SECURED TRANSACTION SYSTEM AND METHOD

US 20130254117A1
Filed: 12/21/2012
Published: 09/26/2013
Est. Priority Date: 12/30/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method for processing token based financial transactions, comprising:

receiving a token information;

performing a non-security task on the token information using a first processor, wherein the non-security task includes one or more tasks from the group of encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery;

sending a job request to the second processor through a defined interface using the first processor; and

performing a security-related task based on the on the token information using a second processor based on the job request from the first microprocessor, wherein the security-related task includes one or more tasks from the group of token information authentication, token information decryption, or token information encryption, wherein, the second processor is configured to only accept the job request if it is for one of the security-related tasks.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for performing financial transactions are provided. In one embodiment, the invention provides for method for bank card transactions, including: reading the token information at the point of swipe for traditional and non-traditional POS platforms; performing a low-security task on the token information using a first microprocessor, wherein the non-security task includes one or more tasks from the group of encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery; and performing a security-related task on the token information using a second microprocessor based on a request from the first microprocessor, wherein the security-related task includes one or more tasks from the group of token information authentication, token information decryption, or token information encryption. Formatting the encrypted information such that it is compatible with the format of the current POS system.

379 Citations

73 Claims

1. A method for processing token based financial transactions, comprising:
- receiving a token information;
  
  performing a non-security task on the token information using a first processor, wherein the non-security task includes one or more tasks from the group of encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery;
  
  sending a job request to the second processor through a defined interface using the first processor; and
  
  performing a security-related task based on the on the token information using a second processor based on the job request from the first microprocessor, wherein the security-related task includes one or more tasks from the group of token information authentication, token information decryption, or token information encryption, wherein, the second processor is configured to only accept the job request if it is for one of the security-related tasks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein both of the first and second processors are contained within the same security housing.
  - 3. The method of claim 1, wherein the second processor is a security processor based on a smart card enabled processor.
  - 4. The method of claim 1, wherein the first and second processors are permanently linked and then the linking capabilities are disabled once the processors are successfully linked preventing and further modification of the linked connection.
  - 5. The method of claim 4, wherein the permanent link is accomplished at the first power-up cycle of the application processor and the security processor.
  - 6. The method of claim 4, wherein the permanent link is prior to the loading application processor by the POS manufacturer.
  - 7. The method of claim 1, wherein both the first and second processors are on a same die.
  - 8. The method of claim 1, wherein the token information comprises at least a primary account number of a bank card.
  - 9. The method of claim 1, wherein the token information comprises a biometric token representing a primary account number of a bank account.
  - 10. The method of claim 1, wherein the token to be secured is biometric information capture at the time of the transaction.
  - 11. The method of claim 10 wherein, the biometric information is combined with one or more of:
    - location, local and remote device and transactional data and issuer and account identity information, to reference a financial account allowing a financial transaction to be initiated or completed.
  - 12. The method of claim 1, wherein the token information is encrypted with a unique key associated with a merchant, and wherein performing decrypting comprises determining a correct decryption key based on a merchant identification and decrypting the encrypted token data using the correct decryption key.
  - 13. The method of claim 1, further comprising re-encrypting the decrypted token information with a unique merchant key using the second microprocessor and sending the re-encrypted token data to the first microprocessor.
  - 14. The method of claim 1, wherein the security-related task further includes one or more tasks from the group of PIN information authentication, PIN information decryption, or PIN information encryption.
  - 15. The method of claim 1, further comprising:
    - receiving a PIN information;
      
      determining whether the PIN information is encrypted using the first microprocessor;
      
      decrypting the PIN information using the second microprocessor;
      
      re-encrypting the decrypted token information with the decrypted PIN information using the second microprocessor; and
      
      sending the re-encrypted token data to the first microprocessor.

16. A secure transaction apparatus configured to process financial transactions, the secure transaction apparatus comprising:
- a first processor configured to receive a token information from a token card and to determine whether the token information is encrypted;
  
  a communication channel configured to allow the first processor to send a job request to another processor, wherein the communication channel is configured to allow a job request for decryption, encryption, authentication, and keys management functions; and
  
  a second processor configured to decrypt an encrypted token information based on a request to decrypt the token information from the first microprocessor and to authenticate the decrypted token information using an authentication information.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 46)
- - 17. The apparatus of claim 16, wherein both of the first and second processors are contained within the same security housing.
  - 18. The apparatus of claim 16, wherein the second processor is a security processor based on a smart card enabled processor.
  - 19. The apparatus of claim 16, wherein the first and second processors are permanently linked and then the linking capabilities are disabled once the processors are successfully linked preventing and further modification of the linked connection.
  - 20. The apparatus of claim 19, wherein the permanent link is accomplished at the first power up cycle of the application processor and the security processor.
  - 21. The apparatus of claim 19, wherein the permanent link is prior to the loading application processor by the POS manufacturer.
  - 22. The apparatus of claim 16, wherein both the first and second processors are on a same die.
  - 23. The apparatus of claim 16, wherein the token information comprises at least a primary account number of a bank card.
  - 24. The apparatus of claim 16, wherein the token information comprises a biometric token representing a primary account number of a bank account
  - 25. The apparatus of claim 16, wherein the token to be secured is biometric information captured at the time of the transaction.
  - 26. The apparatus of claim 25 wherein, the biometric information is combined with one or more of:
    - location, local and remote device and transactional data and issuer and account identity information, to reference a financial account allowing a financial transaction to be initiated or completed.
  - 27. The apparatus of claim 16, wherein the token information is encrypted with a unique key associated with a merchant, and wherein performing decrypting comprises determining a correct decryption key based on a merchant identification and decrypting the encrypted token data using the correct decryption key.
  - 28. The apparatus of claim 16, further comprising re-encrypting the decrypted token information with a unique merchant key using the second microprocessor and sending the re-encrypted token data to the first microprocessor.
  - 29. The apparatus of claim 16, wherein the security-related task further includes one or more tasks from the group of PIN information authentication, PIN information decryption, or PIN information encryption.
  - 30. The apparatus of claim 16, further comprising:
    - receiving a PIN information;
      
      determining whether the PIN information is encrypted using the first microprocessor;
      
      decrypting the PIN information using the second microprocessor;
      
      re-encrypting the decrypted token information with the decrypted PIN information using the second microprocessor; and
      
      sending the re-encrypted token data to the first microprocessor.
  - 46. The method of claim 18, wherein secure applications received from an external source are decrypted and processed by the security processer to update the software running in the non-security processor.

31. A secure transaction apparatus configured to process financial transactions, the secure transaction apparatus comprising:
- a token reader configured to extract token data from a token card, the card reader having a first security module;
  
  a user interface module having a third security module;
  
  a communication interface coupled to the card reader, the display module, and the user interface;
  
  wherein each of the security modules comprises;
  
  a first microprocessor configured to perform a non-security task on a token information, wherein the non-security task includes one or more tasks from the group of encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery; and
  
  a second microprocessor configured to perform a security-related task on the token information based on a request from the first microprocessor, wherein the security-related task includes one or more tasks from the group of token information authentication, token information decryption, or token information encryption.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The secure transaction apparatus of claim 31, further comprising an encrypted inter-module communication channel for secure transfer of data, including token information between security modules.
  - 33. The secure transaction apparatus of claim 31, further comprising:
    - a biometric module configured to collect biometric data from a user, the biometric module having a third security module, wherein the third security module is similar to the first security module.
  - 34. The secure transaction apparatus of claim 31, further comprising the use of the biometric token reader the verify the identity of the POS user.
  - 35. The secure transaction apparatus of claim 31, further comprising the use of the biometric token reader to provide POS for secure transactions without the use of magstripe data.
  - 36. The secure transaction apparatus of claim 31, further comprising the use of the biometric token reader in conjunction with the use of magstripe data providing two factor authentication of the card holder.
  - 37. The secure transaction apparatus of claim 31, further comprising:
    - a keypad module configured to collect PIN information from a user, the keypad module having a third security module, wherein the third security module is similar to the first security module.

38. A method for updating secure transaction information comprising:
- receiving a token information;
  
  performing a non-security task on the token information using a first processor, wherein the non-security task includes at least one task from the group including;
  
  encryption determination, encryption-decryption request, key management, token information delivery, and transactional data delivery;
  
  sending a job request to a second processor through a register using the first processor; and
  
  performing a security-related task based on the on the token information using the second processor based on the job request from the first microprocessor, wherein the security-related task includes at least one task from the group including token information authentication, token information decryption, or token information encryption, wherein both the first and second processors are within a same security housing, wherein the second processor is configured to accept the job request only if it is for one of the security-related tasks.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
- - 39. The method of claim 38, wherein both the first and second processors are on a same die.
  - 40. The method of claim 38, wherein a secure application processor requesting the secure transaction information update is within the POS.
  - 41. The method of claim 38, wherein a secure application processor requesting the secure transaction information update is located at a decryption appliance.
  - 42. The method of claim 38, wherein a PKI exchange is used to initiate the secure information update.
  - 43. The method of claim 38, wherein a secure application processor requesting a secure information update is located at a decryption appliance.
  - 44. The method of claim 38, wherein a symmetric key is used to initiate the secure information update.
  - 45. The method of claim 38, wherein a secure application processor requesting a secure information update is located at a decryption appliance.

47. A method for sending compliance and status information, comprising:
- performing a non-security task on a token information using a first processor, wherein the non-security task includes at least one task from the group including;
  
  encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery;
  
  sending a job request to the second processor through a register using the first processor; and
  
  performing a security-related task based on the on the token information using a second processor based on the job request from the first microprocessor, wherein the security-related task includes at least one task from the group including token information authentication, token information decryption, or token information encryption, wherein both the first and second processors are within a same security housing, wherein the second processor is configured to accept the job request only if it is for one of the security-related tasks.
- View Dependent Claims (48, 49, 50)
- - 48. The method of claim 47, wherein both the first and second processors are on a same die.
  - 49. The method of claim 47, wherein a secure application processor receiving the compliance and status information is within the POS.
  - 50. The method of claim 47, wherein the secure application processor receiving the compliance and status information is located at a decryption appliance.

51. The method of using a COTS (commercial off the shlef) processor to provide the accurate analog magnetic peak location detector wherein the peak detector comprises two signal paths, both representing the analog head amplified by in fixed gain increment and in addition one signal path being delayed by a fixed amount, whereby each of the two signals representing an input to a comparator, wherein the output of the comparator changes as the delayed signal has a higher magnitude then the non-delayed signal, and further wherein the changing output of the comparator representing the position of the input waveform where the peak transition occurs.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 52. The method of claim 51, wherein the output of the accurate analog magnetic peak location detector is used for the purpose of decoding the magstripe data.
  - 53. The method of claim 51, wherein the output of the accurate analog magnetic peak location detector is used for the purpose of accurately locating the magnetic peak transitions for providing the required data for magstripe authentication system such as Warble®
    - .
  - 54. The method of claim 53, wherein the peak location data is for providing the required data for the Warble®
    - card data authentication system
  - 55. The method of claim 51, wherein the COTS (commercial off the shelf) processor is contained within the magnetic head.
  - 56. The method of claim 51, wherein the COTS (commercial off the shelf) processor includes programmable analog and digital resources for providing the analog two signal paths.
  - 57. The method of claim 51, wherein the COTS processor provides a programmable analog window comparator to enable setting a threshold voltage magnitude to reject false peak triggers when the input signal is close to ground between peak detections.
  - 58. The method of claim 51, wherein the COTS processor is used in conjunction with a security processor to securely process financial transactions.
  - 59. The method of claim 58, wherein the COTS processor and the security processor is contained within a magnetic head.
  - 60. The method of claim 58, wherein the security processor is also available to perform transaction related secure operations normally provided by the POS HSM (Hardware Security Module).

61. A magstripe reader comprising multiple communications interfaces, one for mobile devices where a headphone jack reader is required and a second for devices requiring an USB communication channel.
- View Dependent Claims (62)
- - 62. The method of claim 61, wherein the multiple communications interfaces are retractable with their respective cavities in the plastic reader housing.

63. A method for processing customer payments through a customer'"'"'s bank (issuer) in exchange for a seller'"'"'s goods or services, comprising:
- receiving or capturing, token information identifying the customer, the customer'"'"'s bank account, the seller, and the sale transaction,performing one or more non-security tasks on that information using a first (application) processor, wherein those tasks are drawn from the group of data transforms, encryption method determinations, encryption-decryption requests, key management, token information delivery, localized secure transport, and non-secure business logic;
  
  sending a request to a second (security) processor to perform security-related tasks based on the token information received from the first microprocessor, wherein the security-related tasks are drawn from the group of confidentiality (encryption, decryption), user authentication, data authentication, data origin authentication, non-repudiation of origin, identity of keys and methods, and the return of the secured data to the first processor.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 64. The method of claim 63, wherein the customer identity is biometric information.
  - 65. The method of claim 63, wherein IP, MAC addresses, or phone numbers, are combined with biometric information to identify the customer.
  - 66. The method of claim 63, wherein the customer account information is a bank issued payment card, or any customer entered or selected bank account number.
  - 67. The method of claim 63, wherein the seller and sale transaction information include a date, the merchant identity, the transaction identity, and any other information which the issuing bank and merchant agree is relevant to identify the transaction.
  - 68. The method of claim 63, wherein additionally the geographic location of the transaction is included in the data to be secured. The geographic location of the transaction data can be either the location of the merchant'"'"'s point-of-service device, or the customer'"'"'s mobile device when the latter acts as the point-of-service device.
  - 69. The method of claim 63, wherein the first processor is on a mobile device and the second processor is on an external device accessible via USB, serial, or Bluetooth communication.
  - 70. The method of claim 63, wherein both of the first and second processors are within a same security housing.
  - 71. The method of claim 63 wherein both of the first and second processors are on the same die.
  - 72. The method of claim 63 where the second security processor holds keys and certificates issued by and identifying the issuer.
  - 73. The method of claim 63 where the second security processor holds keys and certificates issued by and identifying the merchant when the sale takes place at a merchant site being differentiated from internet and mail order type sales.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Paul E. Catinella, von Mueller, Clay W.
Original Assignee
Paul E. Catinella, von Mueller, Clay W.
Inventors
von Mueller, Clay W., Catinella, Paul E.

Application Number

US13/725,441
Publication Number

US 20130254117A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/3829 involving key management

SECURED TRANSACTION SYSTEM AND METHOD

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

379 Citations

73 Claims

Specification

Solutions

Use Cases

Quick Links

SECURED TRANSACTION SYSTEM AND METHOD

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

379 Citations

73 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links