GB2369915A - Public key encryption - Google Patents

Public key encryption Download PDF

Info

Publication number
GB2369915A
GB2369915A GB0109344A GB0109344A GB2369915A GB 2369915 A GB2369915 A GB 2369915A GB 0109344 A GB0109344 A GB 0109344A GB 0109344 A GB0109344 A GB 0109344A GB 2369915 A GB2369915 A GB 2369915A
Authority
GB
United Kingdom
Prior art keywords
code
computer
article
identification code
digital signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0109344A
Other versions
GB0109344D0 (en
Inventor
Benjamin Jefferson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EN SQUARED Ltd
Original Assignee
EN SQUARED Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EN SQUARED Ltd filed Critical EN SQUARED Ltd
Publication of GB0109344D0 publication Critical patent/GB0109344D0/en
Publication of GB2369915A publication Critical patent/GB2369915A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B42BOOKBINDING; ALBUMS; FILES; SPECIAL PRINTED MATTER
    • B42DBOOKS; BOOK COVERS; LOOSE LEAVES; PRINTED MATTER CHARACTERISED BY IDENTIFICATION OR SECURITY FEATURES; PRINTED MATTER OF SPECIAL FORMAT OR STYLE NOT OTHERWISE PROVIDED FOR; DEVICES FOR USE THEREWITH AND NOT OTHERWISE PROVIDED FOR; MOVABLE-STRIP WRITING OR READING APPARATUS
    • B42D25/00Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof
    • B42D25/20Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof characterised by a particular use or purpose
    • B42D25/29Securities; Bank notes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/125Offline card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

A method, data processing system and computer program product for generating a secure code (11) for an article (1) such as cyber money, the secure code (11) serving as a means for verifying the source of or authenticating the article (1). An identification code (10) is generated by a computer and a digital signature is generated using an encryption algorithm with a private key in accordance with public-key encryption techniques. A portion of the digital signature (the secure code (11)) is printed on or otherwise applied to the article (1) together with the identification code (10). The remainder of the digital signature is stored in the computer, also in association with the identification code (10) and in association with a public key partner to the private key used for the encryption. The method comprises storing the identification code in a first computer memory area, the excised portion in a second memory area and the remaining portion together with a public key in a third memory area. In order to authenticate the article (1), the identification code (10) and secure code (11) from the article (1) are input into the computer, the computer uses the identification code (10) to retrieve the remainder of the digital signature and then recombines the secure code (11) therewith so as to reassemble the whole digital signature. The reassembled digital signature is then validated using the encryption algorithm with the public key. The secure code (11) of the present invention may be only 8 to 32 characters in length, as opposed to a string several hundred characters in length as is usual with public-key encryption.

Description

IMPROVEMENTS RELATING TO PUBLIC-KEY ENCRYPTION
The present invention relates to a method of public-key encryption and in particular, but not exclusively, to a method of validating tokens of value or authenticating documents and the like by way of public-key encryption.
Encryption is the process of transforming information so it is unintelligible to anyone but the intended recipient. Decryption is the process of transforming encrypted information so that it is intelligible again. A cryptographic algorithm, also called a cipher, is a mathematical function used for encryption or decryption. In most cases, two related functions are employed, one for encryption and the other for decryption.
With most modem cryptography, the ability to keep encrypted information secret is based not on the cryptographic algorithm, which is widely known, but on a number called a key that must be used with the algorithm to produce an encrypted result or to decrypt previously encrypted information. Decryption with the correct key is simple. Decryption without the correct key is very difficult, and in some cases impossible for all practical purposes.
With symmetric-key encryption, the encryption key can be calculated from the decryption key and vice versa. With most symmetric algorithms, the same key is used for both encryption and decryption.
Implementations of symmetric-key encryption can be highly efficient, so that users do not experience any significant time delay as a result of the encryption and decryption. Symmetric-key encryption also provides a degree of authentication, since information encrypted with one symmetric key cannot be decrypted with any other symmetric key. Thus, as long as the symmetric key is kept secret by the two parties using it to encrypt communications, each party can be sure that it is communicating with the other as long as the decrypted messages continue to make sense.
Symmetric-key encryption is effective only if the symmetric key is kept secret by the two parties involved. If anyone else discovers the key, it affects both confidentiality and authentication. A person with an unauthorized symmetric key not only can decrypt messages sent with that key, but also can encrypt new messages and send them as if they came from one of the two parties who were originally using the key.
Accordingly, an improved method of encryption is often required. Such a method is public-key encryption.
Each party is issued with a public key, which as its name implies is published and available to all parties, and a private key, which is known only to the party to whom it is issued. It is vital for the security of the encryption process that the private key is never made public or revealed to anybody other than the party to whom it is issued.
The public and private keys of each particular party are related to each other by complex mathematical structures in a way that uniquely links one key with the other, but which do not allow the private key to be determined from the public key.
The public key of a given party is used by other parties as the basis for encrypting a message to the given party, while the private key is necessary for the given party to decrypt the message encrypted by the given party's public key. Only the bearer of the private key can decrypt the message. Even the party that encrypted the message using the given party's public key cannot then decrypt the message just encrypted, because that party does not hold the private key.
A given party may also send messages which have been encrypted by that party's private key. Such messages can only be decrypted by other parties using the given party's public key, which means that the source of the messages is guaranteed to the be given party (provided that the private key has been kept secret). In other words, encrypting a message using a private key is in effect a way of uniquely and securely identifying the sender of the message.
This type of encryption is highly effective and simple to use. However, the public and private keys tend to be very long, often in excess of 200 characters, which make them unwieldy for use in situations where they are not electronically stored, say on a computer.
It is possible to use public-key encryption to generate a digital signature, generally a few hundred characters in length, which is derived by passing various attributes of an electronic document through an encryption algorithm, such as PGP (Pretty Good Privacy) or GnuPG (Generic-non-Unix Privacy Guard), in association with a private key. The digital signature can then be appended to or included in the electronic document before this is transferred to a third party. It is to be appreciated that the content of the electronic document remains unencrypted and openly legible-the only change is the addition of the digital signature. Upon receipt of the electronic document and appended digital signature, the third party can then pass the digital signature back through the encryption algorithm in association with the public key corresponding to the aforementioned private key, and the encryption algorithm then serves to provide a verification that the electronic document has indeed emanated from the owner of the private key and has not been tampered with or amended.
According to a first aspect of the present invention, there is provided a method of generating, by way of public-key encryption, a secure code for an article, wherein: i) an identification code for the article is generated by way of a computer, the identification code being stored in a first memory location in the computer; ii) predetermined attributes of the article are passed through an encryption algorithm using a private key so as to generate a digital signature; iii) a predetermined portion of the digital signature is excised therefrom and stored in a second memory location of the computer in association with the
identification code, the predetermined portion of the digital signature being the secure code ; and iv) a remainder of the digital signature, after excision of the predetermined portion thereof, is stored in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
According to a second aspect of the present invention, there is provided a data processing system for generating, by way of public-key encryption, a secure code for an article, the system comprising a computer and: i) means for generating an identification code for the article and storing the identification code being stored in a first memory location in the computer; ii) means for passing predetermined attributes of the article through an encryption algorithm using a private key so as to generate a digital signature; iii) means for excising a predetermined portion of the digital signature and storing this in a second memory location of the computer in association with the identification code, the predetermined portion of the digital signature being the secure code; and iv) means for storing a remainder of the digital signature, after excision of the predetermined portion thereof, in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
According to a third aspect of the present invention, there is provided a computer program product for generating, by way of public-key encryption, a secure code for an article, the computer program product being operable, when installed on a computer, to:
i) generate an identification code for an article and to store the identification code in a first memory location of the computer ; ii) pass predetermined attributes of the article through an encryption algorithm using a private key so as to generate a digital signature; iii) excise a predetermined portion of the digital signature and store the predetermined portion in a second memory location of the computer in association with the identification code, the predetermined portion of the digital signature being the secure code; and iv) store a remainder of the digital signature, after excision of the predetermined portion thereof, in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
The computer program product of the second embodiment of the present invention may be a computer program in any suitable format, including object code, source code or a data storage medium on which the computer program is stored.
The predetermined attributes of the article which are passed through the encryption algorithm will generally include at least the identification code and in most cases will include additional data associated with the article.
The predetermined portion of the digital signature (the secure code) and the identification code can then be applied to an article or downloaded from the computer onto a separate data storage medium for later retrieval and application to an article. The predetermined portion of the digital signature (the secure code) is preferably then deleted from the memory of the computer.
In order later to authenticate the secure code and hence the article to which it is applied. it is necessary to correlate the secure code with the remainder of the digital signature in the computer so as to recreate the complete digital signature. This is done in the computer by using the identification code as a basis for the correlation. The identification code and the secure code will generally be relayed to the computer by a person to whom the article has been issued and who wishes to authenticate the article or its source. This information may be relayed to the computer by any suitable means, including by telephone or possibly by way of a direct electronic communication such as e-mail, short messaging service (SMS) or any other suitable communications protocol.
Clearly, the computer must be configured so that the secure code and the remainder of the digital signature are correctly reassembled. For example, the computer may be configured to take the first n characters of the digital signature as the secure code, and the digital signature can later be reassembled by joining the n-character secure code to the beginning of a string comprising the remainder of the digital signature.
Alternatively, the last n characters of the digital signature may be taken as the secure code, or any n characters of the digital signature, provided that the computer is configured so as correctly to reassemble the complete digital signature when necessary.
When the complete digital signature has been reassembled in the computer, it is validated by passing it back through the encryption algorithm using the public key associated with the private key used to generate the digital signature. The validation process only succeeds if the reassembled digital signature matches the digital signature as originally generated.
A particular advantage of the present invention is that only a portion of the digital signature is issued, for example by way of application to an article, while only the remainder of the digital signature is stored on the computer. In a particularly preferred embodiment, the secure code is 16 characters in length, although more or
fewer characters may be used where appropriate. It is apparent that the longer the secure code, the less likely it is that a person may fraudulently guess the correct sequence of characters. However, longer secure codes are less convenient to relay to the computer for authentication purposes. Accordingly, it is preferred that the secure code be at least 8 characters long and at most 32 characters long.
Because the secure code is not permanently stored in the computer, it is difficult if not impossible for an unauthorised person to access the computer and to obtain the secure code for fraudulent authentication purposes.
In some embodiments, a single private key is used to generate a plurality of different secure codes from different identification codes, thereby generating a batch of secure codes.
It is also preferred that the private key is destroyed or permanently deleted after each secure code or batch of secure codes has been generated by the computer. Once the secure code or batch of secure codes has been generated using the private key, there is no longer any need to retain the private key, since it is only the public key that is required to authenticate the digital signature after its reassembly. Consequently, even if an unauthorised person does breach the security of the computer, it is not possible for that person fraudulently to spoof existing secure codes.
Articles to which the secure codes of the present invention may usefully be applied include electronic articles such as data files and physical articles, such as documents, identity cards, items of merchandise and tokens of value. Indeed, the secure codes may be applied to any article the source or origin of which it is useful to authenticate. Furthermore, the present invention may be used to allow a recipient of an article provided with a secure code to confirm safe receipt of the article. The secure code may be applied to an article in machine-or human-readable indicia, including alphanumeric characters, bar codes or any other indicia which may be printed or otherwise applied to the article. Alternatively, the secure code may be applied in the
form of a machine-readable magnetic strip, a memory chip or other memory device, or any other appropriate form. Where the article is an electronic article such as a data file, the secure code may form part of the data file.
In a particularly preferred embodiment, the secure codes of the present invention are applied to tokens of value which may be used in electronic trading or e-commerce applications. It is well known that people are often reluctant to send credit or debit card details over the Internet in view of the possibility, real or imagined, that these details may be obtained by unauthorised persons and used fraudulently. Furthermore, there are many people who do not have credit or debit cards, particularly children and people on low incomes, who are thereby excluded from electronic trading.
The secure code and the identification code or portion thereof may be printed on the token in human-or machine-readable indicia, or may be stored thereon magnetically, optically or electronically. For example, each token may be provided with a magnetic machine-readable data strip of the type commonly found on credit cards and the like. Alternatively, the secure code and identification code or portion thereof may be stored on the token in a machine-readable optical format, or the token may be provided as a"smart"token including a computer-readable memory.
It is envisaged that the computer generating the secure codes will be located in a secure location, with access thereto being restricted to authorised personnel.
Preferably, the secure codes are generated in batches, each batch comprising, say, up to 100 or up to 1000 or even up to 10,000 secure codes. Each secure code is associated with a unique identification code and generated by an encryption process using a predetermined private key as described above. The remainder of each digital signature (i. e. the portion of the digital signature remaining after the secure code is excised therefrom) is also associated with the appropriate identification code, and first and second sets of data may then be downloaded from the computer onto two separate data storage media, which may be magnetic, optical, electronic or other data storage devices, such as diskettes, magnetic tape, optical disks (e. g. CD-ROM, DVD
and the like) or any other suitable media. The first set of data comprises a set of identification codes correlated with a set of secure codes, and the second set of data comprises a set of identification codes correlated with a set of digital signatures from which the secure codes have been excised, together with the public key corresponding to the private key used to generate the digital signatures. The first set of data may then be used when printing or otherwise generating a set of tokens, each token being provided with the identification code and the secure code, while the second set of data is used by the computer for later authentication of the secure codes.
Tokens of value to which security codes and identification codes have been issued by way of the present invention can be sold to the public through existing retail outlets and the like and be configured to act as virtual or disposable debit cards that can be used over the Internet and the like without the possible security breaches associated with traditional credit and debit cards. After purchase, a token of value must be activated by supplying the secure code and identification code from the token to the token issuer, who will be in possession of the second set of data and a computer.
Once this has been done, an account is set up in the computer for the purchaser of the token, the account containing funds equivalent to a purchase price of the token. Funds from this account may be used to make purchases from third parties, generally by way of the Internet or similar network, with the third party receiving payment from the token issuer provided certain conditions have been met.
Preferably, each token is printed or otherwise provided with at least one and preferably more than one denomination code in human-or machine-readable format. The denomination codes denote different monetary values. For example, a token with a face value of f50 may have denomination codes for values of f50, f40, f30, JE25, fl5, flO, f5 and fl, preferably with more than one denomination code for the lower denominations, thereby allowing the denomination codes to be combined so as to add up to any monetary value up to the face value of the token.
It is preferred that the denomination codes are token-specific, that is to say that the denomination codes are correlated with monetary values in a way that is specific to each different token or batch of tokens. For example, the denomination codes may be encrypted using the private key for the token or batch of tokens, or may be generated in a pseudorandom manner for each token or batch of tokens, but with a record of the monetary value of each denomination code being associated with the token identification code during manufacture. In a currently preferred embodiment, the denomination codes are in the form of short alphanumeric strings, typically four characters in length.
When a person buys a token from a retailer or other source, that person must first register the purchase of the token with the token issuer. This may be done by accessing a computer operated by the token issuer and containing the token identification codes and the remainders of the digital signatures together with the public key used in the encryption process. Access to this computer may be by way of the Internet or World-Wide Web in a manner which is well known. For example, the person may log on to a website operated by the token issuer and provide, in response to a prompt, the identification code and secure code from his or her token. The computer then correlates the identification code provided by the person with a record of identification codes of issued tokens. When a match is found, the computer then recombines the secure code provided by the person with the remainder of the digital token signature associated in the computer with that identification code so as to obtain a complete digital token signature, and then authenticates this digital signature using the appropriate public key. If the digital signature is verified as authentic, then the token is validated and the appropriate account is activated.
Preferably, each token of value has a relatively low face value, say f50 maximum, and is only valid for a predetermined period of time, say 6 months or a year. Because of these limiting factors, it is unlikely that a person would consider it worthwhile to go to the trouble of trying to spoof a token of value by trying to guess a valid combination of secure code and identification code, since this would take a
significant amount of time (possibly decades or more, depending on the length of the secure code). Retailers and the like wishing to offer payment by token as a payment option to their customers will generally provide a website offering items for sale at predetermined prices, together with a link to a website operated by the token issuer. When the person wishes to make a purchase using the token, he or she logs on to the retailer website, makes a purchase selection, and then links to the website operated by the token issuer in order to make a payment. Details identifying the retailer may automatically be provided to the token issuer when linking to the token issuer's website from the retailer's website. At the token issuer's website, the person is prompted to provide the token identification code together with an appropriate denomination code or codes, and the token issuer can then transfer the appropriate funds to the retailer who can then despatch the items purchased to the person.
Alternatively, the retailer may collect token identification codes and denomination codes directly from the person by way of the retailer's website, and then pass this information on to the token issuer for verification and transfer of funds.
In order to help prevent fraudulent use of a validated token that has been lost or stolen, each denomination code is preferably associated with an activation code, the activation code being required to release the funds from the account associated with the token. The activation code may be an alphanumeric string which is known only to the person purchasing the token and to the token issuer, in a manner analogous to personal identification numbers (PINs) used in connection with existing credit and debit cards. The activation code may be agreed between the person and the token issuer or automatically assigned when first validating the token.
In order to reduce the likelihood of the activation code becoming known to unauthorised third parties, for example unscrupulous retailers who may use their websites to collect token identification codes, denomination codes and activation
codes ostensibly for transfer to the token issuer for payment only for the selected items but in fact to make multiple deductions from the person's token account, it is preferred that the activation code be disguised. In a currently preferred embodiment. an activation code is assigned to or chosen by a person when first registering purchase of a token with the token issuer, as described above. However, instead of requiring the activation code to be provided to, say, a retailer in an undisguised format, the token may be printed or otherwise provided with mask codes, each mask code being associated with a given denomination code on the token. The mask code may be configured as an alphanumeric string longer than the activation code, and having therein a number of gaps corresponding to the number of characters in the activation code. Preferably, the gaps are not all adjacent, but are dispersed seemingly at random, throughout the mask code. For example, a person's activation code may be :"1 2 3 4", and a mask code associated with a given denomination code may be printed on the token in the format:"8-3 7--9 2-4". When providing details to a retailer, the person does not give his or her activation code alone, but inserts the characters of the activation code in sequence order into the gaps provided in the mask code so as to generate a masked activation code, in this case :"8 1 3 7 2 3 9 2 4 4". The mask code associated with each denomination code on each valid token is known to the token issuer and associated in the computer operated by the token issuer with the token identification codes. In this way, the token issuer can extract the activation code from the masked activation code by removing the known mask code therefrom. It is difficult, however, for an unscrupulous retailer to extract the activation code from the masked activation code, since the retailer does not have access to the mask codes.
It is to be understood that the token identification codes, denomination codes, activation codes and mask codes may all be used as attributes which are passed through the encryption algorithm so as to generate the digital signature.
For a better understanding of the present invention and to show how it may be carried c into effect, reference shall now be mad by way of example to the accompanying drawings, in which: FIGURE 1 shows a token of value in a first configuration for use with the present invention; and FIGURE 2 shows a token of value in a second configuration for use with the present invention.
A token of value 1 is shown in Figure 1 in a configuration in which it is sold to members of the public, for example through a traditional retail outlet such as a shop.
The token has a face value 2 off50, an expiry date 3, and a reference 4 to a website operated by the token issuer. The token also bears a plurality of denomination codes 5 with associated denominations 6, together with fields 7 and 8 respectively for an identification code and a secure code. The fields 7 and 8 are covered by a removable coating 9 in the manner of existing"scratch"cards well known in connection with lottery tickets and the like. The denomination codes 5 and their associated denominations 6 are printed on similar removable coatings 9.
When a person purchases a token 1 from a retail outlet for the face value 2, he or she must then scratch off the coating 9 from the fields 7 and 8 so as to reveal respectively an identification code 10 and a secure code 11, as shown in Figure 2. The person must then log on to the website indicated at 4 and, when prompted, provide the
identification code 10 and the secure code 11.
The secure code 11 is a predetermined portion of a digital signature (not shown) which has been generated by a computer (not shown) operated by an issuer of the token 1. The digital signature is generated using public-key encryption techniques, and is based on the identification code 10 and optional further data associated with the token which has been passed through an encryption algorithm in the computer
using a private key. The computer retains details of the identification code 10 and a remainder of the digital signature after excision therefrom of the secure code 11, ZD together with a public key corresponding to the private key used for the generation the digital signature, but does not retain details of the secure code 11 which is found only on the token 1, nor of the private key, which is destroyed. The computer also retains details of the denomination codes 5 assigned to the token I upon manufacture, their associated denominations 6 and their associated mask codes 12, all of this data being correlated with the identification code 10.
When the person provides the identification code 10 and the secure code 11 to the computer operated by the token issuer, the computer can use the identification code 10 to determine the remainder of the digital signature from which the secure code 11 has been excised, and can thereby reassemble the complete digital signature. The computer then validates the complete digital signature using the public key. If the digital signature is determined to be authentic, then the token 1 is validated, and the person is allocated an account with the token issuer containing funds to the face value 2 of the token 1. At this stage, the person either selects or is assigned a four digit activation code similar to a PIN used in connection with known credit or debit cards. This activation code is known only to the person and to the token issuer. Once the token 1 has been validated, the person is free to log off from the website operated by the token issuer.
To make a purchase from a website operated bye-commerce retailer, the person first selects items for purchase up to the face value 2 of the token, and then informs the retailer, by way of the website, of his or her selection. The person is then prompted to provide the identification code 10 and one or more of the denomination codes 5 so as to reach the value of the items being purchased. Each denomination code 5 is associated with a mask code 12 which is printed on the token 1 underneath the coating 9 upon which the denomination code 5 is printed, and which may be revealed by scratching away the coating 9. The mask code 12 comprises a numerical string having a number of gaps 13 therein, the number of gaps 13 corresponding to the
number of characters of the activation code (in this case, four). When supplying the denomination codes 5 to the retailer, the person is also prompted to supply a masked activation code comprising the mask code 12 into the gaps 13 of which his or her activation code has been inserted in sequence. The retailer then transmits this information to the computer operated by the token issuer. The denomination codes 5 and their associated denominations 6, together with the associated mask codes 12, are all stored on the computer operated by the token issuer so as to allow easy and secure determination of the value to be deducted from the person's account and transferred to the retailer so as to complete the purchase. However, because the retailer does not know the mask codes 12, it is difficult for the retailer fraudulently to determine the activation code. Furthermore, because the retailer does not know which denomination codes 5 are valid for a particular token 1, it is difficult for the retailer to make fraudulent debits from the person's account with the token issuer.
Once the information transmitted by the retailer to the token issuer has been confirmed by the token issuer to be valid, the token issuer confirms electronically to the retailer that funds sufficient to cover the purchase will be transferred from the person's account, and the items purchased can then be despatched by the retailer to the person.
When the person's account is exhausted of funds, then a new token 1 must be purchased and validated so as to add further funds to the account. Alternatively, a new account may be set up when purchasing a new token 1.
Because the tokens 1 may be purchased for cash from existing retail outlets, it is possible for people without debit or credit cards to make electronic purchases over the Internet or World-Wide Web in a manner that is relatively secure. Should a token 1 be stolen or lost, this fact may be reported to the token issuer and that token may be flagged on the computer as no longer valid. Furthermore, the token 1 is of no value without its associated activation code, which is known only to the purchaser of the token 1 and to the token issuer itself.

Claims (24)

CLAIMS :
1. A method of generating, by way of public-key encryption, a secure code for an article, wherein: i) an identification code for the article is generated by way of a computer, the identification code being stored in a first memory location in the computer; ii) predetermined attributes of the article are passed through an encryption algorithm using a private key so as to generate a digital signature; iii) a predetermined portion of the digital signature is excised therefrom and stored in a second memory location of the computer in association with the identification code, the predetermined portion of the digital signature being the secure code; and iv) a remainder of the digital signature, after excision of the predetermined portion thereof, is stored in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
2. A method according to claim 1, wherein the secure code and the identification code are applied to an article.
3. A method according to claim I or 2, wherein the secure code is not retained permanently in the memory of the computer.
4. A method according to any preceding claim, further comprising the steps of : i) inputting to the computer an identification code and a secure code from an article already provided therewith;
ii) correlating the identification code from the article with an identification code stored at the first memory location of the computer ; iii) combining a remainder of an digital signature stored at the third memory location of the computer and associated with the identification code stored at the first memory location of the computer with the secure code from the article so as to form a complete digital signature; and iv) validating the complete digital signature with the encryption algorithm using the public key.
5. A method according to any preceding claim, wherein the article is a data file in computer-readable format.
6. A method according to any one of claims 1 to 4, wherein the article is a physical article.
7. A method according to claim 6, wherein the article is a token of value.
8. A method according to claim 7, wherein the token of value bears the identification code or at least a predetermined portion thereof, the secure code, and at least one denomination code signifying a monetary value, the denomination code also being stored in the computer in association with the identification code, the remainder of the digital signature and the public key.
9. A method according to claim 8, wherein the token of value also bears at least one mask code associated with each denomination code, the mask code being in the form of an alphanumeric string having blank spaces at predetermined positions therein adapted to receive characters from a predetermined activation code which is stored in the computer in association with the identification code.
10. A data processing system for generating, by way of public-key encryption, a secure code for an article, the system comprising a computer and : i) means for generating an identification code for the article and storing the identification code being stored in a first memory location in the computer ; ZD ii) means for passing predetermined attributes of the article through an encryption algorithm using a private key so as to generate a digital signature; iii) means for excising a predetermined portion of the digital signature and storing this in a second memory location of the computer in association with the identification code, the predetermined portion of the digital signature being the secure code; and iv) means for storing a remainder of the digital signature, after excision of the predetermined portion thereof, in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
11. A system as claimed in claim 10, wherein the secure code and the identification code are applied to an article.
12. A system as claimed in claim 10 or 11, wherein the secure code is not retained permanently in the memory of the computer.
13. A system according to any one of claims 10 to 12, further comprising: i) means for inputting to the computer an identification code and a secure code from an article already provided therewith;
ii) means for correlating the identification code from the article with an identification code stored at the first memory location of the computer ; iii) means for combining a remainder of an digital signature stored at the third memory location of the computer and associated with the identification code stored at the first memory location of the computer with the secure code from the article so as to form a complete digital signature; and iv) means for validating the complete digital signature with the encryption algorithm using the public key.
14. A system as claimed in any one of claims 10 to 13, wherein the article is a data file in computer-readable format.
15. A system as claimed in any one of claims 10 to 13, wherein the article is a physical article.
16. A system as claimed in claim 15, wherein the article is a token of value.
17. A system as claimed in claim 16, wherein the token of value bears the identification code or at least a predetermined portion thereof, the secure code, and at least one denomination code signifying a monetary value, the denomination code also being stored in the computer in association with the identification code, the remainder of the digital signature and the public key.
18. A system as claimed in claim 17, wherein the token of value also bears at least one mask code associated with each denomination code, the mask code being in the form of an alphanumeric string having blank spaces at predetermined positions therein adapted to receive characters from a predetermined activation code which is stored in the computer in association with the identification code.
19. A computer program product for generating, by way of public-key encryption, a secure code for an article, the computer program product being operable, when z : l installed on a computer, to: i) generate an identification code for an article and to store the identification code in a first memory location of the computer; ii) pass predetermined attributes of the article through an encryption algorithm using a private key so as to generate a digital signature; iii) excise a predetermined portion of the digital signature and store the predetermined portion in a second memory location of the computer in association with the identification code, the predetermined portion of the digital signature being the secure code; and iv) store a remainder of the digital signature, after excision of the predetermined portion thereof, in a third memory location of the computer in association with the identification code and a public key corresponding to the said private key.
20. A computer program product as claimed in claim 19, wherein the secure code is not retained permanently in the memory of the computer.
21. A computer program product as claimed in claim 19 or 20, further being operable to: i) receive an input comprising an identification code and a secure code from an article already provided therewith; ii) correlate the identification code from the article with an identification code stored at the first memory location of the computer;
iii) combine a remainder of an digital signature stored at the third memory location of the computer and associated with the identification code stored at the first memory location of the computer with the secure code from the article so as to form a complete digital signature; iv) validate the complete digital signature using the encryption algorithm with the public key.
22. A method of generating a secure code for an article, substantially as hereinbefore described.
23. A data processing system for generating a secure code for an article, substantially as hereinbefore described.
24. A computer program product for generating a secure code for an article, substantially as hereinbefore described.
GB0109344A 2000-12-11 2001-04-17 Public key encryption Withdrawn GB2369915A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0030154A GB0030154D0 (en) 2000-12-11 2000-12-11 Improvements relating to public-key encryption

Publications (2)

Publication Number Publication Date
GB0109344D0 GB0109344D0 (en) 2001-05-30
GB2369915A true GB2369915A (en) 2002-06-12

Family

ID=9904835

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0030154A Ceased GB0030154D0 (en) 2000-12-11 2000-12-11 Improvements relating to public-key encryption
GB0109344A Withdrawn GB2369915A (en) 2000-12-11 2001-04-17 Public key encryption

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0030154A Ceased GB0030154D0 (en) 2000-12-11 2000-12-11 Improvements relating to public-key encryption

Country Status (1)

Country Link
GB (2) GB0030154D0 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2435954A (en) * 2006-01-27 2007-09-12 Claricom Ltd Two part security code generation, printing and validation
GB2422935B (en) * 2005-02-03 2009-08-19 Marc Mckenzie Payment means and system
CZ307164B6 (en) * 2015-08-20 2018-02-14 Petr Sobotka The method of transferring digital currency encryption keys based on the procedure for issuing, authenticating and disabling the physical carrier with multifactor authorization and the physical carrier of encryption keys for the digital currency for implementing this method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0266748A2 (en) * 1986-11-05 1988-05-11 International Business Machines Corporation A software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
GB2301919A (en) * 1995-06-05 1996-12-18 Bankers Trust Co Multi-step digital signature method and system
FR2739322A1 (en) * 1995-12-19 1997-04-04 Ittah Aaron Network payment card esp. for Internet payment
WO2000074006A1 (en) * 1999-06-01 2000-12-07 Ic Company System
EP1127593A1 (en) * 2000-02-21 2001-08-29 Jacob Hulleman Voucher as well as method for issuing and collecting the voucher

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0266748A2 (en) * 1986-11-05 1988-05-11 International Business Machines Corporation A software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
GB2301919A (en) * 1995-06-05 1996-12-18 Bankers Trust Co Multi-step digital signature method and system
FR2739322A1 (en) * 1995-12-19 1997-04-04 Ittah Aaron Network payment card esp. for Internet payment
WO2000074006A1 (en) * 1999-06-01 2000-12-07 Ic Company System
EP1127593A1 (en) * 2000-02-21 2001-08-29 Jacob Hulleman Voucher as well as method for issuing and collecting the voucher

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2422935B (en) * 2005-02-03 2009-08-19 Marc Mckenzie Payment means and system
GB2435954A (en) * 2006-01-27 2007-09-12 Claricom Ltd Two part security code generation, printing and validation
GB2435954B (en) * 2006-01-27 2008-03-05 Claricom Ltd Printing method
CZ307164B6 (en) * 2015-08-20 2018-02-14 Petr Sobotka The method of transferring digital currency encryption keys based on the procedure for issuing, authenticating and disabling the physical carrier with multifactor authorization and the physical carrier of encryption keys for the digital currency for implementing this method

Also Published As

Publication number Publication date
GB0109344D0 (en) 2001-05-30
GB0030154D0 (en) 2001-01-24

Similar Documents

Publication Publication Date Title
US7003501B2 (en) Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
JP4739205B2 (en) Method and system for generating dynamic verification values
US20060190412A1 (en) Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US7177835B1 (en) Method and device for generating a single-use financial account number
US6163771A (en) Method and device for generating a single-use financial account number
US7024395B1 (en) Method and system for secure credit card transactions
US7039809B1 (en) Asymmetric encrypted pin
US7818812B2 (en) Article and system for decentralized creation, distribution, verification and transfer of valuable documents
EP1485843A2 (en) System and method for performing secure remote real-time financial transactions over a public communicatons infrastructure with strong authentication
KR102452210B1 (en) Method of managing privacy preserving lottery
US20070033149A1 (en) Secure transaction string
JP2004500671A (en) Improved method and system for making secure payments over a computer network
RU2144695C1 (en) Method for claiming liability for card-related action by client and for accepting the claim by issuer
Yang The security of electronic banking
JP2002117350A (en) Service issuing method, service providing method, and system therefor
GB2369915A (en) Public key encryption
US20030144960A1 (en) Method for online commercial distribution of digital goods through a comminication network and eletronic device for purchasing electronic goods distributed by said method
CN1360265B (en) Portable electronic license device
JP2002304589A (en) Settlement system
Klur What an organization should know about using electronic cash
WO2002065411A2 (en) Method and system for making secure a commercial transaction with a smart card
KR20050113158A (en) The structure of electric-prepaid card which is very secure and for user easy to use and the structure of the system to use the electric-prepaid card and operation method
AU2001255978B2 (en) Secure biometric identification
Caelli et al. Financial and Banking Networks
Shire Advanced mobile security in silicon

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)