When using data networks, e.g. the Internet, for transactions between parties exchanging goods, services, or information, one of the problems observed is the lack of secure and simple transaction methods. The most widely accepted method of protecting information stored in a computer system or communicated over networks involves the use of data encryption. Data encryption technology is basically classified into two technology types: symmetric and asymmetric. Symmetric encryption uses the same key to both encrypt and decrypt an information file. Asymmetric encryption uses two keys which share a relationship such that information encrypted with one key can be decrypted only with the second key.
Encryption algorithms are characterized as being either reversible or irreversible. Symmetric and asymmetric encryption algorithms are reversible. A reversible algorithm is one where data is recoverable from its encrypted state back to its pre-encrypted state. One example of an irreversible algorithm is a hash algorithm. Secure hash algorithms were originally used to detect alterations to an information file, whether intentional or unintentional. It is not surprising, therefore, that the output of the algorithm is called a message integrity code (MIC) or message digest (MD). Another characteristic of hash algorithms is that the output is always the same binary length regardless of the size of the input. Thus, an input having a large binary length may be mapped to an output having a shorter binary length. Further, if only one bit in a message or file is changed, approximately 50% of the bits in the output change. There is no known relationship between the input and output of a hash algorithm which may be used to recover the input from the output. Thus, even “brute-force” trial-and-error attacks become prohibitive in time and cost, often requiring large “dictionaries” to be created which match all potential values with their corresponding hashes.
Encryption algorithms may, in addition, be classified as deterministic or non-deterministic. A deterministic encryption algorithm is one which returns the same result each time a specific input is applied to the encryption algorithm. Different inputs produce different outputs. A non-deterministic encryption algorithm is one in which the result is not necessarily the same, even with identical inputs. For example, a random number generator provides a non-deterministic result.
Secure data transmission systems have been developed using symmetric and asymmetric encryption, reversible and irreversible algorithms, and deterministic and non-deterministic encryption, but they are often very complex and involve cumbersome cryptographic procedures and management. Accordingly, current methods employed for the protection of data being stored or transmitted over a network could benefit from improved techniques and devices for safeguarding such information.
The security of financial data transmission is especially critical. Many states throughout the U.S. hold institutions that store payment card industry (“PCI”) data (e.g., credit card numbers, magnetic strip information, CVV codes, track data, etc.) liable for the costs associated with blocking and reissuing payment cards in the event of a security breach. Parties that are negatively impacted by such unauthorized disclosures of PCI data can also bring suit against the companies maintaining the PCI data. Thus, there is a need to transmit payment information securely and/or process payments without storing the type of payment information that is subject to PCI compliance laws.