Electronic transaction security method

US 7,107,242 B1
Filed: 11/21/2000
Issued: 09/12/2006
Est. Priority Date: 11/21/2000
Status: Active Grant

First Claim

Patent Images

1. A method of conducting electronic credit card transactions so as to guard against fraud, comprising the following steps:

using a computer program mandated by a credit card issuer, a user of a credit card issued by the credit card issuer (a) initiates a proposed credit card transaction with a third party vendor by accessing via said third party vendor a party authorized by said credit card issuer to validate credit card transactions, and (b) transmits and to said authorized party non-encrypted time-limited information concerning the user and an encrypted personal identification number that comprises in encrypted form a date/time stamp and certain information identifying said user;

said authorized party receives said encrypted time-limited personal identification number and said non-encrypted information and decrypts said encrypted time-limited personal identification number to derive said date/time stamp and said certain information identifying said user;

said authorized party (1) compares said non-encrypted and decrypted information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt of said encrypted date/time stamp and determines if the difference, if any, between said times is within a predetermined time limit required for validating the proposed transaction; and

depending on the determinations made in the forgoing step, said authorizing party (a) rejects said proposed transaction if said user is not verified to be an authorized user or if the difference between said times is not within said predetermined time limit and (b) approves said proposed transaction if said user is verified as an authorized user and the difference between said times is within said predetermined time limit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software-based computer method for limiting the lifetime of an electronic credit card transaction that makes the transmitted credit card information useless when a configurable time limit expires. The method is designed to provide protection for electronic transactions that require use of an identifying key such as a credit card number, with or without an additional unique identifier comprising a sequence of alphanumeric values, such as a PIN, for the purpose of initiating a transaction. The method provides protection by the addition of a transaction-initiated date/time stamp which is included as part of the transmitted transaction information and provides the basis for limiting the amount of time the transaction is valid.

Citations

19 Claims

1. A method of conducting electronic credit card transactions so as to guard against fraud, comprising the following steps:
- using a computer program mandated by a credit card issuer, a user of a credit card issued by the credit card issuer (a) initiates a proposed credit card transaction with a third party vendor by accessing via said third party vendor a party authorized by said credit card issuer to validate credit card transactions, and (b) transmits and to said authorized party non-encrypted time-limited information concerning the user and an encrypted personal identification number that comprises in encrypted form a date/time stamp and certain information identifying said user;
  
  said authorized party receives said encrypted time-limited personal identification number and said non-encrypted information and decrypts said encrypted time-limited personal identification number to derive said date/time stamp and said certain information identifying said user;
  
  said authorized party (1) compares said non-encrypted and decrypted information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt of said encrypted date/time stamp and determines if the difference, if any, between said times is within a predetermined time limit required for validating the proposed transaction; and
  
  depending on the determinations made in the forgoing step, said authorizing party (a) rejects said proposed transaction if said user is not verified to be an authorized user or if the difference between said times is not within said predetermined time limit and (b) approves said proposed transaction if said user is verified as an authorized user and the difference between said times is within said predetermined time limit.
- View Dependent Claims (17)
- - 17. A method according to claim 1 wherein said computer program is installed on a personal computer containing a browser, and said encrypted personal identification number is transmitted to said authorized party via the internet using said browser.

2. A method for authorizing an electronic business transaction by an authorized user, comprising the steps of:
- (a) storing information about authorized users in a validating system;
  
  (b) receiving in the validating system for verification an encrypted time-limited personal identification number which is transmitted in connection with a proposed electronic business transaction at the request of a person who may or may not be an authorized user, said encrypted personal identification number comprising an encrypted date/time stamp and certain encrypted user-identifying information;
  
  (c) decrypting said received encrypted personal identification number to retrieve said date/time stamp and said certain encrypted user-identifying information;
  
  (d) comparing said decrypted certain user-identifying information with the authorized user information stored in said validating system to verify that said decrypted certain user-identifying information is valid, and rejecting the proposed transaction if said decrypted certain user-identifying information is not valid; and
  
  (e) if said decrypted certain user-identifying information is verified as valid, (1) determining from said decrypted time stamp if the age of the proposed transaction is within a predetermined time limit required for validating the transaction, and (2) rejecting the proposed transaction if the age of the proposed transaction is not within said predetermined time limit.
- View Dependent Claims (3, 4, 5, 18)
- - 3. The method of claim 2 wherein said electronic transaction is a credit card transaction, and said certain user-identifying information comprises a credit card account designation.
  - 4. The method of claim 2 wherein said encrypted code received by said validating system is transmitted to said validating system via a third party vendor, and, further wherein rejection or authorization of said proposed transaction is communicated by said validating system to said vendor.
  - 5. The method of claim 2 wherein said encrypted personal identification number includes a public key and a private key.
  - 18. A method according to claim 2 wherein said validating system receives said time-limited personal identification number via the internet.

6. A method of limiting the amount of time information pertaining to a credit card issued by a credit card issuer is valid for use in support of an electronic transaction with a vendor comprising the following steps:
- A. a credit card user records credit card information required by the vendor, including credit card number, credit card expiration date, and the name of the credit card user;
  
  B. said user uses a computer program provided by the credit card issuer or a party acting on behalf of said credit card issuer to provide a date/time stamp representing the current date and time and to generate an encrypted personal identification number that comprises said date/time stamp and at least some of said recorded credit card information;
  
  C. said encrypted personal identification number is transmitted from said credit card user via said vendor to a party authorized by the credit card issuer to validate proposed credit card transactions;
  
  D. said party authorized by said credit card issuer to validate proposed credit card transactions conducts a validation process that comprises;
  
  (1) decrypting said encrypted personal identification number to retrieve said date/time stamp and said at least some recorded credit card information, (2) determining from said decrypted date/time stamp if the age of the proposed transaction is within a predetermined time limit required for validating the transaction, (3) comparing said decrypted credit card information with previously recorded credit card user information to verify that the party initiating the proposed credit card transaction is an authorized credit card user, and (4) depending on the determinations made in foregoing steps (D)(2) and (D)(3), communicating either a validation or rejection of the proposed transaction to the third party vendor and/or the party who initiated the proposed credit card transaction.
- View Dependent Claims (7, 19)
- - 7. A method according to claim 6 wherein step B includes encryption of said credit card number.
  - 19. A method according to claim 6 wherein said computer program is installed on a personal computer and said encrypted personal identification number is transmitted from said computer via said vendor to said party authorized by the credit card issuer to validate proposed credit card transactions.

8. A method for conducting credit card transactions so as to guard against fraud, said method comprising steps as follows:
- (a) a credit card user who proposes to carry out a credit card transaction with a third party vendor initiates the transaction by accessing a computer program supplied by the credit card issuer or a party acting on behalf of said credit card issuer that is constructed so as to (1) obtain a date/time stamp from a time source and (2) generate a time-limited personal identification number for the credit card user by encrypting said date/time stamp and certain required credit card information identifying the credit card user;
  
  (b) said credit card user supplies said certain required credit card information to said computer program and said computer program (a) obtains a date/time stamp and (b) generates a personal identification number comprising said date/time stamp and said certain required credit card information in encrypted form;
  
  (c) said personal identification number comprising said date/time stamp and said certain required credit card information in encrypted form is transmitted via said third party vendor to a validating system authorized to validate credit card transactions on behalf of said credit card issuer;
  
  (d) said validating system decrypts said personal identification code to derive the time as represented by said decrypted date/time stamp and also said certain required credit card information;
  
  (e) said validating system (1) compares said decrypted certain required credit card information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized credit card user and (2) also compares the current transaction time represented by said decrypted date/time stamp with the time of its receipt and determines if the difference, if any, between said times is within a predetermined time limit; and
  
  (f) depending on the determinations made in foregoing steps (e)(1) and (e)(2), the validating system communicates either a validation or rejection of the proposed transaction to the third party vendor and/or the party who initiated the proposed credit card transaction.
- View Dependent Claims (9, 10, 11)
- - 9. A method according to claim 8 wherein said certain required information includes a credit card number and/or a private key number.
  - 10. A method according to claim 8 wherein said computer program is installed on a computer containing a browser, and step (c) is conducted via the internet using said browser.
  - 11. A method according to claim 8 wherein said computer program is installed on a remote server and is accessed by said credit card user.

12. A method for conducting electronic transactions so as to guard against fraud, said method comprising steps as follows:
- (a) an entity who wishes to carry out an electronic transaction with a bank initiates the transaction by accessing a computer program supplied by said bank that is constructed so as to (1) obtain a date/time stamp in response to certain required information about the entity proposing to carry out the electronic transaction, and (2) generate a time-limited personal identification number (an “
  
  ePIN”
  
  ) by encrypting said date/time stamp and said certain required information, said certain required information including at least an account number or a private personal identification number representing said entity;
  
  (b) said entity supplies said certain required information to said computer program and in response said computer program obtains a date/time stamp from a time source and generates an ePIN comprising said date/time stamp and said supplied certain required information;
  
  (c) said ePIN is transmitted to and received by said bank or a validating party representing said bank;
  
  (d) said receiving bank or validating party decrypts said received ePIN to derive said date/time stamp and said supplied certain required information;
  
  (e) said receiving bank or validating party (1) compares said decrypted certain required information with previously recorded information in the possession of said bank or validating party to verify that the entity initiating the proposed transaction is an authorized entity and (2) also determines from said decrypted time stamp if the proposed transaction meets a predetermined time limit; and
  
  (f) depending on the determination made in steps (e)(1) and (e)(2), said bank or validating party communicates either a validation or rejection of the proposed transaction to the entity who initiated the proposed credit card transaction.
- View Dependent Claims (13)
- - 13. A method according to claim 12 wherein in step (c) said ePIN is transmitted to and received by said validating party, steps (e)(1) and (e)(2) are carried out by the validating party, and in step (f) the validating party communicates said validation or rejection of the proposed transaction to said bank.

14. A method for conducting credit card transactions so as to guard against fraud, said method comprising steps as follows:
- (a) a credit card user who proposes to carry out a credit card transaction with a credit card issuer or a third party vendor initiates the transaction by accessing a computer program supplied by the credit card issuer or a party acting on behalf of said credit card issuer that is constructed so as to (1) obtain a date/time stamp from a time source and (2) generate a time-limited personal identification number (an “
  
  ePIN”
  
  ) by encrypting said date/time stamp and certain required credit card information identifying a credit card user;
  
  (b) said credit card user causes said computer program to generate an ePIN characterized by and comprising in encrypted form (1) credit card information provided by said user and (2) a date/time stamp obtained by said computer program in response to accessing of said computer program by said credit card user;
  
  (c) said ePIN is transmitted directly or via a third party vendor to a validating system authorized to validate credit card transactions on behalf of said credit card issuer;
  
  (d) said validating system decrypts said ePIN to derive the time represented by the decrypted date/time stamp and said credit card information provided by said user;
  
  (e) said validating system (1) compares said decrypted credit card information with previously recorded user information to verify that the user initiating the proposed transaction is an authorized credit card user and (2) determines from the decrypted date/time stamp whether the proposed transaction is within a predetermined time limit; and
  
  (f) depending on the determinations made in foregoing steps (e)(1) and (e)(2), the validating system communicates to the credit card issuer and the party who initiated the proposed credit card transaction, and also to the third party vendor, if any, either (1) a validation of the proposed transaction if the user is verified to be an authorized credit card user and the proposed transaction is within said predetermined time limit or (2) a rejection of the proposed transaction if the user is not verified to be an authorized credit card user or the proposed transaction is not within said predetermined time limit.
- View Dependent Claims (15, 16)
- - 15. A method according to claim 14 wherein said ePIN comprises in encrypted form a credit card number and also a non-public personal identification code.
  - 16. A method according to claim 14 wherein step (c) also includes transmitting to the validating system other non-encrypted information relating to the identity of the party who initiates the transaction and/or to the subject matter of the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Miri Systems LLC
Original Assignee
Paul E. Vasil, Ronald W. Sandstorm
Inventors
Vasil, Paul E., Sandstorm, Ronald W.
Primary Examiner(s)
Bashore, Alain L.

Application Number

US09/718,179
Time in Patent Office

2,121 Days
Field of Search

705/35, 705/39, 705/44
US Class Current

705/39
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 40/00   Finance; Insurance; Tax str...

Electronic transaction security method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic transaction security method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links