Transaction card and method for reducing frauds
First Claim
1. A transaction card for use with a magnetic stripe reading head of a card reader, the card containing a key string and a cryptographic algorithm stored in a memory, the card comprising:
- first means for selectively activating the card;
second means for obtaining a value indicative of the number of times the card is activated;
third means for generating a signature using the key string, the value indicative of the number of times the card is activated and the cryptographic algorithm;
fourth means for generating a data stream comprising at least an identification number and the signature; and
a magnetic stripe emulator in communication with the third means for transferring the data stream to the magnetic stripe reading head.
1 Assignment
0 Petitions
Accused Products
Abstract
The transaction card and method are used for securing a transaction conducted by mean of a credit card, a debit card, a security card or any other card including information to be read by a magnetic card reader. The card is provided with a counter which increments by 1 or any other number each time the card is activated. This counter value is used with a key string in a cryptographic algorithm to produce a signature. The resulting data stream is then transmitted to a computer. The computer may be one of the servers of a bank, a credit card provider, a security department, etc. Once the data stream is received, the computer finds the record of the card or cardholder using the identification number or any other number, then determines with the signature if the transaction is legitimate or not. The counter value is also verified. Accordingly, if the counter value of the current transaction is below or equal to that of the last transaction, this means that someone is trying to use the same data stream twice or an expired data stream. Any suspect transaction would be denied and the standard protocol in case of the detection of a fraud initiated.
-
Citations
26 Claims
-
1. A transaction card for use with a magnetic stripe reading head of a card reader, the card containing a key string and a cryptographic algorithm stored in a memory, the card comprising:
-
first means for selectively activating the card;
second means for obtaining a value indicative of the number of times the card is activated;
third means for generating a signature using the key string, the value indicative of the number of times the card is activated and the cryptographic algorithm;
fourth means for generating a data stream comprising at least an identification number and the signature; and
a magnetic stripe emulator in communication with the third means for transferring the data stream to the magnetic stripe reading head. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A transaction card for use with a magnetic stripe reading head of a card reader, the card having a memory in which information is stored, the card comprising:
-
a battery;
a switch;
a microcontroller powered by the battery and activated upon receiving an activation signal from the switch, the microcontroller having encoded therein a computer program carrying out the tasks of;
obtaining a value indicative of the number of times the card is activated;
reading a key string from the memory of the card;
reading an identification number from the memory of the card;
generating a signature using a cryptographic algorithm in which is inputted at least the key string and the value indicative of the number of times the card is activated; and
generating a data stream comprising at least the identification number and the signature; and
a magnetic stripe emulator in communication with the microcontroller to transfer the data stream to the magnetic stripe reading head. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
-
activating the card;
obtaining a value indicative of the number of times the card is activated;
reading a key string and an identification number stored on the card;
generating a first signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
generating a data stream containing at least the identification number and the first signature;
transferring the data stream to the magnetic stripe reading head;
transmitting the data stream to the computer; and
upon receipt of the data stream by the computer;
a) finding a record corresponding to the card using the identification number;
b) attempting to find a match between the first signature and a second signature generated using the key string found in the record and one among a given number of sequential counter values starting with a next valid value obtained from the counter value of the last transaction, as indicated in the record;
c) determining that the transaction when a match if found between the first and second signature. - View Dependent Claims (12, 13, 14, 16, 17, 19, 20, 21, 22, 24, 25, 26)
-
-
15. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
-
activating the card;
obtaining a value indicative of the number of times the card is activated;
reading a key string and an identification number stored on the card;
generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
generating a data stream containing at least the identification number, the value indicative of the number of times the card is activated, and the signature;
transferring the data stream to the magnetic stripe reading head;
transmitting the data stream to the computer; and
upon receipt of the data stream by the computer;
a) finding a record corresponding to the card using the identification number;
b) determining if there is a match between the first signature and a second signature generated using the value indicative of the number of times the card is activated, as found in the data stream, and the key string obtained from the record;
c) determining whether the value indicative of the number of times the card is activated is higher than that of a last transaction with the card; and
d) determining that the transaction is valid when both b) and c) are answered in the affirmative.
-
-
18. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
-
activating the card;
obtaining a value indicative of the number of times the card is activated;
reading an encrypting key string and an identification number stored on the card;
generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
generating a data stream containing at least the identification number and the signature;
transferring the data stream to the magnetic stripe reading head;
transmitting the data stream to the computer; and
upon receipt of the data stream by the computer;
a) finding a record corresponding to the card using the identification number;
b) attempting to decrypt the signature using a decryption key string found in the record and one among a given number of sequential counter values starting with a next valid value obtained from the counter value of the last transaction, as indicated in the record;
c) determining whether the decryption is successful or not;
d) determining that the transaction is valid when c) is answered in the affirmative.
-
-
23. A method of reducing frauds using a transaction card containing information to be read by a magnetic stripe reading head of a card reader in communication with a computer, the method comprising:
-
activating the card;
obtaining a value indicative of the number of times the card is activated;
reading an encrypting key string and an identification number stored on the card;
generating a signature using a cryptographic algorithm stored on the card and in which is inputted at least the key string and the value indicative of the number of times the card is activated;
generating a data stream containing at least the identification number, the value indicative of the number of times the card is activated, and the signature;
transferring the data stream to the magnetic stripe reading head;
transmitting the data stream to the computer; and
upon receipt of the data stream by the computer;
a) finding a record corresponding to the card using the identification number;
b) decrypting the signature from the data stream using the value indicative of the number of times the card is activated, as found in the data stream, and a decryption key string obtained from the record;
c) determining whether the decryption is successful or not;
d) determining whether the value indicative of the number of times the card is activated is higher than that of a last transaction with the card; and
e) determining that the transaction is valid when both c) and d) are answered in the affirmative.
-
Specification