Secure electronic funds transfer from telephone or unsecured terminal
First Claim
1. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:
- means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer;
said secure transaction processor including;
first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, and said encryption key in a record;
processor means connected to said memory means and to said data communications link for;
accessing said account record in response to receipt of said record key string, andcombining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and
means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure electronics funds or other financial transaction system that provides substantially equivalent security to that obtained by the use of secure point of sale terminals such as automatic teller machines, yet is conducted from unsecure terminal devices such as telephones, is disclosed. A customer registers himself or herself personally, together with information on his or her bank account at a secure transaction processor. A secure terminal is used to generate an encrypted version of a personal identification number (PIN) and provides the encrypted PIN and to the secure transaction processor. The encryption key used during encryption of the PIN is also acquired from either a specific request to, or monitoring data passing from a conventional network security transaction processor. The encrypted PIN is parsed with one portion being stored in the customer record at the secure transaction processor and the other being partially masked and provided back to the customer as an access code. Upon conducting a transaction, the customer provides the access code, which is unmasked and concatenated with second portion to recreate the original full encrypted PIN. This, together with the encryption key used for the original encryption is provided to conventional security and transaction processing apparatus for regional banking networks to seek authorization for the transaction.
-
Citations
9 Claims
-
1. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:
-
means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer; said secure transaction processor including; first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, and said encryption key in a record; processor means connected to said memory means and to said data communications link for; accessing said account record in response to receipt of said record key string, and combining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.
-
-
2. In a system for processing a financial transaction from a particular customer of the type requiring provision to a network security transaction processor of an N character encrypted PIN, N being a positive integer greater than one, and an encryption key, wherein said N character encrypted PIN is a representation of a PIN associated with a particular account and a particular customer that was encrypted using said encryption key, the improvement comprising:
-
means for establishing a data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing a masked M character first portion of said N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer; said secure transaction processor including; first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN, a service security translate key identifying each of said M characters that is a masked non-numeric character, and said encryption key; processor means connected to said memory means and to said data communications link for; accessing said account record in response to receipt of said record key string, combining said masked M character first portion of said N character encrypted PIN and said service security translate key to provide an unmasked M character first portion of said N character encrypted PIN, and combining said unmasked M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN; and means for providing said N character encrypted PIN and said encryption key to said network security transaction processor.
-
-
3. A method of processing a financial transaction from a particular customer of the type requiring provision of a PIN associated with a particular account and said particular customer to an authorization processor comprising the steps of:
-
(a) registering said account at a secure transaction processor by; (i) encrypting said PIN with a predetermined key to provide an N character encrypted PIN, N being a positive integer greater than one; (ii) providing an M character first portion of said encrypted PIN to said particular customer, M being a positive integer less than N; (iii) obtaining a record key string uniquely associated with said account; (iv) storing said record key string and an N-M character second portion of said encrypted PIN in a record at said secure transaction processor; (v) storing an indicia associated with said predetermined key at said secure transaction processor; (b) contacting said secure transaction processor via an unsecured data link and providing said M character first portion of said encrypted PIN and said record key string over said data link; (c) combining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN at said secure transaction processor; (d) obtaining said predetermined key and using same to de-encrypt said N character encrypted PIN to provide a reproduced PIN; and (e) causing said secure transaction processor to establish communication with said authorization processor, and to encrypt said reproduced PIN using a current authorization network key, to provide a re-encrypted PIN and other data associated with said particular account to said authorization processor. - View Dependent Claims (4, 5, 6)
-
-
7. A financial transaction processing system for processing of the type requiring provision of a PIN associated with a particular account and a particular customer to an authorization processor comprising in combination:
-
means for establishing a first data communications link between an unsecured point of sale terminal device and a secure transaction processor wherein said point of sale terminal device is operable to provide data representing an M character first portion of N character encrypted PIN, M being a positive integer less than N, and a record key string associated with said particular customer, said N character encrypted PIN being encrypted using a predetermined encryption key; a secure transaction processor including; first memory means for storing an account record including said record key string associated with said particular account, an N-M character second portion of said encrypted PIN in a record, and said predetermined encryption key; processor means connected to said memory means and to said first data communications link for; accessing said account record in response to receipt of said record key string, combining said M character first portion and said N-M character second portion of said encrypted PIN to reproduce said N character encrypted PIN, using said predetermined encryption key to de-encrypt said N character encrypted PIN to provide a reproduced PIN; and network communication means for establishing a second data communications link between said secure transaction processor and said authorization processor; second memory means for storing a current authorization network key provided by said authorization processor; and means for re-encrypting said reproduced PIN using said current authorization network key to provide a re-encrypted PIN and for providing said re-encrypted PIN and other data associated with said particular account to said authorization processor over said second data communications link.
-
-
8. A method of creating a secure record at a secure transaction processor which record is used for processing financial transactions from a particular customer having a machine readable account card associated with at least one particular account of said particular customer, and which account and customer have a PIN associated therewith comprising the steps of:
-
providing a secure point of sale transaction terminal with secured PIN pad encryption apparatus and card reading apparatus; causing said secure point of sale transaction terminal to prompt said customer to insert said machine readable account card and reading account information stored on said account card; causing said secure point of sale transaction terminal to prompt said customer to enter said customer'"'"'s PIN and, in response to entry thereof, using said secured PIN pad encryption apparatus and a predetermined encryption key to provide an N character encrypted PIN, N being a positive integer greater than one; causing said secure point of sale transaction terminal to prompt said customer to enter a telephone service access number uniquely associated with said customer; transmitting said telephone service access number, said account information and said N character encrypted PIN to said secure transaction processor; establishing communication with an authorization processor and verifying that said PIN is associated with said particular account; parsing said N character encrypted PIN to provide an M character first portion of said encrypted PIN, M being a positive integer less than N, and an N-M character second portion of said encrypted PIN; identifying each of said M characters of said M character first portion of said encrypted PIN that is a non-numeric character and masking each said non-numeric character with an associated predetermined numeric character to provide a masked M character first portion of said encrypted PIN; creating a service security translate key identifying the particular ones of said M characters of said masked M character first portion of said encrypted PIN that have been masked; creating a data record at said secure transaction processor including said telephone service access number as a record key string, said N-M character second portion of said encrypted PIN, data identifying said predetermined encryption key, and said service security translate key; and providing to said customer at said secure point of sale transaction terminal with said masked M character first portion of said encrypted PIN. - View Dependent Claims (9)
-
Specification