Cryptography security for remote dispenser transactions

US 6,078,888 A
Filed: 07/16/1997
Issued: 06/20/2000
Est. Priority Date: 07/16/1997
Status: Expired due to Term

First Claim

Patent Images

1. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:

communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and

cryptography electronics including a key storage;

for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and

adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to providing secure transactions with a tag and POS device associated with a host network authorization system. In doing so, the tag is adapted to bi-directionally communicate with a POS device, preferably a fuel dispenser, which further communicates with a host network to provide authorization of the tag and carry out any desired purchases or transactions. To avoid transmitting data from which valuable account or financial information could be derived, between the tag and POS device or the POS device and the host network system, the invention may maintain all or a majority of account and financial information requiring absolute security only at the host network. Neither the tag nor the POS device has or has access to certain critical financial or account information. The tag also is adapted to communicate with other local sources and the POS device directly. Additional and alternate security is available for these communications. Furthermore, the local sources may need a password to access certain data stored in the tag'"'"'s memory.

406 Citations

114 Claims

1. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device.
- View Dependent Claims (2, 3, 4, 5, 6, 12, 16, 21, 22, 23, 24, 25, 26, 27, 28, 33, 39, 41, 42, 43)
- - 2. The remote transponder of claim 1 wherein said communication electronics includes a transmitter for transmitting data and a receiver for receiving data to provide the remote communications.
  - 3. The remote transponder of claim 2 wherein said communication electronics and said cryptography electronics are electronically coupled, said communication electronics adapted to send data to said cryptography electronics to be encrypted and receive back encrypted data, said communication electronics adapted to send data to said cryptography electronics to be decrypted data wherein said communication electronics transmits and receives encrypted data.
  - 4. The remote transponder of claim 1 wherein said communication electronics and said cryptography electronics are operatively associated with memory.
  - 5. The remote transponder of claim 1 wherein said communication electronics and said cryptography electronics are integrated into a single controller.
  - 6. The remote transponder of claim 1 wherein said cryptography and communication electronics are adapted to encrypt data and transmit the encrypted data to the point-of-sale device wherein the point-of-sale device transmits the encrypted data on to the host.
  - 12. The remote transponder of claim 4 wherein said memory includes a transponder identifier and said communication electronics is adapted to transmit said identifier.
  - 16. The remote transponder of claim 1 wherein said cryptography electronics is further adapted to encrypt the data transmitted to and decrypt data received from the point-of-sale device.
  - 21. The remote transponder of claim 4 wherein said transponder includes a session key to decrypt encrypted data transmitted to the transponder, said session key being different from the main key.
  - 22. The remote transponder of claim 4 wherein said transponder includes a session key to encrypt certain other data transmitted from the transponder.
  - 23. The remote transponder of claim 21 wherein said transponder is adapted to generate and transmit session key data capable of allowing the host to generate said session key.
  - 24. The remote transponder of claim 4 wherein said memory contains transponder identification data, said communication electronics are adapted to receive data from the point-of-sale device, said cryptography electronics are adapted to encrypt the data to form encrypted data, and said communication electronics are adapted to transmit said transponder identification data and said encrypted data wherein said encrypted data and said identification data are ultimately transmitted to the host through the point-of-sale device for authorization.
  - 25. The remote transponder of claim 24 wherein said transponder transmits said encrypted data and said identification data to the point-to-sale device, said data is transmitted to said transponder and the host by the point-of-sale device and the host, and authorization by the host includes encrypting said data to obtain host encrypted data and comparing said encrypted data with the host encrypted data.
  - 26. The remote transponder of claim 25 wherein the host encrypts said data using a key identical to said cryptography key stored at said transponder.
  - 27. The remote transponder of claim 24 wherein said transponder transmits said encrypted data and said identification data to the point-to-sale device, the data is transmitted to said transponder and the host by the point-of-sale device, and authorization by the host includes decrypting said encrypted data to obtain a decrypted encrypted data and comparing said data with the decrypted encrypted data.
  - 28. The remote transponder of claim 25 wherein the host decrypts said encrypted data using a key identical to said cryptography key stored at said transponder.
  - 33. The remote transponder of claim 4 wherein said encryption electronics encrypts or decrypts data according to The Data Encryption Standard (DES).
  - 39. The remote transponder of claim 4 wherein said cryptography electronics includes another cryptography key, said cryptography keys being a main key and a session key stored in memory, said cryptography electronics using said main key to encrypt data for authorization of said transponder and said session key to decrypt data transmitted to said transponder, certain of the data transmitted to said transponder being encrypted with said session key at the host.
  - 41. The remote transponder of claim 4 wherein said cryptography electronics includes another cryptography key, said keys being a main key and a session key, said cryptography and communication electronics operating to transmit first and second encrypted data from said transponder, said first data encrypted with said main key and said second data encrypted with said session key.
  - 42. The remote transponder of claim 41 wherein said first data includes authorization data for determining if said transponder is authorized for use.
  - 43. The remote transponder of claim 41 wherein said second data includes data stored in said memory and ultimately transmitted to and read by the host.

7. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being unknown to said point-of-sale device,wherein said cryptogaphy and communication electronics are adapted to encrypt data and transmit the encrypted data to the point-of-sale device wherein the point-of-sale device transmits the encrypted data on to the host, and wherein said cryptography electronics generates a session key different from the cryptography key for encrypting certain of the data transmitted to the point-of-sale device and on to the host.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The remote transponder of claim 7 wherein said session key is a function of the cryptography key.
  - 9. The remote transponder of claim 7 wherein said cryptography and communication electronics operate to transmit a session key generation signal to the host through the point-of-sale device to enable the host to generate the session key.
  - 10. The remote transponder of claim 7 wherein said electronics include a random number generator to generate a random number, said session key being said random number generation signal.
  - 11. The remote transponder of claim 7 wherein said cryptography electronics uses said session key to decrypt data transmitted to said transponder from the host through the point-of-sale device.

13. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being unknown to said point-of-sale device,wherein said communication electronics are adapted to provide bi-directional communications with local sources in addition to the point-of-sale device.
- View Dependent Claims (14, 15, 17, 18, 19, 20)
- - 14. The remote transponder of claim 13 further comprising a memory associated with said electronics, said communications electronics adapted to receive and store data transmitted from at least one of the local sources in said memory and transmit data stored in said memory to at least one of the local sources in order to allow said transponder to interact with local sources in addition to the point-of-sale device, said memory providing a scratchpad for the local sources to stored and retrieve data as desired when communicating with said transponder.
  - 15. The remote transponder of claim 14 wherein said encryption electronics is adapted to encrypt the data transmitted to and decrypt data received from the local sources.
  - 17. The remote transponder of claim 13 further comprising a memory associated with said electronics, said communications electronics adapted to receive and store data transmitted from at least one of the local sources in said memory and transmit data stored in said memory to the at least one of the local sources, said electronics adapted to receive a password from the at least one of the local sources to allow access to said memory.
  - 18. The remote transponder of claim 13 further comprising a memory associated with said electronics, said communications electronics adapted to receive and store data transmitted from the point-of-sale device in said memory and transmit data stored in said memory to the point-of-sale device, said electronics adapted to receive a password from the point-of-sale device to allow access to said memory for local communications.
  - 19. The remote transponder of claim 13 further comprising a memory associated with said electronics, said communications electronics adapted to receive and store data transmitted from at least one of the local sources and the point-of-sale device in said memory and transmit data stored in said memory to the at least one of the local sources and the point-of-sale device, said cryptography electronics adapted to encrypt and decrypt communications with the host through the point-of-sale device with said cryptography key, and encrypt and decrypt communications with the point-of-sale device with a second cryptography key.
  - 20. The remote transponder of claim 19 wherein said electronics are further adapted to receive a password from the at least one of the local sources to allow access to said memory, said memory providing a scratchpad for the local source to use as desired when communicating with said transponder.

29. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memory and wherein said communications electronics are adapted to receive authorization data from the point-of-sale device, said cryptography electronics are adapted to encrypt the received authorization data and said communication electronics are further adapted to transmit said encrypted received authorization data for host authorization.
- View Dependent Claims (30, 31, 32)
- - 30. The remote transponder of claim 29 wherein said encrypted received authorization data is transmitted to the point-to-sale device, which relays the encrypted received authorization data to the host.
  - 31. The remote transponder of claim 29 wherein said authorization data is a number.
  - 32. The remote transponder of claim 31 wherein said number is a random number generated and transmitted to said transponder by the point of sale device.

34. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host, andcryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein said transponder further includes a transponder random number generator operatively associated with said electronics and adapted to generate transponder random numbers upon receipt of a signal generated by the point-of-sale device.
- View Dependent Claims (35, 36, 37, 38)
- - 35. The remote transponder of claim 34 wherein said cryptography electronics are adapted to encrypt said transponder random number generated by said transponder random number generator to generate a session key for decrypting data transmitted to said transponder and written to said memory.
  - 36. The remote transponder of claim 35 wherein said communication electronics are adapted transmit said transponder random number generated by said random number generator to said point-of-sale device, which relays said transponder generated random number to the host wherein said host generates a key identical to said session key.
  - 37. The remote transponder of claim 35 wherein said cryptography electronics includes logic functions, said logic functions operating on said transponder random number in conjunction with said cryptography electronics to generate said session key.
  - 38. The remote transponder of claim 37 wherein said logic functions include an exclusive-OR function, said cryptography electronics adapted to take the exclusive-OR of said transponder random number and said cryptography key to provide a first output, encrypt said first output with said cryptography key to provide a second output and take the exclusive-OR of said second output and said cryptography key to provide said session key.

40. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein said cryptography electronics includes at least two encryption keys including a main key and a session key, said encrypted data transmitted to said transponder and decrypted as necessary with said session key, said cryptography and communication electronics operating to transmit encrypted data from said transponder for authorization with said main key.

44. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein during decryption of received communications, said cryptography electronics is adapted to take the exclusive-OR of encrypted data received by said communication electronics from the host through the point-of-sale device and a session key, different from said cryptography key, to provide a first result, decrypt said first result using said session key to provide a second result and take the exclusive-OR of said second result and said session key to provide decryption of the encrypted data from the host.

45. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memory and wherein during encryption communications to be transmitted, said cryptography electronics is adapted to take the exclusive-OR of the data to be encrypted and transmitted by said communication electronics to the host through the point-of-sale device and a session key, different from said cryptography key, to provide a first result, encrypt said first result using said session key to provide a second result and take the exclusive-OR of said second result and said session key to provide said encrypted data to be sent to the host.

46. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
  
  cryptography electronics including a key storage;
  
  for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
  
  adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device,wherein said communication electronics and said cryptography electronics are operatively associated with memorya random number generator providing a transponder random number,said cryptography electronics adapted to generate a session key for encrypting data to be transmitted to the host and decrypting data received from the host by said communication electronics by;
  
  a. taking the exclusive-OR of said transponder random number and said cryptography key to provide a first output;
  
  b. encrypting said first output with said cryptography key to provide a second output; and
  
  c. taking the exclusive-OR of said second output and said cryptography key to provide said session key,wherein during decryption of received communications, said cryptography electronics is adapted to decrypt received data by;
  
  a. taking the exclusive-OR of encrypted data received by said communication electronics from the host through the point-of-sale device and said session key to provide a first result,b. decrypting said first result using said session key to provide a second result; and
  
  c. taking the exclusive-OR of said second result and said session key to provide decryption of the encrypted data from the host, andwherein during encryption of data to be transmitted, said cryptography electronics is adapted encrypt said data to be transmitted by;
  
  a. taking the exclusive-OR of encrypted data to be transmitted by said communication electronics to the host through the point-of-sale device and said session key to provide a first result,b. encrypting said first result using said session key to provide a second result; and
  
  c. taking the exclusive-OR of said second result and said session key to provide said encrypted data to be sent to the host.

47. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
- a point-of-sale-device; and
  
  a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications with said point-of-sale device and a local source other than said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data to be transmitted and decrypt data received;
  
  said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host;
  
  said transponder electronics adapted to transmit first data to be received and processed at said point-of-sale device, second data to be received by said point-of-sale device and relayed to the host to be processed and third data to be received and processed at the local source;
  
  said point-of-sale device adapted to relay the second data received from the transponder to the host and certain data received from the host to said transponder.
- View Dependent Claims (48, 49, 50, 51)
- - 48. The system of claim 47 wherein said transponder includes a memory associated with said transponder electronics, said transponder communications electronics adapted to receive and store data transmitted from at least one of the local sources in said memory and transmit data stored in said memory to at least one of the local sources in order to allow said transponder to interact with local sources in addition to the point-of-sale device, said memory providing a scratchpad for the local sources to stored and retrieve data as desired when communicating with said transponder.
  - 49. The system of claim 48 wherein said transponder electronics are further adapted to receive a password from the at least one of the local sources to allow access to said memory.
  - 50. The system of claim 48 wherein said transponder includes a memory associated with said transponder electronics, said transponder communications electronics adapted to receive and store in said memory data transmitted from at least one of the local sources and the point-of-sale device and transmit data stored in said memory to the at least one of the local sources and the point-of-sale device, said transponder having cryptography electronics adapted to encrypt and decrypt said second data with a first cryptography key, and encrypt and decrypt said first data with a second cryptography key, said point-of-sale device further including point-of-sale device cryptography electronics and said second key to encrypt data sent to said transponder and decrypt said first data received from said transponder accordingly.
  - 51. The system of claim 48 wherein said transponder includes a memory associated with said transponder electronics, said transponder communications electronics adapted to receive and store in said memory data transmitted from at least one of the local sources and the point-of-sale device and transmit data stored in said memory to the at least one of the local sources and the point-of-sale device, said transponder having cryptography electronics adapted to encrypt and decrypt said second data with a first cryptography technique, and encrypt and decrypt said first data with a second cryptography technique, said point-of-sale device further including point-of-sale device cryptography electronics to encrypt data sent to said transponder and decrypt said first data received from said transponder with said second cryptography technique.

52. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
- a point-of-sale-device; and
  
  a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and
  
  said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder;
  
  said remote transponder having identification data stored in said memory;
  
  said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host;
  
  said transponder communication electronics adapted to receive said first data;
  
  said cryptography electronics adapted to encrypt said first data to provide encrypted first data;
  
  said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device;
  
  said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true;
  
  said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly,wherein said cryptography electronics use a main key stored in said memory for encrypting and decrypting data, and said main key is stored in said memory of said transponder and at the host but not at said point-of-sale device to enhance security.
- View Dependent Claims (53, 54, 55, 63, 65)
- - 53. The system of claim 52 wherein said point-of-sale device is a fuel dispenser.
  - 54. The system of claim 52 wherein said cryptography electronics use the Data Encryption System (DES) for encrypting and decrypting data.
  - 55. The system of claim 52 wherein said transponder is adapted to never transmit said main key to said point-of-sale system.
  - 63. The system of claim 52 wherein said identification data for said transponder is different from all other transponders.
  - 65. The system of claim 52 wherein said transponder includes a session key to encrypt certain data transmitted from the transponder to the host through said point-of-sale device.

56. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
- a point-of-sale-device; and
  
  a remote transponder including transponder communication electronics, cryptography electronics and memory said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and
  
  said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder;
  
  said remote transponder having identification data stored in said memory;
  
  said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host;
  
  said transponder communication electronics adapted to receive said first data;
  
  said cryptography electronics adapted to encrypt said first data to provide encrypted first data;
  
  said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device;
  
  said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true;
  
  said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly,wherein said point-of-sale device includes a device random number generator for generating a device random number, said device random number being said first data.

57. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
- a point-of-sale-device; and
  
  a remote transponder including transponder communication electronics, cryptogaphy electronics and memory said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and
  
  said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder;
  
  said remote transponder having identification data stored in said memory;
  
  said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host;
  
  said transponder communication electronics adapted to receive said first data;
  
  said cryptogaphy electronics adapted to encrypt said first data to provide encrypted first data;
  
  said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device;
  
  said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true;
  
  said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly,wherein said transponder further includes a transponder random number generator operatively associated with said electronics for generating a transponder random number,said transponder random number generator adapted to generate a transponder random number upon receipt of a said first data from said point-of-sale device,said transponder communication electronics adapted to transmit said transponder random number to said point-to-sale device,said point-of sale device further adapted to transmit said transponder random number to the host,said cryptography electronics adapted to generate a session key for decrypting host data written to said memory, the host data being transmitted from the host to said point-of-sale device and on to said transponder, wherein the host data is encrypted using a host session key identical to said transponder session key and generated using said transponder random number in a manner identical to that in which said cryptography electronics generated said session key.
- View Dependent Claims (58, 59, 60, 61, 62)
- - 58. The system of claim 57 wherein encrypted host data, encrypted using the host session key, is transmitted from the host through said point-of-sale device to said transponder and written to said memory, said cryptography electronics adapted to decrypt said data using said session key.
  - 59. The system of claim 58 wherein a new said session key is generated for each transaction.
  - 60. The system of claim 57 wherein said cryptography electronics is adapted to generate said session key by encrypting a function of said transponder random number using said main encryption key.
  - 61. The system of claim 60 wherein said function includes an exclusive-OR of said main encryption key and said transponder random number.
  - 62. The system of claim 61 wherein said function provides an exclusive-OR of said main encryption key and said transponder random number resulting in a first result, encryption of said first result using said encryption key resulting in a second result, and an exclusive-OR of said second result and said main encryption key resulting in said session key.

64. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
- a point-of-sale-device; and
  
  a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and
  
  said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder;
  
  said remote transponder having identification data stored in said memory;
  
  said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host;
  
  said transponder communication electronics adapted to receive said first data;
  
  said cryptography electronics adapted to encrypt said first data to provide encrypted first data;
  
  said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device;
  
  said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true;
  
  said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly,wherein said transponder includes a session key to decrypt encrypted transaction data transmitted to the transponder from the host and a main key to encrypt said first data, said session key being different from the main key.
- View Dependent Claims (66, 67)
- - 66. The system of claim 64 wherein said transponder is adapted to generate and transmit session key data capable of allowing the host to generate the session key.
  - 67. The system of claim 64 wherein said cryptography electronics is adapted to take the exclusive-OR of encrypted data received by said communication electronics from the host through the point-of-sale device and said session key to provide a first result, decrypt said first result using said session key to provide a second result and take the exclusive-OR of said second result and said session key to provide decryption of the encrypted data from said host.

68. A method of providing secure transaction between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
- (a) generating a first random number at said point-of-sale device and transmitting the first random number to the transponder;
  
  (b) receiving the first random number at the transponder;
  
  (c) encrypting the first random number at the transponder to provide an encrypted first random number;
  
  (d) transmitting the encrypted first random number from the transponder to the point-of-sale device;
  
  (e) receiving the encrypted first random number at the point-of-sale device;
  
  (f) transmitting the encrypted first random number and the first random number to the host for authorization;
  
  (g) receiving the encrypted first random number and the first random number at the host;
  
  (h) comparing the encrypted first random number and the first random number at the host with cryptography electronics;
  
  (i) transmitting an authorization signal to the point-of-sale device if the comparison is true;
  
  (j) transmitting a non-authorization signal to the point-of-sale device if the comparison is false; and
  
  (k) operating the point-of-sale device for a transaction upon receipt of the authorization signal at the point-of-sale device.
- View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
- - 69. The method of claim 68 wherein step (c) further includes encrypting the first random number with a main encryption key and step (h) includes encrypting the first random number with the main encryption key.
  - 70. The method of claim 69 wherein the main encryption key is stored in the transponder and host and is not available to the point-of-sale device.
  - 71. The method of claim 69 wherein the main encryption key is not transmitted between the transponder and host.
  - 72. The method of claim 68 wherein the encrypting of step (c) and the decrypting of step (h) use The Data Encryption Standard (DES) and the main encryption key is a DES key.
  - 73. The method of claim 68 further including the steps of:
    - (l) transmitting identification data from the transponder to the point-of-sale device;
      
      (m) receiving the identification data at the point-of-sale device;
      
      (n) transmitting the identification data to the host;
      
      (o) receiving the identification data at the host; and
      
      (p) determining said main encryption key based on the identification data.
  - 74. The method of claim 73 wherein step (p) includes looking in a table having encryption keys for the main encryption key corresponding to the identification data of the transponder.
  - 75. The method of claim 68 further including the step of writing encrypted data to the transponder from the host through the point-of-sale device.
  - 76. The method of claim 75 further including the step of decrypting the encrypted data written to the transponder with an encryption key.
  - 77. The method of claim 76 wherein the step of decrypting the encrypted data written to the transponder includes the steps of:
    - (1) generating an encryption key at the transponder;
      
      (2) generating the encryption key at the host;
      
      (3) encrypting data at the host using the encryption key;
      
      (4) transmitting the encrypted data to the point-of-sale device;
      
      (5) receiving the encrypted data at the point-of-sale device;
      
      (6) transmitting the encrypted data from the point-of-sale device to the transponder;
      
      (7) receiving the encrypted data at the transponder; and
      
      (8) decrypting the encrypted data at the transponder using the encryption key.
  - 78. The method of claim 77 wherein steps (c) and (h) encrypt and decrypt using a main encryption key.
  - 79. The method of claim 78 wherein the steps (1) and (2) generate a session key different from the main encryption key.
  - 80. The method of claim 79 wherein the session key for steps (1) and (2) are generated using the main encryption key.
  - 81. The method of claim 80 further including the steps of generating a transponder random number at the transponder and transmitting the transponder random number to the point-of-sale device and on to the host and wherein the session key for steps (1) and (2) is further generated as a function of the main encryption key and the transponder random number.
  - 82. The method of claim 81 wherein the steps (1) and (2) include performing an exclusive-OR on the main encryption key and the transponder random number providing a result used to generate the session key.
  - 83. The method of claim 81 wherein the steps (1) and (2) include;
    - (A) performing an exclusive-OR on the main encryption key and the transponder random number providing a first result;
      
      (B) encrypting the first result with the main encryption key to provide a second result; and
      
      (C) performing an exclusive-OR on the main encryption key and the second result providing the session key.
  - 84. The method of claim 81 wherein the steps (1) and (2) include encrypting one of the group consisting of the transponder random number and a function of the transponder random number with the main encryption key providing a result used to generate the session key.
  - 85. The method of claim 81 wherein the steps (1) and (2) include performing a logic function on the main encryption key and the transponder random number providing a result used to generate the session key.
  - 86. The method of claim 68 further including the steps of:
    - (1) transmitting a session key signal to the host through the point-of-sale device wherein the session key signal does not include a session key or the encryption key;
      
      (2) generating the session key at the host using the encryption key signal;
      
      (3) encrypting data with the session key at the transponder to provide encrypted data;
      
      (4) transmitting the encrypted data from the transponder to the host through the point-of-sale device;
      
      (5) receiving the encrypted data at the host; and
      
      (6) decrypting the encrypted data with the session key at the host to provide decrypted data.

87. A method of providing secure transactions between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
- (a) generating a random number at said point-of-sale device and transmitting the first data to the transponder;
  
  (b) receiving the random number at the transponder;
  
  (c) encrypting the random number with an encryption key at the transponder to provide encrypted random number;
  
  (d) transmitting identification data and the encrypted random number from the transponder to the point-of-sale device;
  
  (e) receiving the identification data and the encrypted random number at the point-of-sale device;
  
  (f) transmitting the identification data, the encrypted random number and the authentication data to the host for authorization;
  
  (g) receiving the identification data, the encrypted random number and the random number at the host;
  
  (h) encrypting the random number with the encryption key at the host to provide a host encrypted random number;
  
  (i) comparing the host encrypted random number and the encrypted random number at the host;
  
  (j) transmitting an authorization signal to the point-of-sale device if the encrypted random number and the host encrypted random number are the same;
  
  (k) transmitting a non-authorization signal to the point-of-sale device if the decrypted encrypted random number and the random number are not the same; and
  
  (l) operating the point-of-sale device for a transaction upon receipt of the authorization signal at the point-of-sale device.
- View Dependent Claims (88, 89)
- - 88. The method of claim 87 further including the step of preventing transmission of the encryption key between the point-of-sale device and the host.
  - 89. The method of claim 87 wherein the steps (c) and (h) use The Data Encryption Standard (DES) for the encrypting and the decrypting and the encryption key used for encryption and decryption is a DES key.

90. A method of providing secure transactions between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
- (a) transmitting an encryption key signal to the host through the point-of-sale device wherein the encryption key signal does not include an encryption key;
  
  (b) generating the encryption key at the host using the encryption key signal;
  
  (c) encrypting data with the encryption key at the transponder to provide encrypted data;
  
  (d) transmitting the encrypted data from the transponder to the host through the point-of-sale device;
  
  (e) receiving the encrypted data at the host;
  
  (f) decrypting the encrypted data with the encryption key at the host to provide decrypted data.
- View Dependent Claims (91)
- - 91. The method of claim 90 further including the step of preventing transmission of the encryption key between the point-of-sale device and the host.

92. A secure transaction system comprising:
- (a) plurality of transponders having communication and cryptography electronics adapted to provide remote bi-directional communications and encrypt and decrypt data transmitted to and from each said transponder;
  
  (b) a host having cryptography and communication electronics adapted to provide bi-directional communications and decrypt and encrypt data transmitted to and from said host;
  
  (c) at least one point-of-sale device having a processor and associated communication electronics adapted to provide remote bi-directional communications with said transponders and bi-directional communications with said host;
  
  (d) said processor and communication electronics of said point-of-sale device adapted to relay data transmitted to said point-of-sale device from said transponder to said host and relay data transmitted to said point-of-sale device from said host to said transponder;
  
  (e) said cryptography electronics in said transponder and said host including an identical main cryptography key being unknown at said point-of-sale device and never transmitted to or from said transponder or said host during normal operation; and
  
  (f) wherein certain data transferred between said host and transponder through said point-of-sale device is encrypted and decrypted with said main cryptography key.
- View Dependent Claims (93, 94, 95, 96, 97)
- - 93. The secure transaction system of claim 92 wherein said transponder includes an identifier, said point-of-sale device includes first data and is adapted to transmit said first data to said transponder, said transponder adapted to receive said first data, encrypt said first data with said main cryptography key and transmit said encrypted first data and said identifier to said point-of-sale device, said point-of-sale device adapted to receive said encrypted first data and said identifier from said transponder and further transmit said encrypted first data, said identifier and said first data to said host, said host adapted to receive said encrypted first data, said identifier and said first data, encrypt said first data to provide a host encrypted first data, compare said host encrypted first data with said encrypted first data, and transmit an authorization signal to said point-of-sale device if said host encrypted first data said encrypted first data are equal.
  - 94. The secure transaction system of claim 92 wherein said transponder includes an identifier, said point-of-sale device includes first data and is adapted to transmit said first data to said transponder, said transponder adapted to receive said first data, encrypt said first data with said main cryptography key and transmit said encrypted first data and said identifier to said point-of-sale device, said point-of-sale device adapted to receive said encrypted first data and said identifier from said transponder and further transmit said encrypted first data, said identifier and said first data to said host, said host adapted to receive said encrypted first data, said identifier and said first data, decrypt said encrypted first data to provide a host first data, compare said host first data with said first data, and transmit an authorization signal to said point-of-sale device if said host first data and said first data are equal.
  - 95. The secure transaction system of claim 92 wherein said transponder and said host are both adapted to generate identical session keys, and encrypt and decrypt certain data transmitted between said host and said transponder using said session key.
  - 96. The secure transaction system of claim 93 wherein said main cryptography key is used for transponder authorization and said session key is used for data transfer not involving authorization.
  - 97. The secure transaction system of claim 92 wherein said point-of-sale device is a file dispenser.

98. A transponder for use with remote sources, a fuel dispenser with point-of-sale device and an associated host, said transponder including security and communication electronics associated with a memory, said electronics adapted to provide bi-directional communications having at least two levels of security with one or more of the remote sources, the point-of-sale device, and the host through the point-of-sale device, said electronics adapted to use cryptography with a main key for communications between said transponder and the host through the fuel dispenser point-of-sale device wherein only said transponder and the host store the main key.
- View Dependent Claims (99, 100, 101, 102)
- - 99. The transponder of claim 98 wherein said electronics are adapted to use said cryptography with the main key for authorization of said transponder through the host and use said cryptography with a session key, different from said main key, for communications other than the authorization.
  - 100. The transponder of claim 99 wherein said electronics are adapted to use cryptography with a local key for communications with one of the fuel dispenser point-of-sale device and other remote sources.
  - 101. The transponder of claim 98 wherein said electronics is adapted to provide one of the groups consisting of store data received, read and transmit data or modify data only upon receipt of a password.
  - 102. The transponder of claim 101 wherein said memory includes a plurality of partitions having varying levels of security and a unique password associated with each said partition, said electronics adapted to provide one of said store data, read and transmit data or modify data in each said partition upon receipt of a respective said password.

103. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional remote communications with a point-of-sale device operatively communicating with a host;
  
  cryptography electronics for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device which were encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the host through the point-of-sale device and encrypted communications from the host are sent to said transponder through the point-of-sale device;
  
  a cryptography algorithm running on said cryptography electronics adapted to encrypt certain of the remote communications intended to reach the host through the point-of-sale device and decrypt certain of the remote communications received by the transponder from the host through the point-of-sale device; and
  
  a memory associated with said electronics, said memory having a plurality of memory locations;
  
  said cryptography algorithm encrypting and decrypting communications with a cryptography key stored in the cryptography electronics and the host, said cryptography key being unknown to said point-of-sale device.
- View Dependent Claims (104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
- - 104. The remote transponder of claim 103 wherein said electronics are adapted to store information to certain of said locations only upon authorization from the host.
  - 105. The remote transponder of claim 103 wherein said electronics are adapted to read information from certain of said locations only upon authorization from the host.
  - 106. The remote transponder of claim 103 wherein said electronics are adapted to modify information in certain of said locations only upon authorization from the host.
  - 107. The remote transponder of claim 104 wherein said electronics are adapted to alter the data stored in said certain of said memory locations only upon authorization of said host.
  - 108. The remote transponder of claim 104 wherein said data in said certain of said memory locations is a number and said electronics are adapted to increase or decrease said number based on a command transmitted to said transponder.
  - 109. The remote transponder of claim 108 wherein said electronics are further adapted to increase said number only upon authorization from said host and decrease said number without authorization from said host.
  - 110. The remote transponder of claim 103 where said memory locations include a first memory location and a second memory location, said electronics adapted to(a) store and modify information to said first location only upon authorization from the host, and read and transmit information from said first location without authorization;
    - and(b) store a number to said second location and increase said number only upon authorization from the host, and decrease, read or transmit said number from said second location without authorization.
  - 111. The remote transponder of claim 110 wherein said memory includes a third memory location, said electronics further adapted to store information to said first location only upon authorization from the host, and read and transmit information from said first location without authorization.
  - 112. The remote transponder of claim 111 wherein said memory includes a fourth memory location, said electronics further adapted to store to, read from, and modify information in said fourth location only upon authorization from the host.
  - 113. The remote transponder of claim 103 further including a memory associated with said electronics, said memory having a plurality of memory locations, said electronics adapted to perform operations on said memory locations, said operations including store, read and modify, said electronics adapted to perform certain of said operations on certain of said memory locations only upon authorization from the host and certain of said operations on certain other of said memory locations without authorization from the host.
  - 114. The remote transponder of claim 113 wherein said electronics is adapted to perform said certain of said operations on certain other of said memory locations without authorization from the host upon receiving a command from a source other than the host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gilbarco Incorporated (Vontier Corp.)
Original Assignee
Gilbarco Incorporated (Vontier Corp.)
Inventors
Johnson, William S. Jr.
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Lee, Chinor M.

Application Number

US08/895,417
Time in Patent Office

1,070 Days
Field of Search

380/23, 380/24, 380/28, 380/29, 380/30, 705/13, 705/16, 705/21, 705/1, 705/50, 705/64, 705/67
US Class Current

705/50
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/0855   involving a third party

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/202   Interconnection or interact...

G06Q 20/28   Pre-payment schemes, e.g. "...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G06Q 20/363   with the personal data of a...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/4093   Monitoring of device authen...

G07F 13/025   wherein the volume is deter...

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Cryptography security for remote dispenser transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

406 Citations

114 Claims

Specification

Use Cases

Quick Links

Others

Cryptography security for remote dispenser transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

406 Citations

114 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others