Multi-purpose transaction card system
First Claim
1. A method for public-key digital authentication of messages, comprising the steps of:
- creating a private key by a signing party;
making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
creating a set of one-time signatures;
forming a compression hierarchy of said one-time signatures;
forming a public key digital signature, verifiable with said public key, on said compression hierarchy;
storing edges of said compression hierarchy by an endorser;
endorsing by signing with at least one of said one-time, signatures and providing stored edge values;
verification of said one-time signature and said edge values supplied and said digital signature on said compression values; and
accomplishing the foregoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a multi-purpose transaction card system comprising an issuer, one or more cards, one or more terminals, and optionally one or more acquires, communicating using a variety of cryptographic confidentiality and authentication methods. Cards authenticate messages using public key based cryptographic without themselves performing the extensive computations usually associated with such cryptography. Integrity of complex transaction sequences and plural card storage updates are maintained even under intentionally generated interruptions and/or modifications of data transmitted between card and terminal. Cards do not reveal any information to the terminal which is not directly necessary for the transaction or any information to which the terminal should not have access, though externally measurable aspects of its behavior. Transaction types supported include those suitable for off-line credit cards, in which the “open to buy” is maintained on the card.
-
Citations
72 Claims
-
1. A method for public-key digital authentication of messages, comprising the steps of:
-
creating a private key by a signing party;
making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
creating a set of one-time signatures;
forming a compression hierarchy of said one-time signatures;
forming a public key digital signature, verifiable with said public key, on said compression hierarchy;
storing edges of said compression hierarchy by an endorser;
endorsing by signing with at least one of said one-time, signatures and providing stored edge values;
verification of said one-time signature and said edge values supplied and said digital signature on said compression values; and
accomplishing the foregoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Apparatus for public-key digital authentication of messages, comprising:
-
means for creating a private key by a signing party;
means for making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
means for creating a set of one-time signatures;
means for forming a compression hierarchy of said one-time signatures;
means for forming a public key digital signatures, verifiable with said public key, on said compression hierarchy;
means for storing edges of said compression hierarchy by an endorser;
means for endorsing, comprising means for signing with one of said one-time signatures and means for providing stored edge values;
means for verification of a one-time signature and compression hierarchy values supplied and for verification of said digital signature on said compression value and means for accomplishing the foregoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges. - View Dependent Claims (7, 8)
-
-
9. A method for financial transactions, comprising the steps of:
-
maintaining a challenge seed by a terminal for use with respect to at least one subsequent transaction;
issuing a challenge seed modifier by an on-line server to said terminal;
modifying said challenge seed by said terminal at least responsive to said modifier;
developing a challenge value for use in a subsequent transaction, where said challenge value depends oat least substantially on said challenge seed; and
accomplishing the foregoing so as to make said challenge unpredictable even to someone privy to the secrets of said terminal.
-
-
10. Apparatus for financial transactions, comprising:
-
means for maintaining a challenge seed by a terminal for use with respect to at least one subsequent transaction;
means for issuing a challenge seed modifier by an on-line server to said terminal;
means for modifying said challenge seed by said terminal at least responsive to said modifier;
means for developing a challenge value for use in a subsequent transaction, where said challenge value depends oat least substantially on said challenge seed; and
means for accomplishing the foregoing so as to make said challenge unpredictable even to someone privy to the secrets of said terminal.
-
-
11. A method for public key digital authentication of a message, comprising the steps of:
-
creating a private key for a signing party;
making a public key, corresponding to said private key, verifiable by at least a receiving party;
generating the commit value of a commit-challenge-response protocol by said signing party;
sending said commit value to said receiving party;
forming a mutually random value by said signing party and said receivable party;
choosing the challenge value of said commit-challenge-response protocol as the hash value of the concatenation of the message to be authenticated and said mutually random value;
generating the response value of said commit-challenge-response protocol by said signing party;
sending said response value to said receiving party; and
verifying said response value by said receiving party. - View Dependent Claims (12)
-
-
13. Apparatus for public key digital authentication of a message, comprising:
-
means for creating a private key for a signing party;
means for making a public key, corresponding to said private key, verifiable by at least a receiving party;
means for generating the commit value of a commit-challenge-response protocol by said signing party;
means for sending said commit value to said receiving party;
means for forming a mutually random value by said signing party and said receiving party;
means for choosing a mutually random value by said commit-challenge-response protocol as the hash value of the concatenation of the message to be authenticated and said mutually random value;
means for generating the response value of said commit-challenge-response protocol by said signing party;
means for sending said response value to said receiving party; and
means for verifying said response by said receiving party.
-
-
14. A method for storing data in non-volatile memory, comprising the steps of:
-
initializing a commit value to a logical zero;
storing one or more descriptions of modifications to be made;
setting said commit value to a logical one;
performing the modifications specified by said descriptions setting said commit value to a logical zero; and
detecting interruptions in the above mentioned steps, and upon detection performing the steps of;
a) inspecting said commit value;
b) performing said modifications if said commit value is a logical one;
c) setting said commit value to a logical zero - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. Apparatus for storing data in non-volatile memory, comprising:
-
retention means for a single bit commit value;
retention means for one or more modification descriptions to be made;
initialization means to ensure that said commit value is a logical zero during a prefix of the card life;
means for storing one or more modification descriptions to be made in said second retention means;
means for setting said commit value to a logical one;
means for performing the modifications specified by said descriptions;
means for setting said commit value to a logical zero; and
means for detecting an interruption of normal processing and triggering;
a) means for inspecting said commit value;
b) means for performing said modifications if said commit value is a logical one; and
d) means for setting said commit value to a logical zero.
-
-
26. A method for handling memory errors in a computing device with non-volatile memory, comprising the steps of:
-
initializing a mode value to indicate a first mode;
detecting the occurrence of an errornous state of said memory;
setting said mode value to indicate a second mode upon detection of said errornous state;
inspecting said mode value in at least one of the processes executed by said computing device; and
modifying the behaviour of said process depending on the value of said mode value. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. Apparaturs for handling memory errors in a computing device with non-volatile memory, comprising of:
-
means for initializing a mode value to indicate a first mode;
means for detecting the occurrence of an errornous state of said memory;
means for setting said mode value to indicate a second mode upon detection of said errornous state;
means for inspecting said mode value in at least one of the processes executed by said computing device; and
means for modifying the behaviour of said process depending on the value of said mode value.
-
-
33. A method for communicating and linking a plurality of indepent action between a terminal and a card, with improvements comprising the steps of:
-
initializing a first hash state in said card to a known value before the start of the communication;
initializing a second hash state in said terminal to a known value before the start of the communication;
updating said first hash state using a function which takes said first hash state and substantially the data associated with an independent action as input and yields the new value for said first hash state as output;
updating said second hash state using a function which takes said second hash state and substantially the data associated with an independent action as input and yields the new value for said second hash state as output; and
making at least some of the data communicated between said terminal and said card dependent on said hash states. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. Apparatus for communicating and linking a plurality of indepent actions between a terminal and a card, with improvements comprising of:
-
retention means for a first hash state in said card;
retention means for a second hash state in said terminal;
means for initializing said first hash state in said card to a known value before the start of the communication;
means for initializing said second hash state in said terminal to a known value before the start of the communication;
means for updating said first hash state using a function which takes said first hash state and substantially the data associated with an independent action as input and yields the new value for said first hash state as output;
means for updating said second hash state using a function which takes said second hash state and substantially the data associated with an independent action as input and yields the new value for said second hash state as output; and
means for making at least some of the data communicated between said terminal and said card dependent on said hash states.
-
-
48. A method for performing computations by a card which is communicating with a terminal comprising the steps of:
-
sending a first message by said terminal;
receiving said first message by said card;
performing computations by said card on the data received in said first message and data stored in the memory of said card;
sending a second message by said card;
receiving said second message by said terminal; and
inducing a delay between said first message and said second message, where the duration of said delay is determined solely by public information consisting of the contents of the messages received by said card before said delay, the contents of the messages sent by said card before said delay, and by data that said card would send to said terminal in subsequent communications given appropriate requests by said terminal - View Dependent Claims (49, 50, 51, 52)
-
-
53. Apparatus for performing computations by a card which is communicating with a terminal comprising of:
-
means for sending a first message by said terminal;
means for receiving said first message by said card;
means for performing computations by said card on the data received in said first message and data stored in the memory of said card;
means for sending a second message by said card;
means for receiving said second message by said terminal; and
means for inducing a delay between said first message and said second message, where the duration of said delay is determined solely by public information consisting of the contents of the messages received by said card before said delay, the contents of the messages sent by said card before said delay, and by data that said card would send to said terminal in subsequent communications given appropriate requests by said terminal.
-
-
54. A method for converting a set of instructions, comprising steps of:
-
inspecting said set of instructions;
determining the conditions used in said set;
adding instructions to said set which convert said conditions to values; and
rewriting expressions contained in said set to an equivalent formulation using said values instead of conditional execution of instructions.
-
-
55. Apparatus for converting a set of instructions, comprising of:
-
retention means for storing a set of instructions;
means for inspecting said set of instructions;
means for determining the conditions used in said set; and
means for adding instructions to said set which convert said conditions to values;
means for rewriting expressions contained in said set to an equivalent formulation using said values instead of conditional execution of instructions.
-
-
56. A method for collecting transaction information related to one or more transactions from a terminal by an acquirer, comprising steps of:
-
computing by said terminal a first value from said transaction information, whose size is substantially smaller than the size of said transaction information;
sending by said terminal to said acquirer a first message including an indication of the number of transactions, the applicable totals of the transactions, and said first value;
receiving said first message by said acquirer;
storing substantially the data from said first message by said acquirer for future computations;
making a random selection from the set of transaction, and sending said random selection in a second message to said terminal;
receiving said second message by said terminal, sending by said terminal to said acquirer in a third message substantially the transaction information for the transactions in said selection. - View Dependent Claims (57, 58, 59)
-
-
60. Apparatus for collecting transaction information related to one or more transactions from a terminal by an acquirer, comprising:
-
means for computing by said terminal a first value from said transaction information, whose size is substantially smaller than the size of said transaction information;
means for sending by said terminal to said acquirer a first message including an indication of the number of transactions, the applicable totals of the transactions, and said first value;
means for receiving said first message by said acquirer;
retention means for storing substantially the data from said first message by said acquirer for future comparisons;
means for making a random selection from the set of transaction;
means for sending said random selection in a second message to said terminal;
means for receiving said second message by said terminal; and
means for sending by said terminal to said acquirer in a third message substantially the transaction information for the transactions in said selection.
-
-
61. A method for conducting financial transactions using a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements comprising the steps of:
-
generating variable transaction data which is typically different for different transactions;
constructing a message block whose value depends on at least some of said variable transaction data;
generating by said card of an authentication based on public key cryptography on said message block;
sending said authentication in a message to said terminal;
receiving said message by said terminal; and
verifying said authentication by said terminal. - View Dependent Claims (62)
-
-
63. Apparatus for conducting financial transactions comprising a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements characterized by:
-
means for generating variable transactoin data which is typically different for different transactions;
means for constructing a message block whose value depends on at least some of said variable transaction data;
means for generating by said card of an authentication based on public key cryptography on said message block;
means for sending said authentication in a message to said terminal;
means for receiving said message by said terminal; and
means for verifying said authentication by said terminal.
-
-
64. A method for conducting financial transactions using a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements comprising the steps of:
-
maintaining a balance value in said card for all financial transaction applications;
decreasing said balance value by the amount of each transaction; and
refusing an off-line transaction if the amount of said transaction exceeds said balance value. - View Dependent Claims (65, 66, 67)
-
-
68. Apparatus for conducting financial transactions comprising a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements characterized by:
-
retention means for a balance value in said card;
means for decreasing said balance value by the amount of each transaction; and
menas for refusing an off-line transaction if the amount of said transaction exceeds said balance value.
-
-
69. A method for conducting financial transactions using a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements comprising the step of:
incrementing the transaction counter ATC only for those transactions which are completed successfully.
-
70. Apparatus for conducting financial transactions comprising a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements characterized by:
means for incrementing the transaction counter ATC only for those transactions which are completed successfully.
-
71. A method for conducting financial transactions using a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements comprising the steps of:
-
making a decision by said card whether to allow an off-line transaction or require an on-line transaction in a fixed amount of time; and
storing said decision in a fixed amount of time.
-
-
72. Apparatus for conducting financial transactions using a card, a terminal, and an issuer substantially according to the EMV specifications, with improvements comprising the steps of:
-
means for making a decision by said card whether to allow an off-line transaction or require an on-line transaction in a fixed amount of time; and
means for storing said decision in a fixed amount of time.
-
Specification