The present invention relates to an electronic value system having electronic stored-valued, and in particular to such a system with system-level monitoring of the stored value.
Smart cart technology has enabled two consumer payment applications: the charge (credit or debit) card with enhanced security (especially in off-line payment,) and the stored-value card, also called electronic purse. The two applications are complementary: the charge card is more suitable for medium-to-higher payments, while the electronic purse""s arena is small payments. The potential synergy between two payment applications is described in U.S. Pat. No. 5,744,787 by the present inventors and assigned to common applicants of the present application.
A major concern in any payment system is security, i.e., preventing unauthorized transfer or production of money. In smart card stored-value payment, a vast number of patents, publications and implemented solutions deal with safeguarding payment and other value transfer transactions at the bank-to-consumer, consumer-to-merchant and merchant-to-bank levels. There are combinations of hardware, software and procedures believed to withstand any attack conducted for a reasonable time using known means. However, as security is so crucial to payment systems, many bankers insist on monitoring the flow of money at the system level, to reconfirm the flawless operation of the security means at the transaction levels. This security requirement has been commonly transformed into the concept of xe2x80x9cfull accountabilityxe2x80x9d, i.e. recording and reporting all single stored-value transactions to a central computer, for checking and confirming that each addition of value to a first stored-value device has occurred only as the same amount had been deducted from a second stored-value device. Such accountability schemes require an enormous amount of data storage and transfer and may interfere with the privacy of consumers carrying personal payment cards.
The main object of the present invention is to monitor centrally the stored value (hereinafter referred-to as xe2x80x9celectronic valuexe2x80x9d) in a stored-value system, for system-level reconfirmation of transaction-level security, without recording and reporting each single transaction. Another object is to minimize the amount of data stored and transferred for such monitoring. Still another object is to enable consumer anonymity and privacy in most small payments. Additional objects include measuring the amount of stored value lost or abandoned by consumers; measuring the amount of invalid stored value (if transaction-level security has malfunctioned or has been broken); providing controlled refresh options for periodical renewal of electronic value and its security parameters; maintaining local audit trails for identifying the sources of fraudulent electronic value; supporting multiple-issuer environments; and enabling satisfactorily-monitored card-to-card transfer of electronic value.
The following terms will be used herein as follows:
1. Electronic money - value which is recorded electronically and is useful for payment.
2. Account - a storage of electronic value at an institution. Non-limiting examples include the storage of electronic money or debt at a financial institution, such as bank accounts and credit accounts. The accounts of interest to the present invention are consumer account and merchant account.
3. Value issuer - a business entity establishing and maintaining accounts of electronic value. In some embodiments of the present invention, value issuers are financial institutions, such as banks, credit companies and telephone companies. Actually, the term value issuer will usually relate to the computer system of such institutions used to store and maintain accounts and execute transactions therewith.
4. Charge - a consumer order to transfer electronic value from his account to another account.
5. Electronic value - value in a form which can be transferred to and stored in a consumer or merchant electronic storage device. The term xe2x80x9cvaluexe2x80x9d herein denotes any accumulated and transferable measure of worth, including but not limited to: money, cash, currency, or the equivalent thereof; loyalty points, airmiles, or other rewards or recognitions; barter credit or scrip; and coupons, such as discount coupons. The term xe2x80x9celectronic cashxe2x80x9d herein denotes an embodiment of electronic value that represents cash money or the equivalent thereof.
6. Stored-value device - an electronic storage device for storing electronic value.
7. Payment card - a consumer device for payment with electronic money. A payment card may include a charge card for generating charge orders (e.g., credit card or debit card), and/or an electronic purse or electronic coin purse, which is a consumer stored-value device or storage within a consumer stored-value device.
8. Smart card - a payment card designed to secure the information stored therein and the transactions made therewith.
9. Point of sale or POS, or point-of-sale terminal - a merchant""s device for receiving payment and optionally also for determining the purchase contents and calculating the payment amount. A POS may be staffed (e.g., a supermarket cash register) or automatic (e.g., in a vending machine, public telephone or parking meter).
10. Electronic drawer, electronic coin drawer, or drawer - a merchant""s secured electronic storage device or merchant stored-value device, usually forming part of POS, for storing electronic value (electronic value drawer) and/or charge orders (charge drawer).
11. Electronic value pool - a stored-value device for a financial institution or storage within a financial institution stored-value device, for storing and accounting for electronic value.
12. Elementary value unit, or EVU - the smallest amount of value that is relevant for transfer. In one embodiment of the present invention, the elementary value unit is a single loyalty point. In other embodiments, the elementary value unit is an elementary monetary value, or EMU, representing smallest amount of monetary value that is relevant for payment or change. An example 1¢ in the U.S. or 5 Agorot in Israel.
13. Serial number - data used for identification of a discrete entity and suitable for digital representation. Typical examples for serial numbers are positive integers and ASCII character strings.
14. Charge function - a means for making a charge. Charge functions may be coupled with a stored-value device. As a non-limiting example, the electronic coin purse of a payment card or personal network terminal may be coupled with a charge function. As another non-limiting example, a charge function may be coupled with an electronic coin drawer; the charge function of this example is herein denoted by the term xe2x80x9ccharge drawerxe2x80x9d.
The present invention makes electronic value countable by devising the entity xe2x80x9celectronic coinxe2x80x9d, each electronic coin having a monetary value or other forms of value and a serial number. When an electronic coin moves, it moves along with its value and serial number. A percentage of random electronic coins flow through electronic coin pools of financial institutions, where forbidden repetitions or out-of-range serial numbers are sought. Such repetitions or out-of-range instances, if found, are reported to signal that there is a security leak at the transaction level and to estimate the size of the damage.
By creating a hierarchy of electronic coin types, each having a denomination which is a multiple of the previous denomination, the present invention supports very effective payment while minimizing storage requirements for electronic coins, especially on the payment card. The present invention teaches how to allocate tens or a couple hundred bytes of memory on the card, for storing hundreds of dollars, with 1¢ resolution, in a hundreds million card population, with a unique serial number for each electronic coin. This minimal storage requirement also implies minimal data communication requirement during transactions, which minimizes transaction time and enhances reliability.
The present invention also investigates the money flow in the monetary system constructed and operated according to the present invention, showing that most electronic value actually revolves between points of sale and payment cards, while the actual monetary transfer are made mainly by charge (credit or debit) transactions and/or by electronic bills, which are higher-denomination electronic coins which are allowed for manual reloading of payment cards.
Another aspect relates to managing local audit trails, where each stored-value device records the serial numbers of received electronic coins along with the identity of the source device. These records are kept for a limited time, and are useful to track back suspected electronic coins to identify the source devices for further investigation.
By changing editions periodically, the present invention teaches to refresh security parameters, recall efficiently and automatically the older edition""s electronic coins, count them with accuracy of a single cent, identify security flaws precisely, and account for electronic value lost oar abandoned by card holders, i.e., electronic value not claimed by the expiration date of the old edition.
Other important achievements of the present invention include a very effective support for system-level-audited card-to-card electronic value transfers, and the provision of ultimate anonymity at most transactions. The invention offers flexibility in supporting different card types to populations of different needs and preferences, including the co-existence of personal cards having both charge and stored-value functions, and xe2x80x9cwhitexe2x80x9d, stored-value-only cards. Methods for accelerating the edition refreshing and enhancing the security sampling rate and reliability are also presented, including forced exchange of electronic coins and random or FIFO (first-in-first-out) electronic coin picking.
The present invention also teaches how to manage a multi-issuer environment, where every issuer is assigned a distinctive range of serial numbers. A semi-countable system is also presented, where higher denomination electronic coins are counted according to the present invention, while lower denominations are inspected statistically.
The present invention also generalizes the concept of stored-value devices. Although the payment card is an important class of stored-value device for storing, sending, and receiving electronic coins, other important devices are also possible. Non-limiting examples of generalized stored-value devices include personal network terminals, which herein denotes any electronic device available for personal use to access and interact with electronic networks. Personal network terminals include, but are not limited to personal computers (PC""s) and telephonic devices, such as cellular telephones or other wireless communication deices. Other non-limiting examples of stored-value device include point-of-sale terminals, unattended point-of-sale terminals, and network servers such as are used on the Internet. Stored-value devices may exchange electronic coins in proximity with one another, as is done with payment cards and points-of-sale, but in generally stored-value devices may also exchange electronic coins remotely over a dial-up connection, via a network (such as the Internet), wireless communication, or a combination of these.
Specific types or classes of stored-value devices may be associated with consumers, merchants, and value issuers, such as financial institutions. Thus, consumers may have consumer stored-value devices, merchants may have merchant stored-value devices, and value issuers may have value-issuer stored-value devices. In particular, consumer stored-value devices are also herein denoted by the term xe2x80x9celectronic coin pursesxe2x80x9d, merchant stored-value devices are also herein denoted by the term xe2x80x9celectronic coin drawersxe2x80x9d, and value issuer stored-value devices are also herein denoted by the term xe2x80x9celectronic coin poolsxe2x80x9d.
As illustrated in FIG. 36, a merchant stored-value device in the form of a merchant server 900 interfaces via a network 910 with a consumer stored-value device in the form of a consumer PC 920. Within a memory 922 of consumer PC 920 is an electronic coin purse 924 containing electronic coins 926. Non-limiting examples of memory 922 include RAM, EEPROM, and hard disk storage. Likewise, within a memory 902 or merchant server 900 is an electronic coin drawer 904 containing electronic coins 906. Similarly, non-limiting examples of memory 902 include RAM, EEPROM, and hard disk storage.
In general, there are value transfer transactions from a source stored-value device to a target stored-value device. There is great versatility in making value transfers according to the present invention. For example, a consumer might have a cellular telephone containing an electronic coin purse coupled with a charge function. The cellular telephone company might have an electronic coin drawer coupled with a charge drawer. In this manner, and as detailed herein, the consumer could pay for telephone service by transferring value to the telephone company, such as during the calls themselves. This transferred value could be a combination of electronic value representing both monetary value (electronic money) and other forms of value such as loyalty points, telephone credit points, and so forth. Additionally, a merchant could maintain an electronic coin drawer coupled with a charge drawer, and the consumer could use the cellular telephone to contact the merchant and exchange value therewith. Furthermore, in consideration of making monetary purchases, the merchant could transfer electronic value representing loyalty points to the consumer""s stored-value device (the cellular telephone), which could then be used by the consumer to pay the telephone company for service.
There is considerable prior art in the field of transferring monetary value electronically, but the present invention differs significantly from prior art systems with regard to objectives, organization, utilization, and operating environment.
For example, the xe2x80x9cValue Transfer Systemxe2x80x9d of U.S. Pat. No. 5,440,634 and U.S. Pat. No. 5,623,547 to Jones et al. disclose a coinless purse system that requires a separate loading operation and independent account reconciliation on individually-stored transactions. This is in contrast to the system of the present invention, which utilizes electronic coins and does not necessarily require a separate loading operation or account reconciliation.
It should also be noted in particular that the general concept of convenient payment instruments in the form of indivisible digital tokens, sometimes referred to as xe2x80x9cecoinsxe2x80x9d, is likewise well known in the art. The present invention, however, differs significantly from prior art implementations of xe2x80x9cecoinxe2x80x9d payment systems, with regard to its objectives, operating environment, and electronic coin transfer protocol.
For example, the prior art xe2x80x9cecoinxe2x80x9d payment system of DigiCash BV (Amsterdam, The Netherlands) is intended to facilitate the making of payments over a possibly unreliable communication channel (such as a data network) and to reduce the risk of lost value due to storage and transmission errors. In The DigiCash system, xe2x80x9cecoinsxe2x80x9d are uniquely serialized, and any holder of an xe2x80x9cecoinxe2x80x9d can make unlimited copies of the xe2x80x9cecoinxe2x80x9d for legitimate purposes, such as backup against inadvertent loss. In fact, the copies of a DigiCash xe2x80x9cecoinxe2x80x9d with a specific serial number are indistinguishable from one another, so that it is meaningless to speak of an xe2x80x9coriginalxe2x80x9d DigiCash xe2x80x9cecoinxe2x80x9d as distinct from the copies of that xe2x80x9cecoinxe2x80x9d. In the DigiCash system, the transfer of an xe2x80x9cecoinxe2x80x9d from payer to payee consists of sending a copy of the xe2x80x9cecoinxe2x80x9d from payer to payee. A copy of the xe2x80x9cecoinxe2x80x9d remains with the payer, so that the xe2x80x9cecoinxe2x80x9d may be sent repeatedly to the payee in the event of communications errors or other loss. The DigiCash system maintains integrity against unauthorized creation of value with a central database containing records of spent xe2x80x9cecoinxe2x80x9d serial numbers, so that any given xe2x80x9cecoinxe2x80x9d can be used to transfer value from any payer to any payee only once. A payee who receives an xe2x80x9cecoinxe2x80x9d immediately sends a copy of the xe2x80x9cecoinxe2x80x9d to the issuer (usually a bank), who records the xe2x80x9cecoinxe2x80x9d serial number in the central database of spent xe2x80x9cecoinsxe2x80x9d and validates the payment, either by crediting the payee""s account with the value or by returning a new (unspent) xe2x80x9cecoinxe2x80x9d of equal value to the payee, which the payee may then spend. But subsequent attempts to transfer value from any payer to any payee using an xe2x80x9cecoinxe2x80x9d that is registered in the central database as having already been xe2x80x9cspentxe2x80x9d will be rejected, and in this way the making of copies of xe2x80x9cecoinsxe2x80x9d does not impact the monetary value in the DigiCash system.
In contrast, the electronic coin system of the present invention is intended to facilitate the utilization of account-to-account transfers (credit or debit) for making cumulative small payments, and employs a highly reliable communication channel (a smart card or secured network session), in which the probability of a communications or storage failure of the devices themselves is negligibly small. In the system according to the present invention, electronic coins are uniquely serialized, but the transfer protocol precludes the making of copies. In the system according to the present invention, therefore, there exists at most a single electronic coin corresponding to any given serial number, and the transfer of an electronic coin from payer to payee consists of sending the electronic coin to the payee in such a way that no copy of the electronic coin remains with the payer. In the system according to the present invention, electronic coins circulate like their physical counterparts, and a particular electronic coin may therefore be spent more than once, in contrast to the prior art system, which allows only a single payment per xe2x80x9ce-coinxe2x80x9d. A typical transaction of the present invention distinctly involves electronic coins of different denominations moving between two stored-value devices in both ways to account for the desired value. The electronic coin pool of the present invention is furthermore distinct from the prior art central database in that the electronic coins in the electronic coil pool are still valid and may be put back into circulation for further spending, whereas the prior art central database is merely a listing of xe2x80x9ce-coinsxe2x80x9d which are no longer valid for transactions.
Thus, according to the present invention, there is provided a countable electronic value system for the transfer of electronic money in amounts which are an integer multiple of an elementary value unit, the transfer of electronic money made between two selected ones from a plurality of payment cards, a plurality of points of sale and a number of financial institutions, the countable electronic value system including:
(a) at least one electronic coin type, each electronic coin type of the at least one electronic coin type having a denomination of an integer number of the elementary value unit;
(b) a plurality of electronic coins each belonging to one of the at least one electronic coin type, each electronic coin of the plurality of electronic coins having a serial number,
(c) a plurality of stored-value devices, each for storing electronic coins from the plurality of electronic coins, including:
a plurality of electronic coin purses, each included in a payment card of the plurality of payment cards;
a plurality of electronic coin drawers, each included in a point of sale of the plurality of points of sale; and
a number of electronic coin pools, each included in a financial institution of the number of financial institutions;
and transaction means for the transfer of a selectable number of electronic coins belonging to a selectable electronic coin type, from a source stored-value device selected from the plurality of stored-value devices to a another, second stored-value device selected from the plurality of stored-value devices, the transaction means being operative to record the serial number of each one of the transferred electronic coins in the target stored-value device and to erase this serial number from the first stored-value device.
Other aspects of the present invention are presented in the detailed specifications hereinbelow.