Card reader for use with web based transactions

US 7,673,799 B2
Filed: 01/25/2008
Issued: 03/09/2010
Est. Priority Date: 01/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a secure connection between a card reader and a server, the method comprising:

receiving, at the card reader, a first challenge request;

generating, at the card reader, a response to the first challenge request using a first encryption key;

sending, from the card reader, the response to the first challenge request;

sending, from the card reader, a second challenge request to the server;

receiving, at the card reader, an encrypted response to the second challenge request;

verifying, at the card reader, the encrypted response to the second challenge request; and

if the encrypted response is verified;

reading data card information from a data card, the data card information comprising an intrinsic magnetic characteristic and recorded data on the data card;

generating, at the card reader, a magnetic fingerprint based on the intrinsic magnetic characteristic; and

sending, from the card reader, the magnetic fingerprint to authenticate the data card.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A card reader for use in web based transactions is provided. In one embodiment, the invention relates to a method for establishing a secure connection between a card reader and a server, the method including receiving a first challenge request, generating a response to the first challenge request using a first encryption key, sending the response to the first challenge request, sending a second challenge request, receiving an encrypted response to the second challenge request, verifying the encrypted response to the second challenge request; and, if the encrypted response is verified, reading data card information from a data card, the data card information including an intrinsic magnetic characteristic and recorded data on the data card, generating a magnetic fingerprint based on the intrinsic magnetic characteristic, and sending the magnetic fingerprint to authenticate the data card.

Citations

38 Claims

1. A method for establishing a secure connection between a card reader and a server, the method comprising:
- receiving, at the card reader, a first challenge request;
  
  generating, at the card reader, a response to the first challenge request using a first encryption key;
  
  sending, from the card reader, the response to the first challenge request;
  
  sending, from the card reader, a second challenge request to the server;
  
  receiving, at the card reader, an encrypted response to the second challenge request;
  
  verifying, at the card reader, the encrypted response to the second challenge request; and
  
  if the encrypted response is verified;
  
  reading data card information from a data card, the data card information comprising an intrinsic magnetic characteristic and recorded data on the data card;
  
  generating, at the card reader, a magnetic fingerprint based on the intrinsic magnetic characteristic; and
  
  sending, from the card reader, the magnetic fingerprint to authenticate the data card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - generating, at the server, the first challenge request;
      
      sending, from the server, the first challenge request;
      
      receiving, at the server, the response to the first challenge request;
      
      verifying, at the server, the response to the first challenge request using the first encryption key; and
      
      if the response to the first challenge request is verified;
      
      receiving, at the server, the second challenge request;
      
      generating, at the server, the response to the second challenge request using a second encryption key; and
      
      sending, from the server, the response to the second challenge request.
  - 3. The method of claim 2, further comprising:
    - if the response to the second challenge is verified;
      
      receiving, at the server, the magnetic fingerprint;
      
      generating, at the server, a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint; and
      
      determining, at the server, the authenticity of the data card based upon the score.
  - 4. The method of claim 1, further comprising:
    - generating, at a website server, the first challenge request;
      
      sending, at the website server, the first challenge request;
      
      receiving, at the website server, the response to the first challenge request;
      
      verifying, at the website server, the response to the first challenge request using the first encryption key; and
      
      if the response to the first challenge request is verified;
      
      receiving, at an authentication server, the second challenge request;
      
      generating, at the authentication server, the response to the second challenge request using a second encryption key; and
      
      sending, at the authentication server, the response to the second challenge request.
  - 5. The method of claim 4, further comprising:
    - if the response to the first challenge request is verified;
      
      receiving, at the authentication server, the magnetic fingerprint;
      
      generating, at the authentication server, a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint; and
      
      determining, at the website server, the authenticity of the data card based upon the score.
  - 6. The method of claim 4, further comprising:
    - if the response to the first challenge request is verified;
      
      receiving, at the authentication server, the magnetic fingerprint;
      
      generating, at the authentication server, a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint; and
      
      determining, at the card reader, the authenticity of the data card based upon the score.
  - 7. The method of claim 1:
    - wherein the generation of the response to the first challenge request using the first encryption key comprises encrypting the first challenge request using the first encryption key;
      
      wherein the verification of the encrypted response to the second challenge request comprises;
      
      decrypting the encrypted response to the second challenge request using a second encryption key; and
      
      comparing the decrypted response to the second challenge request with the second challenge request.
  - 8. The method of claim 1, further comprising:
    - if the encrypted response is verified;
      
      encrypting at least a portion of the recorded data;
      
      encrypting the magnetic fingerprint;
      
      receiving data associated with a data card transaction;
      
      encrypting at least a portion of the transaction data;
      
      sending the encrypted portion of the recorded data; and
      
      sending the transaction data;
      
      wherein the sending the magnetic fingerprint to authenticate the data card comprises sending the encrypted magnetic fingerprint.
  - 9. The method of claim 8, further comprising:
    - masking a portion of the recorded data where at least one masking character is determined using a “
      
      mod 10”
      
      algorithm; and
      
      sending the masked portion and an unmasked portion of the recorded data.
  - 10. The method of claim 8, further comprising:
    - receiving a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint; and
      
      determining the authenticity of the data card based upon the score.
  - 11. The method of claim 8, wherein the card reader comprises a point of sale terminal and a magnetic stripe card reader.
  - 12. The method of claim 1, wherein the card reader comprises a sensor at least partially enclosed within a housing, the sensor coupled to a processor, the processor located within the housing, for:
    - receiving the first challenge request;
      
      generating the response to the first challenge request using the first encryption key;
      
      sending the response to the first challenge request;
      
      sending the second challenge request;
      
      receiving the encrypted response to the second challenge request;
      
      verifying the encrypted response to the second challenge request; and
      
      if the encrypted response is verified;
      
      reading the data card information from the data card, the data card information comprising an intrinsic magnetic characteristic and recorded data on the data card;
      
      generating the magnetic fingerprint based on the intrinsic magnetic characteristic; and
      
      sending the magnetic fingerprint to authenticate the data card.
  - 13. The method of claim 1, further comprising, if the response to the second challenge is verified, providing an indicator indicative of verification of the response to the second challenge.
  - 14. The method of claim 13, wherein the indicator is any of a light emitting diode, a sound generator and a tactile device.
  - 15. The method of claim 1, wherein the intrinsic magnetic characteristic is a remanent noise characteristic.
  - 16. The method of claim 1, further comprising:
    - receiving input from an input device;
      
      transmitting information indicative of the input received from the input device;
      
      receiving an instruction to encrypt the information received from the input device; and
      
      transmitting information indicative of the encrypted information.
  - 17. The method of claim 1, further comprising enabling encryption key loading from a remote device.
  - 18. The method of claim 17, wherein the enabling encryption key loading from a remote device comprises using a manufacturing encryption key known to both the card reader and the remote device to load at least one encryption key.
  - 19. The method of claim 1, wherein the server comprises a website server and an authentication server.

20. A system for establishing a secure connection between a card reader and a server, the system comprising:
- the card reader comprising;
  
  a read head configured to read data card information from a data card, the data card information comprising an intrinsic magnetic characteristic and recorded data on the data card; and
  
  a processor coupled to the read head, the processor configured to;
  
  receive a first challenge request;
  
  generate a response to the first challenge request using a first encryption key;
  
  send the response to the first challenge request;
  
  send a second challenge request;
  
  receive an encrypted response to the second challenge request;
  
  verify the encrypted response to the second challenge request;
  
  generate, if the encrypted response is verified, a magnetic fingerprint based on the intrinsic magnetic characteristic; and
  
  send the magnetic fingerprint.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 21. The system of claim 20, further comprising:
    - a website server configured to;
      
      generate the first challenge request;
      
      send the first challenge request to the card reader;
      
      receive the response to the first challenge request; and
      
      verify the response to the first challenge request using the first encryption key; and
      
      an authentication server configured to;
      
      receive the second challenge request from the card reader;
      
      generate the response to the second challenge request using a second encryption key; and
      
      send the response to the second challenge request.
  - 22. The system of claim 21, wherein the authentication server is further configured to:
    - receive the magnetic fingerprint; and
      
      generate a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint.
  - 23. The system of claim 22, wherein the website server is configured to determine an authenticity of the data card based upon the score.
  - 24. The system of claim 22, wherein the card reader is configured to determine an authenticity of the data card based upon the score.
  - 25. The system of claim 20, wherein the processor is further configured to:
    - encrypt the response to the first challenge request using the first encryption key;
      
      decrypt the encrypted response to the second challenge request using a second encryption key; and
      
      compare the decrypted response to the second challenge request with the second challenge request.
  - 26. The system of claim 20, wherein the processor is further configure to:
    - encrypt at least a portion of the recorded data;
      
      encrypt the magnetic fingerprint;
      
      receive data associated with a data card transaction;
      
      encrypt at least a portion of the transaction data;
      
      send the encrypted at least a portion of the recorded data; and
      
      send the transaction data.
  - 27. The system of claim 26, wherein the processor is further configured to:
    - mask a portion of the recorded data where at least one masking character is determined using a “
      
      mod 10”
      
      algorithm; and
      
      send the masked portion and an unmasked portion of the recorded data.
  - 28. The system of claim 20:
    - wherein the read head includes a tamper resistant housing which, at least partially, encloses the read head; and
      
      wherein the processor is located within the tamper resistant housing.
  - 29. The system of claim 20, further comprising an indicator coupled to the processor, the indicator configured to indicate verification of the response to the second challenge.
  - 30. The system of claim 29, wherein the indicator is any of a light emitting diode, a sound generator and a tactile device.
  - 31. The system of claim 20, wherein the intrinsic magnetic characteristic is a remanent noise characteristic.
  - 32. The system of claim 20, wherein card reader further comprises:
    - an input configured to receive information from an input device;
      
      an input configured to receive instructions from an external device; and
      
      an output configured to transmit information to the external device;
      
      wherein the processor is configured to encrypt at least a portion of the information received from the input device and provide the encrypted information and at least a portion of any unencrypted information to the external device.
  - 33. The system of claim 20, further comprising enabling encryption key loading from a remote device.
  - 34. The system of claim 33, wherein the enabling encryption key loading from a remote device comprises using a manufacturing encryption key known to both the card reader and the remote device to load at least one encryption key.

35. A method for establishing a secure connection between a card reader and a server, the method comprising:
- receiving, at the server, a challenge request generated by the card reader;
  
  decrypting, at the server, the challenge request using a first encryption key;
  
  generating, at the server, a response to the challenge request of the card reader using a second encryption key;
  
  sending, from the server, the response to the challenge request;
  
  receiving, at the server, an encrypted magnetic fingerprint;
  
  decrypting, at the server, the encrypted magnetic fingerprint;
  
  generating, at the server, a score indicative of a degree of correlation between the magnetic fingerprint and a reference magnetic fingerprint; and
  
  sending, from the server, the score.
- View Dependent Claims (36, 37, 38)
- - 36. The method of claim 35, wherein the server comprises a website server.
  - 37. The method of claim 35, wherein the server comprises an authentication server.
  - 38. The method of claim 35, wherein the server comprises a website server and an authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Magtek Incorporated
Original Assignee
Magtek Incorporated
Inventors
Hart, Annmarie D., Meyers, Lawrence R., Benson, Terrence R.
Primary Examiner(s)
Lee; Michael G
Assistant Examiner(s)
CHEDEKEL, TABITHA F

Application Number

US12/011,301
Publication Number

US 20080179401A1
Time in Patent Office

774 Days
Field of Search

235/449
US Class Current

235/449
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3567   Software being in the reader

G06Q 20/40975   using encryption therefor

G07C 9/257   electronically G07C9/26 tak...

G07F 7/08   by coded identity card or c...

G07F 7/0813   Specific details related to...

G07F 7/084   Additional components relat...

G07F 7/0893   the card reader reading the...

G07F 7/1008   Active credit-cards provide...

G07F 7/122   Online card verification

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3273   for mutual authentication n...

Card reader for use with web based transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Card reader for use with web based transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links