FINANCIAL TRANSACTION NETWORK SECURITY

US 20070100754A1
Filed: 12/20/2006
Published: 05/03/2007
Est. Priority Date: 12/17/2003
Status: Abandoned Application

First Claim

Patent Images

1. A business model for the manufacture, security, and control of payment cards used in consumer financial transactions, comprising:

circulating a population of payments cards with user identification and account access codes, wherein each use of an individual card produces a variation of its user access code according to an encryption program seeded with encryption keys or initialization vectors;

outsourcing the job of personalizing payment cards with said user identification and account access codes to a personalization company;

keeping said encryption keys and initialization vectors private from said personalization company by using said encryption program to generate tables of computed results;

sending respective ones of said tables of computed results for loading by said personalization company into new members of said population of payments cards; and

manufacturing and distributing said new members of the population of payments cards to include and operate with said tables of computed results.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A business model for the manufacture and control of payment cards used in consumer financial transactions circulates a population of payments cards with user identification and account access codes. Each use of an individual card produces a variation of its user access code according to an encryption program seeded with encryption keys or initialization vectors. A portion of the magnetic stripe is made dynamic with a Q-Chip magnetic MEMS device. The job of personalizing payment cards with the user identification and account access codes is outsourced to a personalization company. The encryption keys and initialization vectors are kept private from the personalization company by using the encryption program to generate tables of computed results. Respective ones of the tables of computed results are sent for loading by the personalization company into new members of the population of payments cards. New payment cards are manufactured and distributed that include and operate with the tables of computed results.

Citations

14 Claims

1. A business model for the manufacture, security, and control of payment cards used in consumer financial transactions, comprising:
- circulating a population of payments cards with user identification and account access codes, wherein each use of an individual card produces a variation of its user access code according to an encryption program seeded with encryption keys or initialization vectors;
  
  outsourcing the job of personalizing payment cards with said user identification and account access codes to a personalization company;
  
  keeping said encryption keys and initialization vectors private from said personalization company by using said encryption program to generate tables of computed results;
  
  sending respective ones of said tables of computed results for loading by said personalization company into new members of said population of payments cards; and
  
  manufacturing and distributing said new members of the population of payments cards to include and operate with said tables of computed results.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The business model of claim 1, further comprising:
    - implementing machine readability of said variations of said user access codes in said population of payments cards with a magnetic MEMS device embedded in a magnetic stripe included with each payment card, wherein secure point-of-sale payments through legacy card readers are supported.
  - 3. The business model of claim 1, further comprising:
    - implementing user readability of said variations of said user access codes in said population of payments cards with a display device embedded in each payment card, wherein secure on-line payments are supported.
  - 4. The business model of claim 1, further comprising:
    - defining at least four digits in an industry standard 16-digit credit/debit card personal account number (PAN) to be dynamic and to communicate to an issuing bank, in real-time during a financial transaction, selected entries in a payment card'"'"'s table of computed results.
  - 5. The business model of claim 1, further comprising:
    - defining card verification value (CVV/CVV2) digits associated with a credit/debit card personal account number (PAN) to be dynamic and to communicate in real-time to an issuing bank, during a financial transaction, selected entries in a payment card'"'"'s table of computed results.

6. A financial transaction network with improved security, wherein the network comprises a population of payments cards with user identification and account access codes, in part produced by an outsourced personalization company, the improved security realized by including:
- a dynamic part in said account access codes loaded by said personalization company into each of said payment cards;
  
  a set of encryption keys and initialization vectors kept private from said personalization company by using an encryption program to generate tables of computed results;
  
  a transmission of respective ones of said tables of computed results for loading by said personalization company into new members of said population of payments cards; and
  
  means for manufacturing and distributing said new members of the population of payments cards to include and operate with said tables of computed results.

7. A secure financial transaction network, comprising:
- a plurality of payment cards for circulation in the commercial market and providing for the initiation of a financial transaction with a merchant, wherein payment card includes a magnetic device readable by a legacy card reader that presents dynamic magnetic data such tha each use of an individual card produces a cryptographic series of variations of a respective user access code according to an encryption program seeded with secret encryption keys or initialization vectors; and
  
  data processing means for a payment-card issuing bank to generate said cryptographic series of variations of respective user access codes for each and all of the plurality of payment cards, to transmit to third parties for payment card manufacturing only tables of said cryptographic series of variations of respective user access code and not said secret encryption keys or initialization vectors, and to authorize financial transaction requests from a payments processor if a user access code it receives in a transaction request is a member of said cryptographic series of variations of respective user access codes for the particular one of the plurality of payment cards;
  
  wherein, legacy magnetic card readers at merchant locations are supported, and each transaction with a particular payment card requires a unique personal account number (PAN) that will not enable subsequent fraud.
- View Dependent Claims (8)
- - 8. The secure financial transaction network of claim 7, further comprising:
    - visual display means included in individual ones of the plurality of payment cards that present each said unique PAN on a user display in parallel with the presentation of dynamic magnetic data so a card user can complete an on-line transaction if no legacy magnetic card reader can be involved.

9. A method of making secure payment cards for financial transactions over networks, comprising:
- building payment card blanks by integrating plastic, circuit, battery, semiconductor chips, magnetic strips, magnetic MEMS device, and other components into a debit/credit card format conforming to ISO industry standards, all in response to an order from an issuing bank;
  
  personalizing each payment card blank with at least a personal account number (PAN) of which a portion is variable according to an encryption processor and secret encryption key kept by said issuing bank, and only computed results are loaded in embedded crypto-tables for presentation during financial transactions by said magnetic MEMS device;
  
  wherein a population of secure payment cards is produced and can be circulated for use in the commercial markets.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising:
    - plasma treating the bonding surfaces of said plastic, circuit, battery, semiconductor chips, magnetic stripe, magnetic MEMS device, and other components just before their all being bonded together to better conform to said ISO industry standards.
  - 11. The method of claim 9, further comprising:
    - outsourcing the job of personalizing to a third party and not allowing them to have said secret encryption key;
      
      wherein compromising one payment card will not lead to a compromise of the security of any other of the payment cards in said population.
  - 12. The method of claim 9, further comprising:
    - including means for overwriting valid digits written into a magnetic stripe shortly after being written, thus effectively disabling the magnetic use of the card;
      
      wherein, such increases network security and translates to lower operating costs.
  - 13. The method of claim 12, further comprising:
    - including means for detecting if low persistence data is captured and re-used, and using narrow time windows to identify a culprit.
  - 14. The method of claim 9, further comprising:
    - including means for clearing said variable portion of said PAN a predetermined time after having presented a valid PAN for a transaction;
      
      wherein, such increases network security and translates to lower operating costs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fitbit, Inc. (Alphabet Inc.)
Original Assignee
Fitbit, Inc. (Alphabet Inc.)
Inventors
Brown, Kerry

Application Number

US11/613,427
Publication Number

US 20070100754A1
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/385   using an alias or single-us...

G06Q 20/4093   Monitoring of device authen...

G06Q 30/00   Commerce

G06Q 30/02   Marketing; Price estimation...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/12   Card verification

G07F 7/122   Online card verification

FINANCIAL TRANSACTION NETWORK SECURITY

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

FINANCIAL TRANSACTION NETWORK SECURITY

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links