|
|
|
| United States Patent | 5317636 |
| Link to this page | http://www.wikipatents.com/5317636.html |
| Inventor(s) | Vizcaino; Gerardo (Nashua, NH) |
| Abstract | This disclosure relates to a method and apparatus for improving the
security of credit card transactions. It involves a so-called "smart"
credit card, which includes a processor, a memory, and a display window.
When used, the card produces a verification number, which is based on a
transaction sequence number and an encryption algorithm stored in the
memory of the card. The verification number produced by the card is read
in the display window and transmitted to a verification computer. The
computer uses the verification number, together with a de-encryption
algorithm, to produce a computed transaction sequence number. If the
computed transaction sequence number corresponds to a transaction sequence
number stored in the memory of the computer, then the computer will
authorize the transaction, otherwise it will not. Both the card and
computer change their respective transaction sequence numbers, such as by
incrementation, so that different transaction sequence numbers are stored
in the respective memories, for the production of a different verification
number for the next transaction. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 5317636 |
|
|
Method and apparatus for securing credit card transactions |
|
|
|
|
|
| Publication Date |
May 31, 1994 |
|
|
|
|
|
| Filing Date |
December 9, 1992 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 5163098
Dahbura
705/75
Nov,1992 |  Your vote accepted
[0 after 0 votes] | | 5120939
Claus
235/382
Jun,1992 | Your vote accepted
[0 after 0 votes] | | 5097115
Ogasawara
235/380
Mar,1992 | Your vote accepted
[0 after 0 votes] | | 5068894
Hoppe
Nov,1991 | Your vote accepted
[0 after 0 votes] | | 5023908
Weiss
713/184
Jun,1991 | Your vote accepted
[0 after 0 votes] | | 5017766
Tamada
235/492
May,1991 | Your vote accepted
[0 after 0 votes] | | 4974193
Beutelspacher
726/20
Nov,1990 | Your vote accepted
[0 after 0 votes] | | 4885778
Weiss
713/184
Dec,1989 | Your vote accepted
[0 after 0 votes] | | 4879747
Leighton
713/186
Nov,1989 | Your vote accepted
[0 after 0 votes] | | 4868372
Oomura
235/380
Sep,1989 | Your vote accepted
[0 after 0 votes] | | 4849613
Eisele
235/379
Jul,1989 | Your vote accepted
[0 after 0 votes] | | 4816655
Musyck
235/380
Mar,1989 | Your vote accepted
[0 after 0 votes] | | 4816651
Ishording
235/379
Mar,1989 | Your vote accepted
[0 after 0 votes] | | 4811393
Hazard
380/277
Mar,1989 | Your vote accepted
[0 after 0 votes] | | 4786790
Kruse
235/380
Nov,1988 | Your vote accepted
[0 after 0 votes] | | 4766293
Boston
705/41
Aug,1988 | Your vote accepted
[0 after 0 votes] | | 4742351
Suzuki
340/5.54
May,1988 | Your vote accepted
[0 after 0 votes] | | 4720860
Weiss
713/184
Jan,1988 | Your vote accepted
[0 after 0 votes] | | 4679236
Davies
713/184
Jul,1987 | Your vote accepted
[0 after 0 votes] | | 4656342
Ugon
235/379
Apr,1987 | Your vote accepted
[0 after 0 votes] | | 4629872
Hallberg
235/380
Dec,1986 | Your vote accepted
[0 after 0 votes] | | 4626669
Davis
235/380
Dec,1986 | Your vote accepted
[0 after 0 votes] | | 4599489
Cargile
705/52
Jul,1986 | Your vote accepted
[0 after 0 votes] | | 4501957
Perlman
235/379
Feb,1985 | Your vote accepted
[0 after 0 votes] | | 4442345
Mollier
235/380
Apr,1984 | Your vote accepted
[0 after 0 votes] | | 4386266
Chesarek
705/72
May,1983 | Your vote accepted
[0 after 0 votes] | | 4281215
Atalla
705/72
Jul,1981 | Your vote accepted
[0 after 0 votes] | | | | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. A credit card apparatus comprising:
a memory means for storing data;
an encryption algorithm stored in said credit card for encrypting data,
said algorithm being complementary to a de-encryption algorithm stored in
an authorization computer;
a first transaction sequence number stored in said memory means, said
transaction sequence number corresponding to a second transaction sequence
number stored in the computer;
a display means;
a processing means for processing said encryption algorithm and said first
transaction sequence number to produce a verification number, which is
visually displayed in said display means, for conveyance to the computer
which computes a transaction sequence number using the de-encryption
algorithm and which tests the correspondence of the computed transaction
sequence number with the second transaction sequence number for
determining whether a given credit card transaction is to be authorized;
and
said processing means changes said first transaction sequence number, and
stores the changed first transaction sequence number in said memory means.
2. The apparatus as in claim 1, further comprising an activation means for
activating said processing means to produce a verification number.
3. The apparatus as in claim 2, wherein said activation means includes an
activation pad which requires the entry of an identification code in order
to activate said processing means to produce the verification number.
4. The apparatus as in claim 1, wherein said encryption algorithm encodes
said first transaction sequence number when processed by said processing
means.
5. A computer for authorizing a credit card transaction comprising:
a memory means for storing data;
a de-encryption algorithm stored in said computer for de-encrypting a
verification number produced by a credit card using an encryption
algorithm;
a first transaction sequence number stored in said memory means, said first
transaction sequence number corresponding to a second transaction sequence
number stored in a credit card;
a processing means for processing said de-encryption algorithm and the
verification number to produce a computed transaction sequence number,
said processing means also being for testing the correspondence of the
computed said processing means. number with said transaction sequence
number to determine whether a given credit card transaction is to be
authorized; and
said processing means changes said first transaction sequence number,
provided the given credit card transaction is authorized, and stores the
changed first transaction sequence number in said memory means.
6. The computer as in claim 5, wherein said computer authorizes a given
credit card transaction on the basis of whether the computed transaction
sequence number corresponds to said first transaction sequence number.
7. The computer as in claim 6, wherein said computer determines
correspondence on the basis of the computed transaction sequence number
falling within a predetermined range of said first transaction sequence
number.
8. The computer as in claim 7, wherein said computer resets said first
transaction sequence number to be equal to the computed transaction
sequence number if, with said computer determining whether a given credit
card transaction is to be authorized, the computed transaction sequence
number is not equal to said first transaction sequence number, and the
computed transaction sequence number falls within said predetermined
range.
9. The computer as in claim 6, wherein said computer determines
correspondence on the basis of the computed transaction sequence number
falling within a predetermined range of said first transaction sequence
number, said predetermined range being divided into a first and second
portion.
10. The computer as in claim 9, wherein said computer automatically
authorizes a transaction if the computed transaction sequence number falls
within said first portion of said predetermined range.
11. The computer as in claim 10, wherein said computer invokes an
additional authorization sequence if the computed transaction sequence
number falls within said second portion of said predetermined range.
12. The computer as in claim 5, wherein said de-encryption algorithm
encodes said first transaction sequence number when processed by said
processing means.
13. A system for verifying a credit card transaction comprising:
a credit card including:
a first memory means for storing data;
an encryption algorithm stored in said credit card for encrypting data;
a first transaction sequence number stored in said memory means;
a display means;
a first processing means for processing said encryption algorithm and said
first transaction sequence number to produce a verification number for
visual display in said display means, said first processing means changes
said first transaction sequence number, and stores the changed first
transaction sequence number in said first memory means; and
a computer means including:
a second memory means for storing data;
a de-encryption algorithm stored in said computer, said de-encryption
algorithm being the complement of said encryption algorithm;
a second transaction sequence number stored in said second memory means;
and
a second processing means for processing said de-encryption algorithm and
said verification number to produce a computed transaction sequence
number, said second processing means also being for testing the
correspondence of said computed transaction sequence number with said
second transaction sequence number, and said second processing means
changes said second transaction sequence number, provided the given credit
card transaction is authorized, and stores the changed second transaction
sequence number in said second memory means.
14. The system as in claim 13, wherein said first and second transaction
sequence numbers correspond to one another at the time said credit card is
issued.
15. The system as in claim 14, wherein said computer authorizes credit card
transactions on the basis of whether the computed transaction sequence
number corresponds to said second transaction sequence number.
16. The system as in claim 15, wherein said computer determines
correspondence on the basis of the computed transaction sequence number
falling within a predetermined range of said second transaction sequence
number.
17. The system as in claim 16, wherein said predetermined range is divided
into a first and second portion, and said computer automatically
authorizes a given transaction if the computed transaction sequence number
falls within said first portion of said predetermined range, and invokes a
separate authorization sequence if the computed transaction sequence
number falls within said second portion of said predetermined range.
18. The system as in claim 17, wherein said second transaction sequence
number is reset to be equal to the computed transaction sequence number
if, with said computer determining whether a given credit card transaction
is to be authorized, the computed transaction sequence number is not equal
to said second transaction sequence number, and the transaction is
authorized.
19. The system as in claim 13, wherein said encryption and de-encryption
algorithms encode and decode said first and second transaction sequence
numbers when processed by said first and second processing means,
respectively.
20. The system as in claim 13, further comprising an activation means for
activating said first processing means to produce a verification number.
21. The system as in claim 20, wherein said activation means includes an
activation pad on said credit card for the entry of an identification code
in order to activate said processing means to produce a verification
number.
22. The system as in claim 13, wherein said first processing means further
includes a random number generator for producing said first transaction
sequence number.
23. The system as in claim 22, wherein said random number generator
generates a random number which is stored in said first memory means as
the initial said first transaction sequence number, and wherein with said
computer determining the authorization of a first transaction relating to
said card after said card was issued, said computer automatically resets
said second transaction sequence number to be equal to the computed
transaction sequence number.
24. The system as in claim 13, wherein said first and second processing
means change their respective first and second transaction sequence
numbers by incrementation.
25. The system as in claim 24, wherein said first and second transaction
sequence numbers are incremented by the same number.
26. A method of authorizing a credit card transaction comprising the steps
of:
requiring the provision of identification information to an authorization
computer;
using the identification information to access a file in the computer
containing a de-encryption algorithm and a first transaction sequence
number, the de-encryption algorithm being complementary to an encryption
algorithm stored in a credit card, and the first transaction sequence
number corresponding to a second transaction sequence number stored in the
credit card;
requiring the provision of a verification number, produced by the credit
card using the second transaction sequence number and the encryption
algorithm;
processing the verification number with a processing means in the computer
to produce a computed transaction sequence number;
testing the correspondence of the computed transaction sequence number to
the first transaction sequence number to determine whether a given credit
card transaction is authorized; and
changing the first transaction sequence number if the given credit card
transaction is authorized.
27. The method as in claim 26, further comprising the step of:
authorizing a given credit card transaction if the computed transaction
sequence number corresponds to the first transaction sequence number.
28. The method as in claim 27, wherein during said authorizing step
correspondence is determined on the basis of whether the computed
transaction sequence number falls within a predetermined range of the
first transaction sequence number.
29. The method as in claim 28, wherein the predetermined range is divided
into a first and second portion, and the computer automatically authorizes
a given credit card transaction provided the computed transaction sequence
number falls within the first portion of the predetermined range.
30. The method as in claim 29, wherein the computer invokes a separate
authorization sequence provided the computed transaction sequence number
falls within the second portion of the predetermined range.
31. The method as in claim 27, further comprising the step of:
resetting the first transaction sequence number to be equal to the computed
transaction sequence number if, with the computer determining whether a
given credit card transaction is to be authorized, the computed
transaction sequence number is not equal to the first transaction sequence
number, and the transaction is authorized.
32. The method as in claim 26, wherein during said changing step the first
transaction sequence number is incremented by a predetermined number.
33. The method as in claim 32, wherein the predetermined number by which
said first transaction sequence number is incremented is equal to a number
by which the processing means in the credit card increments the second
transaction sequence number after the production of the verification
number. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
FIELD OF THE INVENTION
This invention relates to a method and apparatus for securing a transaction
conducted by means of a credit card.
BACKGROUND OF THE INVENTION
The use of credit cards for many types of transactions is already
commonplace, and is steadily increasing as society moves progressively to
a cashless monetary system. The proliferation of the use of credit cards,
however, has been met with a corresponding proliferation in the methods by
which unscrupulous persons may use credit card information to engage in
fraud or theft.
For example, one typical credit card transaction involves a person who uses
a telephone credit card to make a telephone call at a public telephone.
The transaction sequence usually requires the user to first dial an access
number to make contact with a long distance carrier. The access number is
generally, publicly available, since it is distributed to all subscribers
to the carrier's service and is sometimes even displayed in the public
telephone area. After receiving a confirmation signal, the caller then
enters a customer specific, account number, which is made up of a series
of numerals often printed on the credit card for ease of user access.
Unlike the access number which is public, the account number should be
kept secret by the card owner, given that it is used by the carrier to
determine if a valid account number has been presented when the service
request is initiated. Of even greater importance to the card holder, the
account number usually identifies the account to which the requested
telephone service will be billed.
Understanding that someone who has the telephone account number can use
that number to place unauthorized calls, a practice has grown up by which
thieves have devised different methods by which they gain access to the
account numbers of legitimate card holders. One such practice is referred
to as "shoulder surfing", whereby the thief watches, sometimes by means of
binoculars, and memorizes the customer unique, account number entered by a
legitimate card holder. Modern, public telephone areas in airports, train
stations, shopping malls, and the like, make the true card owners
particularly vulnerable to this practice given that the design of many
public telephone areas typically permit members of the public to freely
move around and behind the caller. Thus, someone in a publicly accessible
area could have a clear view of the account number on the card or entered
on the telephone key pad during the transaction, especially if the caller
inadvertently neglects to guard the secrecy of the account number.
Yet another example of the means by which a thief may gain access to a
legitimate card holder's account number may involve a typical credit card
purchase from a retailer. During such a transaction, the card holder's
account number is exposed to the retailer's clerk processing the
transaction. Additionally, if the transaction is conducted with the card
holder present in person, there is typically paperwork, such as a hard
copy receipt, which is generated during the transaction and which contains
the account number. Frequently, carbon paper inserts, which are between
the receipt paperwork, are discarded in an unsecured manner after the card
holder provides an authorization signature, even though those carbon paper
inserts may contain the account number of the customer.
Thus, an unscrupulous clerk could later attempt to use the account number
to engage in fraudulent transactions. Alternatively, another party who
gains access to the discarded carbon paper could likewise attempt to use
the account number to engage in a fraudulent transaction. And finally, a
so called `shoulder surfer` could observe the transaction and obtain the
account number.
What is needed is a method and apparatus by which credit card transactions
can be made more secure against fraud and theft. To the extent that credit
cards are mass produced, the security approach must be adapted for
implementation on a wide scale, which also suggests that it must not be
prohibitively expensive. The approach must take account of existing
transaction equipment which is available now and in the near future. For
example, most public telephone systems have touch tone key pads, but
relatively few have the newer technology, card readers which read an
electronic strip on the credit card. Likewise, home telephone systems,
which can be used for conducting credit card transactions, are highly
unlikely to include a card reader system. Finally, the security approach
must be reasonably simple to use by the card holder, as significant
increases in the complexity of use will reduce the desirability of the
security system.
SUMMARY OF THE INVENTION
This invention relates to the apparatus and method of authorizing credit
card transactions. One embodiment of the invention includes a system which
is made up of an authorization computer and a credit card that work in
conjunction to enhance the security of credit card transactions.
More particularly, the system includes a smart credit card which includes a
processor, a memory and a liquid crystal display. The credit card is used
to produce a unique verification number by processing a transaction
sequence number with an encryption algorithm. The verification number is
then displayed in the display device, and can be transmitted to the
authorization computer along with a customer identifying account number.
The computer, which is used for authorizing the credit card transactions of
the customers of the credit card issuer, uses the account number to access
an account file for the credit card customer. That account file has
general account data for the given customer, as well as a transaction
sequence number, which corresponds to the transaction sequence number
stored in the credit card. Additionally, the account file includes a
de-encryption algorithm, which is complementary to the encryption
algorithm of the credit card, such that the computer can use the
de-encryption algorithm together with the verification number to produce a
computed transaction sequence number.
The computed transaction sequence number is compared to the transaction
sequence number stored in the computer to determine whether the two
numbers correspond to one another. If they do, then the computer will
authorize the transaction, if they do not then the transaction will be
rejected.
Both transaction sequence numbers, the one in the card and the one in the
computer are changed, preferably by incrementation, after the authorized
transaction so that a different verification number is generated and used
in the authorization of each different credit card transaction. Thus, the
verification number used in one given transaction will not be useful in a
subsequent transaction. Therefore, even if someone were to see the
verification number used in one transaction, they would not be able to use
it in a subsequent transaction.
Yet other embodiments of the invention include the credit card that is used
in the system, the computer that is used in the system, and the process of
authorizing credit card transactions using the system.
Objects, features, and advantages of the invention will be further
appreciated and better understood upon consideration of the following
detailed description of the preferred embodiment, presented in conjunction
with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a front view of an embodiment of a "smart (credit) card" in
accordance with the present invention.
FIG. 2A is a partly sectioned, front view of the smart card of FIG. 1,
showing internal elements of the card in block diagram form and a switch
which activates the processing operations of the card.
FIG. 2B provides an alternate embodiment of the card of FIG. 2A, having the
switch replaced by a keypad for entering an authorization number to
activate the processing operations of the card.
FIG. 3 is a flow diagram showing the process by which the card of FIG. 1
produces a verification number.
FIG. 4 is a block diagram of the card of FIGS. 1 and 2, a station which is
linked to a computer, and also an operator for entering information at the
station.
FIG. 5 is a flow diagram showing the process by which a card holder's
account is established.
FIG. 6 is a flow diagram showing the process by which the card and computer
of FIG. 4 are used to enhance the security of a credit card transaction.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring first to FIG. 1, an embodiment of a credit card 20 in accordance
with the present invention is shown. More particularly, credit card 20 is
a so-called "smart card". In some respects, card 20 is quite similar to a
common credit card, insofar as it has a plastic housing with the same
dimensions as a traditional credit card. Additionally, it has a magnetic
strip on its back (not shown) to enable card 20 to be read by a typical
card reader.
As will be detailed below, a "smart card" is more sophisticated than a
traditional credit card, insofar as it contains processing capabilities.
Thus, card 20 can be used as a credit card for all of the transactions
requiring a traditional credit card, but it has additional capabilities
which enable it to be used to increase the security of credit card
transactions.
In the front view of card 20 of FIG. 1, card 20 includes the card holder's
name 22 and the card holder's account number 24. Name 22 and account
number 24 may be punched or stamped onto card 20 in raised numbering which
is typically found on traditional credit cards. The inclusion of
electronic circuitry within card 20 may affect the manner in which name 22
and account number 24 are placed on card 20, it being necessary to assure
that the traditional punching or stamping method does not damage the
electronic circuitry of card 20. Thus, name 22 and account number 24 may
be placed on the card in any manner that is adapted for a smart card
having internal electronic componentry. Also, as mentioned above, account
number 24 may be stored on a magnetic strip on the back of card 20, so
that account number 24 can be read by a card reader in the usual manner of
a regular credit card.
As discussed below, account number 24 is card holder unique and is used by
the issuer of the card to identify a particular card holder's account. The
identity of the card holder's account is necessary for billing the card
holder for goods or services charged against that account number.
In addition to account number 24, FIG. 1 shows card 20 to further include
activation switch 26. Switch 26 is an electronic switch which activates
card 20 for the purpose of having card 20 process a transaction sequence
number and produce a verification number, not shown on FIG. 1, but shown
on FIG. 2A. In one embodiment, switch 26 may be an on/off switch which
starts the processing by card 20. In yet other embodiments, there may be a
separate on/off switch, which is shown on FIG. 1 in a dashed line and has
reference number 28. The advantage of having a one switch 28 for turning
card 20 on, and a separate switch 26 for signalling to the | | |
