Transparently securing data for transmission on financial networks

US 20060049256A1
Filed: 05/12/2005
Published: 03/09/2006
Est. Priority Date: 09/07/2004
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting data for transmission on unsecured public networks, comprising the steps of:

a) using an MSR for reading magnetic stripe card track data;

b) selecting pre-defined card track data;

c) removing said selected pre-defined card track data;

c) encrypting said removed selected pre-defined data;

d) replacing said removed data with said encrypted data; and

e) outputting said encrypted data into an unsecured public network for the purpose of completing a financial transaction;

whereby the system maintains universal message format compatibility with the original magnetic stripe card data infrastructure system.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure magnetic stripe card stripe reader (MSR) module and software system capable of encrypting the magnetic stripe data to CPI, SDP and CISP standards for use in point of sale (POS) and other applications requiring data security using non secure networks and computing devices. Additionally, when incorporated within an attachment for conventional personal digital assistant (PDA) or cell phone or stationary terminal, provides encrypted data from the magnetic head assembly providing compliance with Federal Information Processing Standards Publication Series FIPS 140 covering security and tampering standards. Moreover, this module and software system includes the capability of providing secure POS transactions to legacy transaction processing systems and POS terminals transparently to the existing infrastructure. Furthermore, this module and software system includes the capability of transparently providing detection of fraudulently copied magnetic stripe cards.

287 Citations

26 Claims

1. A method for encrypting data for transmission on unsecured public networks, comprising the steps of:
- a) using an MSR for reading magnetic stripe card track data;
  
  b) selecting pre-defined card track data;
  
  c) removing said selected pre-defined card track data;
  
  c) encrypting said removed selected pre-defined data;
  
  d) replacing said removed data with said encrypted data; and
  
  e) outputting said encrypted data into an unsecured public network for the purpose of completing a financial transaction;
  
  whereby the system maintains universal message format compatibility with the original magnetic stripe card data infrastructure system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method for encrypting data for transmission on unsecured public networks, according to claim 1, further wherein said magnetic stripe data consists of financial transaction data as specified in ISO/IEC 7813:
    - 2001(E), whereby the system maintains universal message format compatibility with any credit card payment infrastructure system, and does not adversely effect legacy POS equipment used to process transactions.
  - 3. The method for encrypting data for transmission on unsecured public networks, according to claim 1, wherein said selected pre-defined removed data and said encrypted data does not include:
    - a) the card'"'"'s expiration date;
      
      b) some or all of the card'"'"'s bank identification number; and
      
      c) the last four digits of the cardholder'"'"'s account number;
      
      whereby the system maintains universal message format compatibility with any credit card payment infrastructure system, and does not adversely effect legacy POS equipment used to process transactions.
  - 4. The method for encrypting data for transmission on unsecured public networks, according to claim 1, wherein non-removed clear text data is masked prior to being output to an unsecured public network for the purpose of completing a financial transaction.
  - 5. The method for encrypting data for transmission on unsecured public networks, according to claim 1, wherein said step of removing selected predefined card track data further includes the steps of:
    - a) incrementing a non-volatile counter;
      
      b) concatenating the secure head serial number with the counter value;
      
      c) encrypting said concatenated secure head serial number using stored encryption key; and
      
      d) XORing said encryption with selected track card data.
  - 6. The method for encrypting data for transmission on unsecured public networks, according to claim 1, wherein said step of removing selected predefined card track data further includes the steps of:
    - a) selecting card track data comprising 19 base 10 digits of track 2 data;
      
      b) concatenating said 19 base 10 digits to produce a 19 digit number;
      
      c) converting said 19 digits to an 8 byte binary value;
      
      d) encrypting said 8 byte binary value using a stored encryption key; and
      
      e) converting said encrypted 8 byte binary value into a 20 digit number;
      
      whereby the least significant 19 digits replace the removed digits in the track data, and where the most significant digit is 0 or 1, and where the most significant digit is stored in an added data digit in the card data.
  - 7. The method for encrypting data for transmission on unsecured public networks, according to claim 6, wherein said step of selecting card track data comprising 19 base 10 digits of track 2 data is deleted and replaced with the step of selecting card track data comprising 19 base 10 digits of track 1 data.
  - 8. The method for encrypting data for transmission on unsecured public networks, according to claim 6, wherein the most significant digit is converted to a binary value and added to an unused bank discretionary data field.
  - 9. The method for encrypting data for transmission on unsecured public networks, according to claim 6, wherein multiple sets of digits for encryption are selected from, based on the bank identification number.
  - 10. The method for encrypting data for transmission on unsecured public networks, according to claim 6, wherein one of multiple encryption keys stored in the secure MSR is selected based on selected card data.
  - 11. The method for encrypting data for transmission on unsecured public networks, according to claim 8, wherein the selected card data is the bank identification number.
  - 12. The method for encrypting data for transmission on unsecured public networks, according to claim 8, wherein the selected card data is the card brand name, such as Visa, MasterCard, American Express, etc.

13. A method for transparently decrypting MSR encoded data after transmission on unsecured public networks, comprising the steps of:
- a) providing a software application or service that accepts encrypted card information;
  
  b) enabling said software application to also accept a unique terminal identification number;
  
  c) select the terminal decryption key based on terminal identification number d) decrypting the previously encrypted MSR encoded card data; and
  
  e) restoring the original card data such that the data returns to the original card information.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method for transparently de-encrypting MSR encoded data after transmission on unsecured public networks, according to claim 13, wherein stolen or miss-handled and recovered encrypted MSR encoded card data can be traced back to the originating MSR, comprising the steps of:
    - a) decrypting card data using all known encryption keys;
      
      b) comparing the decrypted data with the clear text and non-masked card data to verify accuracy;
      
      c) reverse indexing the POS identification from the encryption key database;
      
      d) verifying account transaction history with identified POS transaction history; and
      
      e) notifying the appropriate authority of the detected compromise.
  - 15. The method for transparently encrypting and de-encrypting MSR encoded data for transmission on secure financial networks, according to claim 13, wherein each encrypted card transaction is made unique, comprising the steps of:
    - a) combining an exclusive function of the selected data and a real time clock value prior to encryption;
      
      b) providing a decrypting service which maintains a log of card usage; and
      
      c) comparing the data time stamped values with the card usage log;
      
      c) disallowing transaction requests with the same or earlier time stamps to the logged values.
  - 16. The method for transparently encrypting and de-encrypting MSR encoded data for transmission on secure financial networks, according to claim 13 wherein the encryption key is the output of a key generation function for the encrypted data comprising the steps of:
    - a) selecting non-encrypted card data, and b) hashing the encryption key with said data to generate a new key, and c) encryption and decrypting MSR data with said new key.
  - 17. The method for transparently encrypting and de-encrypting MSR encoded data for transmission on secure financial networks, according to claim 15 wherein the time stamp resolution is limited to a value greater than the reset lifetime accuracy of the real time clock for the purpose of preventing synchronization errors.
  - 18. The method for transparently encrypting and de-encrypting MSR encoded data for transmission on secure financial networks, according to claim 15, wherein the real time clock time stamp is an incrementing counter in the secure MSR, whereby multiple card swipes of the same card provide unique responses.

19. A method for encoding card track data for encrypting data for transmission on unsecured public networks, comprising the steps of:
- a) receiving account information to encode as card track data;
  
  b) removing data not required by POS equipment to process a transaction;
  
  c) encrypting the removed data;
  
  d) replacing the removed data with the encrypted data;
  
  e) encoding the encrypted data on the magnetic stripe; and
  
  f) storing a decryption key along with a card identifier in a database;
  
  whereby the system maintains universal message format compatibility with any credit card payment infrastructure system.

20. A method for de-encrypting encoded card track data for transmission on secure financial networks, comprising the steps of:
- a) providing a software application or service that accepts encrypted card information;
  
  b) providing an encryption key database;
  
  c) using a card identifier to retrieve the encryption key from said encryption key database;
  
  d) decrypting the previously encrypted card data; and
  
  e) restoring the original card data such that it is returned to the original card information.

21. A secure magnetic stripe card reader module assembly comprising:
- a) a magnetic transducer head enclosure;
  
  b) a magnetic transducer head for detecting magnetic transitions on a magnetic stripe;
  
  c) a transducer head amplifier and a transducer head transitions detector;
  
  d) a microcomputer controller containing programs to decode the data from the head transition detector and output said data in one or more formats; and
  
  e) a battery for powering the head amplifier and microcontroller;
  
  whereby said head amplifier and said controller and said battery are contained within said magnetic head enclosure.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The secure magnetic stripe card reader module assembly, according to claim 21, wherein said battery is external to said magnetic head enclosure.
  - 23. The secure magnetic stripe card reader module assembly, according to claim 21, further including a dual gap read head in one or more track locations and card signature measuring software for the purpose of encrypting the card signature and placing the encrypted signature in the card stripe output data.
  - 24. The secure magnetic stripe card reader module assembly, according to claim 23, wherein the signature data output is in masked fields of the encrypted card output data, whereby the system maintains universal message format compatibility with any credit card payment infrastructure system, and does not adversely effect legacy POS equipment used to process transactions.
  - 25. A secure magnetic stripe card reader module assembly, according to claim 21 which is pre-programmed to output encrypted data format by reading magnetic stripe card track data, selecting pre-defined card track data, removing said selected pre-defined card track data, encrypting said removed selected pre-defined data, replacing said removed data with said encrypted data, and outputting said encrypted data into an unsecured public network for the purpose of completing a financial transaction, whereby the system maintains universal message format compatibility with any credit card payment infrastructure system.
  - 26. A secure magnetic stripe card reader module assembly, according to claim 21 which is pre-programmed to output encrypted data in the standard F2F magnetic head output format, thereby providing a direct replacement of the magnetic head in legacy POS systems capable of encrypting the card stripe data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verifone, Inc. (Verifone Systems, Inc.)
Original Assignee
Semtek Innovative Solutions Incorporated (Verifone Systems, Inc.)
Inventors
Mos, Bob, Mos, Robert J., von Mueller, Clay

Granted Patent

US 7,506,812 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/449
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 21/83   input devices, e.g. keyboar...

G06K 7/082   using inductive or magnetic...

G06Q 20/02   involving a neutral party, ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/325   using wireless networks

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G06Q 40/02   Banking, e.g. interest calc...

G07C 9/22   in combination with an iden...

G07F 19/206   Software aspects at ATMs

G07F 7/084   Additional components relat...

G07F 7/0873   Details of the card reader

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/80 : Wireless network architectu...

H04L 9/0891 : Revocation or update of sec...

H04L 9/3297 : involving time stamps, e.g....

View All

Transparently securing data for transmission on financial networks

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

287 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Transparently securing data for transmission on financial networks

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

287 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links