order token, comprise PIN or other codes, the biometric data etc. of the head or the sequence number of other data acquisition element, serial number, positional information, time stamp, user's input.
[0348] can implement a plurality of order algorithms.The several exemplary algorithm is described now.After reading this specification, the those of ordinary skill in this area will know how other algorithms are implemented.
[0349] in one embodiment, can provide the command decode algorithm.Determine under the received situation of order token data collection that at processor processor can the disposable CTR of generation as described below (counter mode) TDES stream cipher encrypting piece Ki:
(a) structure Ka is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) divided by 2 PVV from track data
(ii) fill all the other zones (0x30) with ' 0 '.
(b) retrieval is used for the domain key (DMK) and the order key (CMK) of given bin value.
(c) encrypt Ka with DMK, obtain piece Kb
(d) with CMK deciphering Kb, obtain piece Kc
(e) encrypt Kc with DMK, obtain piece Kd
(f) 64 piece Kd are expanded to the decimal value of 20 numerals, obtain piece Ke
(g) remove leftmost numeral, obtain the stream cipher encrypting piece Ki of 19 numerals
The data and the Ki of track 2 from left to right can be made up as described below after the described algorithm:
(a) use mould 10 additions, with Ki numeral and the digital addition of PAN except that first 6 bit digital and mould 10 check digits.Use the Ki numeral from the Far Left adjoining land.
(b) use mould 10 additions, with Ki numeral and the digital addition that follows the expiration day closely except that PVV.Use the Ki numeral from the Far Left adjoining land.
[0350] command string can deduct mould 10 in month expiration day, expiration year (be used for following expansion), card PAN and checks character and follow whole card data of expiration day closely and be configured until the end mark by from left to right connecting.MSR command process algorithm is selected based on the expiration Month And Year.
[0351], can provide to change the terminal key algorithm as another example.In this example, generate new key.In this example, the first step is to generate new random key.This can followingly carry out:
(a) structure Ka is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) be used for the MSC of selecteed BIN
The nuance of the average information of (ii) swiping the card for the last time
(iii) system clock cycle counter
(b) encrypt Ka with BIN domain key DMK, obtain piece Kb
(c) with BIN terminal key TMK deciphering Kb, obtain piece Kc
(d) with OEM secret key encryption Kc, obtain piece Kd
[0352] next, algorithm can expand to 64 piece Kd the decimal value of 20 numerals, obtains piece Ke.The 20th numeral (0 or 1) is added among the current MKC*2 and the result who is produced places output card data PVV field.Leftmost numeral is removed, and obtains the stream cipher encrypting piece Ki of 19 numerals.It is the decimal value of 20 numerals that 64 terminal keys are expanded, thereby obtains piece Ke in the past.The MSR data flow is configured to comprise:
(a) start mark
(b) input data 6BIN numeral
(c) from leftmost 11 numerals of Ke
(d) the input data expiration day
(e) from ensuing 3 numerals of Ke
(f) from 5 digital PVV of above 6 numerals
(g) all the other numerals among the Ke
(h) CRC of whole aforementioned numerals
(i) end mark
[0353] disposable CTR (counter mode) TDES stream cipher encrypting piece Ki is by following generation:
(a) structure KA is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) MSR key counter (MKC)
(ii) freely select data (DD) to fill all the other zones until blocking the LRC character of data and comprise this LRC character from order with the card publisher.
(iii) fill all the other zones arbitrarily, (0x30) with ' 0 '.
(b) select key set from BIN mask key form * *
(c) encrypt Ka with DMK, obtain piece Kb
(d) with TMK deciphering Kb, obtain piece Kc
(e) encrypt Kc with DMK, obtain piece Kd
(f) 64 piece Kd are expanded to the decimal value of 20 numerals, obtain piece Ke
(g) remove leftmost numeral, obtain the stream cipher encrypting piece Ki of 19 numerals
Kd is saved and is new terminal key (TMK), and track 2 data as described below from left to right with the Ki combination:
(a) use mould 10 additions, with Ki numeral and the PAN addition except that first 6 bit digital and mould 10 check digits.Use the Ki bit digital continuously from Far Left.
(b) use mould 12 additions, the moon and the addition of next Ki bit digital will expire
(c) use mould 100 additions, year and the addition of next Ki bit digital will expire
(d) use mould 10 additions, with three Ki bit digital and the additions of three service code numerals afterwards.
[0354] new mould 10 is checked character and is generated data to be used for having revised, and joins in the new check digit (mould 10) and be placed in track 2 data 5.New key is exported with old secret key encryption when swiping the card.
[0355] example processor command request algorithm can be carried out now as described.Be confirmed as under the situation of order card at card, algorithm generates disposable CTR (counter mode) TDES stream cipher encrypting piece Ki as follows:
(a) structure KA is promptly by from left to right connecting 64 bit strings that following item constitutes
(i) divided by 2 PVV, from the MKC of reader from track data
(ii) fill all the other zones (0x30) with ' 0 '.
(b) be given bin value retrieval domain key (DMK) and order key (TCK).
(c) new MSC is compared with the value of last storage
(i) if new MSC greater than the value of old MSC, then preserves this new value.
If (ii) new MSC is not more than old MSC mark, then duplicate transaction errors.
(d) encrypt Ka with UDKA, obtain piece Kb
(e) with TCK deciphering Kb, obtain piece Kc
(f) encrypt Kc with UDKA, obtain piece Kd
(g) 64 piece Kd are expanded to the decimal value of 20 numerals, obtain piece Ke
(h) remove leftmost numeral, stream cipher encrypting piece Ki track 2 data that obtain 19 numerals as follows from left to right with the Ki combination:
(a) use mould 10 subtractions, the Ki bit digital is added among the PAN except that first six bit digital and mould 10 check digits.Use the Ki numeral continuously from Far Left.
(b) use mould 10 subtractions, from three Ki numerals afterwards, deduct three service code numerals.
(c) use mould 10 subtractions, from the card data input stream, deduct all remaining Ki numerals.
[0356] is effective order request check (CRC), and if have a mistake, then wrong indicated and program withdraws from.Expiration day is processed by the check command type and the order of being asked.
[0357] as last example, the key of illustrated example changes the order algorithm now.Be verified in case key changes the validity of command request, then this algorithm connects bunchiness KIN with following 20 bit digital, from left to right is:
(a) the 7th bit digital of mould 10 check digits, (8 bit digital)
(b) three service code numerals
(c) follow nine numerals of PVV closely
[0358] this algorithm is stored as new terminal key TMK with the binary data of 8 bytes among the KIN boil down to piece Kn, and the trade confirmation of finishing is arrived terminal.
Some exemplary command have been described [0359].In one embodiment, the order token is implemented as and has and non-order token similar data form.For example, in the bank card environment, the order card may be implemented as has the similar data form.Among the embodiment in this example, except code year expiration day is 80, order card data format is very similar to standard card.In such an embodiment, can be used to represent the order selected the month of expiration day.For example, if the mould 10-5 of card by and order year and month table be shown with and go all out to do one's duty regardless of personal danger order, then data acquisition facility will be carried out institute's requested operation.
Some exemplary command codes are provided [0360].Order 01/80-05/80 can be finished by the terminal that is free of attachment to network.MSR state LED can be used to represent successful command operation.In one embodiment, order 06/80 can onlinely be finished or finish with the simulator of the new key that will transmit and preserve.Terminal key can have the key usage counter, for example has 0-49,999 scope.After described key can be configured to make and reach maximum count, counter went back to.In order to protect terminal key not to be damaged, described terminal key can periodic variation.For example, use key in specific bin scope, to swipe the card at least once for every 50K time.Other considerations can require more frequent key updating.
01/80 manufacturer changes/is provided with the OEM domain key
Order is encrypted to make the quotient field and terminal key
OEM territory and terminal key all are set up/upgrade with 64 keys
02/80OEM changes/is provided with the OEM terminal key
Order is encrypted with OEM territory and terminal key
The OEM domain key is set up/upgrades
The OEM territory can be set to different clients with the selecteed aspect of control MSR with terminal key
03/80OEM changes/is provided with BIN scope domain key
Order is encrypted with OEM territory and terminal key
Selected BIN scope territory, terminal and order are configured to import key
OEM will use this card to be specific consumers initialization MSR usually
04/80 distribution changes/is provided with BIN scope domain key
Order is encrypted with order of BIN scope and the terminal key selected
Safety distribution supplier will use this card a plurality of terminals to be set to accept identical domain key usually
05/80 distributes the order key that changes/be provided with the BIN scope
Order is encrypted with BIN scope domain key and the terminal key selected
Safety distribution supplier will use this card a plurality of terminals to be set to accept identical order key usually
06/80 changes/is provided with the terminal key of BIN scope
Order is with the domain key and the order secret key encryption of the BIN scope of selection.
Safety distribution supplier or Service Technicians will use this card to produce the terminal key that terminal generates and encrypts usually.
[0361] the certain operations situation is described now further to emphasize the feature and advantage of the foregoing description.The application that the present invention as herein described and a plurality of embodiment thereof are not limited to discuss in these cases.These situations are included to the expository material that provides extra.
[0362] in an embodiment of data acquisition facility, the ASIC of customization is provided to carry out the function of the head amplifier with integrated accurate peak detector and with the function of the microcontroller and the encrypting module of output decoder.ASIC can combine with conventional processors, and for example SiliconLabs C8051F330 processor is installed to size and is roughly on the printed circuit board of magnetic head back size.Interface cable can be attached to printed circuit board and be installed in assembly in the husk of magnetic head.Can be after the described head with the epoxy resin can, thus safety curtain provided to environmental interference.
[0363] for example a small amount of reaction material such as potassium can place module before can, thereby if the unit is split moving, then reaction material is exposed and causes destroying the reaction of sensitiveness circuit unit.In addition, can place on the printed circuit board can be destroyed to avoid the built-in function of addressed location between the final erecting stage of product to allow programming to microcontroller to be connected with debugging for fuse.
[0364] can be configured to being coded in the F2F data decode on the card and using algorithm be to comprise in a plurality of reference formats of the general or custom formats of ISO 7811, AAMVA, JIS, CDL, initial data and other any one with the F2F data decode to microcontroller.Track data after the conversion can be encrypted then, for example uses two 64 keys in the flash memory that is stored in controller before.Data can be compressed and with a kind of output in the multiple form.
[0365] data output format can use an interface connector to select pin to select through the Rx data pin by sending order.Can comprise for example I2C, SPI, NRZ, USB and TTL clock and data by selecteed described interface format.The additional formats that can be supported comprises that output has the form of enciphered data of F2F form, and described F2F form is with identical at the form that is coded on the card with the output compatible signal level of magnetic head place.This embodiment can be used to allow conventional equipment head module safe in utilization and not change terminal hardware, software or firmware (for example, except head).In addition, the security header module can be subjected to order via interface connector Rx data wire or by the clamping of using specific formatization, and described card is swiped the card with fill order.Can support another additional formats, it supports RF communication, for example bluetooth via multiple standards.Data can be converted into appropriate format and send to the RF transceiver of head module inside or be connected to head module by the interface connector cable.
[0366] these technology can be implemented to allow the command operation in a plurality of application, comprise for example WAP (WAP (wireless application protocol)) and java or the application of pocket PC thin client.Except described card reader function, described unit can provide general day digital I/O pin at the interface connector place.These pins can be controlled by customized application, for example those customized application that provide in its product by the OEM integration module.These pins do not have these options together with increasing the customized application firmware to the function that the ability permission in the head module increases, and the function of increase just requires extra processor and circuit.This example is at serial ports RS232 independently in the magnetic stripe reader.The interface pin that increases can be used for state of a control indicating device and control RS232 output driver.In addition, customized firmware can be increased with the information of output supplier associating and support custom formats, and for example those use in meeting to follow the tracks of attendant's customized firmware.
[0367] in one embodiment, gateway receives transaction request from the multiple arrangement of application encipher module.In an embodiment of the example of bank card business dealing, transaction data can comprise the deriving means sequence number, and it follows three pieces that comprise the enciphered data that track 2 data of swiping the card stab together with time stamp or Transaction Identification Number.The second optional data piece can be comprised and can be comprised control information, in order to the optional application operating of enhancement service device, for example blocks authenticity verification, distribution trader and command request, for example changes key request.Three optional pure words characters can be used to represent the beginning of sequence number, the beginning of optional encryption data block and the end of transaction piece.Various pure words characters can also be used to represent various Encryption Options, the selection between for example a plurality of encryption keys and the form.
[0368] in the sizable application of transmission speed (for example using at WAP), the transaction data form can be adjusted to the multiple that length is three characters.The whole transaction data that comprise sequence number, ciphered data piece and plain text field can be used as binary data and are sent out.Like this, 40 digital track 2 data blocks can be compressed to 20 bytes from 40 bytes on length.8 numeric sequence number can be compressed to 3 bytes on length.The binary data of this conversion can be converted into and the form that is used for effective keyboard simulation compatibility of selected device.For example, in having the mobile phone that can use WAP of external keyboard support, the binary data of 3 bytes can be converted into 4 main small letter ascii characters.Use this technology, transaction data can be sent out rather than desired 68 characters when data are not compressed with 38 characters.
[0369] among another embodiment in the example of bank card business dealing, transaction data can comprise terminal or data acquisition facility sequence number, and it follows three pieces that comprise the 3DES enciphered data that track 2 data of swiping the card stab together with time stamp or Transaction Identification Number.The signature that second data block can comprise swipe the card (encrypt or do not encrypt) with the optional application operating of enhancement service device, for example blocks authenticity verification, distribution trader and command request together with control information (encrypt or do not encrypt), for example changes key request.Three optional pure words characters can be used to represent the beginning of sequence number, the beginning of optional encryption data block and the end of transaction piece.Various pure words characters can also be represented various Encryption Options, the selection between for example a plurality of encryption keys and the form.
[0370] gateway can the access security database, this safety database comprise be used for all readers the key that is allowed to visit gateway together with the information of finishing transaction, the telephone number of internet url or the transaction processing server that uses by this reader for example.In addition, gateway can accessing database, and this database comprises effective and safe bar TM signature and identifies decruption key.In one embodiment, the reader sequence number that sends with plain text as the part of transaction be used to visit be used for reader track signaling block key together with the information of finishing transaction, the telephone number of internet url or the transaction processing server that uses by this reader for example.Selected key can be used for the decode signature data together with the hash-code that is generated by the security module from the card data account.The hashed value that generates from the card data can be used for safety bar database indexed and sign with index card.Compare with the trading signature of deciphering after the database signature and based on this comparison, transaction is sent to processing bank or the message represented and is sent out back the card holder in signature database, the authenticity of this card holder requests verification card, can to be card by brush once more get or the form of amount of imports external information in this checking, and extraneous information is for example for being sent to the processing bank that uses reference format or the bill postcode in unaccepted place in transaction.
[0371] in another preferred embodiment in the example of bank card business dealing, transaction data can comprise the MSR sequence number of following encrypted data chunk thereafter, and this encrypted data chunk comprises the trace information of being swiped the card and stabs and the GPS position together with time stamp or Transaction Identification Number.Second data block can comprise the signature of being swiped the card together with the optional application operating of control information with the enhancement service device, for example blocks authenticity verification, distribution trader and for example changes the command request of key request.Three optional pure words characters can be used for beginning, the beginning of optional encryption data block and the end of transaction piece of flag sequence number.
[0372] various pure words characters can also be represented various Encryption Options, the selection between for example a plurality of encryption keys and the form.This gateway can be visited two databases, and one comprises secure data deriving means module controls piece key and second and comprises effective signature (for example SECURESTRIPE signature).Part as transaction can be used to visit the key that is used for reader TRAJECTORY CONTROL and signaling block with the reader sequence number that plain text sends in one embodiment.Described signature can comprise two parts: a part is that the signature value and the second portion that generate during swiping the card are the hash-code of the same track that generates during swiping the card 2 card data.Hashed value is used to safety bar database indexed and signs with index card.Like this, it is available on security server not block data.Compare with the trading signature of the deciphering that generates card reliability index after the database signature, described index is sent to handles bank as extraneous information.
[0373] bank also receives the card data of the encryption of unique Transaction Identification Number that can comprise exchange hour, transaction location and security module.By these extraneous informations, bank can accept or transaction that refusal is asked before the authenticity of concluding the business more accurately determine.
[0374] as used herein, term " " when referring to certain project or " one " are not limited to require one and only require one with reference to project, unless and context stipulates clearly, otherwise various embodiment can comprise extra reference project (or interchangeable project).As used herein, term " module " and " control logic " are used to illustrate can be according to the given functional unit of one or more embodiment execution according to the present invention.As used herein, module or control logic can use hardware, circuit, treatment system, software (comprising firmware) or its combination of arbitrary form to implement.When implementing, various control logic pieces as herein described or module may be implemented as that discrete assembly or described function and feature can be among one or more modules and control logic project partly or entirely in share.Similarly, though given project can be described to module, this project itself can comprise the various modules of carry out desired function.After reading this specification, the those of ordinary skill in this area will know that various feature as herein described and function can implement in any given application, can be embodied in one or more separation or sharing module or the logic, with various combination and arrangement.
[0375] use whole or in part under the situation of software implementation in feature of the present invention, in one embodiment, these elements can use computing system to implement, and described computing system can be realized about function as herein described.A kind of such exemplary computer system is presented among Figure 40.Various embodiment describe according to this exemplary computer system 900.After reading this specification, the technical staff in the association area will know how to use other computing systems or framework to implement the present invention.
[0376] with reference now to Figure 40, computing system 900 can typical example such as desktop PC, laptop computer and notebook, hand-held computing device (PDA, mobile phone, palmtop computer etc.), large-scale computer, supercomputer or server or may given application or the calculation element of the special-purpose or general purpose of environment expectation or any other types of being fit to.Computing system 900 can comprise one or more processors, and for example processor 904.Processor 904 can use the processing engine of universal or special purpose to implement, for example microprocessor, controller or other control logics.In the example shown in Figure 40, processor 904 is connected to bus 902 or other communication medias.
[0377] computing system 900 can also comprise main storage 908, is preferably random-access memory (ram) or other dynamic memories and treats information and the instruction carried out by processor 904 with storage.Main storage 908 can also be used to be stored in execution by temporary variable or other average informations between the order period of processor 904 execution.Computing system 900 can comprise read-only memory (" ROM ") similarly or be coupled to other static memories that bus 902 is used to processor 904 storage static informations and instruction.
[0378] computing system 900 can also comprise information storage mechanism 910, and it can comprise for example media drive 912 and removable memory interface 920.Media drive 912 can comprise other mechanisms of driver or support fixation or removable storage medium.For example, hard disk drive, floppy disk, tape drive, CD drive, CD or DVD driver (R or RW) or other removable or fixing media drives.Storage medium 918 can comprise for example hard disk, floppy disk, tape, CD, CD or DVD or read or write by media drive 914 other fix or removable media.As described in these examples, storage medium 918 can comprise having the storage medium that the certain computer software that is stored in wherein or data computing machine can be used.
[0379] in the embodiment that replaces, information storage mechanism 910 can comprise that other similar facilities are loaded in the computing system 900 to allow computer program or other instructions or data.This facility can comprise for example removable memory cell 922 and interface 920.This example can comprise programming box and pod interface, removable memory (for example flash memory or other removable memory modules) and accumulator groove, and other removable memory cell 922 and allow software and data to be delivered to the interface 920 of computing system 900 from removable memory cell 918.
[0380] computing system 900 can also comprise communication interface 924.Communication interface 924 can be used to allow software and data to transmit between computing system 900 and external device (ED).The example of communication interface 924 can comprise modulator-demodulator, network interface (for example Ethernet or other NIC cards), communication port (for example USB port), PCMCIA groove and card etc.The form that software that transmits via communication port 924 and data have signal, this signal can be the signals that electronics, electromagnetism, optics or other can be received by communication interface 924.These signals are provided to communication interface 924 via channel 928.This channel 928 can carrying signal and can be used wireless medium, electric wire or cable, optical fiber or other communication medias to implement.Some examples of channel can comprise telephone wire, portable phone link, RF link, network interface, local area network (LAN) or wide area network and other communication channels.
[0381] in presents, term " computer program medium " and " computer usable medium " are used for usually referring to the media such as signal on for example memory 908, storage device 918, the hard disk that is installed in hard disk drive 912 and the channel 928.These and other various forms of computer usable medium can be related to one or more sequences of carrying one or more instructions and be arrived processor 904 so that carry out.This instruction is commonly referred to as " computer program code " (it can be grouped into computer program form or other groupings), and when being performed, it makes computer system 900 can carry out feature or function of the present invention as herein described.
[0382] use among the embodiment of software implementation at element, software can be stored in the computer program medium and use removable memory driver 914, hard drives 912 or communication interface 924 to be loaded in the computer system 900.When computer program logic (in this example, software instruction or computer program code) was carried out by processor 904, it made processor 904 carry out function of the present invention as herein described.
[0383] though above various embodiment of the present invention has been described, should be appreciated that it only is presented by the mode of example, and not as restriction.Similarly, various diagrams can be described and be used for exemplary architecture configuration of the present invention or other configurations, make these accompanying drawings in order to help to understand the feature and the function that can comprise in the present invention.The present invention is not restricted to illustrated exemplary architecture or configuration, but the feature of expectation can use the framework of multiple replacement and configuration to implement.In fact, those skilled in the art will know function, the logic OR physical segmentation how can implement to replace and be configured to the feature that realizes that the present invention expects.Equally, a plurality of different composition module title except that these titles described herein can be provided to different partages.In addition, about flow chart, the order of operating instruction and claim to a method, the step that presents herein, unless context point out, do not carry out described function otherwise should not require various embodiment to be embodied as with same order.
[0384] though above various exemplary embodiments of foundation of the present invention and execution mode describe, but should be appreciated that the various features that in one or more independently embodiment, illustrate, aspect and function be not restricted to and be applied in the specific embodiment that is illustrated, but can be independently or with some applied in any combination to one or more other embodiment of the present invention, the part that whether these embodiment are illustrated and no matter whether these features are rendered as described embodiment no matter.Therefore, width of the present invention and scope should be by any above-mentioned exemplary embodiment restrictions.
[0385] unless stated otherwise, otherwise term that uses in the presents and vocabulary and variation thereof should be interpreted as open rather than restrictive.As described above in the example: term " comprises " being pronounced and means " comprise, be not limited to " or similar meaning; Term " example " is used to provide the illustrative example of the project of discussion, rather than its proprietary or restricted tabulation; And the adjective for example term of " conventional ", " traditional ", " common ", " standard ", " known " and similar meaning should not be interpreted as described project is restricted to interim or the project that can use preset time when given, but should be contained that the present or following random time can obtain by pronouncing or known routine, traditional, common or standard techniques.Similarly, relate to the place of the clear or known technology of the those of ordinary skill in this area at presents, this technology contains the clear or known technology of the present or following random time technical staff.
[0386] unless specifically stated otherwise, otherwise with conjunction " with " one group of project being connected should do not pronounced each that require in these projects and all be presented in the group, but should be pronounced " and/or ".Similarly, unless specifically stated otherwise, otherwise with conjunction " or " one group of project connecting should do not pronounced the mutual repulsion in the requirement group, but should be pronounced equally " and/or ".In addition, though project of the present invention, element or assembly can be illustrated or require to single, a plurality of also being expected in the scope of the present invention among them is unless that explicit state is restricted to is single.
[0387] existence of wide in range word such as for example " one or more ", " at least ", " but not being restricted to " or other similar vocabulary in some instances and vocabulary should not pronounced and be meant under the situation that does not have these wide in range vocabulary, intention or require narrower situation.The description of the frame in the use of term " module " and terms such as " devices " or the diagram does not hint that described or desired assembly or function as this project part are configured in the common encapsulation entirely.In fact, no matter arbitrary or whole various assemblies of project are control logic or other assemblies, all can be combined in the single encapsulation or keep and can be further across a plurality of position distribution with being separated.Similarly, a plurality of projects can be incorporated in single encapsulation or the position.
[0388] in addition, the various embodiment of this paper proposition describe according to block diagram, flow chart and other explanations.After reading presents, the those of ordinary skill in this area will know that exemplary embodiment and various interchangeable embodiment thereof can be implemented under the situation that is not limited to illustrative examples.For example, block diagram and appended explanation thereof should not be interpreted as requiring specific framework or configuration.

Claims (40)

1. method that is used for debit card transactions comprises:
Reception is used for the PIN information of the encryption of debit card transactions, and wherein said PIN information uses the debit card information of encrypting to encrypt;
Use the debit card information of the encryption of described debit card to decipher described PIN information;
Use the debit card information of the reality of described debit card to encrypt described PIN once more; And
Pass on and be used for the PIN of encrypting once more that subsequent transaction is handled.
2. method according to claim 1, the debit card information of wherein said encryption comprises the primary account number of the encryption of described debit card.
3. method according to claim 1, the PIN information of wherein said encryption comprise the personal identification number's code block by the debit card information generation of plain text PIN and described encryption.
4. method according to claim 3, this method further comprise the step of encrypting described personal identification number's code block.
5. method according to claim 1, the PIN of wherein said encryption comprise the personal identification number's code block by the debit card information generation of first PIN of encrypting and described encryption.
6. method according to claim 1, the debit card information of wherein said encryption comprise the primary account number that the part of described debit card is encrypted.
7. method according to claim 1, this method comprise that further the debit card information of deciphering described encryption is to produce the accounts information of described reality.
8. method according to claim 1, wherein said encryption or actual debit card information and described PIN of encrypting are once more passed on together is used for the subsequent transaction processing.
9. method according to claim 1 was wherein carried out PIN information at the gateway place and is lived again before being transferred to transaction processor.
10. method according to claim 1, wherein PIN information is lived again and is carried out in the trading processing network.
11. method according to claim 1, this method further comprises:
At the described debit card information of terminal encryption;
In the described PIN information of described terminal encryption; And
Passing on the debit card information of described encryption and the PIN information of described encryption is used for trading processing; And
The PIN information of the debit card information of wherein said encryption and described encryption is used to use actual accounts information to encrypt described PIN once more before the PIN checking.
12. method according to claim 1, the debit card information of wherein said encryption comprises the primary account number of the encryption of described debit card.
13. method according to claim 1, the PIN information of wherein said encryption comprise the personal identification number's code block by the debit card information generation of plain text PIN and described encryption.
14. method according to claim 13, this method further comprise the step of encrypting described personal identification number's code block.
15. method according to claim 11, wherein personal identification number's code block is lived again and was carried out at the gateway place before being transferred to transaction processor.
16. method according to claim 11, wherein personal identification number's code block is lived again and is carried out in the trading processing network.
17. a method that is used to guarantee to protect token transactions safety comprises:
Reception is used for the password of the encryption of token transactions, and wherein said password uses the token information encryption of encrypting;
Use the described password of encrypting of token decrypts information;
Use actual token information to encrypt described password once more; And
Pass on and be used for the described password of encrypting once more that subsequent transaction is handled.
18. method according to claim 17, the password of wherein said encryption comprise the personal identification number's code block by the token information generation of plain text PIN and described encryption.
19. method according to claim 18, this method further comprise the step of encrypting described personal identification number's code block.
20. method according to claim 17, the password of wherein said encryption comprise the personal identification number's code block by the token information generation of PIN of encrypting and described encryption.
21. method according to claim 17, the token information of wherein said encryption comprises the identifier of the encryption of described token.
22. method according to claim 17, the token information of wherein said encryption comprise the identifier that the part of described token is encrypted.
23. method according to claim 17, wherein said token are the accounts informations that the token information of debit card and wherein said encryption comprises the encryption that is used for described debit card.
24. method according to claim 17, wherein said token are debit card and wherein said password is the PIN that is input for described debit card.
25. a token transactions system comprises:
Deciphering module, it is configured to receive the token information of the token information of encryption and the encryption that deciphering received to produce the token information of deciphering; And
Encrypting module again; it is configured to from the token information of described deciphering module receiving and deciphering and receives password; described password is by the token information protection safety of described encryption, and described encrypting module more further is configured to use the described password of token decrypts information of described encryption and use the token information of described deciphering to regenerate described password.
26. token transactions according to claim 25 system, the password of wherein said encryption comprises personal identification number's code block that the token information by plain text PIN and described encryption generates.
27. token transactions according to claim 26 system, this method further comprises the step of encrypting described personal identification number's code block.
28. token transactions according to claim 25 system, the password of wherein said encryption comprises personal identification number's code block that the token information by PIN of encrypting and described encryption generates.
29. token transactions according to claim 25 system, this system further comprises a plurality of token readers, and described token reader is configured to read token data and encrypts some or all described token data to produce the token data of described encryption.
30. token transactions according to claim 25 system, wherein said deciphering module and encrypting module are coupled to gateway communicatedly, and described gateway is configured to described token information and described PIN information are routed to transaction processor from the token reader.
31. token transactions according to claim 25 system, wherein said deciphering module and encrypting module comprise the combination of hardware, software or hardware and software.
32. a computer program comprises the computer usable medium that wherein comprises computer program logic, described computer program logic is configured to make the computer system processor token transactions, and described computer program logic comprises:
First computer readable program code, its reception is used for the password of the encryption of token transactions, and wherein said password uses the token information encryption of encrypting;
Second computer readable program code, it uses the described password of encrypting of token decrypts information;
The 3rd computer readable program code, it uses actual token information to encrypt described password once more; And
The 4th computer readable program code, it passes on the described password of encrypting once more and is used for subsequent transaction and handles.
33. computer program according to claim 32, the password of wherein said encryption comprise the personal identification number's code block by the token information generation of plain text PIN and described encryption.
34. computer program according to claim 33 further comprises the step of encrypting described personal identification number's code block.
35. computer program according to claim 32, the password of wherein said encryption comprise the personal identification number's code block by the token information generation of PIN of encrypting and described encryption.
36. computer program according to claim 32, the token information of wherein said encryption comprises the identifier of the encryption of described token.
37. computer program according to claim 32, the token information of wherein said encryption comprise the identifier that the part of described token is encrypted.
38. computer program according to claim 32, wherein said token are the accounts informations that the token information of debit card and wherein said encryption comprises the encryption that is used for described debit card.
39. computer program according to claim 32, wherein said token are debit card and wherein said password is the PIN that is input for described debit card.
40. a method that is used for debit card transactions comprises:
Reception is used for the PIN information of the encryption of debit card transactions, and wherein said PIN uses the debit card information of encrypting to encrypt, and
Use is used for the debit card information of the encryption of described debit card and deciphers described PIN information.
CN200880010010A 2007-02-02 2008-02-04 The PIN piece is replaced Pending CN101647220A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US88806607P 2007-02-02 2007-02-02
US60/888,066 2007-02-02
US11/839,698 2007-08-16

Publications (1)

Publication Number Publication Date
CN101647220A true CN101647220A (en) 2010-02-10

Family

ID=41658054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200880010010A Pending CN101647220A (en) 2007-02-02 2008-02-04 The PIN piece is replaced

Country Status (1)

Country Link
CN (1) CN101647220A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102819696A (en) * 2011-10-18 2012-12-12 金蝶软件(中国)有限公司 Method and device for preventing account data from being illegally accessed
CN105027153A (en) * 2014-02-21 2015-11-04 鲁普支付有限公司 Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
CN107005541A (en) * 2014-07-23 2017-08-01 迪堡多富公司 Encrypt PIN receivers
CN107690788A (en) * 2015-03-02 2018-02-13 比约恩·皮尔维茨 Identification and/or Verification System and method
EP3770839A1 (en) * 2012-01-05 2021-01-27 Visa International Service Association Data protection with translation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1185851A (en) * 1995-04-21 1998-06-24 国有花旗银行 Electronic-monetary system
US5809143A (en) * 1995-12-12 1998-09-15 Hughes; Thomas S. Secure keyboard
CN1298159A (en) * 1999-11-26 2001-06-06 祝希娟 Zhonghuatong network card paying system based on Internet

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1185851A (en) * 1995-04-21 1998-06-24 国有花旗银行 Electronic-monetary system
US5809143A (en) * 1995-12-12 1998-09-15 Hughes; Thomas S. Secure keyboard
CN1298159A (en) * 1999-11-26 2001-06-06 祝希娟 Zhonghuatong network card paying system based on Internet

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102819696A (en) * 2011-10-18 2012-12-12 金蝶软件(中国)有限公司 Method and device for preventing account data from being illegally accessed
CN102819696B (en) * 2011-10-18 2015-08-19 金蝶软件(中国)有限公司 Prevent account data by the method for unauthorized access and device
EP3770839A1 (en) * 2012-01-05 2021-01-27 Visa International Service Association Data protection with translation
US11276058B2 (en) 2012-01-05 2022-03-15 Visa International Service Association Data protection with translation
CN105027153A (en) * 2014-02-21 2015-11-04 鲁普支付有限公司 Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
CN105701661A (en) * 2014-02-21 2016-06-22 三星支付有限公司 Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
CN107005541A (en) * 2014-07-23 2017-08-01 迪堡多富公司 Encrypt PIN receivers
CN107690788A (en) * 2015-03-02 2018-02-13 比约恩·皮尔维茨 Identification and/or Verification System and method

Similar Documents

Publication Publication Date Title
CN101563882A (en) System and method for secure transaction
AU2008210306B2 (en) Pin block replacement
US8355982B2 (en) Metrics systems and methods for token transactions
US20070276765A1 (en) Method and system for secured transactions
US10007910B2 (en) System and method for variable length encryption
US6073118A (en) Method for performing secure financial transactions using facsimile transmissions
US20130254117A1 (en) Secured transaction system and method
US20040215963A1 (en) Method and apparatus for transffering or receiving data via the internet securely
US20080288403A1 (en) Pin encryption device security
CN101647220A (en) The PIN piece is replaced
KR102600490B1 (en) An apparatus for providing payment services of a distributed token for encrypted data of payment information to be used only by a specific franchisee and a method for operating it

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20100210