Dynamic encryption of payment card numbers in electronic payment transactions
First Claim
1. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:
- obtaining an issuer-provided encryption key;
using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;
transmitting the encrypted PAN over the electronic payment network to the issuer of the payment card;
decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and
using the recovered PAN at the issuer to process the transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for secure transmission of information identifying account holders in electronic payment transactions made using payment cards or devices that are based integrated circuit chip technology. Individual cards or devices are associated with a cipher key. Information such as personal account numbers, which may be stored on the cards or devices, is encrypted using a block cipher in a variant of the cipher feedback mode. This manner of encryption preserves the length of the cleartext, and allows the ciphertext to be securely transmitted in standard data structure formats over legacy electronic payment networks.
-
Citations
18 Claims
-
1. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:
-
obtaining an issuer-provided encryption key;
using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;
transmitting the encrypted PAN over the electronic payment network to the issuer of the payment card;
decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and
using the recovered PAN at the issuer to process the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for conducting a payment-by-card transaction over an electronic payment network which links an issuer of a payment card, a merchant and a cardholder, wherein the payment card has a primary account number (PAN) that includes a fixed number of digits associated with an Individual Account Identification (IAI) number and other digits associated with an Issuer Identification Number (IIN) and a Check Digit (CD), the method comprising:
-
obtaining an issuer-provided encryption key;
using the issuer-provided encryption key to encrypt the PAN in a manner so that the encrypted PAN (UNCPAN) has the same length as the unencrypted PAN;
displaying the encrypted PAN to the cardholder for entry in an on-line order form;
transmitting the encrypted PAN in the on-line order form over the electronic payment network to the issuer of the payment card;
decrypting the encrypted PAN received at the issuer to recover the unencrypted PAN; and
using the recovered PAN at the issuer to process the transaction. - View Dependent Claims (15, 16, 17, 18)
-
Specification