WO2002103642A2 - Method and system for secure credit card transactions - Google Patents
Method and system for secure credit card transactions Download PDFInfo
- Publication number
- WO2002103642A2 WO2002103642A2 PCT/US2001/019513 US0119513W WO02103642A2 WO 2002103642 A2 WO2002103642 A2 WO 2002103642A2 US 0119513 W US0119513 W US 0119513W WO 02103642 A2 WO02103642 A2 WO 02103642A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- digest
- unique
- merchant
- transaction
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/047—Payment circuits using payment protocols involving electronic receipts
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/14—Payment architectures specially adapted for billing systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4093—Monitoring of device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0866—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/12—Card verification
- G07F7/122—Online card verification
Definitions
- the present invention relates generally to an improved data processing system and in particular to a method and apparatus for managing data within a data processing system. More particularly, The present invention relates to the field of encryption technology. Still more particularly, the present invention relates to encryption key management for securing credit and debit card transactions.
- Some consumer transactions do not lend themselves well to physical currency, bank checks or bank drafts. It is difficult or impossible to conduct real time consumer transactions for tele-commerce businesses, e-commerce businesses and certain vending business applications using currency or checks. Merchants necessarily require a means for instantaneously debiting a valid consumer account prior to completing the transaction. On the other hand, consumers require real time responses from merchants and do not want to be troubled by carrying large sums of currency. Both the consumers and merchants suffer when currency, checks or other drafts are lost during transportation from the consumer to the merchant. Thus, many consumer/merchant transactions rely on credit and debit cards for completing the transaction.
- a typical example of credit card fraud involves a cashier swiping' a customer's card in a valid card reader and then re-swiping the card in a clandestine card reader.
- a cashier swiping' a customer's card in a valid card reader and then re-swiping the card in a clandestine card reader.
- the time that issuing financial institutes realize that the card numbers are being used for illegal transactions, several thousand card numbers may have been stolen. Tracking the source of such an operation is difficult, moreover identifying which cards used at the location that have been compromised is virtually impossible because of the extreme volume of financial institutions issuing credit cards.
- e-commerce transactions involve e-commerce transactions.
- e-commerce facilities are not always secure from hackers.
- a hacker may attack the merchant's server, proxy or website to gain credit card information.
- credit card numbers can be used by the hacker or others for fraudulent transactions .
- a website was compromised and numerous credit card numbers were posted on a public website. This required the financial institutions that issued the credit cards to invalidate those card numbers, stop/verify pending transactions, and issue new card numbers to their account holders.
- Customer profiling is a means for identifying potential new customers based upon predicting individual' s future buying habits. These habits are developed into a "customer profile" by collecting and analyzing records of the customer's past credit card transactions. Customer profilers create such customer profiles and make the information available to merchants. The targeted customers may be subject to bombardment with junk mail circulars, telephone solicitation, unsolicited e-mail or the like.
- the present invention provides a method and apparatus for securing credit and debit card transactions.
- the present invention employs a smart card as a credit card and contains memory and a microprocessor.
- a customer making a credit card transaction inserts their credit card into a card reader attached to the merchant's system e.g. cash register billing computer or the like.
- the card reader activates the customer's card and passes certain merchant information.
- the merchant's system asks the customer's card for a "billing digest".
- the billing digest is the result of a hashing function within the card operating upon the merchant information and the customer information (in combination the merchant information and customer information is referred to as transaction information) .
- the merchant information including merchant identification number, merchant name, transaction type, amount, time/date, etc.
- the billing digest is returned to the merchant's card reader that forwards it (and the transaction information) to the corresponding credit card agency or issuer, which maintains the customer' s credit card account.
- the transaction information is encrypted.
- the credit card issuer decrypts the information, if necessary, and looks up the customer's master key using the customer's account number from the customer information.
- the credit card issuer uses the information, including the customer's master key from the customer information, to verify the customer, merchant and transaction information by re- computing the billing digest and comparing this new value with the billing digest submitted by the merchant.
- This recomputed billing digest is termed an "authentication billing digest" . If the billing digest and authentication billing digest values are equivalent, then the customer's account is billed/credited the transaction amount, the merchant's account is billed/credited with the transaction amount, and an acceptance notification is returned to the merchant. If the billing digest values do not match, then no funds are transferred and a denial notification is returned to the merchant. Security is further enhanced by utilizing a unique reference for each transaction in the unique customer information used for creating the billing digest .
- Figure 1 is a diagram depicting the elements and connections between those elements as used in a commercial credit card transaction as may be employed in a preferred embodiment of the present invention
- Figure 2 is a diagram depicting the function elements of a smart card in accordance with a preferred embodiment of the present invention
- Figures 3A and 3B are flowcharts depicting a process for creating a billing digest for conducting a secure credit card transaction in accordance with a preferred embodiment of the present invention
- FIGS. 4A and 4B are flowcharts depicting a process for responding to a secure transaction, which includes a billing digest in accordance with a preferred embodiment of the present invention
- Figure 5 is a flowchart depicting the processes for invoking the GetNextDigest () function for creating the billing digest;
- Figures 6A and 6B are flowcharts depicting a process for creating a billing digest for conducting a secure credit card transaction, which cannot be tracked by a profiling agency in accordance with a preferred embodiment of the present invention
- Figures 7A and 7B are flowcharts depicting a process for responding to a secure transaction, which includes a billing digest, which cannot be tracked by a profiling agency, in accordance with a preferred embodiment of the present invention.
- Smart card 100 is read by card terminal 120 facilitating communication with merchant's system 130.
- Smart card 100 is a conventional smart card known in the industry.
- An example of such a card is the Cryptoflex card series, which utilizes DES, Triple-DES, and RSA algorithms, available from Schlumberger Ltd., 277 Park Avenue New York, NY 10172.
- card terminal 120 reads the customer credit card account information and passes that information to merchant system 130.
- Card terminal 120 may be any commercially available terminal, such as the MagIC Range series of terminals available and trademarked by Schlumberger Ltd.
- Merchant system 130 then combines the customer account information with merchant transaction information (including time and date of the purchase, purchase amount, summary of the purchased items, the merchant's identification number, the credit card number and the identity of the credit card issuer). Merchant's system 130 then transmits customer's credit card account information with the merchant transaction information to credit card issuer's system 140.
- the transaction information sent to the credit card issuer may or may not be conveyed over a secure transmission. If the transmission means is not secure, both the customer account information and the transaction information may be compromised.
- security is a prime concern for the customer, merchant and credit card issuer.
- an unauthorized user can conduct e-commerce transactions with no more information than a customer's credit card number and expiration date.
- Credit card issuer's system 140 accesses customer and merchant databases 150 for customer and merchant information.
- Customer information comprises information about individual customers including account number, name, etc. while the merchant information comprises information about individual merchants including identification number, name, etc. in addition to transaction type, amount, time/date, etc.
- transaction information The combination of customer and merchant information will be referred to as transaction information and will be discussed in greater detail below.
- the credit card issuer evaluates such criteria as customer account limits, current customer account balance, transaction type, customer account type and merchant account validity prior to approving the transaction between the merchant and the customer. If the transaction would not violate any credit card issuer parameters, based on the current customer account criteria, then the transaction is approved. Once approved, the customer's account is debited/credited by the transaction amount. Simultaneously, the merchant ' s account is credited/debited by an amount equal to the transaction amount. A transaction confirmation is then sent from the credit card issuer's system 140 to merchant's system 130, along with the new account balances for both the merchant's account and the customer's account.
- criteria as customer account limits, current customer account balance, transaction type, customer account type and merchant account validity
- the merchant Upon receiving confirmation from the credit card issuer, the merchant usually prints out hard copies for itself and the customer, and then transmits the customer account balance information to card terminal 120. From there, the account balance information stored on customer's smart card 100 is updated to reflect the transaction.
- Hughes and McCown disclose an encryption key management technique in U.S. Patent Application Number 09/443,963, entitled “ENCRYPTION KEY MANAGEMENT SYSTEM USING MULTIPLE SMART CARDS", filed on November 19, 1999, attorney docket number 99-064-MIS. That application is incorporated by reference in it entirety.
- smart card 200 has three basic elements: smart card I/O 210 for communicating with a smart card terminal, onboard memory 220 and processor 230 for processing information from smart card I/O 210 and onboard memory 220.
- Smart card 200 may be any credit card containing memory and a microprocessor which conforms to the ISO 7816, ISO 14443, or similar series of standards.
- Onboard memory 220 contains both data and executable routines and algorithms necessary for conducting commercial transactions.
- One such routine is a card security pin routine 226 used for preventing unauthorized possessors of smart card 200 from conducting commercial transactions.
- Card security pin routine 226 is a security layer which prompts the possessor of smart card 200 for a pin number prior to making the functionality of smart card 200 available to the user. Once the smart card possessor enters a correct pin number, via a smart card terminal, the possessor has access to all data and functionality available on smart card 200.
- Another security routine available on smart card 200 is one or more hashing algorithms . These algorithms include HMAC (Hashing based Message Authentication Codes) , which is a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g.,SHA-l, in combination with a secret shared key.
- HMAC Hashing based Message Authentication Codes
- the Secure Hash Algorithm (SHA) , the algorithm specified in the Secure Hash Standard (SHS, FIPS PUB 180-1: Secure Hash Standard, April 1995) , was developed by NIST.
- HMAC- SHA-1 algorithms may be self executing applications or applets, or may merely be accessed by an application in response to a new billing digest request, GetNextDigest () .
- a digest is the binary result of a hashing function, such as the HMAC-SHA-1 algorithm.
- a digest is computed by inputting a piece of data into a hashing function. Only hashes of equal inputs generate equal digests. Digests may be used to determine the authenticity of data from one instance to another.
- the billing digest returned in response to a new billing digest request is merely a digest generated from specific transaction information such as: transaction type, amount, time/date, merchant name, merchant identification number, customer account number, customer name. This value is generated on the customer's smart card. With each request for a billing digest, a new 160-bit billing digest and a corresponding variable N are returned to the merchant (this process will be discussed in detail below with respect to the flowcharts) . While the term "billing digest" is used herein, as a practical matter a billing digest will be requested for any customer transaction such as credit card charged purchases, account debited purchases, refunds and other customer transactions.
- smart card 200 utilizes encryption variables for credit card account 222 in the HMAC-SHA-1 process.
- Encryption variables for credit card account 222 are but one of a plurality of sets of encryption variables for separate credit card accounts 223 and 224.
- Encryption variable for each credit card account 222 include a master key (KM) , smart card number (G) , credit card number (C) and a reference number (n) , which is incremented at each transaction.
- KM, C and n are instantiated from the issuer of the credit card account.
- other encryption variables for a credit card account may include the crledit card account issuers public key (KP) .
- Smart card 200 four encryption variables 222 comprise:
- a 256-bit Master Key (KM) that is set by the credit car issuer when the smart card is first initialized
- a 16-byte key credit card number (C) that is set by the credit card issuer when the smart card is first initialized
- a 5-byte reference number (n; initially set to 0) corresponding to each of the billing digests that it has generated (i.e., via a call to GetNextDigest 0 ) ;
- a 32-bit smart card identifier number (G) which describes the smart card to which the master key has been issued, alternatively, G may be a group number describing a set of smart cards using the same master key (KM) and credit card number (C) .
- the length of the values presented herein are representative of a preferred embodiment of the present invention, but in practice may consist of any bit length.
- the master key is generated by an off-board application for the sole purpose of creating these cards and then destroyed.
- a one-time key is used for generating KM and destroyed.
- the KM is written to encryption smart card 200 when the smart card is initiated.
- KM must remain a secret because the key generation processes relies on three primary components: the range number (N) , which may be found, unencrypted, in the transmitted information; the public domain hashing algorithms; and KM. Of the three, KM is the only secret component which will not be transmitted.
- smart card number (G) is issued to the card or cards with the same KM.
- G can be any length, but a 4-byte value has been implemented.
- Credit card number (C) is a unique credit card account designation, which is assigned to each credit card customer, or group of customers sharing the same account .
- C can be any length, but it is currently implemented as a 16-byte value.
- Each encryption smart card 200 implements a key range variable (N) , which is a concatenation of the card group (G) , the individual card number (C) , and the reference number (n) (of the form OxGGGGCCCCCCCCCCCCCCCCCCCCCCnnnn) .
- key card #1 would have the range 0x0000123456789012345600000 - Ox00001234567890123456FFFFF and key card #2 would have the range 0x0001123456789012345600000 - 0x000141234567890123456FFFFF.
- n is incremented by one.
- the reference values e.g., OxFFFFF
- encryption smart card 200 can no longer be used for key generation. Up to 4096 key generation cards may be created for a given KM and each card generates a unique set of keys .
- a flowchart depicting a process for creating a billing digest for conducting a secure credit card transaction in accordance with a preferred embodiment of the present invention begins with a customer's card being swiped in a merchant's card terminal (step 302) .
- the customer's smart card will actually be inserted in a smart card terminal during the transaction.
- the interface may provide the user with a keypad for entering a personal identification number (PIN) or password.
- PIN personal identification number
- the smart card itself may require a biometric input such as a fingerprint from the customer prior to authorizing the customer to use the functionality of the smart cart.
- the merchant's card terminal authenticates itself to the customer's smart card by passing unique merchant information (M) to the customer's smart card (step 304) .
- the unique merchant information may include data such as a list of credit card issuers supported by the merchant, a valid credit card issuer merchant number for each credit card supported by the merchant, the transaction number, which is specific for each credit card issuer supported by the merchant, the time/date of the transaction, the purchase amount and the identification of the product or service.
- the unique merchant information (M) may include other merchant data with which to authorize the merchant's card terminal to the customer's smart card.
- the merchant's card terminal asks the customer's smart card for a billing digest (step 306) .
- the customer's smart card receives the unique merchant information (M) and the request for a billing digest, and compares the list of credit card issuers supported by the merchant with a list of credit card accounts resident on the smart card.
- the customer's smart card selects a credit card issuer to transact with either by matching the merchant's list with the customer's accounts or utilizing a preset credit card account selection variable or manual input by the customer to the card terminal interface (step 308) .
- the customer's smart card discards all data concerning other credit card issuers passed by the merchant.
- the smart card retrieves unique customer card values from the smart card memory (step 310) .
- the unique customer values include such variables as the customer credit card number (C) for the selected credit card account, smart card number (G) , a recurrent reference number (n) and a master key "(KM) for the selected credit card account.
- the customer credit card number (C) and the master key (KM) are provided to the customer's smart card by the credit card issuer at the time the card was issued or renewed. Additionally, the credit card issuer provides a range of reference numbers from which reference number (n) is iterated at each transaction.
- the customer's smart card After the customer's smart card has received the unique merchant information and retrieved the unique customer values, the customer's smart card concatenates the unique customer's values of customer credit card number (C) , smart card number (G) and the current referenced number (n) into a unique customer number (N) (step 312) .
- N CGn
- GetNextDigest ( ) the customer's smart card prepares a billing digest using the unique merchant information (M) , the > master key (KM) from the credit card issuer and the unique customer information (N) (step 314) . Smart card then increments the value of the current reference number (n) (step 316) .
- n n + 1
- the customer's encryption smart card can issue a maximum number of billing digests equal to the maximum value of n (reference number) . However, n is an incremental value that may be initialized at any value less than its maximum value.
- the actual number of encryption keys generated by a particular card may vary from one key to the maximum value of n number of billing digest, depending on the initial value which n was set.
- Multiple cards using the same credit card account number may be identified by the unique smart card number (G) involved in the transactions.
- G unique smart card number
- reference range value might be set from 000 - 199 on one smart card for a particular account, while another card drawn to the same account might have reference range values set from 500 - 699.
- the billing digest, the unique merchant information (M) and the unique customer information (N) are then passed to the merchant (step 318) .
- the merchant in turn transmits the billing digest, the unique merchant information (M) and the unique customer information (N) (the billing digest and transaction information) to the credit card issuer (step 320) .
- the process begins with the credit card issuer receiving the secure credit card transaction from the merchant (step 402) .
- a secured credit card transaction includes the billing digest and transaction information (unique merchant information (M) and the unique customer information (N) ) , which was transmitted by the merchant.
- the credit card issuer uses a parsing credit card algorithm to parse the unique customer information (N) into the separate unique customer values of the credit card number (C) , smart card number (G) and the current reference number (n) (step 404) .
- the credit card issuer performs a security check on the transaction by comparing the current reference number (n) to all previous reference numbers used to conduct previous credit card transactions with the customer (step 406) . All previous reference number values are stored in a database associated with the customer's credit card number (C) . The check is then made to determine whether the current reference number had been previously used (step 408) . If the credit card number had been previously used, the credit card issuer denies the transaction, alerts its internal security of the possibility of a fraud being perpetrated, and then returns a declination response to the merchant (step 410) . The process of responding to a secure transaction ends without completing the transaction.
- the credit card issuer looks up the master key (KM) using the customer's credit card number (C) (step 412) . With the master key (KM) and the unique customer values, the credit card issuer then invokes GetNextDigest () .
- the GetNextKeyO digest function is a hashing algorithm of which are well known in the art. With the GetNextDigest ( ) function, the credit card issuer prepares an authentication billing digest using unique merchant information (M) , the master key (KM) and unique customer information (step 414) .
- the authentication billing digest is exactly the same as the billing digest, with the exception that it is generated by the credit card issuer and not in the customer's smart card.
- the credit card issuer compares the authentication billing digest with the billing digest transmitted from the merchant (step 416) . If the authentication billing digest does not match the billing digest transmitted from the merchant, either an error has occurred during the transmission from the merchant or a fraud is being perpetrated.
- the credit card issuer then denies the transaction, alerts its internal security of the possibility of a fraud being perpetrated and returns a declination response and/or transmission error to the merchant (step 418) .
- the transaction between the merchant and the credit card issuer then ends.
- step 416 if the authentication billing digest generated by the credit card issuer exactly matches the billing digest transmitted from the merchant, the transaction can be completed. In that case, credit card issuer debits/credits the customer' s account for the transaction amount, credits/debits the merchant's account for the transaction amount and returns a transaction confirmation to the merchant (step 420) . The process is then complete with respect to responding to a secure transaction.
- the customer will perform the obligatory signing of the credit card receipt and the transaction information may be written onto the memory of the customer's smart card.
- the transaction is complete with the customer retrieving the smart card.
- FIG. 5 a flowchart depicting the process for invoking the GetNextDigest () function for creating billing digest, calling the GetNextDigest () function invokes a hashing algorithm.
- a hashing algorithm One of ordinary skill in the art would be familiar with a multitude of hashing algorithms either proprietary algorithms or algorithms in the public domain. The present invention will be described with respect to the HMAC-SHA-1 algorithm, which is intended as an example only and not meant to limit the scope of the invention.
- the GetNextDigest () process begins with HMAC processing. Variables K_ipad and K_opad are created and a copy of the master key (KM) is copied on each (step 502) . For each byte in K_ipad, exclusive OR (XOR) 0X36 onto it.
- XOR exclusive OR
- K__ipad is input into the SHA-1 hashing process (step 506) .
- the unique customer information (N) is retrieved from the transaction message (step 508) .
- the variable (N) is then added to the SHA-1 process (step 510) .
- the master key value (KM) is then added to the SHA-1 process (step 512) , and finally K_opad is added to the shay-1 hashing process (step 514) .
- the authentication billing digest is an output (step 516) . The process is now complete for invoking the GetNextDigest () function for creating billing digest.
- the above-described processes are modified by encrypting all pertinent information prior to passing information to the merchant.
- the customer has complete anonymity from tracking or profiling. This functionality is added to the customer's smart card.
- FIG. 6A and 6B a flowchart depicting a process for creating a billing digest for conducting a secure credit card transaction which cannot be tracked by a profiling agency in accordance with a preferred embodiment of the present invention.
- the process depicted in Figures 6A and 6B is similar with the process described above with respect to Figures 3A and 3B. Therefore, only the differences in the processes will be discussed in detail.
- the process begins with customer's smart card being swiped in the merchant's card terminal (step 602) .
- the merchant's card terminal authenticates itself to the customer's smart card by passing unique customer information (M) to the smart card (step 604) .
- M unique customer information
- the unique merchant information may include a list of credit card issuers supported by the merchant, a valid credit card issuer's merchant number for each credit card issuer supported by the merchant, the time/date of the transaction and the transaction amount.
- the merchant ' s card terminal then asks the customer ' s smart card for a billing digest (step 606) .
- the smart card compares the list of credit card issuers supported by the merchant with the customer's credit card accounts and selects a credit card issuer to transact it (step 608).
- the customer's smart card will utilize only the information with respect to the selected credit card issuer. Smart card then retrieves unique customer values from its memory (step 610) .
- Unique customer values include customer credit card number (C) , customer smart card number (G) and current reference number (n) , the master key (KM) for the selected credit card issuer.
- the smart card also retrieves a public key (KP) for the selected credit card issuer.
- KP public key
- the smart card invokes the GetNextDigest () function and concatenates the unique customer values into unique customer information (N) (step 612) .
- Smart card then prepares a billing digest using the unique merchant information (M) , master key (KM) and the unique customer information (N) (step 614) . Smart card then increments the value of the current reference number (n) (step 616) .
- n n + 1
- the smart card encrypts the unique merchant information (M) and the unique customer values (N) using the credit card issuers public key (KP) (step 618) . Once encrypted, all data passed to the merchants will be indecipherable. Smart card then passes the digest along with the encrypted unique merchant information (M) and the encrypted customer values (N) to the merchant (step 620) . The merchant then transmits the billing digest, encrypted unique merchant information (M) and the encrypted customer information (N) to the credit card issuer (step 622) . The process for creating a billing digest for conducting a secure credit card transaction is now complete.
- FIG. 7A and 7B a flowchart depicting a process for responding to an secure transaction which includes a billing digest, which cannot be tracked by a profiling agency in accordance with a preferred embodiment of the present invention.
- the process depicted in Figures 7A and 7B is similar in many respects with that described above in 4A and 4B. The only differences in the two processes will be discussed in detail.
- the process begins with a credit card issuer receiving a billing digest encrypted unique merchant information (M) and encrypted unique customer information (N) from the merchant (step 702) .
- the credit card issuer must decrypt unique merchant information (M) and unique customer information (N) prior to authenticating the information (step 704) .
- the credit card issuer decrypts the information using a private key. From here the process is identical with that described with respect to Figures 4A and 4B .
- the credit card issuer uses a parsing algorithm to parse the unique customer information (N) back into unique customer values (step 706) .
- the current reference number (n) compared to all previous reference numbers used to conduct prior transactions on the customer's credit card number (C) (step 708) .
- a check is made to determine if the reference number (n) had been previously used (step 710) . If the number had been previously used, the transaction is denied, internal security is alerted of the possibility of a fraud being perpetrated and a declination response is sent to the merchant (step 712) . The process then ends for that transaction.
- the credit card issuer uses customer's credit card number (C) to look up the master key (KM) issued to the customer (step 714) .
- the GetNextDigest () is invoked, which prepares an authentication billing digest using the unique merchant information (M) , the master key (KM) and the unique customer information (N) (step 716) .
- the credit card issuer checks the authentication billing digest against the billing digest transmitted from the merchant (step 718) . If the authentication billing digest does not exactly match the billing digest transmitted from the merchant, the transmission is denied.
- the credit card issuer alerts its internal security of the possibility of a fraud and returns a declination response and/or transmission error to the merchant (step 720) .
- the customer's account is debited/credited for the transaction amount and the merchant ' s account is credited/debited for the transaction amount (step 722).
- the credit card issuer returns a transaction confirmation to the merchant, it is understood that the confirmation must not contain any of the sensitive information that was previously encrypted in the transmission from the merchant which may identify the customer either by name or by credit card. The process ends.
- the mechanism of the present invention also may be applied to transactions other than commercial credit card transactions.
- the preferred processes are easily adapted to any transaction in which a smart card is used to transmit sensitive information.
- the transaction information may include any combination of information types from the customer and merchant with the exception of some private information, the master key, know only to the customer and the credit card issuer.
- the transaction information must provide the credit card issuer with a customer identifier for looking up the customer's account and master key, and, of course, a merchant identifier to look up the merchant's account.
- the embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated .
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001268548A AU2001268548A1 (en) | 2001-06-19 | 2001-06-19 | Method and system for secure credit card transactions |
PCT/US2001/019513 WO2002103642A2 (en) | 2001-06-19 | 2001-06-19 | Method and system for secure credit card transactions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2001/019513 WO2002103642A2 (en) | 2001-06-19 | 2001-06-19 | Method and system for secure credit card transactions |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002103642A2 true WO2002103642A2 (en) | 2002-12-27 |
WO2002103642A3 WO2002103642A3 (en) | 2003-03-13 |
Family
ID=21742654
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/019513 WO2002103642A2 (en) | 2001-06-19 | 2001-06-19 | Method and system for secure credit card transactions |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2001268548A1 (en) |
WO (1) | WO2002103642A2 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999057835A1 (en) * | 1998-05-05 | 1999-11-11 | Chen Jay C | A cryptographic system and method for electronic transactions |
US6199052B1 (en) * | 1998-03-06 | 2001-03-06 | Deloitte & Touche Usa Llp | Secure electronic transactions using a trusted intermediary with archive and verification request services |
US6205437B1 (en) * | 1993-12-16 | 2001-03-20 | Open Market, Inc. | Open network payment system for providing for real-time authorization of payment and purchase transactions |
-
2001
- 2001-06-19 AU AU2001268548A patent/AU2001268548A1/en not_active Abandoned
- 2001-06-19 WO PCT/US2001/019513 patent/WO2002103642A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6205437B1 (en) * | 1993-12-16 | 2001-03-20 | Open Market, Inc. | Open network payment system for providing for real-time authorization of payment and purchase transactions |
US6199052B1 (en) * | 1998-03-06 | 2001-03-06 | Deloitte & Touche Usa Llp | Secure electronic transactions using a trusted intermediary with archive and verification request services |
WO1999057835A1 (en) * | 1998-05-05 | 1999-11-11 | Chen Jay C | A cryptographic system and method for electronic transactions |
Also Published As
Publication number | Publication date |
---|---|
WO2002103642A3 (en) | 2003-03-13 |
AU2001268548A1 (en) | 2003-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7024395B1 (en) | Method and system for secure credit card transactions | |
US7983987B2 (en) | System and method for conducting secure payment transaction | |
US8315948B2 (en) | Method and device for generating a single-use financial account number | |
US7379919B2 (en) | Method and system for conducting secure payments over a computer network | |
US7844550B2 (en) | Method and device for generating a single-use financial account number | |
US7039809B1 (en) | Asymmetric encrypted pin | |
US7891563B2 (en) | Secure payment card transactions | |
US7841523B2 (en) | Secure payment card transactions | |
US20010056409A1 (en) | Offline one time credit card numbers for secure e-commerce | |
US20040199469A1 (en) | Biometric transaction system and method | |
US20040070566A1 (en) | Card present network transactions | |
US20080077798A1 (en) | System and method for secure verification of electronic transactions | |
CA2406375C (en) | An improved method and system for conducting secure payments over a computer network | |
AU2001257019A1 (en) | An improved method and system for conducting secure payments over a computer network | |
US6424953B1 (en) | Encrypting secrets in a file for an electronic micro-commerce system | |
US20040015688A1 (en) | Interactive authentication process | |
CN116195231A (en) | Token fault protection system and method | |
WO2002103642A2 (en) | Method and system for secure credit card transactions | |
EP1172776A2 (en) | Interactive authentication process | |
AU2007216920B2 (en) | An improved method and system for conducting secure payments over a computer network | |
AU2012201255B2 (en) | An improved method and system for conducting secure payments over a computer network | |
Hsu et al. | An online fraud-resistant technology for credit card E-transactions | |
EP1921579A2 (en) | An improved method and system for conducting secure payments over a computer network | |
Boyd | A pragmatic approach to temporary payment card numbers | |
WO2002006933A2 (en) | A system and method of making on-line purchases with enhanced security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |