End-to-end encryption system and method of operation
First Claim
1. A method of operating a network/interchange transaction execution system of the type comprising a plurality of transaction terminals, a plurality of acquirer stations, each being associated with one or more separate transaction terminals, a plurality of issuer stations, each of which includes a data processor which stores account information for a plurality of accounts, and a network switch which communicatively interconnects the acquirer stations with the issuer stations, the method comprising the steps of:
- (a) generating, encrypting and storing at each said acquirer station, a plurality of encrypted pairs of session keys for each terminal, each key being encrypted once in a first master key and once in a second master key, and, in addition, computing a session key authentication code (SKAC) unique to each encrypted pair of session keys;
(b) receiving and identifying network/interchange transaction information and a personal identification number, PINc, from a user at one of said transaction terminals, encrypting the PINc with a first session key, KSn, transmitting to the acquirer station associated with said transaction terminal a network/interchange request message comprised of the encrypted PINc and the transaction data;
(c) at the associated acquirer station, receiving the network/interchange request message from said transaction terminal and retransmitting the network/interchange request message to the network switch along with the session key encrypted in a second master key, e[KM2 ](KSn);
(d) at the network switch, receiving the network/interchange request message and the encrypted session key, reencrypting the session key in a third master key, e[KM3 ](KSn), and retransmitting the network/interchange request message along with the third master key encrypted session key to a particular issuer station specified by data in the network/interchange request message;
(e) at the issuer station, receiving the request message and the encrypted session key, e[KM3 ](KSn), decrypting the session key, decrypting the encrypted PINc, accessing the data base for the account specified in the transaction data, comparing and verifying the PINc with a corresponding PIN stored in the data base for that account, specifying an authorization code, to the acquirer station through the network switch;
(f) at the acquirer station, appending a new first master key encrypted session key e[KM1 ](KSn+1) along with the corresponding SKACn+1 to the reply message and relaying the reply message to said transaction terminal; and
(g) at the terminal, recomputing and verifying the SKACn+1 and acting on the authorization code to respond to the transaction terminal user.
1 Assignment
0 Petitions
Accused Products
Abstract
An efficient end-to-end encryption system including key management procedures for providing secure, financial data communication between a system user at one of a plurality of transaction terminals of one of a plurality of acquirer institutions and one of a plurality of issuer institutions, with selected elements of the data being encrypted, decrypted, and processed using a onetime session key which is similarly encrypted with master keys and efficiently sent along with the specific segments of the request and response messages. A session key authentication code is utilized to prevent the replay of a previously used session key, thereby precluding undetected message replay or undetected message or data element substitution or insertion.
594 Citations
12 Claims
-
1. A method of operating a network/interchange transaction execution system of the type comprising a plurality of transaction terminals, a plurality of acquirer stations, each being associated with one or more separate transaction terminals, a plurality of issuer stations, each of which includes a data processor which stores account information for a plurality of accounts, and a network switch which communicatively interconnects the acquirer stations with the issuer stations, the method comprising the steps of:
-
(a) generating, encrypting and storing at each said acquirer station, a plurality of encrypted pairs of session keys for each terminal, each key being encrypted once in a first master key and once in a second master key, and, in addition, computing a session key authentication code (SKAC) unique to each encrypted pair of session keys; (b) receiving and identifying network/interchange transaction information and a personal identification number, PINc, from a user at one of said transaction terminals, encrypting the PINc with a first session key, KSn, transmitting to the acquirer station associated with said transaction terminal a network/interchange request message comprised of the encrypted PINc and the transaction data; (c) at the associated acquirer station, receiving the network/interchange request message from said transaction terminal and retransmitting the network/interchange request message to the network switch along with the session key encrypted in a second master key, e[KM2 ](KSn); (d) at the network switch, receiving the network/interchange request message and the encrypted session key, reencrypting the session key in a third master key, e[KM3 ](KSn), and retransmitting the network/interchange request message along with the third master key encrypted session key to a particular issuer station specified by data in the network/interchange request message; (e) at the issuer station, receiving the request message and the encrypted session key, e[KM3 ](KSn), decrypting the session key, decrypting the encrypted PINc, accessing the data base for the account specified in the transaction data, comparing and verifying the PINc with a corresponding PIN stored in the data base for that account, specifying an authorization code, to the acquirer station through the network switch; (f) at the acquirer station, appending a new first master key encrypted session key e[KM1 ](KSn+1) along with the corresponding SKACn+1 to the reply message and relaying the reply message to said transaction terminal; and (g) at the terminal, recomputing and verifying the SKACn+1 and acting on the authorization code to respond to the transaction terminal user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Improved network/interchange transaction execution apparatus of the type comprising a plurality of issuer stations, each having a host data processor which stores account information for a plurality of accounts, a plurality of transaction terminals, a plurality of acquirer stations, each being connected to at least one, separate transaction terminal, and a network switch station communicatively interconnected between the acquirer stations and the issuer stations, and further comprising:
-
(a) means at each transaction terminal for receiving the transaction data and a personal identification number, PINc, from a user, for encrypting the PINc with a first session key, KSn, and for transmitting to the acquirer station connected to said transaction terminal, a network/interchange request message comprised of the encrypted PINc and the transaction data; (b) means at said acquirer station for receiving the network/interchange request message from said transaction terminal and for retransmitting the network/interchange request message, including the session key encrypted in a second master key, e[KM2 ](KSn), to the network switch; (c) means at the network switch for retransmitting the network/interchange request message to a particular issuer station as specified in transaction data of the network/interchange request and for reencrypting the session key from second master key encryption to encryption in a third master key, e[KM3 ](KSn); (d) means at said issuer station for receiving the network/interchange request message, including the encrypted session key, e[KM3 ](KSn), for decrypting the session key, for encrypting the encrypted PINc, for accessing the data base for the account specified in the transaction data, for comparing and verifying the PINc with the corresponding PIN stored in the data base for that account for specifying the authorization code in response to the transaction data, and for transmitting the authorization code to the network switch for relay to said acquirer station; (e) means at said acquirer station for generating, encrypting and storing a plurality of encrypted pairs of session keys for each terminal, each key being encrypted once in a first master key and once in a second master key and, in addition, computing a session key authentication code SKAC unique to each encrypted pair of session keys, and means at said acquirer station for appending a new first master key encrypted session key e[KM1 ](KSn+1) along with the corresponding SKACn+1 to the authorization code and relaying the authorization code to the transaction terminal; and (f) means at said transaction terminal for recomputing and verifying the SKACn+1 and acting on the authorization code to respond to the transaction terminal user. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification