System and method for generating an unpredictable number using a seeded algorithm

US 8,260,722 B2
Filed: 07/14/2011
Issued: 09/04/2012
Est. Priority Date: 07/10/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

determining, by a computer based system for generating a truncated unpredictable number to facilitate securing a transaction and based upon at least one of an account issuer or a merchant system, a proposed maximum value for an unpredictable number;

performing, by the computer based system, a secure hashing algorithm on variable data to produce a message digest, wherein the secure hashing algorithm is configured to produce a digest of at least 16 bytes;

selecting, by the computer based system, at least one of a left-most 16 bytes or a right-most 16 bytes of the message digest to form a random 16-byte value;

creating, by the computer based system, the unpredictable number using the random 16-byte value as an input for a seeded pseudo-random number generator;

truncating, by the computer based system, the unpredictable number to create the truncated unpredictable number, wherein the truncated unpredictable number is limited to the proposed maximum value; and

sending, by the computer based system, the truncated unpredictable number and a cryptogram to an account issuer, wherein the account issuer validates the cryptogram and verifies that the cryptogram includes the truncated unpredictable number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A random number generating algorithm is seeded with an unpredictable number. The seed value is computed by subjecting variable data to a Secure Hashing Algorithm, and truncating the right most, or left most, 16 bytes from the message digest generated. The algorithm generates the unpredictable number by using the seed value as a counter value in the random number generator, and performing a data encryption standard operation. In one exemplary embodiment, the unpredictable number is modified to a predetermined maximum unpredictable number value as determined by the sender and receiver of the unpredictable number.

Citations

18 Claims

1. A method comprising:
- determining, by a computer based system for generating a truncated unpredictable number to facilitate securing a transaction and based upon at least one of an account issuer or a merchant system, a proposed maximum value for an unpredictable number;
  
  performing, by the computer based system, a secure hashing algorithm on variable data to produce a message digest, wherein the secure hashing algorithm is configured to produce a digest of at least 16 bytes;
  
  selecting, by the computer based system, at least one of a left-most 16 bytes or a right-most 16 bytes of the message digest to form a random 16-byte value;
  
  creating, by the computer based system, the unpredictable number using the random 16-byte value as an input for a seeded pseudo-random number generator;
  
  truncating, by the computer based system, the unpredictable number to create the truncated unpredictable number, wherein the truncated unpredictable number is limited to the proposed maximum value; and
  
  sending, by the computer based system, the truncated unpredictable number and a cryptogram to an account issuer, wherein the account issuer validates the cryptogram and verifies that the cryptogram includes the truncated unpredictable number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the computer based system is a Radio Frequency Identification (RFID) reader.
  - 3. The method of claim 1, further comprising obtaining variable data.
  - 4. The method of claim 3, wherein the obtaining the variable data includes receiving at least one of an RFID transaction device identifier, RFID transaction device data, an RFID reader identifier, RFID reader data, transaction request data, a counter value provided by the computer based system, a counter value provided by the RFID transaction device, a time of the transaction, a password related to the RFID transaction device, non-RFID transaction device data, non-RFID reader data, PIN data, loyalty data, inventory data, storage data, financial data, user data, or a number of milliseconds since the RFID reader has processed a most recent transaction.
  - 5. The method of claim 1, wherein the seeded pseudo-random number generator comprises a triple Data Encryption Standard (DES) operation.
  - 6. The method of claim 1, wherein the performing the secure hashing algorithm on the variable data to produce the message digest comprises formatting the message in at least one of magnetic strip format, track 1 format, track 2 format, or track 3 format.
  - 7. The method of claim 1, further comprising:
    - sending, by the computer based system, the truncated unpredictable number to an RFID transaction device; and
      
      receiving, by the computer based system, the cryptogram from the RFID transaction device, wherein the cryptogram includes the truncated unpredictable number.
  - 8. The method of claim 1, wherein the sending the cryptogram and the truncated unpredictable number to the account issuer comprises sending in a magnetic stripe format using an ISO 8583 message.
  - 9. The method of claim 1, wherein the performing the secure hashing algorithm on the variable data comprises using a Radio Frequency Identification (RFID) processor to perform the secure hashing algorithm.
  - 10. The method of claim 1, wherein the performing the secure hashing algorithm on a random set of variable data comprises using Secure Hashing Algorithm SHA-1.

11. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a computer-based system for generating a truncated unpredictable number to facilitate securing a transaction, cause the computer-based system to perform operations comprising:
- determining, by the computer based system and based upon at least one of an account issuer or a merchant system, a proposed maximum value for an unpredictable number;
  
  performing by the computer based system, a secure hashing algorithm on variable data to produce a message digest, wherein the secure hashing algorithm is configured to produce a digest of at least 16 bytes;
  
  selecting, by the computer based system, at least one of a left-most 16 bytes or a right-most 16 bytes of the message digest to form a random 16-byte value;
  
  creating by the computer based system, the unpredictable number using the random 16-byte value as an input for a seeded pseudo-random number generator;
  
  truncating, by the computer based system, the unpredictable number to create the truncated unpredictable number, wherein the truncated unpredictable number is limited to the proposed maximum value; and
  
  sending, by the computer based system, the truncated unpredictable number and a cryptogram to an account issuer, wherein the account issuer validates the cryptogram and verifies that the cryptogram includes the truncated unpredictable number.

12. A system comprising:
- a processor for generating a truncated unpredictable number to facilitate securing a transaction,a tangible, non-transitory memory configured to communicate with the processor,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  determining, by the processor and based upon at least one of an account issuer or a merchant system, a proposed maximum value for an unpredictable number;
  
  performing by the processor, a secure hashing algorithm on variable data to produce a message digest, wherein the secure hashing algorithm is configured to produce a digest of at least 16 bytes;
  
  selecting by the processor, at least one of a left-most 16 bytes or a right-most 16 bytes of the message digest to form a random 16-byte value;
  
  creating, by the processor, the unpredictable number using the random 16-byte value as an input for a seeded pseudo-random number generator;
  
  truncating, by the processor, the unpredictable number to create the truncated unpredictable number, wherein the truncated unpredictable number is limited to the proposed maximum value; and
  
  sending, by the processor, the truncated unpredictable number and a cryptogram to an account issuer, wherein the account issuer validates the cryptogram and verifies that the cryptogram includes the truncated unpredictable number.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, wherein the processor is an Radio Frequency Identification (RFID) reader.
  - 14. The system of claim 12, further comprising obtaining variable data.
  - 15. The system of claim 14, wherein the obtaining the variable data includes receiving at least one of an RFID transaction device identifier, RFID transaction device data, an RFID reader identifier, RFID reader data, transaction request data, a counter value provided by the computer based system, a counter value provided by the RFID transaction device, a time of the transaction, a password related to the RFID transaction device, non-RFID transaction device data, non-RFID reader data, PIN data, loyalty data, inventory data, storage data, financial data, user data, or a number of milliseconds since the RFID reader has processed a most recent transaction.
  - 16. The system of claim 12, wherein the seeded pseudo-random number generator comprises a triple Data Encryption Standard (DES) operation.
  - 17. The system of claim 12, wherein the performing the secure hashing algorithm on the variable data to produce the message digest comprises formatting the message in at least one of magnetic strip format, track 1 format, track 2 format, or track 3 format.
  - 18. The system of claim 12, further comprising:
    - sending, by the computer based system, the truncated unpredictable number to an RFID transaction device; and
      
      receiving, by the computer based system, the cryptogram from the RFID transaction device, wherein the cryptogram includes the truncated unpredictable number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Saunders, Peter D., Peart, Lee J.
Primary Examiner(s)
Coppola, Jacob C.

Application Number

US13/182,678
Publication Number

US 20110270759A1
Time in Patent Office

418 Days
Field of Search

705/75
US Class Current

705/75
CPC Class Codes

G06Q 20/0855   involving a third party

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0662   with particular pseudorando...

H04L 9/3236   using cryptographic hash fu...

System and method for generating an unpredictable number using a seeded algorithm

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for generating an unpredictable number using a seeded algorithm

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links