Card activation at point of distribution
First Claim
1. A system for securely activating a stored value card at a point of distribution, said system comprising:
- a card dispensing machine that holds stored value cards from an issuer;
a stored value card contained within said card dispensing machine, said stored value card including a stored value, and a card security code arranged to prevent access to said stored value on said card, said card security code being derived from an issuer key;
a secure application module that includes said issuer key, and an encryption module used to derive said card security code from said issuer key;
whereby said card dispensing machine is arranged to retrieve said card security code from said secure application module for presentation to said stored value card, said stored value card then being activated.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure activation of stored value cards at a point of distribution uses a portable activation secure application module (ASAM) within the card dispensing machine to activate each card. Each card has a standard user mode and a security user mode. In the standard user mode the card is activated and ready for use. In the security user mode the card is not active and cannot be used to make a purchase. An issuer supplies an issuer activation key to a card supplier who produces a security code which is stored on a stored value card. Cards are supplied to the issuer in security user mode, and stored in a dispensing machine. The issuer activation key is also relayed to the dispensing machine and stored on the ASAM. Upon purchase by a customer, the issuer activation key is used within the machine by the ASAM to reproduce the security code and to activate a card. An activation control counter (ACC) is stored within the ASAM and is decremented for every attempt at activation of a card. ASAMs are maintained in the field using a dial-up connection to a central computer with a control secure application module (CSAM), or using a field secure application module (FSAM) that is created at a central location using the CSAM. Each FSAM is able to update a limited number of ASAMs. A hierarchy of keys is used by the CSAM, the FSAMs and ASAMs to ensure security.
-
Citations
25 Claims
-
1. A system for securely activating a stored value card at a point of distribution, said system comprising:
-
a card dispensing machine that holds stored value cards from an issuer;
a stored value card contained within said card dispensing machine, said stored value card including a stored value, and a card security code arranged to prevent access to said stored value on said card, said card security code being derived from an issuer key;
a secure application module that includes said issuer key, and an encryption module used to derive said card security code from said issuer key;
whereby said card dispensing machine is arranged to retrieve said card security code from said secure application module for presentation to said stored value card, said stored value card then being activated. - View Dependent Claims (2, 3)
-
-
4. A method for securely activating a stored value card contained within a card olding device, said method comprising:
-
determining whether said stored value card is in a security mode, said stored value card including a card security code;
deriving said card security code using a secure application module and an issuer key;
presenting said derived card security code to said stored value card;
activating said stored value card such that value on said stored value card is available for use; and
dispensing said stored value card from said card holding device. - View Dependent Claims (5, 6, 7)
reading unique information from said stored value card; and
deriving said card security code using said unique information and said issuer key.
-
-
7. A method as recited in claim 4 further comprising:
-
determining whether an activation control counter of said secure application module has reached a limit; and
wherein when it is determined that said activation control counter has reached said limit, aborting said method to activate said stored value card.
-
-
8. A system for securely activating stored value cards at a point of distribution, said system comprising:
-
an issuer of stored value cards, said issuer producing a secret activation key;
a card supplier that receives said secret activation key from said issuer, said card supplier deriving a plurality of card security codes based upon said secret activation key;
a batch of stored value cards produced by said card supplier, each stored value card of said batch having written upon it one of said card security codes derived from said secret activation key, each stored value card further being placed in a security mode such that a value of each card is unavailable for use; and
a secure application module that includes said secret activation key from said issuer, said secure application module being arranged to derive said card security codes using said secret activation key; and
a card dispensing machine that stores said batch of stored value cards and includes said secure application module, said card dispensing machine being arranged to query said secure application module for one of said card security codes and to present said card security code to one of said stored value cards, whereby said stored value card is taken out of said security mode and is available for use. - View Dependent Claims (9, 10)
-
-
11. A system for creating an activation secure module for activating stored value cards, each stored value card being unusable unless presented with a card security code, said system comprising:
-
a database that securely stores an activation key, said activation key being necessary for activating said stored value cards;
a control secure module arranged to securely access said activation key;
an activation secure module arranged to store securely said activation key, and including an encryption module for deriving said card security codes from said activation key;
an activation manager computer in communication with said database, said control secure module and said activation secure module, said activation manager computer being arranged to transfer said activation key from said database via said control secure module to said activation secure module, whereby said activation secure module is capable of producing said card security codes using said activation key. - View Dependent Claims (12, 13, 14)
an activation control counter that limits the number of stored value cards that said activation secure module may activate.
-
-
14. A system as recited in claim 11 wherein said activation secure module further includes:
a zone key that allows secure communication between said activation secure module and said control secure module.
-
15. A method for creating an activation secure module useful for activating stored value cards, said stored value cards each requiring a card security code before their value is accessible, said method comprising:
-
placing an activation manager computer into communication with a control secure module and said activation secure module;
retrieving an activation key from a database using said control secure module, said activation key being necessary for activating said stored value cards;
loading encryption software into said activation secure module to allow said activation secure module to produce said card security codes using said activation key;
transferring said retrieved activation key to said activation secure module, whereby said activation secure module is capable of producing said card security codes using said activation key. - View Dependent Claims (16, 17)
loading a maximum value for an activation control counter into said activation secure module, said activation control counter limiting the number of stored value cards that said activation secure module may activate.
-
-
17. A method as recited in claim 15 further comprising:
loading a zone key into said activation secure module, said zone key allowing secure communication between said activation secure module and said control secure module.
-
18. A system for maintaining in the field an activation secure module useful for activating stored value cards, each stored value card being unusable unless presented with a card security code, said system comprising:
-
a field secure module storing an activation key, said activation key being necessary for activating said stored value cards;
an activation secure module arranged to store securely said activation key, and including an encryption module for deriving said card security codes from said activation key;
a card dispensing machine arranged for storing said stored value cards, said card dispensing machine including said activation secure module, said card dispensing machine being arranged to transfer said activation key from said field secure module to said activation secure module, whereby said activation secure module is capable of producing said card security codes using said activation key. - View Dependent Claims (19, 20, 21)
a control secure module having a master zone key;
a plurality of field secure modules, said control secure module communicating with said field secure modules using field zone keys derived from said master zone key; and
a plurality of sets of activation secure modules, each set of activation secure modules communicating with one of said field secure modules using a zone key derived from one of said field zone keys.
-
-
22. A method for maintaining in the field an activation secure module useful for activating stored value cards, said method comprising:
-
placing a plurality of stored value cards into a card dispensing machine, said stored value cards each requiring a card security code before their value is accessible, said card dispensing machine including an activation secure module;
placing a field secure module into communication with said card dispensing machine, said field secure module including an activation key necessary for activating said stored value cards;
retrieving said activation key from said field secure module; and
transferring said retrieved activation key to said activation secure module, whereby said activation secure module is now able to produce said card security codes using said activation key. - View Dependent Claims (23)
retrieving a new maximum value for an activation control counter from said field secure module; and
resetting said activation control counter of said activation secure module using said retrieved new maximum value, said activation control counter limiting the number of stored value cards that said activation secure module may activate.
-
-
24. A method for maintaining in the field an activation secure module useful for activating stored value cards, said method comprising:
-
initiating a connection over a communications network between an activation computer having a control secure module and a card dispensing machine, said card dispensing machine including a plurality of stored value cards, said stored value cards each requiring a card security code before their value is accessible;
placing said control secure module into communication with an activation secure module of said card dispensing machine, said control secure module including an activation key necessary for activating said stored value cards;
retrieving said activation key from said control secure module; and
transferring said retrieved activation key to said activation secure module over said communications network, whereby said activation secure module is now able to produce said card security codes using said activation key. - View Dependent Claims (25)
retrieving a new maximum value for an activation control counter from said control secure module; and
resetting said activation control counter of said activation secure module using said retrieved new maximum value, said activation control counter limiting the number of stored value cards that said activation secure module may activate.
-
Specification