Method and apparatus for the transfer of sensitive card data over an unsecure computer network

US 6,560,709 B1
Filed: 04/30/1999
Issued: 05/06/2003
Est. Priority Date: 04/30/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for the secure transmission of card data over a computer network, adapted for connecting to a network device, comprising in combination:

a card reader including a card reader input for receiving data obtained from scanning a card, and a card reader output for sending data obtained from scanning a card, wherein scanned card data on the card reader are not readable by the network device;

an encryption circuit configured for encrypting card data, including an encryption input connected to the card reader output and an encryption output;

a data interface including a data interface input connected to the encryption output and a data interface output; and

a communications device including a communications device input connected to the data interface output and a communications device output connected to the computer network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for the secure transmission of credit card data over an Internet connection. The apparatus includes a card reader for reading credit card data and is adapted for connecting to a network device, such as a personal computer. The card data are encrypted in an encryption circuit and transmitted over an Internet connection. The network device is unable to read the card data and so programs running on the network device cannot surreptitiously record the card data and later transmit it to a data thief. The isolation of the network device and the card reader provides for the secure and direct transmission of card data to the intended electronic merchant.

55 Citations

View as Search Results

34 Claims

1. An apparatus for the secure transmission of card data over a computer network, adapted for connecting to a network device, comprising in combination:
- a card reader including a card reader input for receiving data obtained from scanning a card, and a card reader output for sending data obtained from scanning a card, wherein scanned card data on the card reader are not readable by the network device;
  
  an encryption circuit configured for encrypting card data, including an encryption input connected to the card reader output and an encryption output;
  
  a data interface including a data interface input connected to the encryption output and a data interface output; and
  
  a communications device including a communications device input connected to the data interface output and a communications device output connected to the computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The apparatus of claim 1 wherein the data interface is adapted for connecting to the network device.
  - 3. The apparatus of claim 1 wherein the communications device is adapted for connecting to the network device.
  - 4. The apparatus of claim 1 wherein the card reader is a magnetic card reader.
  - 5. The apparatus of claim 1 wherein the card reader is an optical code reader.
  - 6. The apparatus of claim 1 wherein the encryption circuit further comprises a Programmable Logic Device.
  - 7. The apparatus of claim 1 wherein the encryption circuit is firmware on the communications device.
  - 8. The apparatus of claim 1 wherein the network device is a personal computer.
  - 9. The apparatus of claim 1 wherein the communications device is a modem.
  - 10. The apparatus of claim 1 wherein the communications device is any of an Integrated Services Digital Network communications device, Asymmetric Digital Subscriber Line communications device, or Internet Protocol communications device.
  - 11. The apparatus of claim 1 wherein the data interface is a Media Access Control interface.
  - 12. The apparatus of claim 1 wherein the data interface is an Internet Protocol suite interface.
  - 13. The apparatus of claim 1 wherein an encryption technique for the encryption circuit is a Data Encryption Standard technique.
  - 14. The apparatus of claim 1 wherein an encryption technique for the encryption circuit is any of a RSA technique, Secure Electronic Transaction technique, Elliptic Curve Cryptography technique, or secure hashing function technique.
  - 15. The apparatus of claim 1 wherein the communications device is internal to the network device.
  - 16. The apparatus of claim 1 wherein the communications device is external to the network device.
  - 17. The apparatus of claim 1 further comprising the network device.

18. An apparatus for the secure transmission of card data over a computer network, adapted for connecting to a network device, comprising in combination:
- a card reader, including a card reader input and a card reader output, wherein the card reader is adapted to prevent the network device from reading scanned data and adapted to prevent a communications device from reading the scanned data, and wherein the scanned data is received at the card reader input by scanning a card and the scanned data is transmitted at the card reader output;
  
  an encryption circuit configured for encrypting card data, including an encryption input connected to the card reader output and an encryption output, wherein the encryption circuit is adapted to prevent the network device from reading encrypted data;
  
  a data interface including a data interface input connected to the encryption output and a data interface output, wherein the data interface is adapted to prevent the network device from reading interface data; and
  
  a communications device including a communications device input connected to the data interface output and a communications device output connected to the computer network.
- View Dependent Claims (19, 20, 21)
- - 19. The apparatus of claim 18 wherein the card reader is a magnetic card reader.
  - 20. The apparatus of claim 18 wherein the network device is a personal computer.
  - 21. The apparatus of claim 18 wherein the communications device is a modem.

22. A method for the secure transmission of card data over a computer network, comprising the steps of:
- reading card data from an interface device connected to a network device, wherein the card data are not accessible to the network device;
  
  encrypting the card data on the interface device before transmission; and
  
  sending encrypted card data to the computer network;
  
  wherein the encrypted card data are not readable by the network device and are not readable during data transmission.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 22.
  - 24. The method of claim 22 wherein the step of reading card data comprises swiping a card through a card reader.
  - 25. The method of claim 22 wherein the step of encrypting the card data comprises applying the Data Encryption Standard to the card data to encrypt the card data.
  - 26. The method of claim 22 wherein the step of sending encrypted card data comprises sending the encrypted card data in an Internet Protocol packet.
  - 27. The method of claim 22 wherein the step of sending encrypted card data comprises sending the encrypted card data in a Media Access Control frame.

28. A method for the secure transmission of credit card data over an Internet connection, comprising:
- requesting an electronic document written in a markup language on a personal computer;
  
  requesting a secure credit card transaction;
  
  swiping a credit card through a card reader, wherein the credit card data are not accessible to the personal computer;
  
  encrypting the credit card data, wherein encrypted credit card data are not accessible to the personal computer; and
  
  transmitting the encrypted credit card data over the Internet connection.
- View Dependent Claims (29)
- - 29. The method of claim 28 wherein the electronic document is a World Wide Web page.

30. An apparatus for the secure transmission of card data over an Internet connection, adapted for connecting to a personal computer, comprising in combination:
- a magnetic card reader including a magnetic card reader input for receiving data obtained from scanning a magnetic card, and a magnetic card reader output for sending data obtained from scanning a magnetic card, wherein scanned magnetic card data on the magnetic card reader are not readable by the personal computer;
  
  an encryption circuit configured for encrypting magnetic card data, including an encryption input connected to the magnetic card reader output and an encryption output;
  
  an Internet interface including an Internet interface input connected to the encryption output and an Internet interface output; and
  
  a modem including a modem input connected to the Internet interface output and a modem output connected to the Internet connection.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The apparatus of claim 30 wherein the Internet interface is adapted for connecting to the personal computer.
  - 32. The apparatus of claim 30 wherein the modem is adapted for connecting to the personal computer.
  - 33. The apparatus of claim 30 wherein the encryption circuit is firmware on the modem.
  - 34. The apparatus of claim 30 wherein an encryption technique for the encryption circuit is a Data Encryption Standard technique.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Galovich, David J.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/302,518
Time in Patent Office

1,467 Days
Field of Search

713/168, 713/172, 713/179, 713/185, 713/132
US Class Current

713/185
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 21/85 interconnection devices, e....

Method and apparatus for the transfer of sensitive card data over an unsecure computer network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for the transfer of sensitive card data over an unsecure computer network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links