Secure electronic commerce employing integrated circuit cards
First Claim
Patent Images
1. A computer-implemented method for securely processing commercial transactions over a network, comprising the steps of:
- providing a card access device;
providing an integrated circuit card;
establishing a connection between the card access device and the integrated circuit card, wherein the card access device is coupled to the network;
providing a cryptogram generation command comprising challenge data;
transferring the cryptogram generation command from the card access device to the integrated circuit card;
encrypting the challenge data using the integrated circuit card to form a response, wherein the step of encrypting the challenge data is in response to the cryptogram generation command;
transferring the response from the integrated circuit card to the card access device;
forming a payment instruction message at the card access device, wherein the payment instruction message comprises the response; and
encrypting at least a portion of the payment instruction message using asymmetric cryptographic techniques wherein the two encrypting steps are part of a same commercial transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for network-based electronic commerce employing integrated circuit cards is provided. In one embodiment, cardholder authentication is provided by use of on-card symmetric cryptographic processing. The cardholder thus need not be limited to performing transactions from any particular computer system. Asymmetric cryptographic techniques are employed for communication of transaction data over the network.
302 Citations
17 Claims
-
1. A computer-implemented method for securely processing commercial transactions over a network, comprising the steps of:
-
providing a card access device;
providing an integrated circuit card;
establishing a connection between the card access device and the integrated circuit card, wherein the card access device is coupled to the network;
providing a cryptogram generation command comprising challenge data;
transferring the cryptogram generation command from the card access device to the integrated circuit card;
encrypting the challenge data using the integrated circuit card to form a response, wherein the step of encrypting the challenge data is in response to the cryptogram generation command;
transferring the response from the integrated circuit card to the card access device;
forming a payment instruction message at the card access device, wherein the payment instruction message comprises the response; and
encrypting at least a portion of the payment instruction message using asymmetric cryptographic techniques wherein the two encrypting steps are part of a same commercial transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
forming an order information message at the card access device;
hashing the order information message to obtain a digest of the order information message;
hashing the payment instruction message to obtain a digest of the payment instruction message;
concatenating the digest of the order information message and the digest of the payment instruction message to obtain a concatenated digest; and
encrypting the concatenated digest with a private signature key particular to the integrated circuit card to obtain a signed concatenated digest.
-
-
10. The computer-implemented method for processing transactions of claim 9, wherein the private signature key is inaccessible to the interface.
-
11. The computer-implemented method for processing transactions of claim 9, wherein the step of encrypting the concatenated digest step is performed by the integrated circuit card.
-
12. The computer-implemented method for processing transactions of claim 9, wherein the encrypting the concatenated digest step is performed by the card access device.
-
13. The computer-implemented method for processing transactions over a network of claim 1, wherein the challenge data comprises an unpredictable number.
-
14. The computer-implemented method for processing transactions over a network of claim 13, wherein the unpredictable number is derived from an identifier identifying a particular merchant and an identifier identifying a particular transaction.
-
15. The computer-implemented method for processing transactions of claim 1, further comprising the steps of:
-
forming an order information message at the card access device;
hashing the order information message to obtain a digest of the order information message;
hashing the payment instruction message to obtain a digest of the payment instruction message;
concatenating the digest of the order information message and the digest of the payment instruction message to obtain a concatenated digest; and
encrypting the concatenated digest with a private signature key particular to the integrated circuit card to obtain a signed concatenated digest.
-
-
16. An integrated circuit card for use in secure electronic commerce, comprising:
-
an interface for receiving external commands and data;
a symmetric cryptographic processor that encrypts a challenge value received via the interface to form a response for transmission via the interface;
an asymmetric cryptographic processor that encrypts a value received from the interface using a first private key unique to the integrated circuit card; and
a memory storing the first private key and a certificate comprising a public key matching the first private key unique to the integrated circuit card, the public key being signed by a second private key of a certificate authority.
-
-
17. A computer-implemented method for securely processing commercial transactions over a network, comprising the steps of:
-
establishing a connection between a card access device and an integrated circuit card, wherein the card access device is coupled to the network;
transferring a cryptogram generation command from the card access device to the integrated circuit card, wherein;
the cryptogram generation command comprises challenge data, and the challenge data comprises an unpredictable number;
encrypting the challenge data using the integrated circuit card to form a response, wherein the step of encrypting the challenge data is in response to the cryptogram generation command;
transferring the response from the integrated circuit card to the card access device;
reading the cardholder certificate from the integrated circuit card;
reading a certificate chain from the integrated circuit card, wherein the certificate chain includes a chain of certificates leading from the integrated circuit card to a root;
forming a payment instruction message at the card access device, wherein the payment instruction message comprises the response;
encrypting at least a portion of the payment instruction message using asymmetric cryptographic techniques, wherein the step of encrypting the payment instruction message comprises using a symmetric key to encrypt the at least a portion of the payment instruction message and encrypting the symmetric key with a public key of a payment processor; and
sending the encrypted payment instruction message from the card access device to a merchant via the network.
-
Specification