Dynamic encryption of payment card numbers in electronic payment transactions

US 20070262138A1
Filed: 04/03/2006
Published: 11/15/2007
Est. Priority Date: 04/01/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:

obtaining an issuer-provided encryption key;

using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;

transmitting the encrypted PAN over the electronic payment network to the issuer of the payment card;

decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and

using the recovered PAN at the issuer to process the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for secure transmission of information identifying account holders in electronic payment transactions made using payment cards or devices that are based integrated circuit chip technology. Individual cards or devices are associated with a cipher key. Information such as personal account numbers, which may be stored on the cards or devices, is encrypted using a block cipher in a variant of the cipher feedback mode. This manner of encryption preserves the length of the cleartext, and allows the ciphertext to be securely transmitted in standard data structure formats over legacy electronic payment networks.

Citations

18 Claims

1. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:
- obtaining an issuer-provided encryption key;
  
  using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;
  
  transmitting the encrypted PAN over the electronic payment network to the issuer of the payment card;
  
  decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and
  
  using the recovered PAN at the issuer to process the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN comprises using a block cipher type of symmetric-key encryption algorithm to transform a fixed-length block of plaintext into a block of ciphertext of the same length independent of the encryption algorithm block size.
  - 3. The method of claim 1 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN is conducted in an on-card chip in the payment card under the action of the issuer-provided encryption key.
  - 4. The method of claim 1 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN comprises using a block cipher in a variant of the Cipher Feedback (CFB) mode, which involves encrypting a subset of the PAN digits at a time.
  - 5. The method of claim 1 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN comprises encrypting the PAN at each transaction in an unpredictable way so that the unencrypted PAN is useable only once.
  - 6. The method of claim 5 wherein encrypting the PAN at each transaction in an unpredictable way comprises encrypting the PAN as a function of automatic transaction counter (ATC) number, which is incremented at each transaction.
  - 7. The method of claim 1 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN comprises encrypting the Individual Account Identification (IAI) digits.
  - 8. The method of claim 7 further comprising comprises recomputing the Check Digit (CD).
  - 9. The method of claim 7 wherein the payment card comprises a discretionary data (DD) field, and wherein the method further comprises encrypting at least one digit in the DD field for diversification of the encrypted data.
  - 10. The method of claim 9 wherein the payment card dynamically assigns a value to at least one digit in the DD field.
  - 11. The method of claim 9 wherein the payment card issuer assigns a static value to at least one digit in the DD field.
  - 12. The method of claim 1 further comprising storing the encrypted PAN digits in a standard format magnetic stripe track data structure at the same locations that are designated for storing the unencrypted PAN digits, and transmitting the standard format magnetic stripe track data structure over the electronic payment network to the issuer of the payment card.
  - 13. The method of claim 12 further comprising storing the digits of an ATC number in a DD field of the standard format magnetic stripe track data structure and transmitting the standard format magnetic stripe track data structure over the electronic payment network to the issuer of the payment card.

14. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:
- obtaining an issuer-provided encryption key;
  
  using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;
  
  displaying the encrypted PAN to the cardholder for entry in an on-line order form;
  
  transmitting the encrypted PAN in the on-line order form over the electronic payment network to the issuer of the payment card;
  
  decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and
  
  using the recovered PAN at the issuer to process the transaction.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14 wherein using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN has the same length as the unencrypted PAN comprises encrypting the PAN at each transaction in an unpredictable way so that the unencrypted PAN is useable only once.
  - 16. The method of claim 15 wherein encrypting the PAN at each transaction in an unpredictable way comprises encrypting the PAN as a function of an application transaction counter (ATC) number.
  - 17. The method of claim 16 further comprising displaying the digits of the ATC to the cardholder for entry in an on-line order form and transmitting the digits of the ATC in the on-line order form over the electronic payment network to the issuer of the payment card.
  - 18. The method of claim 17 wherein the low-order digits of the ATC are used to populate a security code data field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Vanneste, Paul, Somers, Jean

Application Number

US11/396,441
Publication Number

US 20070262138A1
Time in Patent Office

Days
Field of Search
US Class Current

235/380
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Dynamic encryption of payment card numbers in electronic payment transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic encryption of payment card numbers in electronic payment transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links