Secure transmission of sensitive information over a public/insecure communications medium
First Claim
1. A procedure for communicating sensitive information securely over an insecure medium from a first computer system to a second computer system to carry out transactions therebetween, the procedure comprising:
- A) developing an account initialization data set at the first computer system, the account initialization data set including a plurality of fields, at least a first one of which fields includes information which is unique to the hardware comprising the first computer system;
B) duplicating the account initialization data set on the second computer system through a secure medium;
C) independently developing and storing at each of the first and second computer systems, from information included in the account initialization data set, using functionally identical algorithms, an initial client control file data set including a plurality of control fields, at least one of which control fields includes data developed from information which is unique to the hardware comprising the first computer system;
D) subsequently, communicating over an insecure communications medium an initial validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a first transaction;
E) checking, at the second computer system, that the information in the initial validation string received from the first computer system is identical to a counterpart initial validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;
F) if the initial validation string received from the first computer system is found during step E) to be identical to the initial validation string generated at the second computer system, carrying out the transaction and going to step H);
G) if the initial validation string received from the first computer system is found during step E) to be different from the initial validation string generated at the second computer system, aborting the transaction;
H) developing and storing, at the first computer system, an updated client control file data set which is modified from the previous client control file data set, according to a predetermined modification procedure, based on new information which is specific to the transaction just carried out;
I) developing and storing, at the second computer system, an updated client control file data set which is modified from the previous client control file data set, according to the same predetermined modification procedure employed in step H), based on new information which is specific to the transaction just carried out such that the new client control files stored, respectively, in each of the first and second computer systems are identical;
J) subsequently, communicating over an insecure communications medium an updated validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a transaction;
K) checking, at the second computer system, that the information in the updated validation string received from the first computer system is identical to a counterpart updated validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system;
L) if the updated validation string received from the first computer system is found during step K) to be identical to the updated validation string generated at the second computer system, carrying out the transaction and going to step J); and
M) if the updated validation string received from the first computer system is found during step K) to be different from the updated validation string generated at the second computer system, aborting the transaction.
0 Assignments
0 Petitions
Accused Products
Abstract
In order to achieve very secure transmission of sensitive information over a public communications medium such as the Internet to carry out transactions therebetween, an account initialization data set is developed in a client system and duplicated, by secure means, in a host system. At each of the client and host systems, an initial client control file data set including a plurality of control fields (at least one of which includes data developed from information which is unique to the client system hardware) is independently developed and stored using functionally identical algorithms and incorporating information included in at least a part of the account initialization data set. Subsequently, during initiation of a transaction, a validation string generated from a plurality of the client control file data set fields stored in the client system and at least one additional field containing transaction specific information is sent from the client system to the host system over an insecure transmission medium such as the Internet. At the host, a validation string is generated using the corresponding control file data set fields, identically manipulated, and the apparent client generated and host generated initial validation strings are checked for identity. If the initial validation strings are identical, the transaction is carried out; however, if the initial validation strings are not identical, the transaction is aborted. Assuming that the transaction is carried out, updated client control file data sets, which are identically modified according to a predetermined modification procedure from the previous client control file data sets, based on new information which is specific to the transaction just carried out, are independently developed and stored at each of the client and host systems to be used to validate the next transaction.
-
Citations
24 Claims
-
1. A procedure for communicating sensitive information securely over an insecure medium from a first computer system to a second computer system to carry out transactions therebetween, the procedure comprising:
-
A) developing an account initialization data set at the first computer system, the account initialization data set including a plurality of fields, at least a first one of which fields includes information which is unique to the hardware comprising the first computer system; B) duplicating the account initialization data set on the second computer system through a secure medium; C) independently developing and storing at each of the first and second computer systems, from information included in the account initialization data set, using functionally identical algorithms, an initial client control file data set including a plurality of control fields, at least one of which control fields includes data developed from information which is unique to the hardware comprising the first computer system; D) subsequently, communicating over an insecure communications medium an initial validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a first transaction; E) checking, at the second computer system, that the information in the initial validation string received from the first computer system is identical to a counterpart initial validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system; F) if the initial validation string received from the first computer system is found during step E) to be identical to the initial validation string generated at the second computer system, carrying out the transaction and going to step H); G) if the initial validation string received from the first computer system is found during step E) to be different from the initial validation string generated at the second computer system, aborting the transaction; H) developing and storing, at the first computer system, an updated client control file data set which is modified from the previous client control file data set, according to a predetermined modification procedure, based on new information which is specific to the transaction just carried out; I) developing and storing, at the second computer system, an updated client control file data set which is modified from the previous client control file data set, according to the same predetermined modification procedure employed in step H), based on new information which is specific to the transaction just carried out such that the new client control files stored, respectively, in each of the first and second computer systems are identical; J) subsequently, communicating over an insecure communications medium an updated validation string generated from a plurality of client control file data set fields stored in the first computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system, and at least one additional field containing transaction specific information from the first computer system to the second computer system during initiation of a transaction; K) checking, at the second computer system, that the information in the updated validation string received from the first computer system is identical to a counterpart updated validation string generated from a plurality of client control file data set fields stored in the second computer system, at least one of which control file data set fields includes data developed from information which is unique to the hardware comprising the first computer system; L) if the updated validation string received from the first computer system is found during step K) to be identical to the updated validation string generated at the second computer system, carrying out the transaction and going to step J); and M) if the updated validation string received from the first computer system is found during step K) to be different from the updated validation string generated at the second computer system, aborting the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification