Method and apparatus for secure message transmission for use in electronic funds transfer systems
First Claim
1. A method for effecting the secure transmission to a Host machine or system (H) of a transaction message (TM) which describes a financial transaction between a Person (P) and a Retailer (R) in an Electronic Funds Transfer (EFT) environment, said method comprising the Person (P) and the Retailer (R) agreeing on at least a predetermined portion of the contents of the transaction message (TM) which is to be sent to a Host (H) where the Electronic Funds Transfer is to be effected, separately encrypting the message (TM) under the two respective secret encryption keys KP and KR to form messages (TM, KP) and (TM, KR), communicating the message (TM, KP) to R, R further encrypting same under the key KR to form a doubly encrypted message ((TM, KP), KR), transmitting the complete message [((TM, KP), KR,)+(TM, KR)] to H, H accessing the two private keys KP and KR from its own secret files and decrypting the message received from R to recover the two originally encrypted transaction messages (TM), H then comparing portions of the two separately decrypted transaction messages (TM) for identity and if identical, completing the transaction.
0 Assignments
0 Petitions
Accused Products
Abstract
An electronic funds transfer system wherein it is required that a bank be reasonably guaranteed that the two parties to a retail transaction (i.e., a person and a retailer) agree on the transaction before the funds transfer takes place. The message including the transaction information is encrypted by the person using a unique encryption key (KP) stored in a highly secure storage location in his own personal portable transaction device (XATR) and his data storage and transfer card (DSTC) and this first encrypted message is sent to the retailer who doubly encrypts the initially received encrypted message from P under his own unique encryption key (KR) and this doubly encrypted message is sent to the bank. The person also sends the transaction message to the retailer in clear, and the retailer first verifies the message and then, utilizing his own encryption key (KR), encrypts same and similarly sends it to the bank. The bank utilizing unique retailer and customer identification data sent with the message, accesses a "key" file and first extracts the retailer'"'"'s key (KR) and decrypts a first portion of the message, extracts the person'"'"'s key (KP) and decrypts a second portion of the received message. The bank then compares a predetermined portion of the transaction message originating with the person with a similar portion received from the retailer and if identical, the appropriate funds transfer is made. If the messages do not agree, a predetermined default procedure is initiated.
-
Citations
12 Claims
- 1. A method for effecting the secure transmission to a Host machine or system (H) of a transaction message (TM) which describes a financial transaction between a Person (P) and a Retailer (R) in an Electronic Funds Transfer (EFT) environment, said method comprising the Person (P) and the Retailer (R) agreeing on at least a predetermined portion of the contents of the transaction message (TM) which is to be sent to a Host (H) where the Electronic Funds Transfer is to be effected, separately encrypting the message (TM) under the two respective secret encryption keys KP and KR to form messages (TM, KP) and (TM, KR), communicating the message (TM, KP) to R, R further encrypting same under the key KR to form a doubly encrypted message ((TM, KP), KR), transmitting the complete message [((TM, KP), KR,)+(TM, KR)] to H, H accessing the two private keys KP and KR from its own secret files and decrypting the message received from R to recover the two originally encrypted transaction messages (TM), H then comparing portions of the two separately decrypted transaction messages (TM) for identity and if identical, completing the transaction.
- 6. A method for the secure transmission of messages in Electronic Funds Transfer systems wherein it is required that a Host (H) be reasonably guaranteed that a Person (P) and a Retailer (R) agree on the transaction before the funds transfer takes place, said method comprising P encrypting first, his version, of a predetermined portion of a transaction message (TM) using a unique encryption key (KP) stored in a secure storage location in his own Personal portable terminal equipment, to form an encrypted message (TM, KP), P transferring said predetermined portion of the encrypted message to R'"'"'s terminal, R who further encrypting the message received from P under his own key KR to form the doubly encrypted message ((TM, KP), KR) and transmitting same to H, R substantially concurrently also encrypting his version of the predetermined portion of said transaction message TM under his key KR to form the message (TM, KR) and transmitting same to H, H upon receipt of said two transmissions from R first accessing the two unique encryption keys of P and R, KP and KR, H decrypting both said singly encrypted and doubly encrypted messages and comparing the two versions of the predetermined portions of the transaction message TM for identity and if equal, accepting the transaction for entry.
-
9. A secure message transmission method for use in an Electronic Funds Transfer system wherein a Host entity (H) must be assured that a Person (P) and a Retailer (R) agree on the details of an Electronic Funds Transfer (EFT) transaction that is to be performed by H, said method comprising, P and R agreeing on and cooperatively forming a common transaction message (TM) with a portable transaction terminal unit in the possession and under complete control of P and with a point of sale terminal under the control of R, said agreed transaction message including time and data information to be utilized in subsequent validation operations, both P and R storing their own respective copies of said agreed upon transaction message in their own terminal equipment, P encrypting said common transaction message (TM) under his Personal encryption key KP to form a singly encrypted message, (TM, Kp) and transferring same to R, R further encrypting said received message under his key KR to form a doubly encrypted message ((TM, KP), KR)) and transmitting same to the Host, as a first message segment, P next transmitting the common transaction message of TM to R in the clear, R comparing said common transaction message of TM to R with the previously agreed upon transaction message stored in his terminal and if there is agreement R encrypting the common message of TM under his key KR to form a second message segment (TM, KR) and R transmitting this message segment to H, R also sending to H together with said first and second message segments a third message segment containing P'"'"'s identification data singly encrypted under R'"'"'s key KR and R'"'"'s identification number in the clear, H, upon receipt of said three message segments first accessing KR using R'"'"'s identification number, and then decrypting the message segment containing P'"'"'s identification number utilizing the accessed key KR, accessing P'"'"'s encryption key KP using P'"'"'s identification number, decrypting the singly encrypted message (TM, KP) and the doubly encrypted message ((TM, KP), KR) using said two keys KR and KP respectively and comparing the two common transaction message portions of TM contained in said two message segments and, if equal, approving said transaction.
-
10. A secure message transmission apparatus for use in an electronic funds transfer system wherein it is required that a Host (H) be reasonably guaranteed that a Person (P) and a Retailer (R) agree on the transaction details before the funds transfer takes place, said apparatus comprising in combination:
-
a terminal under control of R including;
a keyboard for entering transaction data by R, a display for visually observing and checking data entered, secure storage means for storing part of all of a unique encryption key KR, a key-controlled block-cipher encryption unit operable under the key KR for encrypting transaction messages to be sent to H, clock means for inserting time and date data into the transaction message and means for transmitting R'"'"'s identification number to H,a portable transaction terminal device uniquely under the control of P, adaptable for interfacing with R'"'"'s terminal in a data exchange relationship, said device including;
display means for displaying predetermined transaction message data to be sent to H, keyboard means for selectively entering data and commands into the device, storage means for storing account data unique to P, secure storage means for storing P'"'"'s unique encryption key KP, and a key-controlled block-cipher cryptographic unit identical to or compatible with that in R'"'"'s terminal for encrypting transaction data under control of said stored key KP, a Host computer (H'"'"'s CPU) connected to R'"'"'s terminal adapted to receive encrypted messages therefrom, H'"'"'s CPU including a key-controlled block-cipher cryptographic unit identical to or compatible with those in R'"'"'s terminal and P'"'"'s portable terminal device for decrypting messages received from R, secure storage means for storing the unique encryption keys KX '"'"'s of all Retailers (R) using the system and of all the Persons (P) using the system, means to access specific encryption keys from said secure storage means utilizing special identification data transmitted to H from R together with the transaction message,said combination further including control means in P'"'"'s and R'"'"'s terminals for entering common transaction message data and for displaying same on the display means in both terminals for approval by P and R and, if satisfactory, means in R'"'"'s terminal for encrypting said common transaction data message under R'"'"'s encryption key KR and sending same to H, control means in P'"'"'s terminal device for first encrypting said common transaction data message under P'"'"'s encryption KP to form a message (TM, KP) and transmitting same to R, and means in R'"'"'s terminal for further encrypting the singly encrypted message from P to form a message ((TM, KP) KR) and sending same to H, means in R'"'"'s terminal for transmitting to H both P'"'"'s and R'"'"'s identification data, means in H'"'"'s CPU for extracting the two keys, KP and KR from the secure storage means, utilizing the two identification data received from R, and first decrypting the two transaction messages received from R, encrypted under the key KR and next decrypting that portion of the transaction message which was additionally encrypted under the key KP and comparing the common portions of the transaction messages for identity, and if identical performing the requested transaction. - View Dependent Claims (11, 12)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsStuckert, Paul E., Bouricius, Willard G.
-
Primary Examiner(s)Springborn, Harvey E.
-
Application NumberUS06/108,071Time in Patent Office697 DaysField of Search235/379-381, 340/149 A, 364/200 MS File, 364/900 MS FileUS Class Current705/75CPC Class CodesG06Q 20/04 Payment circuitsG06Q 20/0855 involving a third partyG06Q 20/10 specially adapted for elect...G06Q 20/14 specially adapted for billi...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/382 insuring higher security of...G06Q 20/40975 using encryption thereforG07F 7/0886 the card reader being porta...G07F 7/1008 Active credit-cards provide...G07F 7/1016 Devices or methods for secu...H04L 2209/56 Financial cryptography, e.g...H04L 9/3273 for mutual authentication n...
