Field of the Invention
The present invention relates to systems and methods for transmitting and processing transaction messages, and in particular to systems and methods useable for sending transaction messages where an identifier is encrypted.
Description of the Related Technology
Smart devices, such as smart cards, access cards, financial instruments such as payment cards, fobs and most recently mobile telephones and other portable electronic devices are increasingly being used to effect transactions. A transaction may involve a number of functions. In a simple form, a user in possession of a suitable smart device may be granted access through a security door. Alternatively, or in addition, such a user may be able to make payments for goods and services, or to use the smart device in ticketing for access to public transport or an event.
A suitable smart device has a processor and a memory. These may be combined in a secure element, which is a piece of tamper resistant hardware which can only be communicated with in a limited fashion.
In use, the smart device is presented to a terminal of a transaction processing system, for example a door lock, a point of sale device or a ticket barrier. The smart device communicates with the terminal. This communication may be contactless for example using near field communications (NFC), or through contact between the device and the terminal. The smart device may communicate solely with the terminal; however more often data provided by the smart device is transmitted through the transaction processing system to a suitable recipient. This recipient authenticates the smart device and may respond, for example by commanding the terminal to open a door or barrier, or by providing data to the smart device.
To enable a smart device to be used in this manner, the smart device is provided with a device identifier. This may be a number, or alphanumeric string which is capable of uniquely identifying the device and thereby enabling the transaction processing system to determine whether to grant access, or to effect payment, or similar. An example of a suitable device identifier used in payments is a primary account number or PAN, which is used on credit and debit cards to effect payments.
Methods have been proposed to modify or obscure a device identifier during a transaction to increase security. While such proposed systems make it harder for a malicious third party to clone or pretend to be the smart device, such systems still do not obviate a risk that a third party may track a user's movements and activity using data transferred from the device.