SYSTEM AND METHOD FOR SECURE VERIFICATION OF ELECTRONIC TRANSACTIONS

US 20080077798A1
Filed: 09/24/2007
Published: 03/27/2008
Est. Priority Date: 09/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method of processing a personal identification number (PIN), comprising:

encrypting at an owning institution processor a clear PIN input using an encryption algorithm to generate a first encrypted PIN;

hashing at the owning institution processor the first encrypted PIN using a one-way hash algorithm to generate a first hashed-encrypted PIN; and

storing at a third party processor the first hashed-encrypted PIN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and method for secure verification of electronic transactions, and in particular secure processing of personal identification numbers when third party processors are involved. In an embodiment, a variable length PIN associated with a credit card or debit card is encrypted, then hashed using a one-way hash algorithm before it is passed along to and stored by a third party processor. The encrypted-hashed PIN always remains in an encrypted form while in the hands of the third party processor. At the third party processor, secure cryptographic hardware is used to store the one-way hash algorithm. Encrypted PIN values received for verification are converted and hashed using the one-way hash algorithm, and the resulting hashed-encrypted value is compared against the hashed-encrypted PIN values previously stored at the third party processor. As the PIN has a variable length, and the third party processor has no access to the hash algorithm, the encrypted PIN values are highly resistant to reverse engineering or decryption.

32 Citations

View as Search Results

18 Claims

1. A method of processing a personal identification number (PIN), comprising:
- encrypting at an owning institution processor a clear PIN input using an encryption algorithm to generate a first encrypted PIN;
  
  hashing at the owning institution processor the first encrypted PIN using a one-way hash algorithm to generate a first hashed-encrypted PIN; and
  
  storing at a third party processor the first hashed-encrypted PIN.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving at the third party processor a second encrypted PIN generated from a clear PIN input;
      
      translating at the third party processor the second encrypted PIN into a third encrypted PIN in a form usable by the third party processor;
      
      hashing at the third party processor the third encrypted PIN using the one-way hash algorithm to generate a second hashed-encrypted PIN; and
      
      comparing at the third party processor the second hashed-encrypted PIN to the stored first hashed-encrypted PIN to determine if the second encrypted PIN is generated from the same clear PIN input as that of the first encrypted PIN.
  - 3. The method of claim 2, further comprising:
    - securing at the third party processor the one-way hash algorithm in cryptographic hardware.
  - 4. The method of claim 1, further comprising:
    - receiving at the owning institution processor a user generated clear PIN input.
  - 5. The method of claim 4, wherein the user generated clear PIN input has a variable length, the method further comprising:
    - generating at the owning institution processor the first hashed-encrypted PIN from the variable length PIN, and storing at the third party processor the first hashed-encrypted PIN from the variable length PIN.
  - 6. The method of claim 5, further comprising:
    - receiving at the third party processor the second encrypted PIN generated from a clear PIN input;
      
      translating at the third party processor the second encrypted PIN into a third encrypted PIN in a form usable by the third party processor;
      
      hashing at the third party processor the third encrypted PIN using the one-way hash algorithm to generate a second hashed-encrypted PIN; and
      
      comparing at the third party processor the second hashed-encrypted PIN to the stored first hashed-encrypted PIN to determine if the second encrypted PIN is generated from the same variable length clear PIN input as that of the first encrypted PIN.
  - 7. The method of claim 6, further comprising:
    - securing at the third party processor the one-way hash algorithm in cryptographic hardware.

8. A system for processing a personal identification number (PIN), comprising:
- an encryption algorithm module provided at an owning institution processor and configured to encrypt a clear PIN input and to generate a first encrypted PIN;
  
  a one-way hash algorithm module provided at the owning institution processor and configured to hash the first encrypted PIN and to generate a first hashed-encrypted PIN; and
  
  storage provided at the third party processor for storing the first hashed-encrypted PIN.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, further comprising:
    - a PIN translator module provided at the third party processor for translating a second encrypted PIN into a third encrypted PIN in a form usable by the third party processor;
      
      a one-way hash algorithm module provided at the third party processor for hashing the third encrypted PIN to generate a second hashed-encrypted PIN; and
      
      a comparison module provided at the third party processor for comparing the second hashed-encrypted PIN to the stored first hashed-encrypted PIN to determine if the second encrypted PIN is generated from the same clear PIN input as that of the first encrypted PIN.
  - 10. The system of claim 9, further comprising:
    - cryptographic hardware provided at the third party processor for securing the one-way hash algorithm.
  - 11. The system of claim 9, further comprising:
    - receiving means provided at the owning institution processor for receiving a user generated clear PIN input.
  - 12. The system of claim 11, further comprising:
    - a PIN translator module provided at the third party processor for translating a second encrypted PIN into a third encrypted PIN in a form usable by the third party processor;
      
      a one-way hash algorithm module provided at the third party processor for hashing the third encrypted PIN to generate a second hashed-encrypted PIN; and
      
      a comparison module provided at the third party processor for comparing the second hashed-encrypted PIN to the stored first hashed-encrypted PIN to determine if the second encrypted PIN is generated from the same clear PIN input as that of the first encrypted PIN.
  - 13. The system of claim 12, further comprising:
    - cryptographic hardware provided at the third party processor for securing the one-way hash algorithm.

14. A computer readable medium storing computer code that when loaded into one or more data processors adapts the processors to provide, when executed, a method of processing a personal identification number (PIN), the computer readable medium comprising:
- code for encrypting at a owning institution processor a clear PIN input using an encryption algorithm to generate a first encrypted PIN;
  
  code for hashing at the owning institution processor the third encrypted PIN using a one-way hash algorithm to generate a first hashed-encrypted PIN; and
  
  code for storing at a third party processor the first hashed-encrypted PIN.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer readable medium of claim 14, further comprising:
    - code for receiving at the third party processor a second encrypted PIN generated from a clear PIN input;
      
      code for translating at the third party processor the second encrypted PIN into a third encrypted PIN in a form usable by the third party processor;
      
      code for hashing at the third party processor the third encrypted PIN using the one-way hash algorithm to generate a second hashed-encrypted PIN; and
      
      code for comparing at the third party processor the second hashed-encrypted PIN to the stored first hashed-encrypted PIN to determine if the second encrypted PIN is generated from the same clear PIN input as that of the first encrypted PIN.
  - 16. The computer readable medium of claim 15, further comprising:
    - code for receiving a user generated clear PIN input.
  - 17. The computer readable medium of claim 16, wherein the user generated clear PIN input has a variable length, the computer readable medium further comprising:
    - code for generating the first hashed-encrypted PIN from the variable length PIN at the owning institution processor and storing the first hashed-encrypted PIN from the variable length PIN at the third party processor.
  - 18. The computer readable medium of claim 17, further comprising:
    - code for securely accessing the one-way hash algorithm secured in cryptographic hardware at the third party processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nachtigall, Ernest

Granted Patent

US 8,621,230 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/62   Protecting access to data v...

G06F 2221/2107   File encryption

G06F 2221/2115   Third party

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/1025   Identification of user by a...

SYSTEM AND METHOD FOR SECURE VERIFICATION OF ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR SECURE VERIFICATION OF ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others