Credit Card Security Technique
BACKGROUND OF THE INVENTION 1. Field of the Invention. The present invention relates generally to the execution of remote transactions, and to the secure transmission of identification data over insecure channels. More particularly the invention relates to authentication in monetary transactions and electronic commerce, and in other fields such as cellular telecommunication, electronic document transmission, application service providers, and home banking transactions over public communication networks. 2. Description of the Related Art-
Commerce over open public networks, such as the Internet and telephone lines, especially cellular telephones, is rapidly increasing. Generally, it is desired to use public networks to pass a credit card number from a user who constitutes a first party of a transaction to a service provider who constitutes a second party of the transaction. However, unauthorized users may easily listen to data passed over the open network, and thus gain access to credit card numbers and use them for unauthorized transactions. Furthermore, regular telephone calls and transactions over point to point networks, such as specially established computer connections, are not immune from unauthorized use, especially due to the wide number of service providers who receive credit card numbers from users. It is also known that at the present time merchant credit card databases are notoriously insecure, and prone to hacking attacks.
A most serious problem is the possibility of hackers obtaining access to credit card numbers and personal information stored in merchant databases, and appropriating them for unauthorized transactions or illegal resale. Consequently, the consumer is reluctant to expose his credit number to the Internet. This problem is solved by the present invention, which provides the consumer with a degree of security heretofore unknown, yet preserves the convenience and advantages of electronic commerce. Various encryption methods have been proposed to overcome unauthorized determination and use of the credit card number. In such methods only the user (or a computer of the user) and the credit card provider have access to the rules of encryption and decryption. However, technologies to break encryption schemes are being developed as rapidly as the encryption schemes themselves.
Digital signature schemes are also well known in the art. In a conventional signature scheme, a user has a public code and a secret code. The user sends a digital "signature" which can be easily verified using only the public code, but may be generated efficiently only with knowledge of both the public and secret codes. However, such schemes have been successfully attacked by forgers, using methods such as an adaptively chosen plaintext attack which is described, for example, in U.S. Patent No. 5,016,274 to Micali et al, which is incorporated herein by reference. U.S. Patent No. 5,016,274 suggests a more complex method, which can be performed partially off-line before the message is chosen. However, it is commonly believed that as computer hardware and software develops any code may be successfully attacked. Also, the coding and decoding require large computation resources
PCT publication WO96/34471, which is incorporated herein by reference, suggests using, for identification of credit card users, a unique calling party identification code which is passed from the telephone of a user to a network switch. Such a unique code, referred to as a calling party identifier number (CPIDN), limits the credit card user to performing transactions only from specific telephone numbers.
In U.S. Patent No. 5,991,412 to Wissenburgh et al, a method is proposed for protecting transactions involving a smart card and a terminal, such as a cash register. Security is provided by having the terminal (e.g. a cash register) provide a random number to the smart card. The smart card then responds by generating a first authentication value, which could be an incre- menting counter, and a first authentication code, which may be an encrypted form of the random number combined with the first authentication value, and also combined with the balance sought to be transferred. The terminal supplies a different random number for each subsequent transaction, and the smart card responds with a different authentication value. In a further step, a second authentication code is provided by the terminal to the smart card which is an encrypted version of the smart card's new balance and a second random number, again generated by the terminal.
U.S. Patent No. 5,559,887 to Davis et al. discloses a financial transaction system, adapted to smart cards, in which encrypted certification signals are employed to establish a secure session using any of a plurality of transaction devices, or transaction processors. Among the various devices or processors disclosed in the system are vending machines, collection devices, off-line terminals, and various processors used for internetwork financial settlements. En-
cryption is accomplished using the conventional data encryption standard DES. The smart card, which is typically a stored value card (SNC), stores a unique card identification number, a transaction count, a derived password, and the identification number of the issuing entity or financial institution. Each smart card is provided with a unique set of keys derived from a master set maintained in a separate secure location. These keys are derived by an encryption technique from a set of master keys maintained by a card issuing entity.
Blind signatures are used in smart cards to form a monetary transaction system. Each blind signature represents a specified amount of money and may be used only once. A verification system may verify that a user is entitled to use a specific blind signature and that the blind signature was not used already. However, use of blind signatures is very limiting when it is desired to perform transactions which involve arbitrary sums, as is common with credit cards.
Similar verification systems are used in cellular and wireless phones to prevent unauthorized use of a phone line. For example, the Panasonic KX-TC256BX-W model wireless phone, selects a different one of 65,000 security codes each time the handset of the phone is placed on the base. In order to initiate a call, this code must be transferred from the handset to the base. However, in some cases the users of wireless phones do not place the handset on the base for a few days, providing sufficient time for an unauthorized user to determine the security code and use the phone line.
In cellular communications based on the GSM standard, in order to make a cellular call, a user must insert a dedicated "smart card" into the telephone handset. The card includes a private key number. When a call is initiated, a cellular switching center sends the handset an authentication message, indicating a proprietary algorithm which is used by a processor in the handset together with the private key to return an authentication response to the switching center. Only if the response is correct will the handset be allowed to initiate the call. This method is computationally intensive and is not suitable for all purposes. SUMMARY OF THE INVENTION
It is an object of some aspects of the present invention to provide methods and apparatus for securely performing transactions over public networks.
It is another object of some aspects of the present invention to provide simple methods and apparatus for securely performing remote transactions which do not require complex coding or decoding.
It is another object of some aspects of the present invention to provide methods and apparatus for securely performing remote transactions which are immune to systematic access attacks.
It is another object of some aspects of the present invention to provide methods and ap- paratus for preventing unauthorized users from deriving identification information of a transaction and using the information to perform unauthorized transactions.
It is still another object of some aspects of the present invention to provide methods and apparatus for securely performing monetary and non-monetary transactions, in which an unauthorized person who derives identification information passed from a credit card to a verification station does not have sufficient information to perform unauthorized transactions.
In aspects of the present invention, a first party to a transaction uses a device, referred to herein as a transaction initiator, which is identified by a fixed primary identification number and a varying secondary identification number. An identification center (or centers) receives the primary and secondary verification numbers and verifies that the primary number is valid and that the secondary number is appropriate for a current transaction using the primary number. Optionally the secondary numbers can be stored on other devices such as a CD, or in software that may be loaded into a computer.
In some aspects of the present invention, the transaction initiator comprises a transaction card, such as a credit card or a stored value card, which includes an embedded processor which provides the secondary number for each transaction. The stored value card may use the secondary number in performing purchase transactions and/or to perform reloading transactions.
In other aspects of the present invention, the transaction initiator comprises a cellular or wireless phone, and the secondary number is provided separately for each phone call or number of phone calls. The identification center is accordingly within the base of the wireless phone or within a cellular switching center which provides services to the cellular phone.
In still other aspects of the present invention, the transaction initiator may be used to monitor access to sensitive information, such as, bank accounts, health information, etc.
Preferably, the secondary number is passed from the transaction initiator to the identification center over the telephone, either by dialing appropriate numbers or by voice, over the Internet or other computer connections, facsimile, or any other suitable communication mechanism. In some embodiments the secondary number is passed in an unencrypted format.
In some aspects of the present invention, the secondary number is selected from a look up table (LUT) of values of the secondary number. Preferably, the LUT includes a series of random or pseudo-random numbers which do not allow determination of a next number in the series based on some or even all of the previous numbers in the series. Identical copies of the LUT are kept both in the transaction initiator and in the identification center.
Preferably, the secondary identification number is selected according to a rule based on external data known both to the transaction initiator and the identification center. The external data includes at least some information unrelated to the transaction. Preferably, the rule is entirely unrelated to the details of the transaction, such that the secondary number may be pro- vided before the details of the transaction are known. Alternatively, the rule is partially based on external data related to the transaction, such as the date, time and/or sum of the transaction. In a preferred embodiment of the present invention, the rule is. based on the number of transactions performed using the transaction initiator. Preferably, the secondary identification numbers are retrieved sequentially from the LUT. In some aspects of the present invention, each of the secondary numbers in the LUT may be used only once. When all of the entries in the LUT are exhausted, the transaction initiator is replaced or is refilled with new secondary numbers. Preferably, a display on the transaction initiator notifies the user of the card when the number of secondary numbers remaining therein is below a predetermined value. Alternatively, when all of the entries in the LUT are exhausted, the secondary numbers in the LUT are reused using the same or a different access rule. The LUT in an authentication server may store some keys and algorithms from which a secondary number can be generated. This avoids the storage of actual secondary numbers which could be detected by an unauthorized person, and provides an additional line of defense against hacking of the authentication server. In some aspects of the present invention, both the transaction initiator and the identification center keep track of an entrance key to the LUT. Each time a transaction is performed, the entrance keys are updated according to the rule. Alternatively or additionally, when the identification center is not connected on-line to the parties performing the transaction, the entrance key is updated by the transaction initiator only a few minutes after the transaction is performed in order to allow sufficient time for the identification center to receive notification of the transac-
tion. Preferably, transactions performed during these few minutes use the same secondary number. Alternatively, during these few minutes another transaction may not be initiated.
Alternatively or additionally, the secondary number is determined or changed according to a predetermined function without the use of a LUT. The predetermined function may com- prise a pseudo-random function or any other function which does not allow easy determination of the next secondary number based on a series of previous secondary numbers. Additionally or alternatively, the function is partially dependent on details of the transaction, such as, the date and/or time of the transaction, and/or the monetary sum of the transaction.
An unauthorized user who intercepts the primary and secondary identification numbers cannot use the intercepted data to perform any transactions since the unauthorized user knows only one possible secondary identification number and furthermore does not know the rule which governs the changes of the secondary number.
In some aspects of the present invention, the LUT is implemented by a memory or logic chip, such as a programmable logic array (PLA), which cannot be read by an external reader. Thus, even one who holds the transaction initiator cannot make a copy of the LUT.
In some aspects of the present invention, the transaction initiator includes a display which presents the secondary number, and a switch or button for indicating the completion of a transaction. When a transaction is to be performed the holder of the initiator reads the secondary number from the display and passes it to the other party in the transaction or directly to the identification center. Thereafter, the user presses the button to receive a new secondary number. Alternatively, the user presses the button before the transaction is performed, and only then the secondary number is displayed. Further alternatively, a secret code is necessary to display the secondary number, so that the transaction initiator cannot be used even if an unauthorized user has possession of the transaction initiator. In some aspects of the present invention, a monetary card-reader reads both the primary and secondary numbers and instructs the processor to change the secondary number once the number was read. Preferably, the card-reader is connected to the center to verify the primary and secondary numbers.
In some aspects of the present invention, the card-reader may be coupled to a personal computer in order that a user of the personal computer may easily perform transactions over the
Internet. Alternatively or additionally, the monetary card includes a display window which
shows the secondary number. When a user desires to perform a transaction over the Internet and the identification number of his card is requested, the user types in the primary number of the card and the secondary number from the display window. If the transaction was successful, the user is instructed to notify the card to update the secondary number, for example, by press- ing a button on the card. Alternatively or additionally, the user may be required to sign his signature or give his finger print in order to update the secondary number.
In some aspects of the present invention, each card may have three identification numbers: a card identification number which is generally imprinted on the card, a secret code which is known only to the user and prevents unauthorized use of the card in case it is lost, and the secondary number which changes with each transaction. It is noted that the term "identification number" is used herein in a general way to refer to any type of code.
It is noted that the present invention may be used together with other coding schemes which may be used to code the primary and/or secondary identification numbers.
In some aspects of the present invention, when the identification center encounters an at- tempt to perform a transaction with an incorrect secondary number, the use of the transaction initiator is suspended in order to prevent continuous attacks directed to determine the secondary number. Preferably, the secondary number on which a possible attack was performed may not be used to perform a transaction, and the next secondary number must be used. Preferably, when a suspended transaction initiator requests to perform a transaction, the identification cen- ter requests that it provide the correct secondary number to remove the suspension. Only then may a new transaction be performed using the next secondary number.
According to some aspects of the invention, a virtual credit card number is provided for a first credit card company, suitable for co-branding with a second credit card company. A fixed identifier, such as a specific prefix (4-5 digits) indicates that a credit card is associated with the first credit card company, while the rest of the identifier may contain identifying information and a current secondary number. In this case the virtual credit card is suitable for a one-time transaction.
In some aspects of the invention, credit card transactions can be conducted in a manner that protects merchant databases and consumers by omitting the storage of primary credit card numbers in the merchant databases, instead utilizing one-time secondary identification numbers.
The invention provides a method of performing a remote transaction, which is performed by initiating a first communication link between a first party and a second party. The first party has a fixed primary identification. At the first party, a variable secondary identification is selected from a list carried by the first party, responsive to a predetermined rule. The secondary identification is transferred from the first party to the second party via the first communication link. A second communications link is established between the second party and an authentication center, the secondary identification is communicated from the second party to the authentication center via the second communications link. The authentication center is aware of the fixed primary identification of the first party. The method further includes verifying at the authentication center that the secondary identification is a permissible identification for performing the transaction, establishing a third communications link between the authentication center and a payment processing agent, and communicating the fixed primary identification from the authentication center to the payment processing agent via the third communications link.
According to another aspect of the invention the method further includes establishing a fourth communication link between the first party and the authentication center, and communicating the secondary identification from the first party to the authentication center via the fourth communication link.
According to yet another aspect of the invention the first party effects communication on the first communication link using a communication device that has memorized data and pro- gram instructions. The data and program instructions may be stored on a CD, or on software which has been transferred to the communication device.
Preferably confidential information is transferred from the first party to the authentication center prior to initiating a first communication link.
According to an aspect of the invention the authentication center associates the secondary identification with the confidential information of the first party, and transfers the confidential information and the fixed primary identification to the payment processing agent. BRIEF DESCRIPTION OF THE DRAWING
For a better understanding of these and other objects of the present invention, reference is made to the detailed description of the invention, by way of example, which is to be read in conjunction with the following drawings, wherein:
Fig. 1 is a schematic view of a system for performing monetary-card transactions, in accordance with a preferred embodiment of the present invention;
Fig. 2 is a schematic view of a monetary card, in accordance with a preferred embodiment of the present invention; Fig. 3 is a schematic view of a LUT in the monetary card of Fig. 2 and in a compatible identification center, in accordance with another preferred embodiment of the present invention; Fig. 4 is a flow chart illustrating the actions of an identification center in processing a transaction, in accordance with a preferred embodiment of the present invention;
Fig. 5 is a schematic illustration of a cellular communication system, in accordance with a preferred embodiment of the present invention;
Fig. 6 is a block diagram illustrating an arrangement of electronic commerce suitable for use with preferred embodiments of the invention;
Fig. 7 is a plan view of a transaction card in accordance with a preferred embodiment of the invention; Fig. 8 is a diagram of a ROM which is a component of the transaction card shown in
Fig. 7;
Fig. 9 is a perspective view of a transaction card in accordance with an alternate embodiment of the invention;
Fig. 10 is a block diagram of the electronic circuitry of the transaction card illustrated in Fig. 9;
Fig. 11 illustrates a check out form of a merchant site to be completed by a consumer; Fig. 12 illustrates a merchant's version of a check-out form similar to the form shown in Fig. 11;
Fig. 13 illustrates information which is stored in a central authentication server in the ar- rangement of Fig. 6;
Fig. 14 illustrates an arrangement of electronic commerce in accordance with an alternate embodiment of the invention;
Fig. 15 is a block diagram of an arrangement of an authentication server in a system of electronic commerce in an alternate embodiment of the invention; Fig. 16 illustrates an arrangement of electronic commerce in accordance with another alternate embodiment of the invention; and
Fig. 17 is a block diagram illustrating an arrangement of electronic commerce in accordance with another alternate embodiment of the invention. DESCRIPTION OF THE PREFERRED EMBODIMENT
In the following description, numerous specific details are set forth in order to provide a through understanding of the present invention. It will be apparent however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances well known circuits, control logic, and the details of computer program instructions for conventional algorithms and processes have not been shown in detail in order not to unnecessarily obscure the present invention. Fig. 1 is a schematic view of a system for performing remote monetary-card transactions, in accordance with a preferred embodiment of the present invention. A user 10 performs a remote transaction with a service provider 34 using details of a. transaction card 26. Card 26 preferably comprises either a credit card or a stored value card, and is also referred to in the context of the present patent application and in the claims as a type of "transaction initiator." Some of the details of card 26 vary for each remote transaction, as described hereinbelow. An identification center 36 receives the details of card 26 and verifies that the card is valid and that the details are compatible with the current transaction. Identification center 36 receives the details of card 26 either directly from user 10 as described hereinbelow, or from service provider 34, which in turn receives the details from user 10. If the details of card 26 allow performance of the transaction, identification center 36 notifies service provider 34, and the transaction is carried out. Preferably, identification center 36 also notifies user 10 of the successful completion of the transaction, whereupon the user updates the details of card 26 as described hereinbelow.
Preferably, user 10 relays the details of card 26 via a telephone 12, either by reading the details to an operator 15 or by inputting the details directly to service provider 34 or identifica- tion center 36, using the telephone keypad, for example, as is known in the art. Alternatively or additionally, user 10 may send the details to operator 15 using e-mail, fax, etc. The details of card 26 can optionally be automatically transmitted via an e-wallet platform, in which case the consumer does not have to type in the details.
Alternatively or additionally, the details of card 26 are read by a card reader 24, which passes the details, preferably via a modem 30 and a communication line 32, to server 36. Preferably, reader 24 includes a display 18 which shows the details of card 26, and a button 16
which is actuated by user 10 to update the details of card 26 when and as required. Preferably, reader 24 operates with any compatible card 26. Alternatively, each card 26 operates only with specific readers 24, so that an unauthorized user who finds card 26 cannot perform remote transactions using the card without having the proper reader 24. In some aspects of the present invention, reader 24 updates the details of card 26 automatically upon acknowledgment of the transaction by identification center 36, before card 26 is ejected from the reader. Alternatively, the details are updated when a transaction is initiated or when a significant number of steps of the transaction have been performed, without acknowledgment from identification center 36. Preferably, reader 24 comprises an additional button (not shown) which may be used to cancel an update which was performed erroneously.
Further alternatively or additionally, user 10 establishes a computer connection with service provider 34, using a computer 22. The computer connection is established either through a direct computer link or through a public network such as the Internet. When user 10 desires to perform a monetary transaction, computer 22 prompts the user (for example, by displaying an appropriate message on a display 28) to enter the details of card 26. Preferably, the details are entered through a keyboard 31. Alternatively or additionally, reader 24 may be coupled to computer 22 so that the details are automatically passed to computer 22. Thereafter computer 22 passes the details of card 26 to identification center 36 via modem 30
An individual who eavesdrops on the traffic on link 32 cannot determine sufficient infor- mation to perform remote transactions using card 26, because the details of the card change between transactions. Preferably, by the time the eavesdropper determines the current details passed on link 32, a transaction has been completed, and an additional transaction cannot be performed using these details.
Fig. 2 is a schematic view of card 26, in accordance with a preferred embodiment of the present invention. Card 26 has a primary identification number which identifies the card. Preferably, the primary number appears in an embossment 66 on card 26, as is known in the art. Preferably, card 26 includes an embedded memory 52 which stores a look-up table (LUT) of secondary identification numbers. Card 26 preferably also includes an embedded processor 50, which generates and/or updates a key for access to the LUT. Preferably, processor 50 comprises a simple counter, and the key is an indexing integer number whose maximum value is of the size of the LUT.
Alternatively or additionally, the key is chosen according to a more complex rule, for example one which is partially dependent on the time, date and or sum of the transaction. It is noted however, that the rule is at least partially dependent on external data not related to the details of the specific transaction. Further alternatively or additionally, processor 50 calculates the secondary number directly without access to a LUT. In such a case, processor 50 generates and applies a pseudo-random number, so that it is substantially impossible to determine the next secondary number based on a short sequence of secondary numbers. Preferably, memory 52 comprises or is coupled to a programmable logic array (PLA) which cannot be read by an external device. Other memory devices may also be used, including memories internal to processor 50.
Card 26 preferably comprises a display 54, such as an LED or LCD display, which shows the secondary number. Preferably, card 26 comprises an additional display 56, which shows the index of the secondary number in the LUT. Card 26 preferably further comprises a button 58 which is actuated by user 10 to change the secondary number. Alternatively, card 26 comprises a privileged input device which may only be actuated by a user who knows a proper code. For example, card 26 may comprise a signature receiving pad, and the card provides a new secondary number only if the signature resembles the signature of the true owner of the card. Thus, even if an unauthorized person has access to card 26, the person cannot use the card more than once without properly signing the signature of the card's owner. In a preferred embodiment of the present invention, card 26 comprises an additional button 59 which undoes the operation of button 58 in case it was erroneously pressed. Alternatively or additionally, card 26 comprises a keypad (not shown) for entering data and commands to the card. In a preferred embodiment of the present invention, processor 50 includes an internal clock, which keeps track of the current date and/or time.
Fig. 3 is a schematic illustration of a LUT 70 in memory 52 and a compatible LUT 72 in identification center 36, in accordance with a preferred embodiment of the present invention. LUT 70 comprises a plurality of entries of secondary numbers, in a predetermined order, such that there is substantially no correlation between the entries in the LUT. Specifically, the secon- dary numbers are preferably chosen randomly so that from the knowledge of a sequence of a few secondary numbers, it is not possible to deduce the next secondary number. Preferably,
LUT 70 comprises a large number of entries, for example between 1,000 and 10,000 entries, although the LUT may comprise substantially any number of entries. Preferably, each entry to LUT 70 is used for only a single transaction. Alternatively, once all the entries of the LUT are used, the entries of the LUT are reused. LUT 72 in identification center 36 is an identical copy of LUT 70 in memory 52. For each card 26, identification center 36 comprises, in addition to LUT 72, an index 74 to the cunent entry in the LUT, and a status variable 76. Index 74 points to the same entry as is pointed to by processor 50, and is updated in the same manner and preferably at the same time as the index in processor 50. Status variable 76 states whether card 26 is ready for use or is suspended due to a possible unauthorized use, as described hereinbelow.
Fig. 4 is a flow chart illustrating the actions of identification center 36 in processing a transaction, in accordance with a preferred embodiment of the present invention. When a user of card 26 desires to perform a remote transaction, identification center 36 receives the primary number of card 26. Identification center 36 checks that the primary number is of a valid card, and preferably also checks for a password, if a password is associated with card 26. Thereafter, identification center 36 checks whether card 26 was suspended due to a possible attempt to illegally use the card. If the card is not suspended, index 74 (having a value N) is updated according to a rule known both to center 36 and processor 50. In a preferred embodiment of the present invention, the rule is a simple incrementation. Thereafter, user 10 is requested to enter the secondary number having index N in LUT 70. Alternatively, user 10 is requested to enter the cunent secondary number without stating the current index. Preferably, user 10 keeps track of the current index by pressing button 58 each time a transaction is successfully concluded, as described hereinbelow.
If the secondary number is correct, approval of the transaction is passed to service pro- vider 34. Preferably, user 10 is prompted to press button 58 so as to update the index to LUT 70 of card 26. However, if the secondary number from user 10 is incorrect, the card is preferably set to a suspended status, as indicated by status variable 76. Thus, it is not possible to determine the secondary number by continually guessing. The user is preferably immediately allowed to attempt to get card 26 out of the suspended status by entering the requested secondary number. Alternatively, the user must re-enter the primary identification and password in order to attempt to get card 26 out of the suspended status. If the secondary number is correct, status
variable 76 is set to ready, index 74 is incremented, and user 10 is preferably prompted to press button 58 so as to update the index to LUT 70. In order to perform the transaction, user 10 is requested to enter the next secondary number. Thus, an unauthorized user who succeeds in determining a secondary number in a systematic attempt to get card 26 out of its suspended status, still cannot perform a transaction without guessing the succeeding secondary number in a single try. On the other hand, if the card was suspended due to a mistake, all that is needed in order to cancel the suspension and perform a transaction is to enter two numbers.
Preferably, user 10 is instructed to press button 58 upon conclusion of the transaction. Alternatively, user 10 presses button 58 immediately before performing a transaction. Alternatively or additionally, each time a transaction is performed, identification center 36 sends card 26 a key to be used in the next transaction of the card to point to a selected value in LUT 70. It is noted that an unauthorized listener cannot use the key without knowing the contents of the LUT. Further alternatively or additionally, center 36 may send to processor 50 a function or set of commands to be performed in providing the secondary number for the next transaction.
Alternatively or additionally, each time a transaction is performed, identification center 36 sends user 10 a random index for which the user must return the corresponding secondary number. In such a case, card 26 preferably comprises a suitable number pad or another user interface for entering the received index. Alternatively or additionally, reader 24 (Fig. 1) comprises a keyboard (not shown) for entering the received index. Thus, card 26 remains relatively simple while allowing relatively large amounts of data to be entered to the card.
Optionally, transactions involving small purchases made in person, which are generally performed by physically passing card 26 through a reader, as is known in the art, do not require use of the secondary number. Alternatively, the secondary number is automatically updated by a reader used in such a transaction.
Fig. 5 is a schematic illustration of a cellular phone 90, in accordance with a preferred embodiment of the present invention. Phone 90 comprises a memory chip 92 which stores a LUT of secondary identification numbers. When a call is initiated from phone 90, identification information is passed from the phone to a base station 94. The identification information includes a secondary number which changes for each call. Thus, an unauthorized user who determines the identification information of phone 90 by eavesdropping on the call between the phone and sta-
tion 94 cannot use the information to perform calls. Preferably, base station 94 passes the identification information to an identification center 96 which has an identical copy of the LUT in memory 92, in a manner similar to that described above regarding card 26. Preferably, the process of checking whether the secondary number is correct is performed automatically, without need of any human intervention.
It is noted that although the term secondary number is used to refer to the secondary identification of card 26, any type of identification may be used including letters, symbols, voltage levels, tones, etc. Application to Electronic Commerce The invention disclosed herein solves two major problems of electronic commerce ("e- commerce") transactions as well as in offline ones: (a) extensive fraud, causing consumer hesi- tance in using credit cards, and (b) non-secure merchant credit card databases. The basis for this technology is a specific transaction personal identification number (STP), a code which can be used for one transaction only and then becomes meaningless and cannot be used for future transactions. STPs are generated and ordered randomly and uniquely, or are created using an STP generation algorithm and thus STPs applying to subsequent transactions cannot be determined by detecting a currently transmitted STP, even after decryption. The STP generation algorithm can be dependent on several parameters such as time, personal details, transaction information or personal password. At the time that the STPs are created they are mirrored in a database file which exists in the authentication server.
According to some aspects, the technology of the invention provides consumers with several different options to receive STPs which can be entered at an e-commerce site instead of a credit card number. The user of the device has an optional personal password that makes it impossible for a thief or otherwise unauthorized person to use the device without knowledge of this personal password. A consumer in e-commerce can further prevent unauthorized use by configuring the device, or his account such that only transactions utilizing STPs can be made at e-commerce sites. The stored STPs can also function in e-commerce that is conducted via cellular telephone.
Elements of the system which are disclosed hereinbelow are the consumer's STP device, optional software on the e-commerce site, which can be integrated into the merchant's shopping engine, payment server or a third party e-commerce payment gateway, and the authentication
server, which can be central or distributed. It is further contemplated that the STP device may be provided with loadable software for initial programming and updating.
Fig. 6 illustrates an arrangement for the execution of e-commerce suitable for use with the invention. According to this embodiment the consumer transmits an STP to the merchant. The merchant relays the STP to a secure identification center, which in turn converts the STP to the actual credit card number. The actual credit card number is transmitted by the secure identification center to the next processing entities in the payment chain as disclosed hereinbelow.
An STP device 100 communicates with a merchant e-commerce site 102 over a communications network 104, which is typically the Internet. The merchant e-commerce site 102 is in communication with an authentication server 106 over a network 108, which could also be the Internet, or a private network. The authentication server 106 authenticates the STP device 100 seeking to execute a transaction. Following authentication, the authentication server 106, which is aware of the actual credit card number of the consumer, submits information to a payment processing facility 110, which may be a backend server integral to the merchant e-commerce site 102, or an independent facility such as a third party payment gateway. The payment processing facility 110 communicates via a secure channel 112 with an appropriate credit card transaction processor 114. Thus the merchant stores only the STP in his database, but not the actual credit card number of the consumer. The information retained by the merchant is meaningless to a person wishing to perform future unauthorized transactions. This is an important advantage of the present invention. To the inventors' knowledge, All other existing methods known to the inventors, including smartcards, encryption techniques, and digital signatures, do not prevent the merchant from receiving and storing the consumer's credit card number in his database. The STP device 100 in accordance with one preferred embodiment of the invention is now disclosed in further detail with reference to Fig. 7, wherein the consumer's STP device 116 is a modified transaction card, such as a credit card, which has a screen 118, and a keypad comprising one or more buttons 120 which are used to advance an STP once it has been used, and for other functions. The STP device 100 can also be a cellular phone; personal digital assistant ("PDA"); pager; compact disk; diskette; hard disk (installed via the Internet or via a physical medium); a plurality of conventional credit cards; a sheet of paper with a list of STPs; or any other device which can create, store and or process STPs. If a credit card-like device is used then one or more of the following enhancements may be added in order to conveniently transfer the STP
and other encoded information: a magnetic strip, reader interface, calculator, photosensor, keypad, microphone, speaker, radiofrequency or infrared interface, and image sensor. As shown schematically in Fig. 8, the STP device 116 holds any number of randomly generated STPs which are either embedded on a read-only memory ("ROM') or erasable programmable read- only memory ("EPROM') chip 122 in the device or created on the fly. Once the number of STPs runs low the device will alert the consumer so that he can simply call the issuing company and receive a new STP device. The STP device 116 may also be constructed as a reusable card which can be recharged with new STPs once they run out, using a reader, the Internet, special software, or other techniques as are known to the art. Once consumers receive their STPs they can add information about other credit cards they may want to use to the information stored in the STP device 116, as well as change the password that they have been given. It should be noted that since the STPs are prestored, no computational resources or time need be dedicated to their generation during execution of the transaction.
In some aspects of the invention the STP is constructed so that part of the number can be constant, signifying personal details about the card holder, such as issuing bank, country, etc., while the rest of the number changes for each transaction. The STP can also be produced through a mathematical integration of these details with the STP. The card also has a serial number 124, which is used only when the consumer deals directly with the company for customer service and reloading of the STP device 116. Another embodiment of the STP device 116 (Fig. 6)is disclosed with reference to Fig. 9, in which the STP device 116 is realized as an enhanced transaction card 126. The transaction card 126 is provided with a display 128, which is preferably a liquid crystal type, and most preferably has graphic capabilities. In some versions the display 128 could be limited to a 7 segment type for reasons of economy, but it provides at least a single line of 16 characters. A printed coil, magnetic emulator 130, emulates a sequence of magnetic indications that occur when the transaction card 126 is swept through a credit card reader (not shown). It is intended that the user place the transaction card 126 into a card reader, rather than sweeping it, during which period the magnetic emulator 130 will operate to identify the transaction card 126 to the card reader. The magnetic emulator 130 is important mainly when conducting off-line transactions. The transaction card 126 has lockout capability, which will protect the user against losing the card. In order to activate the card the user will have to enter his code.
The transaction card 126 has a keypad comprising five top' pushbuttons 132, which allow the user to create a 5-digit personal code. The card locks itself permanently after three trials. The probability of an unauthorized user breaking this personal code in three attempts is negligible. A standard smart card interface 134 is provided. The user is thereby afforded the ability to use and program the transaction card 126 as a smart card. The transaction card 126 is able to interface directly with a computer for verification and other purposes, using an infrared receiver 136 and an infrared transmitter 138. It is possible to incorporate other communications features, for example ultrasonic communication or radiofrequency communication using protocols such as HomeRF™ or Bluetooth™.In operation the user places the transaction card 126 in front of a suitably programmed computer, and the transaction will be verified automatically.
The processor 140 of the transaction card 126 is disclosed in further detail with reference to Fig. 10. A single ASIC 142 generally controls the transaction card 126, handles the I/O, and controls the power supply. A battery 144 provides power, and is preferably a poly-lithium flat battery, zinc oxide button battery or a light-powered battery. The battery 144 should provide power for at least 3 years and should allow the transaction card 126 to exceed 5000 operations. Provision is made for self-deactivation of the transaction card 126 after 15 seconds of powered operation.
The memory, preferably a 64 kb PROM 146, is capable of storing up to 10,000 STP num- bers, each containing 16 characters (6 bits each). A controller 148 and an ancillary display controller 150 are provided for controlling the display 152, the PROM 146, and a RAM 154, which is used for various computational functions. The controller 148 controls the magnetic strip emulator 156 and the IR interface 158. Programming of the transaction card 126 is accomplished through a standard smart card interface 160. The interaction of the STP device 116 with software on the e-commerce site in accordance with some preferred embodiments of the invention is now disclosed with reference to Figs. 6, 11 and 12.
The consumer fills in the standard check-out form 162 of the merchant e-commerce site 102, and selects a payment method. The consumer is then directed to the appropriate page. The consumer manually fills in the STP number shown on the screen 118 of the STP device 116 (Fig. 7) on the line 164 instead of entering the credit card number. This entry could also be accomplished automatically or via a reader. Additional information which might be entered on
lines 166, 168, and 170, if relevant, are a personal password, the type of credit card being used, and its expiry. Appropriate software to process the consumer's order is integrated into the merchant's shopping engine, payment server or a third party e-commerce payment. Such software is known to the art, and is not further described herein, as it is outside the scope of the invention. An electronic "shopping cart" is filled by iteration of a portion of the check-out form 162 for different products. The product in some cases necessitates minimal changes to the electronic shopping cart, such as adding the card to the credit card list, which can be accomplished through an applications program interface ("API") available to conventional major shopping cart engines and internally developed ones. As shown in Fig. 12, the form 172 can be configured so that it is completely transparent to the merchant. The merchant's transaction directing software is integrated into a payment processing facility 110. This software may direct the transaction to the appropriate payment processing site or server according to the conditions specified by the STP device 100. The STPs can be entered through an e- wallet platform, or can be entered into a special coding area (not shown) within the check-out form 162. The authentication server 106 stores data on all the STPs that have been issued to consumers, together with the comparable existing credit card numbers or bank account numbers and the consumer's personal details, as shown in Fig. 13. The data that the consumer has entered into the shopping cart is transferred through the payment processing facility 110 to the authentication server 106, together with the merchant identification, and the transaction amount. The authentication server 106 validates that the STP has not been used before, and crosschecks it against at least some of the consumer's name, address, and password. If valid, the transaction is authorized and directed to an appropriate transaction processor 114 which processes it in the same manner as a conventional credit card transaction. The merchant e-commerce site 102 may have commercial relationships with any number of transaction processors 114. The charge is then transferred from the authentication server 106 over the secure channel 112, which is typically a secure leased line, to the designated transaction processor 114, which authorizes the purchase through the card issuing bank specified by the consumer. An authorization number is returned to the merchant e-commerce site 102 via the authentication server 106, and the transaction is approved. The authentication server 106 can optionally send an email to a consumer ad- dress 119 via the Internet immediately following every transaction that occurs with an STP under his name with full transaction details. The actual transaction can be carried out using a per-
sonal computer or a telephone circuit such as a cellular phone. In this way the consumer can track the purchases and verify that all are legitimate. Alternatively, the consecutive STP or the STP counter number is sent to the consumer in a transaction authorization notice. This is used as a verification signal to the consumer that the STP has indeed reached the authentication server 106.
According to preferred embodiments of the invention, the authentication server can be implemented in either a central or distributed configuration. With the central configuration, which was explained above with reference to Fig. 6, there is a single location for the authentication server 106, which can be realized at one of several dispositions: between the STP device 100 and the merchant e-commerce site 102; between the merchant e-commerce site 102 and the transaction processor 114; between the transaction processor 114 and an issuing bank (not shown); or between an issuing bank and a the server of a credit card company (not shown).
In accordance with an alternate embodiment of the invention, in a distributed configuration, illustrated schematically in Fig. 14, there are a plurality of authentication servers 176, lo- cated at a transaction processor 178, at an issuing bank 180, an Internet portal 182, an Internet e-commerce site 184, or at a credit card company 186.
In another alternate embodiment of the invention, which is disclosed with reference to Fig. 15, the authentication server can be realized as a central database server 188 which synchronizes information with a plurality of distributed database servers 190. The distributed database servers 190 are only allowed to hold the next available STP.
The authentication server has several fraud protection mechanisms such as fraud protection algorithms, address verification system ("AVS") checks, illegal user detection, hacking interference and blocks on random number tests, in which users are only allowed to try to enter an STP a small number of times, after which the transaction will be blocked. In yet another alternate embodiment of the invention, the STP device 100 (Fig. 6) may be realized as a wireless communication device, as shown in Fig. 16. This is similar to the previous embodiments, except now an authentication server 192 accesses the consumer's wireless device 194, preferably over a wireless channel 196. The authentication server 192 includes an STP generator 198, which produces a randomly generated STP which then is displayed on the screen of the wireless device 194. The consumer then enters this STP into the electronic shopping cart in the same manner as disclosed with respect to the previous embodiment. The STP is then
passed back to the authentication server 192, which verifies the data. The authentication server can be either centrally located or distributed. The transaction continues as explained with respect to the previous embodiment. The wireless device 194 communicates information such as the PIN, password and STP to a wireless internet provider 200 over a wireless channel 202, and receives back a transaction acknowledgement on the same wireless channel 202 or another wireless channel 204. It is still possible for the wireless device 194 to communicate directly with a merchant e-commerce site 206 over a conventional telephone line 208. At the conclusion of the transaction the authentication server 192 may communicate a transaction acknowledgment to the wireless device 194 over the wireless channel 196. In an alternate embodiment of the invention, the consumer dials in to the authentication server through the wireless device 194 and receives an STP, which is displayed on the screen.
In still another alternative embodiment of the invention, the STPs are pre-stored on a ROM or EPROM chip of the wireless device 194. This embodiment has the advantage of increased reliability, as the transmission of the STP on the wireless channel 196 is eliminated. Referring now to Fig. 17, an alternate embodiment of the invention is now disclosed which is suitable for use by an association of organizations which participate in e-commerce. A consumer 210 is a client of a an e-commerce service provider 212, which is a collaborator in a credit card organization. The consumer 210 has been issued appropriate credentials 214 by the e-commerce service provider 212, which allow the use of its facilities for conducting e- commerce transactions. The credentials 214 preferably include an STP device as disclosed in the previous embodiments. The e-commerce service provider 212 can be a credit card company, or an organization which facilitates e-commerce by providing secure electronic facilities for authentication for the benefit of the transaction participants, and for the transmission of other transaction-related information as will be disclosed in further detail hereinbelow. The consumer 210 is provided with an electronic communications device 216, such as a personal computer, for interfacing with they e-commerce service provider 212 and other participants in the transaction. The communications device 216 may communicate over the public telephone network, a wireless channel, or an Internet. The Internet communication may occur via the World- Wide- Web. Software in the communications device 216 can be periodically updated by downloading from the computing facilities of the e-commerce service provider 212.
When the consumer 210 accesses the Internet, using the communications device 216, he is connected immediately to a specialized authentication server 218 which checks from time to time to determine whether the connection has been terminated or is still active. When the consumer 210 desires to make a transaction he completes a check-out form 162 (Fig. 11) and submits it to a merchant web server 222. The transaction information is routed via a payment application server 224, and a gateway processing server 226, ultimately reaching a card issuing bank 228, which is a co-participant in the association. The bank 228 recognizes the relationship between the consumer 210 and the e-commerce service provider 212. The bank 228 then communicates with the authentication server 218 via the gateway processing server 226. Upon receiving the communication from the bank 228 the authentication server 218 presents the consumer 210 with a pop-up window on the display (not shown) of the communications device 216, and requests the consumer's STP. The consumer 210 inputs the STP, which is returned to the authentication server 218 and authenticated as disclosed above. The result of the authentication is returned to the bank 228 via the gateway processing server 226, and if success- ful, the transaction process continues in the manner disclosed with respect to the previous embodiments.
In yet another alternate embodiment of the invention, even greater efficiency can be achieved. This is similar to the previous embodiment, except now the consumer 210 includes his STP in the check-out form 162 (Fig. 11) which is submitted to the merchant web server 222, and concurrently to the authentication server 218. Now, when the bank 228 communicates with the authentication server 218, the response is immediate because the authentication server 218 has been expecting a communication in respect of the particular STP. Communication between the consumer 210 and the authentication server 218 can be direct, or via a trusted third party, and by any communications technique, as described above. It may be encrypted or unencrypted. The technology is also applicable to offline shopping methods such as point-of-sale ("POS") shopping or card-not-present methods, such as telephone or mail transactions. This can be accomplished in several ways, for example using a magnetic strip on the card and card reader for telephone transmission. New STPs are loaded into the magnetic strip and from there they are transferred under a conventional offline transaction process into an authentication server. The STPs can be installed in a multi-application smart card or into a stand-alone credit card. The technology can also be used for non-monetary transactions such as building security, medical
file transmission, and fields such as cellular telecommunication, electronic document transmission, application service providers, and home banking transactions over public communication networks.
While this invention has been explained with reference to the structure disclosed herein, it is not confined to the details set forth and this application is intended to cover any modifications and changes as may come within the scope of the following claims: