Method for operating a transaction execution system having improved verification of personal identification
First Claim
1. A method for operating a transaction terminal to verify the authenticity of a personal identification number, the terminal including means operable by a terminal operator for entering said personal identification number and a data base access number, and communication means for sending data to and receiving data from a host system, the method comprising the steps of:
- encrypting a personal identification number entered into said terminal according to first and second enciphering processes to generate a twice encrypted identification number;
preparing a transaction request message, including a data base access number and said twice encrypted identification number;
transmitting said transaction request message onto said communication means;
receiving from said communication means a transaction reply message selectively approving, denying, or conditionally approving the transaction;
the transaction reply message including encrypted validation data when the transaction is conditionally approved; and
responsive to a transaction reply message conditionally approving the transaction;
decrypting said validation data according to said first and second enciphering processes to generate deciphered validation data;
receiving from said terminal operator a reentered personal identification number; and
comparing said deciphered validation data with said reentered personal identification number and, responsive to favorable comparison of said deciphered validation data and said reentered personal identification number, generating a transaction approval signal.
0 Assignments
0 Petitions
Accused Products
Abstract
A transaction execution system including at least one transaction terminal in communication with a host data processing system. A transaction at the terminal is authorized based, at least in part, upon correspondence of personal identification data entered by the terminal operator at a keyboard with account identification data read from an account card. When the personal identification data is not derived from the account identification data, the correspondence check is made at the host data processing system by comparison of encrypted identification data with validation data. The host may, upon failure of correspondence, communicate a conditional authorization message to the terminal, which enables the terminal operator to again attempt to enter the correct personal identification data. The host data base stores as validation data encrypted identification data, and only double encrypted identification data appears on the communication lines.
-
Citations
10 Claims
-
1. A method for operating a transaction terminal to verify the authenticity of a personal identification number, the terminal including means operable by a terminal operator for entering said personal identification number and a data base access number, and communication means for sending data to and receiving data from a host system, the method comprising the steps of:
-
encrypting a personal identification number entered into said terminal according to first and second enciphering processes to generate a twice encrypted identification number; preparing a transaction request message, including a data base access number and said twice encrypted identification number; transmitting said transaction request message onto said communication means; receiving from said communication means a transaction reply message selectively approving, denying, or conditionally approving the transaction;
the transaction reply message including encrypted validation data when the transaction is conditionally approved; andresponsive to a transaction reply message conditionally approving the transaction; decrypting said validation data according to said first and second enciphering processes to generate deciphered validation data; receiving from said terminal operator a reentered personal identification number; and comparing said deciphered validation data with said reentered personal identification number and, responsive to favorable comparison of said deciphered validation data and said reentered personal identification number, generating a transaction approval signal.
-
-
2. A method for operating a transaction terminal to verify the authenticity of a personal identification number, the transaction terminal including means operable by a terminal operator for entering personal identification data, and means for communicating data with respect to a host system, the method comprising the steps of:
-
encrypting a personal identification number entered into said terminal according to first and second enciphering processes; transmitting the encrypted identification number to said host system; receiving from said system a conditional approval message including validation data; decrypting said validation data in accordance with said second enciphering process; responsive to receiving a conditional approval message, instructing the terminal operator to reenter the personal identification number; encrypting the reentered personal identification number according to said first enciphering process; and comparing the decrypted validation data and the encrypted reentered identification number conditionally to generate a transaction approval signal based upon the results of the comparing.
-
-
3. A method of operating a transaction terminal in response to a transaction approval message received from a host system;
- the terminal including enciphering means for operating on data according to first and second enciphering procedures, and means for receiving identification data from a terminal operator, the method comprising the steps of;
determining that a message received from said host system establishes a conditional transaction approval state, said message including validation data; responsive to a conditional transaction approval state, receiving identification data from said terminal operator; and comparing said validation data and said identification data for correspondence according to said enciphering procedures to generate a transaction approval state; whereby a transaction may be approved, even though first identification data entered by a terminal operator fails a correspondence comparison with said validation data at the host. - View Dependent Claims (4)
- the terminal including enciphering means for operating on data according to first and second enciphering procedures, and means for receiving identification data from a terminal operator, the method comprising the steps of;
-
5. The method of claim 5 wherein said comparing step further comprises the steps of:
-
deciphering said validation data in accordance with said first enciphering procedure to generate deciphered validation data; enciphering said identification data in accordance with said second enciphering procedure to generate enciphered identification data; and comparing said deciphered validation data and said enciphered identification data for correspondence to generate said transaction approval state.
-
-
6. A method for operating a computing system selectively to authorize, reject, and conditionally authorize transaction requests, the computing system including a data base of validation data elements associated with data base access data, enciphering means for operating on data according to an enciphering procedure, and communication means for communicating data with respect to a transaction terminal, the method comprising the steps of:
-
receiving on said communication means a transaction request message including data base access data and enciphered identification data; retrieving from said data base the validation data element corresponding to said data base access data; deciphering said identification data in accordance with said enciphering procedure to generate deciphered identification data; comparing said deciphered identification data and said validation data element to generate a conditional approval state upon failure of correspondence; enciphering said validation data element in accordance with said enciphering procedure to generate enciphered validation data; responsive to said conditional approval state, communicating onto said communication means a conditional transaction approval message including said enciphered validation data. - View Dependent Claims (7)
-
-
8. A method for operating a computing system selectively to approve and reject transaction requests, the computing system including a host data processing unit and a transaction terminal;
- wherein the host data processing unit includes a data base of validation data elements associated with data base access data, first enciphering means for operating on data according to an enciphering procedure, and first communication port means for communicating data with respect to the transaction terminal; and
wherein the transaction terminal includes second enciphering means for operating on data according to said enciphering procedure, means for receiving identification data from a terminal operator, and second communication port means for communicating data with respect to the host data processing unit;
the method comprising the steps of;generating in said transaction terminal a transaction request message including first enciphered identification data and data base access data; communicating said transaction request message to said host data processing unit; responsive to communication to said transaction request message, retrieving from said data base the validation data element corresponding to said data base access data; operating said first deciphering means to decipher said first enciphered identification data to generate deciphered identification data; comparing said deciphered identification data and said validation data element to generate a conditional approval state upon failure of correspondence; enciphering said validation data element in accordance with said enciphering procedure to generate enciphered validation data; responsive to said conditional approval state, communicating to said transaction terminal a conditional transaction approval message including said enciphered validation data; responsive to communication of a conditional transaction approval message from said host data processing unit, obtaining further indentification data from said terminal operator; comparing said validation data and said further identification data for correspondence according to said enciphering procedure to selectively generate a transaction approval or reject state. - View Dependent Claims (9, 10)
- wherein the host data processing unit includes a data base of validation data elements associated with data base access data, first enciphering means for operating on data according to an enciphering procedure, and first communication port means for communicating data with respect to the transaction terminal; and
Specification