The present invention relates generally to improvements to transaction processing. More particularly, the invention relates to techniques for authentication and protection of transaction information in transactions conducted over insecure communication channels.
The use of electronic devices and communication in financial transactions has grown phenomenally in recent years. Electronic devices and communications are commonly used to authorize transactions, and are also used more and more in electronic commerce, especially commerce conducted over the Internet. Electronic transaction authorization typically involves the submission by a merchant of information taken from an identifying token presented by the customer, such as the customer""s credit or debit card. The merchant submits the customer""s credit or debit card information to a bank computer and the bank computer""s debiting the customer""s account and authorizing the transaction. Internet commerce transactions typically involve the use of a credit or debit card, with a customer linking to a merchant web site and entering credit card information or debit card information on a form provided by the web site for transmission to a merchant server. The merchant server submits the received credit card information to a bank or other credit card processing agency server in the same way as is done for a conventional credit card transaction.
In the present state of the art, the conduct of financial transactions is fraught with risks for both the merchant and the customer. This is true both in a conventional transaction where a customer submits a credit or debit card to the merchant and even more in the case of electronic commerce conducted over the Internet. For the merchant, there is little or no assurance that a credit or debit card used in a transaction is not stolen or being used in an unauthorized way. In a conventional transaction where the customer physically submits the card to the merchant, a risk exists for the merchant that the card is stolen or counterfeit, and for the customer there is a risk that the customer""s card information will be stolen by the merchant, intercepted from the merchant""s reader, or intercepted in transit from the merchant""s reader to a bank computer. In an Internet transaction, the merchant has little or no assurance that the person conducting the transaction is in possession of the credit card whose information is being submitted. For the customer in an Internet transaction, it cannot be certain that the merchant web site is a legitimate web site, rather than a false front used to collect credit card information. Even if the web site is a legitimate web site, the customer has no assurance that the web site has not been surreptitiously reprogrammed by outsiders so as to redirect traffic to another location in order to collect credit card data submitted to the web site. If the intended web site has received the data, the customer has no assurance that attackers will not obtain personal information such as credit card information which is stored in the web site""s servers.
Public key cryptography is commonly used to protect sensitive information during Internet transactions. A merchant server sends a public key to a customer""s browser. The browser then uses the public key to encrypt the customer""s data and sends the data in encrypted format to the merchant server. The merchant server then uses its private key to decrypt the data for use.
Public key cryptography protects data in transit, but is less effective as a protection against sending data to undesired destinations. A web site using public key cryptography typically presents a digital certificate to a customer""s browser, but only the most experienced computer users know how to verify a certificate""s digital signature. Moreover, if a web site is set up for the purpose of obtaining credit card information, the web site may well have a genuine certificate and be able to present the certificate during the transaction. Furthermore, the use of public key cryptography offers no assurance to a merchant that credit card information being submitted comes from a credit card held by the submitter, rather than from a copied card or from credit card information collected or intercepted by the submitter.
It may be possible for a user to be provided with a device to read credit card information. However, prior art credit card readers are not adapted to establish that a card is authentic and not a copy. Moreover, if a credit card or debit card reader is placed in the physical possession of a user, the user is free to attack the reader at leisure so that it will operate in unauthorized ways. For example, a user may reconfigure a reader to report reading of a credit card and output purported credit card information, even when no credit card has been submitted to the reader at all. Furthermore, conventional card readers do not provide assurance that a card is genuine and not a counterfeit.
Moreover, credit card readers of the prior art output credit card information in plaintext and do not provide security for the user""s credit card information. Even if the information is encrypted in transit, the merchant will receive the information in plaintext at the end of the transmission. A typical card reader thus provides no security for the user against an unscrupulous merchant or against an attack on a merchant""s file of card data.
Similar problems exist with merchant processing terminals used at retail locations. Merchant card readers are susceptible to being attacked to allow theft of card information. Moreover, merchant card readers of the prior art are not equipped to identify a credit card as a counterfeit.
There exists, therefore, a need in the art for a system which will provide reliable authentication of a financial document such as a credit or debit card, and which will protect the privacy of the user""s data.
A system according to the present invention reliably authenticates the existence and presentation of a genuine financial document such as a credit or debit card and allows the card information to be submitted securely to an issuing authority such as a bank for transaction approval. The card information is not presented directly to a merchant. Instead, an encrypted information block containing encrypted card information is provided to the merchant. The card information is not seen or known by the merchant, nor is the card information available while being transmitted. The information block is transmitted to a computer controlled by an authority which issued the card, and which has the necessary keys to decrypt the information block and retrieve and authenticate the card information. Once the card is authenticated, the merchant receives a transaction authorization, but has no opportunity to see or compromise the card information.
One aspect of the present invention is a system for reliably authenticating the presentation of a genuine financial document such as a credit or debit card and for securely transmitting the financial information contained on the card together with financial transaction details in order to verify a transaction. A customer initiates a financial transaction, for example by beginning an ordering process for ordering a book over the Internet. The merchant server presents a transaction form to the customer. The transaction form may suitably contain a product number, price and description, with space for the customer to enter information such as shipping information. The transaction form may provide an instruction for the customer to insert a token into an authentication device attached to the customer""s computer. The token may be a financial identification card such as a credit card or debit card, or may alternatively be an identification card issued by an individual bank.
The authentication device reads the card information and authenticates the card. The authentication device also stores information such as time and date, as well as information received from the customer""s computer such as transaction details including the dollar amount of the transaction. The authentication device may also receive biometric information such as a customer signature. The authentication device stores the information received in an information block and encrypts the information block using a preprogrammed secure encryption key. The authentication device provides the information block to the customer""s computer, which transmits the information block to the merchant. The merchant forwards the information block to the merchant""s bank, and the information block is eventually forwarded to a server controlled by the authority which issued the authentication device. The issuing authority server decrypts the information block using the encryption key and examines the data in the information block. If the issuing bank approves the transaction, payment is made or authorized to the merchant. If the issuing authority server rejects the transaction, a notice is sent to the merchant that the transaction has been rejected.
The authentication device is tamperproof and is adapted to obtain information needed to identify a card as genuine or counterfeit. Because the authentication device is tamperproof and is programmed with an encryption key by the issuing authority, the information block produced by the authentication device can be trusted when received by the issuing authority, even if the information block is not sent over a secure channel. Similarly, because the information block is encrypted by a tamperproof device using a key controlled by the issuing authority, the information block is protected from compromise even when sent over an insecure channel.
A more complete understanding of the present invention, as well as further features and advantages of the invention, will be apparent from the following Detailed Description and the accompanying drawings.