Secure electronic funds transfer from telephone or unsecured terminal

US 5,371,797 A
Filed: 01/19/1993
Issued: 12/06/1994
Est. Priority Date: 01/19/1993
Status: Expired due to Term

First Claim

Patent Images

1. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:

means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer;

said secure transaction processor including;

first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, and said encryption key in a record;

processor means connected to said memory means and to said data communications link for;

accessing said account record in response to receipt of said record key string, andcombining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and

means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure electronics funds or other financial transaction system that provides substantially equivalent security to that obtained by the use of secure point of sale terminals such as automatic teller machines, yet is conducted from unsecure terminal devices such as telephones, is disclosed. A customer registers himself or herself personally, together with information on his or her bank account at a secure transaction processor. A secure terminal is used to generate an encrypted version of a personal identification number (PIN) and provides the encrypted PIN and to the secure transaction processor. The encryption key used during encryption of the PIN is also acquired from either a specific request to, or monitoring data passing from a conventional network security transaction processor. The encrypted PIN is parsed with one portion being stored in the customer record at the secure transaction processor and the other being partially masked and provided back to the customer as an access code. Upon conducting a transaction, the customer provides the access code, which is unmasked and concatenated with second portion to recreate the original full encrypted PIN. This, together with the encryption key used for the original encryption is provided to conventional security and transaction processing apparatus for regional banking networks to seek authorization for the transaction.

Citations

9 Claims

1. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:
- means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer;
  
  said secure transaction processor including;
  
  first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, and said encryption key in a record;
  
  processor means connected to said memory means and to said data communications link for;
  
  accessing said account record in response to receipt of said record key string, andcombining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and
  
  means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.

2. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:
- means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing a masked M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer;
  
  said secure transaction processor including;
  
  first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, a service security translate key identifying each of said M characters that is a masked non-numeric character, and said encryption key;
  
  processor means connected to said memory means and to said data communications link for;
  
  accessing said account record in response to receipt of said record key string,combining said masked M character first portion of said N character encrypted PIN and said service security translate key to provide an unmasked M character first portion of said N character encrypted PIN, andcombining said unmasked M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and
  
  means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.

3. A method of processing a financial transaction from a particular customer of the type requiring provision of a PIN associated with a particular account and said particular customer to an authorization processor comprising the steps of:
- (a) registering said account at a secure transaction processor by;
  
  (i) encrypting said PIN with a predetermined key to provide an N character encrypted PIN, N being a positive integer greater than one;
  
  (ii) providing an M character first portion of said encrypted PIN to said particular customer, M being a positive integer less than N;
  
  (iii) obtaining a record key string uniquely associated with said account;
  
  (iv) storing said record key string and an N-M character second portion of said encrypted PIN in a record at said secure transaction processor;
  
  (v) storing an indicia associated with said predetermined key at said secure transaction processor;
  
  (b) contacting said secure transaction processor via an unsecured data link and providing said M character first portion of said encrypted PIN and said record key string over said data link;
  
  (c) combining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN at said secure transaction processor;
  
  (d) obtaining said predetermined key and using same to de-encrypt said N character encrypted PIN to provide a reproduced PIN; and
  
  (e) causing said secure transaction processor to establish communication with said authorization processor, and to encrypt said reproduced PIN using a current authorization network key, to provide a re-encrypted PIN and other data associated with said particular account to said authorization processor.
- View Dependent Claims (4, 5, 6)
- - 4. A method of processing a financial transaction from a particular customer as recited in claim 3 whereinsaid step (a)(ii) includes the steps of:
    - identifying each of said M characters that is a non-numeric character,masking each said non-numeric character with an associated predetermined numeric character to provide a masked M character first portion of said encrypted PIN, and creating a service security translate key identifying the particular ones of said M characters of said masked M character first portion of said encrypted PIN that have been masked; and
      
      said step (a)(iv) includes a step of storing said service security translate key in said record at said secure transaction processor.
  - 5. A method of processing a financial transaction from a particular customer as recited in claim 4 wherein:
    - said step (c) includes a step of accessing said service security translate key and using same to unmask said particular ones of said M characters of said masked M character first portion of said encrypted PIN that have been masked.
  - 6. A method of processing a financial transaction from a particular customer as recited in claim 3 whereinsaid step (a)(ii) includes the steps of:
    - providing a random integer number R with a value in the range;
      
      selecting said M character first portion of said encrypted PIN as the first M characters of said encrypted PIN beginning with the Rth character thereof; and
      
      said step (a)(iv) includes a step of storing said integer number R in said record at said secure transaction processor.

7. A financial transaction processing system for processing of the type requiring provision of a PIN associated with a particular account and a particular customer to an authorization processor comprising in combination:
- means for establishing a first data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer, said N character encrypted PIN being encrypted using a predetermined encryption key;
  
  a secure transaction processor including;
  
  first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN in a record, and said predetermined encryption key;
  
  processor means connected to said memory means and to said first data communications link for;
  
  accessing said account record in response to receipt of said record key string,combining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN,using said predetermined encryption key to de-encrypt said N character encrypted PIN to provide a reproduced PIN; and
  
  network communication means for establishing a second data communications link between said secure transaction processor and said authorization processor;
  
  second memory means for storing a current authorization network key provided by said authorization processor; and
  
  means for re-encrypting said reproduced PIN using said current authorization network key to provide a re-encrypted PIN and for providing said re-encrypted PIN and other data associated with said particular account to said authorization processor over said second data communications link.

8. A method of creating a secure record at a secure transaction processor which record is used for processing financial transactions from a particular customer having a machine readable account card associated with at least one particular account of said particular customer, and which account and customer have a PIN associated therewith comprising the steps of:
- providing a secure point of sale transaction terminal with secured PIN pad encryption apparatus and card reading apparatus;
  
  causing said secure point of sale transaction terminal to prompt said customer to insert said machine readable account card and reading account information stored on said account card;
  
  causing said secure point of sale transaction terminal to prompt said customer to enter said customer'"'"'s PIN and, in response to entry thereof, using said secured PIN pad encryption apparatus and a predetermined encryption key to provide an N character encrypted PIN, N being a positive integer greater than one;
  
  causing said secure point of sale transaction terminal to prompt said customer to enter a telephone service access number uniquely associated with said customer;
  
  transmitting said telephone service access number, said account information and said N character encrypted PIN to said secure transaction processor;
  
  establishing communication with an authorization processor and verifying that said PIN is associated with said particular account;
  
  parsing said N character encrypted PIN to provide an M character first portion of said encrypted PIN, M being a positive integer less than N, and an N-M character second portion of said encrypted PIN;
  
  identifying each of said M characters of said M character first portion of said encrypted PIN that is a non-numeric character and masking each said non-numeric character with an associated predetermined numeric character to provide a masked M character first portion of said encrypted PIN;
  
  creating a service security translate key identifying the particular ones of said M characters of said masked M character first portion of said encrypted PIN that have been masked;
  
  creating a data record at said secure transaction processor including said telephone service access number as a record key string, said N-M character second portion of said encrypted PIN, data identifying said predetermined encryption key, and said service security translate key; and
  
  providing to said customer at said secure point of sale transaction terminal with said masked M character first portion of said encrypted PIN.
- View Dependent Claims (9)
- - 9. A method of creating a secure record at a secure transaction processor as recited in claim 8 whereinsaid step of parsing said N character encrypted PIN includes the steps of:
    - providing a random integer number R with a value in the range;
      
      selecting said M character first portion of said encrypted PIN as the first M characters of said encrypted PIN beginning with the Rth character thereof; and
      
      said step of creating a data record at said secure transaction processor includes a step of storing said integer number R in said data record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
BellSouth Corporation (AT&T, Inc.)
Inventors
Bocinsky, Jr., Ronald V.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/005,350
Time in Patent Office

686 Days
Field of Search

380/23-25, 380/825.34
US Class Current

705/70
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/305   using wired telephone networks

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G07F 7/10   together with a coded signa...

G07F 7/1016   Devices or methods for secu...

G07F 7/1066   PIN data being compared to ...

Secure electronic funds transfer from telephone or unsecured terminal

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Secure electronic funds transfer from telephone or unsecured terminal

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links