Transaction system for integrated circuit cards
First Claim
1. A method of conducting a transaction between an integrated circuit (IC) card and a transaction terminal which includes a security module comprising the steps of:
- establishing communication between the terminal and the IC card;
separately generating at the initiation of and under the control of the transaction terminal a session key in the IC card using data stored in the IC card and a code associated with the particular IC card and in the security module using data stored in the security module and the code associated with the IC card;
using the session key generated by the IC card to encrypt data using an encryption algorithm to obtain a first result and using the session key generated by the security module to encrypt the same data using the same encryption algorithm to obtain a second result; and
comparing the first result and the second result and enabling the terminal to conduct the transaction only if the comparison establishes that the first result and the second result are identical.
4 Assignments
0 Petitions
Accused Products
Abstract
A transaction system and method of conducting a transaction between in integrated circuit (IC) card and a transaction terminal which includes a security module comprises establishing communication between the terminal and the IC card. Separate session keys are generated in the IC card using data stored in the IC card and a code associated with the particular IC card and the security module using data stored in the security module, and the code associated with the particular IC card. The session key generated by the IC card is used to encrypt data using an encryption algorithm to obtain a first result and the session key generated by the security module is used to encrypt the same data using the same encryption algorithm to obtain a second result. The first and second results are compared to enable the terminal to conduct the transaction only if the comparison establishes that the first result and the second result are identical. In one embodiment, the invention further comprises generating a transaction signature by the IC card using transaction data and data stored in the IC card, generating a transaction signature by the security module using transaction data and data stored in the security module and storing the transaction signatures generated by the IC card and the security module for creating an audit trail for the transaction.
-
Citations
37 Claims
-
1. A method of conducting a transaction between an integrated circuit (IC) card and a transaction terminal which includes a security module comprising the steps of:
-
establishing communication between the terminal and the IC card; separately generating at the initiation of and under the control of the transaction terminal a session key in the IC card using data stored in the IC card and a code associated with the particular IC card and in the security module using data stored in the security module and the code associated with the IC card; using the session key generated by the IC card to encrypt data using an encryption algorithm to obtain a first result and using the session key generated by the security module to encrypt the same data using the same encryption algorithm to obtain a second result; and comparing the first result and the second result and enabling the terminal to conduct the transaction only if the comparison establishes that the first result and the second result are identical. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a transaction system which includes at least one integrated circuit (IC) card for cooperating with a transaction terminal to perform transactions, the IC card including a processor, memory, data stored in the memory and a program stored in the memory, and the terminal including an IC card reader/writer device having a processor and memory with a stored program and a security module communicating with the reader/writer device, the security module including a processor, memory, data stored in the memory and a program stored in the memory, a method of establishing a secure audit trail for verifying a transaction between the IC card and the terminal, the method comprising the steps of:
-
generating, by the IC card, a transaction signature using transaction data and data stored in the IC card; generating, by the security module, a transaction signature using transaction data and data stored in the security module; and storing the IC card transaction signature and the security module transaction signature. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. In a transaction system which includes at least one integrated circuit (IC) card for cooperating with a transaction terminal to perform transactions, the IC card including a processor, memory, data stored in the memory and a program stored in the memory, and the terminal including an IC card reader/writer device having a processor, memory and a program stored in the memory, and a security module communicating with the reader/writer device, the security module including a processor, memory, data stored in the memory and a program stored in the memory, a method of verifying the validity of the IC card and the terminal at the initiation of and under the control of the terminal for establishing a secure session between the IC card and the terminal to enable the performance of a transaction, the method comprising:
-
(a) inserting the IC card into the terminal to establish communication between the reader/writer device and the IC card; (b) reading, by the reader/writer device from the IC card, an IC card identification number and sending the identification number to the security module; (c) generating, by the security module, a derived verification key by encrypting the identification number of the IC card with a verification control key stored in the memory of the security module using an encryption algorithm; (d) generating, by the IC card, a transaction number; (e) reading, by the reader/writer device from the IC card, the transaction number and sending the transaction number to the security module; (f) generating, by the IC card, a session key by encrypting the IC card transaction number with a derived verification key stored in the memory of the IC card using the encryption algorithm; (g) generating, by the IC card, a response certificate by encrypting a random number with the session key generated by the IC card using the encryption algorithm; (h) reading, by the reader/writer device, the response certificate generated by the IC card and sending the IC card response certificate to the security module; (i) generating, by the security module, a session key by encrypting the IC card transaction number with the derived verification key using the encryption algorithm; (j) generating, by the security module, a response certificate by encrypting the random number with the session key generated by the security module using the encryption algorithm; (k) comparing, by the security module, the received IC card response certificate with the response certificate generated by the security module and verifying that (1) the session keys are identical and (2) that the IC card is valid, if the response certificates are identical; (l) generating, by the security module, a derived password by encrypting the serial number of the IC card with a password key stored in the memory of the security module utilizing the encryption algorithm; (m) generating, by the security module, a password cryptogram by encrypting the derived password with the session key using the encryption algorithm; (n) reading, by the reader/writer device, the password cryptogram from the security module and sending the password cryptogram to the IC card; (o) generating, by the IC card, a password by decrypting the password cryptogram with the session key using the encryption algorithm; and (p) comparing, by the IC card, the generated password with a derived password stored in the memory of the IC card and verifying (1) the validity of the security module and the terminal and (2) the establishment of a secure session between the IC card, the security module, and the terminal, if the generated password and the retrieved derived password are identical. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. In a transaction system which includes at least one integrated circuit (IC) card for cooperating with a transaction terminal to perform transactions, the IC card including a processor, memory, data stored in the memory and a program stored in the memory, and the terminal including an IC card reader/writer device having a processor, memory and a program stored in the memory, and a security module communicating with the reader/writer device, the security module including a processor, memory, data stored in the memory and a program stored in the memory, a method of establishing a secure audit trail at the initiation of and under the control of the terminal for verifying each transaction between the IC card and the terminal, the method comprising the steps of:
-
(a) generating, by the IC card, a transaction signature using;
(1) the amount of the transaction, (2) an IC card transaction number, and (3) a derived signature key stored in the IC card memory;(b) reading, by the reader/writer device, the transaction signature generated by the IC card and storing the IC card transaction signature in the reader/writer device memory; (c) generating, by the security module, a transaction signature using;
(1) the amount of the transaction, (2) the IC card transaction number, (3) the IC card transaction signature, (4) a security module transaction number, and (5) a derived signature key stored in the security module memory; and(d) reading, by the reader/writer device, the transaction signature generated by the security module and storing the security module transaction signature in the reader/writer device memory. - View Dependent Claims (33, 34, 35, 36, 37)
-
Specification