1. Field of Invention
This invention relates to an apparatus and method for routing confidential information through a public telephone network, and, more particularly, to an apparatus and method for sending encrypted credit card and debit card information through the Internet.
2. Description of the Related Art
U.S. Pat. Nos. 5,519,569 and 5,815,577 describe an encryption module for encrypting financial and other selective data, in the form of a unit which may be conveniently interposed in series between a personal computer and the keyboard associated therewith. An application program designated to run on the personal computer is configured to prompt the user to enter his PIN (Personal Identification Number) or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted fashion, and need not reside on the hard drive within the personal computer in an unencrypted form.
It is a first objective of the invention to provide a way for transmitting data identifying a transaction card, such as a credit card or a debit card, over a public network, such as the Internet in an encrypted form.
It is a second objective of the invention to provide a way for processing encrypted data transmitted over a public network so that the data can be decoded and used within a transaction card processing network not having a capability to handle elongated encrypted information.
It is a third objective of the invention to process certain encrypted data in a manner not recording decoded data within a computing system.
According to a first aspect of the invention, there is provided a method for decoding an encrypted transaction card identifying number, which is, for example, a credit card number or a debit card number, transmitted from a first computing system across a public network and for transmitting the transaction card identifying number to a second computing system, wherein the transaction card identifying number is encrypted within an encryption unit identified by a serial number, and wherein the method comprises steps of:
(a) receiving the encrypted transaction card identifying number and the serial number from the public network;
(b) generating a single-use number;
(c) storing the single-use number, the serial number, and the encrypted transaction card identifying number in a first data structure, wherein the serial number and the encrypted transaction card identifying number are found by locating the single-use number;
(d) receiving a second number;
(e) determining if the second number is stored within the first data structure as a single-use number;
(f) when the second number is determined to be stored within the first data structure as a single-use number, finding a cryptogram in a second data structure, wherein the cryptogram is found by locating a serial number in the second data structure equal to the serial number in the first data structure found by locating the single-use number in the first data structure;
(g) decoding a first portion of the encrypted transaction card identifying information with the cryptogram to generate a transaction card identifying number; and
(h) transmitting the transaction card identifying number to the second computing system.
According to a second aspect of the present invention, apparatus is provided for sending an encrypted transaction card identifying number across a public network. The apparatus includes first, and second computing systems connected to the public network, processors within the first and second computing systems, a third computing system connected to communicate with the second computing system, and a data base accessed by the second computing system. The first computing system includes an encryption unit, identified by a serial number, for encrypting the transaction card identifying number. The processor within the first computing system executes a program for transmitting the serial number of the encryption unit with the encrypted transaction card identifying number along the public network.
The data base stores first and second data structures. The first data structure includes a first plurality of single-use credit card numbers, a serial number of an encryption unit associated with each single-use credit card number in the first plurality of single-use credit card numbers and found by locating the single-use credit card number in the plurality of single-use credit card number, and an encrypted transaction card identifying number transmitted with each single-use credit card number in the plurality of single-use credit card numbers. The second data structure, includes a second plurality of serial numbers identifying encryption units and a cryptogram associated with each serial number in the second plurality of serial numbers. The cryptogram, which is found by locating the serial number in the second plurality of serial numbers, decodes data encoded by an encryption unit identified by the serial number in the second plurality of serial numbers.
The processor within the second computing system executes a program including a first routine for receiving from the public network the serial number of the encryption unit with the encrypted transaction card identifying number from the public network, for calculating a single-use credit card number, and for storing the single-use credit card number with serial number of the encryption unit and the encrypted transaction card identifying number from the public network in the first data structure, and a second routine for receiving the single-use credit card number from the third computing system, for locating the single-use credit card number within the first data structure, for locating a serial number within the second data structure identical to a serial number found in the first data structure by locating the single-use credit card number therein, for decoding the encrypted transaction card number with a cryptogram found by locating the serial number within the second data structure to generate the transaction card number, and for transmitting the transaction card number.
Preferably the second routine additionally determines whether the transaction card number is a credit card number or a debit card number, and the data base additionally includes a third data structure including a third plurality of bank-identifying numbers and a bank key, associated with each bank-identifying number in the plurality of bank-identifying numbers, found by locating the bank-identifying number, and encoding information in a manner readable by a bank computer reached by the bank-identifying number. If the second routine determines that the transaction card number is a debit card number, the second routine additionally causes a PIN block portion of the encrypted transaction card identifying number to be re-encoded using the bank-key found by locating, within the third data structure, a bank-identifying number forming a portion of the transaction card number.