WO2002103642A3 - Method and system for secure credit card transactions - Google Patents

Method and system for secure credit card transactions Download PDF

Info

Publication number
WO2002103642A3
WO2002103642A3 PCT/US2001/019513 US0119513W WO02103642A3 WO 2002103642 A3 WO2002103642 A3 WO 2002103642A3 US 0119513 W US0119513 W US 0119513W WO 02103642 A3 WO02103642 A3 WO 02103642A3
Authority
WO
WIPO (PCT)
Prior art keywords
digest
billing
merchant
customer
information
Prior art date
Application number
PCT/US2001/019513
Other languages
French (fr)
Other versions
WO2002103642A2 (en
Inventor
Steven H Mccown
James P Hughes
Michael L Leonhardt
Charles A Milligan
Original Assignee
Storage Technology Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Storage Technology Corp filed Critical Storage Technology Corp
Priority to AU2001268548A priority Critical patent/AU2001268548A1/en
Priority to PCT/US2001/019513 priority patent/WO2002103642A2/en
Publication of WO2002103642A2 publication Critical patent/WO2002103642A2/en
Publication of WO2002103642A3 publication Critical patent/WO2002103642A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/047Payment circuits using payment protocols involving electronic receipts
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

A customer making a credit card transaction inserts their smart card into a card reader attached to the merchant's system. The card reader activates the customer's card and passes certain merchant information. The merchant's system then requests a 'billing digest' from the customer's card. The billing digest is returned to the merchant's card reader that forwards it (and the transaction information which includes customer information and merchant information) to the corresponding credit card issuer, which maintains the customer's credit card account. In one embodiment, the customer information and the merchant information are encrypted. Upon receiving the billing digest, transaction information is decrypted if necessary and the credit card issuer looks up the customer's master key using the customer's account number. The credit card issuer then uses the transaction information to re-compute the billing digest (an authentication billing digest) and compares this new value with the billing digest submitted by the merchant. If authentic, the billing digest and authentication billing digest values are equivalent, then funds are transferred and an acceptance notification is returned to the merchant. If not authentic, a denial notification is returned to the merchant. Security is further enhanced by utilizing a unique reference for each transaction in the unique customer information used for creating the billing digest.
PCT/US2001/019513 2001-06-19 2001-06-19 Method and system for secure credit card transactions WO2002103642A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001268548A AU2001268548A1 (en) 2001-06-19 2001-06-19 Method and system for secure credit card transactions
PCT/US2001/019513 WO2002103642A2 (en) 2001-06-19 2001-06-19 Method and system for secure credit card transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2001/019513 WO2002103642A2 (en) 2001-06-19 2001-06-19 Method and system for secure credit card transactions

Publications (2)

Publication Number Publication Date
WO2002103642A2 WO2002103642A2 (en) 2002-12-27
WO2002103642A3 true WO2002103642A3 (en) 2003-03-13

Family

ID=21742654

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/019513 WO2002103642A2 (en) 2001-06-19 2001-06-19 Method and system for secure credit card transactions

Country Status (2)

Country Link
AU (1) AU2001268548A1 (en)
WO (1) WO2002103642A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057835A1 (en) * 1998-05-05 1999-11-11 Chen Jay C A cryptographic system and method for electronic transactions
US6199052B1 (en) * 1998-03-06 2001-03-06 Deloitte & Touche Usa Llp Secure electronic transactions using a trusted intermediary with archive and verification request services
US6205437B1 (en) * 1993-12-16 2001-03-20 Open Market, Inc. Open network payment system for providing for real-time authorization of payment and purchase transactions

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6205437B1 (en) * 1993-12-16 2001-03-20 Open Market, Inc. Open network payment system for providing for real-time authorization of payment and purchase transactions
US6199052B1 (en) * 1998-03-06 2001-03-06 Deloitte & Touche Usa Llp Secure electronic transactions using a trusted intermediary with archive and verification request services
WO1999057835A1 (en) * 1998-05-05 1999-11-11 Chen Jay C A cryptographic system and method for electronic transactions

Also Published As

Publication number Publication date
AU2001268548A1 (en) 2003-01-02
WO2002103642A2 (en) 2002-12-27

Similar Documents

Publication Publication Date Title
CA2182464C (en) Radio frequency transponder stored value system employing a secure encryption protocol
US5559887A (en) Collection of value from stored value systems
US5596643A (en) Network settlement performed on consolidated information
US5621796A (en) Transferring information between transaction networks
US6857566B2 (en) Method and system for conducting transactions using a payment card with two technologies
US5544086A (en) Information consolidation within a transaction network
US6182894B1 (en) Systems and methods for authorizing a transaction card
US5633930A (en) Common cryptographic key verification in a transaction network
US6816058B2 (en) Bio-metric smart card, bio-metric smart card reader and method of use
CN102696047B (en) Encryption hand-off process
US7500606B2 (en) Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
EP0172670A2 (en) An apparatus for effecting and recording monetary transactions
WO2008061234A2 (en) Dynamic magnetic stripe
CN101095144A (en) Presentation instrument security arrangement and methods
CN101048794A (en) Method and system for authorizing a transaction using a dynamic authorization code
WO2002086826A8 (en) Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications
CN103886449A (en) Visible-code-based payment method and system with multiple security combination mechanisms
JP2004500671A (en) Improved method and system for making secure payments over a computer network
JPS6061863A (en) Method and system for managing code key
CN101351809A (en) System and method for secured account numbers in proximity devices
US6829597B1 (en) Method, apparatus and computer program product for processing cashless payments
WO2002071177A3 (en) Method and system for substantially secure electronic transactions
US20060186191A1 (en) Methods and apparatus for providing a security value for a payment device
WO2002103642A3 (en) Method and system for secure credit card transactions
WO2000008610A1 (en) Offline verification of integrated circuit card using hashed revocation list

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP