Cryptography security for remote dispenser transactions
First Claim
1. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
- communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and
cryptography electronics including a key storage;
for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and
adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to providing secure transactions with a tag and POS device associated with a host network authorization system. In doing so, the tag is adapted to bi-directionally communicate with a POS device, preferably a fuel dispenser, which further communicates with a host network to provide authorization of the tag and carry out any desired purchases or transactions. To avoid transmitting data from which valuable account or financial information could be derived, between the tag and POS device or the POS device and the host network system, the invention may maintain all or a majority of account and financial information requiring absolute security only at the host network. Neither the tag nor the POS device has or has access to certain critical financial or account information. The tag also is adapted to communicate with other local sources and the POS device directly. Additional and alternate security is available for these communications. Furthermore, the local sources may need a password to access certain data stored in the tag'"'"'s memory.
406 Citations
114 Claims
-
1. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device. - View Dependent Claims (2, 3, 4, 5, 6, 12, 16, 21, 22, 23, 24, 25, 26, 27, 28, 33, 39, 41, 42, 43)
-
-
7. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being unknown to said point-of-sale device, wherein said cryptogaphy and communication electronics are adapted to encrypt data and transmit the encrypted data to the point-of-sale device wherein the point-of-sale device transmits the encrypted data on to the host, and wherein said cryptography electronics generates a session key different from the cryptography key for encrypting certain of the data transmitted to the point-of-sale device and on to the host. - View Dependent Claims (8, 9, 10, 11)
-
-
13. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being unknown to said point-of-sale device, wherein said communication electronics are adapted to provide bi-directional communications with local sources in addition to the point-of-sale device. - View Dependent Claims (14, 15, 17, 18, 19, 20)
-
-
29. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory and wherein said communications electronics are adapted to receive authorization data from the point-of-sale device, said cryptography electronics are adapted to encrypt the received authorization data and said communication electronics are further adapted to transmit said encrypted received authorization data for host authorization. - View Dependent Claims (30, 31, 32)
-
-
34. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host, and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein said transponder further includes a transponder random number generator operatively associated with said electronics and adapted to generate transponder random numbers upon receipt of a signal generated by the point-of-sale device. - View Dependent Claims (35, 36, 37, 38)
-
-
40. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein said cryptography electronics includes at least two encryption keys including a main key and a session key, said encrypted data transmitted to said transponder and decrypted as necessary with said session key, said cryptography and communication electronics operating to transmit encrypted data from said transponder for authorization with said main key.
-
-
44. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory, and wherein during decryption of received communications, said cryptography electronics is adapted to take the exclusive-OR of encrypted data received by said communication electronics from the host through the point-of-sale device and a session key, different from said cryptography key, to provide a first result, decrypt said first result using said session key to provide a second result and take the exclusive-OR of said second result and said session key to provide decryption of the encrypted data from the host.
-
-
45. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory and wherein during encryption communications to be transmitted, said cryptography electronics is adapted to take the exclusive-OR of the data to be encrypted and transmitted by said communication electronics to the host through the point-of-sale device and a session key, different from said cryptography key, to provide a first result, encrypt said first result using said session key to provide a second result and take the exclusive-OR of said second result and said session key to provide said encrypted data to be sent to the host.
-
-
46. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional, secure, communications with a point-of-sale device that can communicate with a host; and cryptography electronics including a key storage; for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device as encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the point-of-sale device for relay to the host and encrypted communications from the host are relayed to said transponder through the point-of-sale device; and adapted to encrypt remote communications to the point-of-sale device and decrypt remote communications received by the transponder from the point-of-sale device with a cryptography key stored in the key storage, said cryptography key being known by the host and unknown to said point-of-sale device, wherein said communication electronics and said cryptography electronics are operatively associated with memory a random number generator providing a transponder random number, said cryptography electronics adapted to generate a session key for encrypting data to be transmitted to the host and decrypting data received from the host by said communication electronics by; a. taking the exclusive-OR of said transponder random number and said cryptography key to provide a first output; b. encrypting said first output with said cryptography key to provide a second output; and c. taking the exclusive-OR of said second output and said cryptography key to provide said session key, wherein during decryption of received communications, said cryptography electronics is adapted to decrypt received data by; a. taking the exclusive-OR of encrypted data received by said communication electronics from the host through the point-of-sale device and said session key to provide a first result, b. decrypting said first result using said session key to provide a second result; and c. taking the exclusive-OR of said second result and said session key to provide decryption of the encrypted data from the host, and wherein during encryption of data to be transmitted, said cryptography electronics is adapted encrypt said data to be transmitted by; a. taking the exclusive-OR of encrypted data to be transmitted by said communication electronics to the host through the point-of-sale device and said session key to provide a first result, b. encrypting said first result using said session key to provide a second result; and c. taking the exclusive-OR of said second result and said session key to provide said encrypted data to be sent to the host.
-
-
47. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
-
a point-of-sale-device; and a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications with said point-of-sale device and a local source other than said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data to be transmitted and decrypt data received; said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host; said transponder electronics adapted to transmit first data to be received and processed at said point-of-sale device, second data to be received by said point-of-sale device and relayed to the host to be processed and third data to be received and processed at the local source; said point-of-sale device adapted to relay the second data received from the transponder to the host and certain data received from the host to said transponder. - View Dependent Claims (48, 49, 50, 51)
-
-
52. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
-
a point-of-sale-device; and a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder; said remote transponder having identification data stored in said memory; said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host; said transponder communication electronics adapted to receive said first data; said cryptography electronics adapted to encrypt said first data to provide encrypted first data; said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device; said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true; said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly, wherein said cryptography electronics use a main key stored in said memory for encrypting and decrypting data, and said main key is stored in said memory of said transponder and at the host but not at said point-of-sale device to enhance security. - View Dependent Claims (53, 54, 55, 63, 65)
-
-
56. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
-
a point-of-sale-device; and a remote transponder including transponder communication electronics, cryptography electronics and memory said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder; said remote transponder having identification data stored in said memory; said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host; said transponder communication electronics adapted to receive said first data; said cryptography electronics adapted to encrypt said first data to provide encrypted first data; said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device; said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true; said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly, wherein said point-of-sale device includes a device random number generator for generating a device random number, said device random number being said first data.
-
-
57. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
-
a point-of-sale-device; and a remote transponder including transponder communication electronics, cryptogaphy electronics and memory said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder; said remote transponder having identification data stored in said memory; said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host; said transponder communication electronics adapted to receive said first data; said cryptogaphy electronics adapted to encrypt said first data to provide encrypted first data; said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device; said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true; said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly, wherein said transponder further includes a transponder random number generator operatively associated with said electronics for generating a transponder random number, said transponder random number generator adapted to generate a transponder random number upon receipt of a said first data from said point-of-sale device, said transponder communication electronics adapted to transmit said transponder random number to said point-to-sale device, said point-of sale device further adapted to transmit said transponder random number to the host, said cryptography electronics adapted to generate a session key for decrypting host data written to said memory, the host data being transmitted from the host to said point-of-sale device and on to said transponder, wherein the host data is encrypted using a host session key identical to said transponder session key and generated using said transponder random number in a manner identical to that in which said cryptography electronics generated said session key. - View Dependent Claims (58, 59, 60, 61, 62)
-
-
64. A system for providing secure transactions between a remote transponder and a point-of-sale device associated with a host system, said system comprising:
-
a point-of-sale-device; and a remote transponder including transponder communication electronics, cryptography electronics and memory, said communication electronics providing bi-directional communications between said transponder and said point-of-sale device and operatively associated with said cryptography electronics, said cryptography electronics adapted to encrypt data; and said point-of-sale device including point-of-sale communication electronics providing remote bi-directional communications to said transponder and bi-directional communications with a host capable of authorizing use of said transponder; said remote transponder having identification data stored in said memory; said point-of-sale communication electronics adapted to transmit first data to said transponder and to the host; said transponder communication electronics adapted to receive said first data; said cryptography electronics adapted to encrypt said first data to provide encrypted first data; said transponder communication electronics adapted to transmit said encrypted first data and said identification data to said point-of-sale device; said point-of-sale device adapted to transmit said encrypted first data and said identification data received from said transponder to the host wherein said host uses said identification data to control cryptography electronics at the host to compare said first data with said encrypted first data transmitted to the host from the point-of-sale device, the host transmitting an authorization signal to said point-of-sale device if the comparison is true; said point-of-sale device adapted to receive the authorization signal from the host and activate the point of sale device for a transaction accordingly, wherein said transponder includes a session key to decrypt encrypted transaction data transmitted to the transponder from the host and a main key to encrypt said first data, said session key being different from the main key. - View Dependent Claims (66, 67)
-
-
68. A method of providing secure transaction between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
-
(a) generating a first random number at said point-of-sale device and transmitting the first random number to the transponder; (b) receiving the first random number at the transponder; (c) encrypting the first random number at the transponder to provide an encrypted first random number; (d) transmitting the encrypted first random number from the transponder to the point-of-sale device; (e) receiving the encrypted first random number at the point-of-sale device; (f) transmitting the encrypted first random number and the first random number to the host for authorization; (g) receiving the encrypted first random number and the first random number at the host; (h) comparing the encrypted first random number and the first random number at the host with cryptography electronics; (i) transmitting an authorization signal to the point-of-sale device if the comparison is true; (j) transmitting a non-authorization signal to the point-of-sale device if the comparison is false; and (k) operating the point-of-sale device for a transaction upon receipt of the authorization signal at the point-of-sale device. - View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
-
-
87. A method of providing secure transactions between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
-
(a) generating a random number at said point-of-sale device and transmitting the first data to the transponder; (b) receiving the random number at the transponder; (c) encrypting the random number with an encryption key at the transponder to provide encrypted random number; (d) transmitting identification data and the encrypted random number from the transponder to the point-of-sale device; (e) receiving the identification data and the encrypted random number at the point-of-sale device; (f) transmitting the identification data, the encrypted random number and the authentication data to the host for authorization; (g) receiving the identification data, the encrypted random number and the random number at the host; (h) encrypting the random number with the encryption key at the host to provide a host encrypted random number; (i) comparing the host encrypted random number and the encrypted random number at the host; (j) transmitting an authorization signal to the point-of-sale device if the encrypted random number and the host encrypted random number are the same; (k) transmitting a non-authorization signal to the point-of-sale device if the decrypted encrypted random number and the random number are not the same; and (l) operating the point-of-sale device for a transaction upon receipt of the authorization signal at the point-of-sale device. - View Dependent Claims (88, 89)
-
-
90. A method of providing secure transactions between a remote tag having communication and cryptography electronics and a point-of-sale device associated with a host providing transaction authorization, said method comprising:
-
(a) transmitting an encryption key signal to the host through the point-of-sale device wherein the encryption key signal does not include an encryption key; (b) generating the encryption key at the host using the encryption key signal; (c) encrypting data with the encryption key at the transponder to provide encrypted data; (d) transmitting the encrypted data from the transponder to the host through the point-of-sale device; (e) receiving the encrypted data at the host; (f) decrypting the encrypted data with the encryption key at the host to provide decrypted data. - View Dependent Claims (91)
-
-
92. A secure transaction system comprising:
-
(a) plurality of transponders having communication and cryptography electronics adapted to provide remote bi-directional communications and encrypt and decrypt data transmitted to and from each said transponder; (b) a host having cryptography and communication electronics adapted to provide bi-directional communications and decrypt and encrypt data transmitted to and from said host; (c) at least one point-of-sale device having a processor and associated communication electronics adapted to provide remote bi-directional communications with said transponders and bi-directional communications with said host; (d) said processor and communication electronics of said point-of-sale device adapted to relay data transmitted to said point-of-sale device from said transponder to said host and relay data transmitted to said point-of-sale device from said host to said transponder; (e) said cryptography electronics in said transponder and said host including an identical main cryptography key being unknown at said point-of-sale device and never transmitted to or from said transponder or said host during normal operation; and (f) wherein certain data transferred between said host and transponder through said point-of-sale device is encrypted and decrypted with said main cryptography key. - View Dependent Claims (93, 94, 95, 96, 97)
-
- 98. A transponder for use with remote sources, a fuel dispenser with point-of-sale device and an associated host, said transponder including security and communication electronics associated with a memory, said electronics adapted to provide bi-directional communications having at least two levels of security with one or more of the remote sources, the point-of-sale device, and the host through the point-of-sale device, said electronics adapted to use cryptography with a main key for communications between said transponder and the host through the fuel dispenser point-of-sale device wherein only said transponder and the host store the main key.
-
103. A remote transponder providing secure transactions with a host through a point-of-sale device, said transponder comprising:
-
communication electronics for providing wireless, bi-directional remote communications with a point-of-sale device operatively communicating with a host; cryptography electronics for encrypting the remote communications to the point-of-sale device and decrypting the remote communications from the point-of-sale device which were encrypted at the host prior to transmission to the point-of-sale device wherein encrypted communications from said transponder are sent to the host through the point-of-sale device and encrypted communications from the host are sent to said transponder through the point-of-sale device; a cryptography algorithm running on said cryptography electronics adapted to encrypt certain of the remote communications intended to reach the host through the point-of-sale device and decrypt certain of the remote communications received by the transponder from the host through the point-of-sale device; and a memory associated with said electronics, said memory having a plurality of memory locations; said cryptography algorithm encrypting and decrypting communications with a cryptography key stored in the cryptography electronics and the host, said cryptography key being unknown to said point-of-sale device. - View Dependent Claims (104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
-
Specification