Patent•
Transaction security system
IBM1
06 Jan 1987-
TL;DR: In this paper, an electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centers.
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centers. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The POS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing center. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid. The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
Citations
More filters
Patent•
11 Sep 1998TL;DR: In this paper, a method and system for placing an order to purchase an item via the Internet is described, where an order is placed by a purchaser at a client system and received by a server system.
Abstract: A method and system for placing an order to purchase an item via the Internet. The order is placed by a purchaser at a client system and received by a server system. The server system receives purchaser information including identification of the purchaser, payment information, and shipment information from the client system. The server system then assigns a client identifier to the client system and associates the assigned client identifier with the received purchaser information. The server system sends to the client system the assigned client identifier and an HTML document identifying the item and including an order button. The client system receives and stores the assigned client identifier and receives and displays the HTML document. In response to the selection of the order button, the client system sends to the server system a request to purchase the identified item. The server system receives the request and combines the purchaser information associated with the client identifier of the client system to generate an order to purchase the item in accordance with the billing and shipment information whereby the purchaser effects the ordering of the product by selection of the order button.
1,828 citations
Patent•
[...]
24 Oct 1995
TL;DR: In this article, a network-based sales system includes at least one buyer computer for operation by a user desiring to buy a product, a merchant computer, and a payment computer.
Abstract: A network-based sales system includes at least one buyer computer for operation by a user desiring to buy a product, at least one merchant computer, and at least one payment computer. The buyer computer, the merchant computer, and the payment computer are interconnected by a computer network. The buyer computer is programmed to receive a user request for purchasing a product, and to cause a payment message to be sent to the payment computer that comprises a product identifier identifying the product. The payment computer is programmed to receive the payment message, to cause an access message to be created that comprises the product identifier and an access message authenticator based on a cryptographic key, and to cause the access message to be sent to the merchant computer. The merchant computer is programmed to receive the access message, to verify the access message authenticator to ensure that the access message authenticator was created using the cryptographic key, and to cause the product to be sent to the user desiring to buy the product.
1,697 citations
Patent•
14 Jun 2016
TL;DR: Newness and distinctiveness is claimed in the features of ornamentation as shown inside the broken line circle in the accompanying representation as discussed by the authors, which is the basis for the representation presented in this paper.
Abstract: Newness and distinctiveness is claimed in the features of ornamentation as shown inside the broken line circle in the accompanying representation.
1,500 citations
Patent•
03 Jun 1996
TL;DR: In this paper, the authors describe a system for controlling and monitoring access to network servers that includes client-server sessions over the Internet, where when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account.
Abstract: This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.
1,321 citations
Patent•
13 Dec 1994
TL;DR: In this paper, a complete system for the purchasing of goods or information over a computer network is presented, where a network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components.
Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time. Payment orders are signed with authenticators that can be based on any combination of a secret function of the payment order parameters, a single-use transaction identifier, or a specified network address.
1,038 citations
References
More filters
Patent•
23 Jun 1982
TL;DR: In this article, an efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of the plurality of acquirer institutions and one of an issuer institutions, with selected elements of the data being encrypted, decrypted and processed using a onetime session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages.
Abstract: An efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of a plurality of acquirer institutions and one of a plurality of issuer institutions, with selected elements of the data being encrypted, decrypted, and processed using a onetime session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages. A session key authentication code is utilized to prevent the replay of a previously used session key, thereby precluding undetected message replay or undetected message or data element substitution or insertion.
483 citations
Patent•
07 Mar 1984
TL;DR: In this paper, a portable electronic transaction device and a terminal are presented, which is arranged to operate in either a stand-alone mode during which it monitors itself for abnormal conditions or in an operating mode for the transmission of information there between.
Abstract: A portable electronic transaction device and a terminal therefor. The device comprises a central data processor, a fixed memory, an adaptable memory, optical means for transmitting and receiving information to and from the terminal and self-contained power source means, such as an on-board battery. The device is arranged to operate in either a stand-alone mode during which it monitors itself for abnormal conditions or in an operating mode during which it communicates with said terminal for the transmission of information therebetween. The device also includes cryptographic means for encrypting outgoing information and decrypting incoming information in accordance with cryptographic information stored in its memory. The cryptographic information is modified as a function of time by clock means in the device and/or a function of information transmitted to the device by the terminal or stored in the device. During the standby mode of operation the device monitors itself, whereas in its operational mode it communicates with the terminal. Power for the standy mode is provided, via the on-board battery. Power for the operation of the device in the operational mode is provided via photocells in the device which are arranged to receive light from lamp means in the terminal.
406 citations
Patent•
25 Jun 1982
TL;DR: In this paper, the authors present a cryptographic apparatus which may be personalized to its owner, which can be used by the owner to identify himself to an external computer system, perform various financial transactions with an external system, and to provide various kinds of credentials to the external system.
Abstract: The invention provides a cryptographic apparatus which may be "personalized" to its owner. The apparatus may be utilized by its owner to identify himself to an external computer system, to perform various financial transactions with an external system, and to provide various kinds of credentials to an external system. The apparatus, in one embodiment, is separable into a cryptographic device, packaged in a tamper resistant housing, and a personal terminal device. The cryptographic device includes interface circuitry to permit information exchange with the external system, a memory device for storage of data necessary to allow identification of the owner, and control logic for controlling the exchange of data with the external system to identify the owner. Certain data which must be utilized to perform the identification information exchange is stored in the memory device in encrypted form. The decryption of this data requires the entry of a secret ID, known to the owner. The personal terminal device includes a data entry capability to allow the owner to enter his secret ID. Certain embodiments of the personal terminal device include data display capability to provide transaction information to the owner. Other embodiments include memory devices and a processor to allow storage and manipulation of relatively unsecured data of the owner.
373 citations
Patent•
14 Feb 1984
TL;DR: In this article, a security system is disclosed for use in an electronic funds transfer environment, which includes a central processor and a portable transaction device, and the security code may be verified immediately or during the check clearing cycle at the central processor.
Abstract: A security system is disclosed for use in an electronic funds transfer environment. The system includes a central processor and a portable transaction device. During initiation, the central processor generates a sequence of transaction numbers and associated random numbers. This data is supplied to and stored in the portable transaction device. In operation, the next available random number is determined and combined with a transaction parameter to generate a security code. The security code may be verified immediately or during the check clearing cycle at the central processor. In the preferred embodiment, in the on-line operation, the selection of the ramdom number is altered by a random offset number further enhancing security.
297 citations
Patent•
02 Feb 1981
TL;DR: In this article, the authors proposed a method for efficiently protecting transactions and providing authentication of users and devices in on-line systems that transfer funds electronically, dispense cash, or provide a good or permit a service to be utilized.
Abstract: Method for efficiently protecting transactions and providing authentication of users and devices in on-line systems that transfer funds electronically, dispense cash, or provide a good or permit a service to be utilized. The transaction may be initiated by a magnetic-striped plastic card at an attended or unattended terminal (10, 11, 12) and requires the entry of a preassigned Personal Identification Number through a keyboard (20). The Personal Identification Number is encrypted (23) more than once at the terminal and other means are used in order to prevent the utilization of certain tapped-line data. The data required to validate and authorize the transaction is transmitted securely to a centralized computer (14) which accesses from its stored data base (15) the data that is required to decrypt and validate the transaction, including the encrypted Personal Identification Number corresponding to the received transaction data. A secret Terminal Master Key must be maintained securely at each terminal and may differ at each terminal. A list of such Terminal Master Keys and other secret data must be securely maintained at the centralized computer. Means for multiple-encryptions and decryptions in a predetermined way must also be maintained at each terminal and at the centralized computer. Means (34) are provided for securely returning a response to the terminal at which the transaction was initiated to authorize or reject the requested transaction. These functions are accomplished in a way that permits efficient utilization of data communications lines and reduces or eliminate perpetration of fraud by any of various means.
242 citations