Secure transmission of sensitive information over a public/insecure communications medium

US 5,878,143 A
Filed: 08/16/1996
Issued: 03/02/1999
Est. Priority Date: 08/16/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A procedure for communicating sensitive information securely over an insecure medium from a first computer system to a second computer system to carry out transactions therebetween, the procedure comprising:

A) developing an account initialization data set at the first computer system, the account initialization data set including a plurality of fields, at least a first one of which fields includes information which is unique to the hardware comprising the first computer system;

B) duplicating the account initialization data set on the second computer system through a secure medium;

C) independently developing and storing at each of the first and second computer systems, from information included in the account initialization data set, using functionally identical algorithms, an initial client control file data set including a plurality of control fields, at least one of which control fields includes data developed from information which is unique to the hardware comprising the first computer system;

D) subsequently, communicating over an insecure communications medium an initial validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a first transaction;

E) checking, at the second computer system, that the information in the initial validation string received from the first computer system is identical to a counterpart initial validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;

F) if the initial validation string received from the first computer system is found during step E) to be identical to the initial validation string generated at the second computer system, carrying out the transaction and going to step H);

G) if the initial validation string received from the first computer system is found during step E) to be different from the initial validation string generated at the second computer system, aborting the transaction;

H) developing and storing, at the first computer system, an updated client control file data set which is modified from the previous client control file data set, according to a predetermined modification procedure, based on new information which is specific to the transaction just carried out;

I) developing and storing, at the second computer system, an updated client control file data set which is modified from the previous client control file data set, according to the same predetermined modification procedure employed in step H), based on new information which is specific to the transaction just carried out such that the new client control files stored, respectively, in each of the first and second computer systems are identical;

J) subsequently, communicating over an insecure communications medium an updated validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a transaction;

K) checking, at the second computer system, that the information in the updated validation string received from the first computer system is identical to a counterpart updated validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;

L) if the updated validation string received from the first computer system is found during step K) to be identical to the updated validation string generated at the second computer system, carrying out the transaction and going to step J); and

M) if the updated validation string received from the first computer system is found during step K) to be different from the updated validation string generated at the second computer system, aborting the transaction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to achieve very secure transmission of sensitive information over a public communications medium such as the Internet to carry out transactions therebetween, an account initialization data set is developed in a client system and duplicated, by secure means, in a host system. At each of the client and host systems, an initial client control file data set including a plurality of control fields (at least one of which includes data developed from information which is unique to the client system hardware) is independently developed and stored using functionally identical algorithms and incorporating information included in at least a part of the account initialization data set. Subsequently, during initiation of a transaction, a validation string generated from a plurality of the client control file data set fields stored in the client system and at least one additional field containing transaction specific information is sent from the client system to the host system over an insecure transmission medium such as the Internet. At the host, a validation string is generated using the corresponding control file data set fields, identically manipulated, and the apparent client generated and host generated initial validation strings are checked for identity. If the initial validation strings are identical, the transaction is carried out; however, if the initial validation strings are not identical, the transaction is aborted. Assuming that the transaction is carried out, updated client control file data sets, which are identically modified according to a predetermined modification procedure from the previous client control file data sets, based on new information which is specific to the transaction just carried out, are independently developed and stored at each of the client and host systems to be used to validate the next transaction.

Citations

24 Claims

1. A procedure for communicating sensitive information securely over an insecure medium from a first computer system to a second computer system to carry out transactions therebetween, the procedure comprising:
- A) developing an account initialization data set at the first computer system, the account initialization data set including a plurality of fields, at least a first one of which fields includes information which is unique to the hardware comprising the first computer system;
  
  B) duplicating the account initialization data set on the second computer system through a secure medium;
  
  C) independently developing and storing at each of the first and second computer systems, from information included in the account initialization data set, using functionally identical algorithms, an initial client control file data set including a plurality of control fields, at least one of which control fields includes data developed from information which is unique to the hardware comprising the first computer system;
  
  D) subsequently, communicating over an insecure communications medium an initial validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a first transaction;
  
  E) checking, at the second computer system, that the information in the initial validation string received from the first computer system is identical to a counterpart initial validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;
  
  F) if the initial validation string received from the first computer system is found during step E) to be identical to the initial validation string generated at the second computer system, carrying out the transaction and going to step H);
  
  G) if the initial validation string received from the first computer system is found during step E) to be different from the initial validation string generated at the second computer system, aborting the transaction;
  
  H) developing and storing, at the first computer system, an updated client control file data set which is modified from the previous client control file data set, according to a predetermined modification procedure, based on new information which is specific to the transaction just carried out;
  
  I) developing and storing, at the second computer system, an updated client control file data set which is modified from the previous client control file data set, according to the same predetermined modification procedure employed in step H), based on new information which is specific to the transaction just carried out such that the new client control files stored, respectively, in each of the first and second computer systems are identical;
  
  J) subsequently, communicating over an insecure communications medium an updated validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a transaction;
  
  K) checking, at the second computer system, that the information in the updated validation string received from the first computer system is identical to a counterpart updated validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;
  
  L) if the updated validation string received from the first computer system is found during step K) to be identical to the updated validation string generated at the second computer system, carrying out the transaction and going to step J); and
  
  M) if the updated validation string received from the first computer system is found during step K) to be different from the updated validation string generated at the second computer system, aborting the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The procedure of claim 1 in which at least one field in the initial and updated validation strings is hashed in the first computer system before transmission to the second computer system.
  - 3. The procedure of claim 2 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 4. The procedure of claim 1 in which at least a second field in the initial client control file data set contains user specific information.
  - 5. The procedure of claim 4 in which at least one field in the initial and updated validation strings is hashed in the first computer system before transmission to the second computer system.
  - 6. The procedure of claim 5 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 7. The procedure of claim 4 in which at least one field in the initial client control file data set includes user social security number specific information.
  - 8. The procedure of claim 7 in which at least one field in the initial and updated validation strings is hashed in the first computer system before transmission to the second computer system.
  - 9. The procedure of claim 8 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 10. The procedure of claim 7 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 11. The procedure of claim 4 in which special purpose software for installing routines necessary to carry out the procedure at the first computer system are supplied to a user through a secure medium and in which a fourth field in the initial control file data set contains a representation of the installation time of the special purpose software.
  - 12. The procedure of claim 11 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 13. The procedure of claim 4 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 14. The procedure of claim 1 in which at least a third field in the initial client control file data set contains information developed from a randomly generated and hashed integral number.
  - 15. The procedure of claim 14 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 16. The procedure of claim 1 in which special purpose software for installing the routines necessary to carry out the procedure at the first computer system are supplied to a user through a secure medium and in which a fourth field in the initial control file data set contains a representation of the installation time of the special purpose software.
  - 17. The procedure of claim 16 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 18. The procedure of claim 1 in which the field which includes information which is unique to the hardware is hashed.
  - 19. The procedure of claim 18 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 20. The procedure of claim 1 in which at least one of the fields in the initial and updated control files is encrypted to a depth which does not exceed that permitted by the relevant government authority.
  - 21. The procedure of claim 20 in which an encryption password is developed in the first computer system from a plurality of stored control fields in conjunction with the initiation of each transaction, which encryption password is employed to encrypt at least one field including information pertaining to such transaction, such encrypted field being included in a validation string sent to the second computer, and in which, at the second computer system, a counterpart encryption password is developed from a plurality of stored control fields and used to decrypt the encrypted field.
  - 22. The procedure of claim 21 in which a signature key is developed and stored in each of the first computer and second computer systems from a plurality of fields included in the account initialization data set and an assigned client account number.
  - 23. The procedure of claim 20 in which a signature key is developed and stored in each of the first computer and second computer systems from a plurality of fields included in the account initialization data set and an assigned client account number.
  - 24. The procedure of claim 1 in which a signature key is developed and stored in each of the first computer and second computer systems from a plurality of fields included in the account initialization data set and an assigned client account number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Net 1 Incorporated
Original Assignee
Net 1 Incorporated
Inventors
Moore, Robert H.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/699,104
Time in Patent Office

928 Days
Field of Search

380/4, 380/9, 380/21, 380/23, 380/24, 380/25, 380/28, 380/48, 380/49, 380/50, 380/59, 380/29, 380/30, 340/825.31, 340/825.34, 395/186, 395/187.01, 395/188.01, 395/226
US Class Current

705/75
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06Q 20/401   Transaction verification

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

Secure transmission of sensitive information over a public/insecure communications medium

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transmission of sensitive information over a public/insecure communications medium

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links