Electronic transaction security method
First Claim
1. A method of conducting electronic credit card transactions so as to guard against fraud, comprising the following steps:
- using a computer program mandated by a credit card issuer, a user of a credit card issued by the credit card issuer (a) initiates a proposed credit card transaction with a third party vendor by accessing via said third party vendor a party authorized by said credit card issuer to validate credit card transactions, and (b) transmits and to said authorized party non-encrypted time-limited information concerning the user and an encrypted personal identification number that comprises in encrypted form a date/time stamp and certain information identifying said user;
said authorized party receives said encrypted time-limited personal identification number and said non-encrypted information and decrypts said encrypted time-limited personal identification number to derive said date/time stamp and said certain information identifying said user;
said authorized party (1) compares said non-encrypted and decrypted information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt of said encrypted date/time stamp and determines if the difference, if any, between said times is within a predetermined time limit required for validating the proposed transaction; and
depending on the determinations made in the forgoing step, said authorizing party (a) rejects said proposed transaction if said user is not verified to be an authorized user or if the difference between said times is not within said predetermined time limit and (b) approves said proposed transaction if said user is verified as an authorized user and the difference between said times is within said predetermined time limit.
1 Assignment
0 Petitions
Accused Products
Abstract
A software-based computer method for limiting the lifetime of an electronic credit card transaction that makes the transmitted credit card information useless when a configurable time limit expires. The method is designed to provide protection for electronic transactions that require use of an identifying key such as a credit card number, with or without an additional unique identifier comprising a sequence of alphanumeric values, such as a PIN, for the purpose of initiating a transaction. The method provides protection by the addition of a transaction-initiated date/time stamp which is included as part of the transmitted transaction information and provides the basis for limiting the amount of time the transaction is valid.
-
Citations
19 Claims
-
1. A method of conducting electronic credit card transactions so as to guard against fraud, comprising the following steps:
-
using a computer program mandated by a credit card issuer, a user of a credit card issued by the credit card issuer (a) initiates a proposed credit card transaction with a third party vendor by accessing via said third party vendor a party authorized by said credit card issuer to validate credit card transactions, and (b) transmits and to said authorized party non-encrypted time-limited information concerning the user and an encrypted personal identification number that comprises in encrypted form a date/time stamp and certain information identifying said user; said authorized party receives said encrypted time-limited personal identification number and said non-encrypted information and decrypts said encrypted time-limited personal identification number to derive said date/time stamp and said certain information identifying said user; said authorized party (1) compares said non-encrypted and decrypted information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt of said encrypted date/time stamp and determines if the difference, if any, between said times is within a predetermined time limit required for validating the proposed transaction; and depending on the determinations made in the forgoing step, said authorizing party (a) rejects said proposed transaction if said user is not verified to be an authorized user or if the difference between said times is not within said predetermined time limit and (b) approves said proposed transaction if said user is verified as an authorized user and the difference between said times is within said predetermined time limit. - View Dependent Claims (17)
-
-
2. A method for authorizing an electronic business transaction by an authorized user, comprising the steps of:
-
(a) storing information about authorized users in a validating system; (b) receiving in the validating system for verification an encrypted time-limited personal identification number which is transmitted in connection with a proposed electronic business transaction at the request of a person who may or may not be an authorized user, said encrypted personal identification number comprising an encrypted date/time stamp and certain encrypted user-identifying information; (c) decrypting said received encrypted personal identification number to retrieve said date/time stamp and said certain encrypted user-identifying information; (d) comparing said decrypted certain user-identifying information with the authorized user information stored in said validating system to verify that said decrypted certain user-identifying information is valid, and rejecting the proposed transaction if said decrypted certain user-identifying information is not valid; and (e) if said decrypted certain user-identifying information is verified as valid, (1) determining from said decrypted time stamp if the age of the proposed transaction is within a predetermined time limit required for validating the transaction, and (2) rejecting the proposed transaction if the age of the proposed transaction is not within said predetermined time limit. - View Dependent Claims (3, 4, 5, 18)
-
-
6. A method of limiting the amount of time information pertaining to a credit card issued by a credit card issuer is valid for use in support of an electronic transaction with a vendor comprising the following steps:
-
A. a credit card user records credit card information required by the vendor, including credit card number, credit card expiration date, and the name of the credit card user; B. said user uses a computer program provided by the credit card issuer or a party acting on behalf of said credit card issuer to provide a date/time stamp representing the current date and time and to generate an encrypted personal identification number that comprises said date/time stamp and at least some of said recorded credit card information; C. said encrypted personal identification number is transmitted from said credit card user via said vendor to a party authorized by the credit card issuer to validate proposed credit card transactions; D. said party authorized by said credit card issuer to validate proposed credit card transactions conducts a validation process that comprises;
(1) decrypting said encrypted personal identification number to retrieve said date/time stamp and said at least some recorded credit card information, (2) determining from said decrypted date/time stamp if the age of the proposed transaction is within a predetermined time limit required for validating the transaction, (3) comparing said decrypted credit card information with previously recorded credit card user information to verify that the party initiating the proposed credit card transaction is an authorized credit card user, and (4) depending on the determinations made in foregoing steps (D)(2) and (D)(3), communicating either a validation or rejection of the proposed transaction to the third party vendor and/or the party who initiated the proposed credit card transaction. - View Dependent Claims (7, 19)
-
-
8. A method for conducting credit card transactions so as to guard against fraud, said method comprising steps as follows:
-
(a) a credit card user who proposes to carry out a credit card transaction with a third party vendor initiates the transaction by accessing a computer program supplied by the credit card issuer or a party acting on behalf of said credit card issuer that is constructed so as to (1) obtain a date/time stamp from a time source and (2) generate a time-limited personal identification number for the credit card user by encrypting said date/time stamp and certain required credit card information identifying the credit card user; (b) said credit card user supplies said certain required credit card information to said computer program and said computer program (a) obtains a date/time stamp and (b) generates a personal identification number comprising said date/time stamp and said certain required credit card information in encrypted form; (c) said personal identification number comprising said date/time stamp and said certain required credit card information in encrypted form is transmitted via said third party vendor to a validating system authorized to validate credit card transactions on behalf of said credit card issuer; (d) said validating system decrypts said personal identification code to derive the time as represented by said decrypted date/time stamp and also said certain required credit card information; (e) said validating system (1) compares said decrypted certain required credit card information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized credit card user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt and determines if the difference, if any, between said times is within a predetermined time limit; and (f) depending on the determinations made in foregoing steps (e)(1) and (e)(2), the validating system communicates either a validation or rejection of the proposed transaction to the third party vendor and/or the party who initiated the proposed credit card transaction. - View Dependent Claims (9, 10, 11)
-
-
12. A method for conducting electronic transactions so as to guard against fraud, said method comprising steps as follows:
-
(a) an entity who wishes to carry out an electronic transaction with a bank initiates the transaction by accessing a computer program supplied by said bank that is constructed so as to (1) obtain a date/time stamp in response to certain required information about the entity proposing to carry out the electronic transaction, and (2) generate a time-limited personal identification number (an “
ePIN”
) by encrypting said date/time stamp and said certain required information, said certain required information including at least an account number or a private personal identification number representing said entity;(b) said entity supplies said certain required information to said computer program and in response said computer program obtains a date/time stamp from a time source and generates an ePIN comprising said date/time stamp and said supplied certain required information; (c) said ePIN is transmitted to and received by said bank or a validating party representing said bank; (d) said receiving bank or validating party decrypts said received ePIN to derive said date/time stamp and said supplied certain required information; (e) said receiving bank or validating party (1) compares said decrypted certain required information with previously recorded information in the possession of said bank or validating party to verify that the entity initiating the proposed transaction is an authorized entity and (2) also determines from said decrypted time stamp if the proposed transaction meets a predetermined time limit; and (f) depending on the determination made in steps (e)(1) and (e)(2), said bank or validating party communicates either a validation or rejection of the proposed transaction to the entity who initiated the proposed credit card transaction. - View Dependent Claims (13)
-
-
14. A method for conducting credit card transactions so as to guard against fraud, said method comprising steps as follows:
-
(a) a credit card user who proposes to carry out a credit card transaction with a credit card issuer or a third party vendor initiates the transaction by accessing a computer program supplied by the credit card issuer or a party acting on behalf of said credit card issuer that is constructed so as to (1) obtain a date/time stamp from a time source and (2) generate a time-limited personal identification number (an “
ePIN”
) by encrypting said date/time stamp and certain required credit card information identifying a credit card user;(b) said credit card user causes said computer program to generate an ePIN characterized by and comprising in encrypted form (1) credit card information provided by said user and (2) a date/time stamp obtained by said computer program in response to accessing of said computer program by said credit card user; (c) said ePIN is transmitted directly or via a third party vendor to a validating system authorized to validate credit card transactions on behalf of said credit card issuer; (d) said validating system decrypts said ePIN to derive the time represented by the decrypted date/time stamp and said credit card information provided by said user; (e) said validating system (1) compares said decrypted credit card information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized credit card user and (2) determines from the decrypted date/time stamp whether the proposed transaction is within a predetermined time limit; and (f) depending on the determinations made in foregoing steps (e)(1) and (e)(2), the validating system communicates to the credit card issuer and the party who initiated the proposed credit card transaction, and also to the third party vendor, if any, either (1) a validation of the proposed transaction if the user is verified to be an authorized credit card user and the proposed transaction is within said predetermined time limit or (2) a rejection of the proposed transaction if the user is not verified to be an authorized credit card user or the proposed transaction is not within said predetermined time limit. - View Dependent Claims (15, 16)
-
Specification