Transaction card and method for reducing frauds

US 20020043566A1
Filed: 07/13/2001
Published: 04/18/2002
Est. Priority Date: 07/14/2000
Status: Abandoned Application

First Claim

Patent Images

1. A transaction card for use with a magnetic stripe reading head of a card reader, the card containing a key string and a cryptographic algorithm stored in a memory, the card comprising:

first means for selectively activating the card;

second means for obtaining a value indicative of the number of times the card is activated;

third means for generating a signature using the key string, the value indicative of the number of times the card is activated and the cryptographic algorithm;

fourth means for generating a data stream comprising at least an identification number and the signature; and

a magnetic stripe emulator in communication with the third means for transferring the data stream to the magnetic stripe reading head.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The transaction card and method are used for securing a transaction conducted by mean of a credit card, a debit card, a security card or any other card including information to be read by a magnetic card reader. The card is provided with a counter which increments by 1 or any other number each time the card is activated. This counter value is used with a key string in a cryptographic algorithm to produce a signature. The resulting data stream is then transmitted to a computer. The computer may be one of the servers of a bank, a credit card provider, a security department, etc. Once the data stream is received, the computer finds the record of the card or cardholder using the identification number or any other number, then determines with the signature if the transaction is legitimate or not. The counter value is also verified. Accordingly, if the counter value of the current transaction is below or equal to that of the last transaction, this means that someone is trying to use the same data stream twice or an expired data stream. Any suspect transaction would be denied and the standard protocol in case of the detection of a fraud initiated.

Citations

26 Claims

1. A transaction card for use with a magnetic stripe reading head of a card reader, the card containing a key string and a cryptographic algorithm stored in a memory, the card comprising:
- first means for selectively activating the card;
  
  second means for obtaining a value indicative of the number of times the card is activated;
  
  third means for generating a signature using the key string, the value indicative of the number of times the card is activated and the cryptographic algorithm;
  
  fourth means for generating a data stream comprising at least an identification number and the signature; and
  
  a magnetic stripe emulator in communication with the third means for transferring the data stream to the magnetic stripe reading head.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A transaction card in accordance with claim 1, wherein the data stream comprises the value indicative of the number of times the card is activated.
  - 3. A transaction card in accordance with claim 1, wherein the first means comprises a switch.
  - 4. A transaction card in accordance with claim 3, wherein the switch is a pressure switch to be activated using finger pressure.
  - 5. A transaction card in accordance with claim 1, wherein the first means comprise a keyboard, the card further comprising means for comparing a PIN recorded in the memory of the card with a keyed number from the keyboard, the card being activated for a limited time if both numbers are matching.

6. A transaction card for use with a magnetic stripe reading head of a card reader, the card having a memory in which information is stored, the card comprising:
- a battery;
  
  a switch;
  
  a microcontroller powered by the battery and activated upon receiving an activation signal from the switch, the microcontroller having encoded therein a computer program carrying out the tasks of;
  
  obtaining a value indicative of the number of times the card is activated;
  
  reading a key string from the memory of the card;
  
  reading an identification number from the memory of the card;
  
  generating a signature using a cryptographic algorithm in which is inputted at least the key string and the value indicative of the number of times the card is activated; and
  
  generating a data stream comprising at least the identification number and the signature; and
  
  a magnetic stripe emulator in communication with the microcontroller to transfer the data stream to the magnetic stripe reading head.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A transaction card in accordance with claim 6, wherein the data stream further comprises the value indicative of the number of times the card is activated.
  - 8. A transaction card in accordance with claim 6, wherein the identification number comprises the serial number of the card.
  - 9. A transaction card in accordance with claim 6, wherein the switch is a pressure switch to be activated using finger pressure.
  - 10. A transaction card in accordance with claim 6, wherein the switch comprises a keyboard, the microcontroller further carrying out the tasks of:
    - receiving a keyed number from the keyboard;
      
      comparing the keyed number with a pre-recorded PIN read from a corresponding memory; and
      
      activating the card for a limited time if both numbers are matching.

11. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
- activating the card;
  
  obtaining a value indicative of the number of times the card is activated;
  
  reading a key string and an identification number stored on the card;
  
  generating a first signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
  
  generating a data stream containing at least the identification number and the first signature;
  
  transferring the data stream to the magnetic stripe reading head;
  
  transmitting the data stream to the computer; and
  
  upon receipt of the data stream by the computer;
  
  a) finding a record corresponding to the card using the identification number;
  
  b) attempting to find a match between the first signature and a second signature generated using the key string found in the record and one among a given number of sequential counter values starting with a next valid value obtained from the counter value of the last transaction, as indicated in the record;
  
  c) determining that the transaction when a match if found between the first and second signature.
- View Dependent Claims (12, 13, 14, 16, 17, 19, 20, 21, 22, 24, 25, 26)
- - 12. A method in accordance with claim 11, further comprising:
    - d) upon determining that the transaction is valid, recording one among the counter value used for generating the second signature matching the first signature or a next corresponding valid counter value.
  - 13. A method in accordance with claim 11, further comprising:
    - receiving a PIN keyed at a keyboard provided on the card;
      
      including the keyed PIN in the algorithm when generating the first signature; and
      
      upon receipt of the data stream by the computer, including the PIN as found in the record for generating the second signature.
  - 14. A method in accordance with claim 11, wherein the act of activating the card comprises comparing a pre-recorded PIN with a keyed number from a keyboard provided on the card, the card being activated for a limited time if both numbers are matching.
  - 16. A method in accordance with claim 15, further comprising:
    - receiving a PIN keyed at a keyboard provided on the card;
      
      including the keyed PIN in the algorithm when generating the first signature; and
      
      upon receipt of the data stream by the computer, including the PIN as found in the record for generating the second signature.
  - 17. A method in accordance with claim 15, wherein the act of activating the card comprises comparing a pre-recorded PIN with a keyed number from a keyboard provided on the card, the card being activated for a limited time if both numbers are matching.
  - 19. A method in accordance with claim 18, further comprising:
    - e) upon determining that the transaction is valid, recording one among the counter value used for decrypting the signature or a next corresponding valid counter value.
  - 20. A method in accordance with claim 18, further comprising:
    - receiving a PIN keyed at a keyboard provided on the card;
      
      including the keyed PIN in the algorithm when generating the signature; and
      
      upon receipt of the data stream by the computer, including the PIN as found in the record for decrypting the signature.
  - 21. A method in accordance with claim 18, wherein the encryption key string and the decryption key string are identical.
  - 22. A method in accordance with claim 18, wherein the act of activating the card comprises comparing a pre-recorded PIN with a keyed number from a keyboard provided on the card, the card being activated for a limited time if both numbers are matching.
  - 24. A method in accordance with claim 23, wherein the encryption key string and the decryption key string are identical.
  - 25. A method in accordance with claim 23, further comprising:
    - receiving a PIN keyed at a keyboard provided on the card;
      
      including the keyed PIN in the algorithm when generating the signature; and
      
      upon receipt of the data stream by the computer, including the PIN as found in the record for decrypting the signature.
  - 26. A method in accordance with claim 23, wherein the act of activating the card comprises comparing a pre-recorded PIN with a keyed number from a keyboard provided on the card, the card being activated for a limited time if both numbers are matching.

15. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
- activating the card;
  
  obtaining a value indicative of the number of times the card is activated;
  
  reading a key string and an identification number stored on the card;
  
  generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
  
  generating a data stream containing at least the identification number, the value indicative of the number of times the card is activated, and the signature;
  
  transferring the data stream to the magnetic stripe reading head;
  
  transmitting the data stream to the computer; and
  
  upon receipt of the data stream by the computer;
  
  a) finding a record corresponding to the card using the identification number;
  
  b) determining if there is a match between the first signature and a second signature generated using the value indicative of the number of times the card is activated, as found in the data stream, and the key string obtained from the record;
  
  c) determining whether the value indicative of the number of times the card is activated is higher than that of a last transaction with the card; and
  
  d) determining that the transaction is valid when both b) and c) are answered in the affirmative.

18. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
- activating the card;
  
  obtaining a value indicative of the number of times the card is activated;
  
  reading an encrypting key string and an identification number stored on the card;
  
  generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
  
  generating a data stream containing at least the identification number and the signature;
  
  transferring the data stream to the magnetic stripe reading head;
  
  transmitting the data stream to the computer; and
  
  upon receipt of the data stream by the computer;
  
  a) finding a record corresponding to the card using the identification number;
  
  b) attempting to decrypt the signature using a decryption key string found in the record and one among a given number of sequential counter values starting with a next valid value obtained from the counter value of the last transaction, as indicated in the record;
  
  c) determining whether the decryption is successful or not;
  
  d) determining that the transaction is valid when c) is answered in the affirmative.

23. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
- activating the card;
  
  obtaining a value indicative of the number of times the card is activated;
  
  reading an encrypting key string and an identification number stored on the card;
  
  generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
  
  generating a data stream containing at least the identification number, the value indicative of the number of times the card is activated, and the signature;
  
  transferring the data stream to the magnetic stripe reading head;
  
  transmitting the data stream to the computer; and
  
  upon receipt of the data stream by the computer;
  
  a) finding a record corresponding to the card using the identification number;
  
  b) decrypting the signature from the data stream using the value indicative of the number of times the card is activated, as found in the data stream, and a decryption key string obtained from the record;
  
  c) determining whether the decryption is successful or not;
  
  d) determining whether the value indicative of the number of times the card is activated is higher than that of a last transaction with the card; and
  
  e) determining that the transaction is valid when both c) and d) are answered in the affirmative.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Groupe Telplus Incorporated
Original Assignee
Groupe Telplus Incorporated
Inventors
Goodman, Alan, Perron, David

Application Number

US09/905,641
Publication Number

US 20020043566A1
Time in Patent Office

Days
Field of Search
US Class Current

235/492
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/342   Cards defining paid or bill...

G06Q 20/363   with the personal data of a...

G06Q 20/367   involving electronic purses...

G06Q 20/4093   Monitoring of device authen...

G06Q 20/40975   using encryption therefor

G07F 7/025   by means, e.g. cards, provi...

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Transaction card and method for reducing frauds

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction card and method for reducing frauds

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links