Method and system for securing data fields

US 9,070,129 B2
Filed: 09/02/2008
Issued: 06/30/2015
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. In a payment processing system for a plurality of transactions each characterized by a merchant and an account holder engaging in the transaction upon an account that an issuer issues to the account holder, wherein a transaction handler both processes the transaction for the merchant and processes other said transactions for other merchants, each said merchant submitting the corresponding said transaction to a corresponding acquirer for processing by the transaction handler who requests the issuer of the corresponding said account to obtain payment for the corresponding said transaction from the corresponding said account and for which the issuer forwards the payment to the transaction handler who forwards the payment to the acquirer to pay the merchant for the corresponding said transaction, a method comprising:

retrieving one said account at a Point of Service terminal (POS) of one said merchant to conduct one said transaction with the account holder associated with the one said account, wherein the one said transaction includes transaction data of one or more fields at least one of which is a sensitive data field having a plurality of characters of a predetermined character set, the plurality of characters comprising an account number;

generating, by the Point of Service terminal, a generated pad, wherein the generated pad is an arbitrary set of characters that is used to encrypt and decrypt the account number;

for each said character in each sensitive data field on a character by character basis;

forming, by the Point of Service terminal, a combined character from the character of the sensitive data field, taken alone, and a character of the generated pad;

forming, by the Point of Service terminal, a replacement character by performing a modulus operation on the combined character; and

storing, by the Point of Service terminal, the replacement character in the position of a corresponding character in the sensitive data field;

forming, by the Point of Service terminal, a transmission for delivery to a corresponding acquirer computer of said acquirer and containing the transaction data with the at least one said sensitive data field; and

transmitting, by the Point of Service terminal, the transmission to the acquirer computer and then to a transaction handler computer of the transaction handler.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A merchant conducting a transaction on an account forms transaction data with a sensitive data field. To obscure the account prior to transmitting information about the transaction, for each character in the sensitive data field, a combined character is formed with a character of a generated pad. A replacement character is formed by a modulus operation on the combined character and is stored in the corresponding position in the sensitive data field. A transmission containing the sensitive data field with replacement characters is delivered to the merchant'"'"'s acquirer.

Citations

21 Claims

1. In a payment processing system for a plurality of transactions each characterized by a merchant and an account holder engaging in the transaction upon an account that an issuer issues to the account holder, wherein a transaction handler both processes the transaction for the merchant and processes other said transactions for other merchants, each said merchant submitting the corresponding said transaction to a corresponding acquirer for processing by the transaction handler who requests the issuer of the corresponding said account to obtain payment for the corresponding said transaction from the corresponding said account and for which the issuer forwards the payment to the transaction handler who forwards the payment to the acquirer to pay the merchant for the corresponding said transaction, a method comprising:
- retrieving one said account at a Point of Service terminal (POS) of one said merchant to conduct one said transaction with the account holder associated with the one said account, wherein the one said transaction includes transaction data of one or more fields at least one of which is a sensitive data field having a plurality of characters of a predetermined character set, the plurality of characters comprising an account number;
  
  generating, by the Point of Service terminal, a generated pad, wherein the generated pad is an arbitrary set of characters that is used to encrypt and decrypt the account number;
  
  for each said character in each sensitive data field on a character by character basis;
  
  forming, by the Point of Service terminal, a combined character from the character of the sensitive data field, taken alone, and a character of the generated pad;
  
  forming, by the Point of Service terminal, a replacement character by performing a modulus operation on the combined character; and
  
  storing, by the Point of Service terminal, the replacement character in the position of a corresponding character in the sensitive data field;
  
  forming, by the Point of Service terminal, a transmission for delivery to a corresponding acquirer computer of said acquirer and containing the transaction data with the at least one said sensitive data field; and
  
  transmitting, by the Point of Service terminal, the transmission to the acquirer computer and then to a transaction handler computer of the transaction handler.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method as defined in claim 1, wherein the replacement characters are characters from the character set.
  - 3. The method as defined in claim 1, wherein each character of the generated pad is a character selected from the character set.
  - 4. The method as defined in claim 1, further comprising using characters of the generated pad in repetition, wherein the number of characters in the generated pad is less than the number of characters in the sensitive data field.
  - 5. The method as defined in claim 1, wherein each character in the predetermined character set is of a type selected from the group consisting of numeric, alphabetic, alphanumeric, hexadecimal, EBCDIC, ASCII, UNICODE, and ANSI.
  - 6. The method as defined in claim 1, wherein the predetermined character set is numeric of a base selected from the group consisting of base 2, base 10, base 12, base 16, base 26, base 36, and base 64.
  - 7. The method as defined in claim 1, wherein the account number further comprises a Cardholder Verification Value (CVV).
  - 8. The method as defined in claim 1, wherein forming a combined character is performed using a technique selected from the group consisting of character addition, character subtraction, and character multiplication.
  - 9. The method as defined in claim 1, wherein the generated pad is a one-time pad.
  - 10. The method as defined in claim 1, further comprising generating the generated pad using data selected from the group consisting of:
    - a key shared by the Point of Service terminal and the acquirer;
      
      transaction data from the one said transaction; and
      
      one or more of the time, date, and location of the one said transaction.
  - 11. The method of claim 1 wherein the account number is 16 characters long.
  - 12. The method of claim 1 wherein the generated pad is based on a date, location or price of the transaction.
  - 13. The method of claim 1 wherein the generated pad is a concatenated value including the time and date of the transaction.
  - 14. The method of claim 1 wherein generating the pad comprises using a key to generate the generated pad.
  - 15. The method of claim 1 wherein the account number comprises 16 characters.
  - 16. The method of claim 10 wherein generating the generated pad is generated from transaction data comprising a location of the POS terminal.
  - 17. The method of claim 10 wherein generating the generated pad is generated from transaction data comprising a number of items purchased, a time and date, and a location of the transaction.
  - 18. The method of claim 1 wherein the generated pad is longer than the account number.
  - 19. The method of claim 1 wherein forming the combined character is performed by addition.
  - 20. The method of claim 1 wherein the generated pad is derived from information about the transaction.
  - 21. The method of claim 1 wherein retrieving one said account at the POS terminal comprises receiving the one said account from a payment cart.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Sheets, John Foxe, Wagner, Kim
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
SHERR, MARIA CRISTI OWEN

Application Number

US12/202,978
Publication Number

US 20090063354A1
Time in Patent Office

2,492 Days
Field of Search

705 50- 67
US Class Current

1/1
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/4015   using location information

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/403   Solvency checks

G06Q 2220/00   Business processing using c...

H04L 9/50   using hash chains, e.g. blo...

Method and system for securing data fields

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing data fields

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links