End-to-end encryption system and method of operation
First Claim
1. A method of operating a network/interchange transaction execution system of the type comprising a plurality of transaction terminals, a plurality of acquirer stations, each being associated with one or more separate transaction terminals, a plurality of issuer stations, each of which includes a data processor which stores account information for a plurality of accounts, and a network switch which communicatively interconnects the acquirers with the issuers;
- the method comprising the steps of;
(a) receiving and identifying network/interchange transaction information and a personal identification number, PINc, from a user at one of said transaction terminals, encrypting the PINc with a first session key, KS1, transmitting to the acquirer station associated with said transaction terminal a network/interchange request message comprised of the encrypted PINc and the transaction data;
(b) at the associated acquirer station, receiving the network/interchange request message from said transaction terminal and retransmitting the network/interchange request message to the network switch along with the session key encrypted in a second master key, e[KM2 ](KS1),(c) at the network switch, receiving the network/interchange request message and the encrypted session key, re-encrypting the session key in a third master key, e[KM3 ](KS1), and retransmitting the network/interchange request message along with the third master key encrypted session key to a particular issuer station specified by data in the network/interchange request message;
(d) at the issuer station, receiving the request message and the encrypted session key, e[KM3 ](KS1), decrypting the session key, decrypting the encrypted PINc, accessing the data base for the account specified in the transaction data, comparing and verifying the PINc with a corresponding PIN stored in the data base for that account, specifying an authorization code in response to the transaction data, and transmitting a reply message, which includes the authorization code, to the acquirer station through the network switch,(e) at the acquirer station, relaying the reply message to said transaction terminal, and,(f) acting on the authorization code to respond to the transaction terminal user.
1 Assignment
0 Petitions
Accused Products
Abstract
An efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of a plurality of acquirer institutions and one of a plurality of issuer institutions, with selected elements of the data being encrypted, decrypted, and processed using a one time session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages.
-
Citations
12 Claims
-
1. A method of operating a network/interchange transaction execution system of the type comprising a plurality of transaction terminals, a plurality of acquirer stations, each being associated with one or more separate transaction terminals, a plurality of issuer stations, each of which includes a data processor which stores account information for a plurality of accounts, and a network switch which communicatively interconnects the acquirers with the issuers;
- the method comprising the steps of;
(a) receiving and identifying network/interchange transaction information and a personal identification number, PINc, from a user at one of said transaction terminals, encrypting the PINc with a first session key, KS1, transmitting to the acquirer station associated with said transaction terminal a network/interchange request message comprised of the encrypted PINc and the transaction data; (b) at the associated acquirer station, receiving the network/interchange request message from said transaction terminal and retransmitting the network/interchange request message to the network switch along with the session key encrypted in a second master key, e[KM2 ](KS1), (c) at the network switch, receiving the network/interchange request message and the encrypted session key, re-encrypting the session key in a third master key, e[KM3 ](KS1), and retransmitting the network/interchange request message along with the third master key encrypted session key to a particular issuer station specified by data in the network/interchange request message; (d) at the issuer station, receiving the request message and the encrypted session key, e[KM3 ](KS1), decrypting the session key, decrypting the encrypted PINc, accessing the data base for the account specified in the transaction data, comparing and verifying the PINc with a corresponding PIN stored in the data base for that account, specifying an authorization code in response to the transaction data, and transmitting a reply message, which includes the authorization code, to the acquirer station through the network switch, (e) at the acquirer station, relaying the reply message to said transaction terminal, and, (f) acting on the authorization code to respond to the transaction terminal user. - View Dependent Claims (2, 3, 4, 5)
- the method comprising the steps of;
-
6. A method of operating a network/interchange transaction execution system of the type which includes a plurality of issuer stations, each having a separate data processor which stores account information for a plurality of accounts, a plurality of transaction terminals for input and output processing of user initiated transactions, including network/interchange transactions, a plurality of acquirer stations, each connected to a plurality of separate transaction terminals, and a network switch which communicatively interconnects the acquirer stations with the issuer stations, the method comprising the steps of:
-
(a) at an acquirer station, batch generating and storing a plurality of session keys, each key being encrypted in a first master key and in a second master key to form session key encryption pairs, (b) at one of the transaction terminals, receiving the transaction data and a personal identification number. PINc, from a user, encrypting the PINc with a session key, KS1, received by said transaction terminal from said acquirer station during the immediately preceding network/interchange transaction, concatenating the PINc and selected elements of the transaction data and computing a first message authentication code, MAC1, using the concatenated data and the session key, and transmitting a network/interchange request message comprised of the encrypted PIN, the MAC1 and the transaction data, to said acquirer station, (c) at said acquirer station, receiving the network/interchange request message from said transaction terminal, locating the corresponding session key, KS1, of the encryption pair which is encrypted in the second master key and relaying it along with the message to the network switch, (d) at the network switch, translating the session key from second master key encryption to encryption in a third master key and relaying it along with the network/interchange request message to a particular issuer as specified by data in the network/interchange request message, (e) at said issuer, receiving the network/interchange request message, decrypting the encrypted session key, KS1, recomputing and verifying the MAC1 using the decrypted session key, KS1, accessing the data base for the account specified by data in the network/interchange request message, translating the session key encrypted PINc into a data base encrypted PINc and comparing and verifying it with a data base encrypted PIN stored in association with the specified account in the data base, then generating an authorization code, recomputing a second message authentication code MAC2 using the session key, and transmitting a response message, including the authorization code and the MAC2 via the network switch to said acquirer station, (f) at said acquirer station, receiving the response message with the authorization code and the MAC2, retrieving the first master key encrypted session key e[KM1 ](KS2) of a new session key encryption pair, and relaying the response message, including the authorization code, the MAC2 and e[KM1 ](KS2) to said transaction terminal, and (g) at said transaction terminal, receiving the response message, including the authorization code, the MAC2 and e[KM1 ](KS2), recomputing and verifying the MAC2 using the previous session key, KS1, acting on the authorization code to carry out the transaction, and replacing the old encrypted session key e[KM1 ](KS1) with the new encrypted session key e[KM1 ](KS2).
-
-
7. Improved network/interchange transaction execution apparatus of the type comprising a plurality of issuer stations, each having a host data processor which stores account information for a plurality of accounts, a plurality of transaction terminals, a plurality of acquirer stations, each being connected to at least one, separate transaction terminal, and a network switch station communicatively interconnected between the acquirer stations and the issuer stations, and further comprising:
-
(a) means at each transaction terminal for receiving the transaction data and a personal identification number, PINc, from a user, for encrypting the PINc with a first session key, KS1, and for transmitting to the acquirer station connected to said transaction terminal, a network/interchange request message comprised of the encrypted PINc and the transaction data, (b) means at said acquirer station for receiving the network/interchange request message from said transaction terminal and for retransmitting the network/interchange request message, including the session key encrypted in a second master key, e[KM2 ](KS1), to the network switch, (c) means at the network switch for retransmitting the network/interchange request message to a particular issuer station as specified in transaction data of the network/interchange request message and for re-encrypting the session key from second master key encryption to encryption in a third master key, e[KM3 ](KS1), (d) means at said issuer station for receiving the network/interchange request message, including the encrypted session key, e[KM3 ](KS1), for decrypting the session key, for decrypting the encrypted PINc, for accessing the data base for the account specified in the transaction data, for comparing and verifying the PINc with the corresponding PIN stored in the data base for that account for specifying the authorization code in response to the transaction data, and for transmitting the authorization code to the network switch for relay to said acquirer station, (e) means at said acquirer station for relaying the authorization code to said transaction terminal, and (f) means at said transaction terminal for acting on the authorization code to respond to the transaction terminal user. - View Dependent Claims (8, 9, 10, 11)
-
-
12. Network/interchange transaction execution apparatus comprising a plurality of issuer stations each of which includes a data processor for storing account information for a plurality of accounts, a plurality of transaction terminals, a plurality of acquirer stations, each being connected to at least one, separate transaction terminal, and a network switch communicatively connected between the acquirer stations and the issuer stations, and further including:
-
(a) means at the acquirer stations for batch generating, encrypting and storing a plurality of session keys, each session key being encrypted once in a first master key, KM1, and once in a second master key, KM2, (b) means at an originating transaction terminal for receiving and identifying network/interchange transaction data and a personal identification number, PINc, from a user, for encrypting the PINc with a session key, KS1, received by the originating transaction terminal from the acquirer station during the immediately preceding transaction at said transaction terminal, for concatenating the PINc and selected elements of the transaction data, computing a first message authentication code, MAC1, using the concatenated data and KS1 and for transmitting a network/interchange request message comprised of the encrypted PINc, the MAC1 and the transaction data, to the acquirer station connected to said transaction station, (c) means at said acquirer station for receiving the network/interchange request message from the originating transaction terminal, for locating the same session key which is encrypted in the second master key, e[KM2 ](KS1), and for relaying it along with the network/interchange request message to the network switch, (d) means at the network switch for receiving the network/interchange request message and the encrypted session key, re-encrypting the session key in a third master key, e[KM3 ](KS1), and retransmitting the network/interchange request message along with e[KM3 ](KS1) to a particular issuer station specified in the transaction data included in the network/interchange request message, (e) means at said issuer station, for receiving the network/interchange request message, for decrypting the session key, KS1, for recomputing and verifying the MAC1 using the decrypted KS1, for accessing the data base for the account specified in the network/interchange request message, for translating the session key encrypted PINc into a data base encrypted PINc and comparing and verifying it with a data base encrypted PIN stored in association with the specified account in the data base, for thereafter generating an authorization code, for recomputing a second message authentication code, MAC2, using KS1, and for transmitting a response message, including the authorization code and the MAC2 to said acquirer station, (f) means at said acquirer station, for receiving the response message, including the authorization code and the MAC2, for retrieving the first master key encrypted session key e[KM1 ](KS2) of a new pair of session key encryptions, and relaying the response message, including the authorization code, the MAC2 and the e[KM1 ](KS2) to said originating transaction terminal, and, (g) means at said originating transaction terminal for receiving the response message, including the authorization code, the MAC2 and the e[KM1 ](KS2), for recomputing and verifying the MAC2 using the previous session key KS1, for acting on the authorization code to carry out the transaction, and for replacing the old encrypted session key e[KM1 ](KS1) with the new encrypted session key e[KM1 ](KS2).
-
Specification