1. Field of the Invention
This invention relates to the secure generation and transmission of Transaction Request Messages and Responses in on-line Electronic Funds Transfer and other types of networks consisting of remote terminals in communication with a central data base containing encrypted data used in the validation or authentication process or similar networks used to transfer funds and that provide for, in addition to transferring funds, dispensing cash, paying bills, making deposits, dispensing a good or permitting utilization of a service.
2. History of the Prior Art
Both on-line and off-line computer networks and systems have been developed for executing user initiated or requested financial transactions for reasons of public convenience and economy. One example is a cash dispensing machine. Such a machine may be activated by use of an appropriately coded check or other negotiable instrument, or a plastic credit, debit or identification card, and dispenses the requested amount of cash if the request seems valid to the authenticating means in the cash dispensing device.
One type of on-line system stores account information in a central data base to which the remote terminals are connected by data communication lines. In response to submission of specified information from a remote terminal, such as account number, amount of sale or amount requested, merchant identification if a sale, and secret information related to the cardholder, the system searches the account files to obtain data that may indicate that the transaction should be approved or denied. Such information may include date of last use, amount of credit if a credit transaction, balance in account, whether a card has been lost, stolen or has expired. If the transaction is approved, the system adjusts the account information appropriately after the transaction is completed. As the art progressed, terminals with increased functions were provided that permitted more functions to be performed than dispensing cash or effecting a purchase. For instance, financial institutions, to reduce peak loads and to extend their services during times of business closure, permit the transfer of funds between accounts, accept payments for utilities or for loan balances, accept deposits, and provide for advances to be charged to valid credit cards. These devices typically include a plastic card reading mechanism, a keyboard, a display, document entry and exit apertures and may be connected to a data base or operate as a stand-alone device. Due to the increased functions permitted, the exposure to fraud increased, so that secret numbers (Personal Identification Numbers) were issued to cardholders to reduce the exposure. The Personal Identification Number entered on the keyboard by the cardholder must either compare directly with the number encoded on the magnetic stripe of the plastic card or some correspondence, that may depend on encryption, must exist between the Personal Identification Number and the number encoded on the magnetic stripe. Otherwise, the transaction is not enabled on the presumption that the card was either lost or stolen. This method may be used by stand-alone devices or devices connected to a central data base.
The use of a Personal Identification Number improved the security of such systems but still left some means available for fraud and had other disadvantages. The problem of secure issue of Personal Identification Numbers arose. The use of on-line files with lists of Personal Identification Numbers may permit unauthorized access to the files by employes for purpose of obtaining what is supposed to be secret information. With such information, duplicate or counterfeit cards can easily be manufactured to perpetrate fraud. Several different approaches were taken to overcome the disadvantages. One approach, to avoid the use of on-line files and to overcome the supposed cost and complexity of on-line systems, was to try to improve the security of stand-alone use. As a result, special plastic cards with material laminated into the card, pasted onto the card, holes punched into or onto the card as a security measure, were devised, none of which was effective by itself.
Another approach was to encrypt the Personal Identification Number stored in the account records, which is effective, provided appropriate additional security measures are instituted. Encryption may not be effective with stand-alone devices because of access required by maintenance personnel and for replenishing the cash supply or other servicing, thereby exposing the encryption key to simple means of compromise. Encrypting only the secret information in the central account records is not effective since the secret information must also be entered at a remote terminal to initiate a transaction and be transmitted, usually by means of utility communication lines, to the centralized computer, thereby becoming subject to monitoring by person or persons unknown. The transmission therefore must also be encrypted, which is effective but may still permit someone who can break the code access to the list of correspondence between account information and Personal Indentification Numbers by monitoring these transmissions. An additional shortcoming is the generation, by a sophisticated penetrator, of spurious transactions to fraudulently transfer funds within data base accounts. As a result, the previous methods of validating the secret number at a centralized data processor provide protection against casual fraud but may not provide adequate protection against a penetrator having knowledge of, and perhaps, access to, current data processing equipment or systems. Alternatively, those methods that seem to provide an adequate level of security also seem quite costly due to the need for utilizing high-cost data communication lines for multiple transmissions for validation of each transaction and for transmission in a secure way of the required enciphering keys, rather than relying on a single Transaction Request Message, a single Response and an acknowledgement or some minimum number of transmissions per transactions.
There has evolved within the same time frame networks other than the proprietary networks that a single financial institution may deploy to service its customers. Financial Institutions may decide to share networks or to interchange transactions in order to provide better service. There are national networks developed by Bank Cards to service many financial institutions that may aggregate millions of accounts and millions of transactions per day. Although each transaction may be small, the aggregate dollar volume transferred per day is substantial. In addition, there are the semi-official clearing house systems and the networks used by Federal Financial Agencies to transfer billions of dollars of funds daily and that impact the financial structure of the country. The methods used by some of the large financial institution networks to provide security are so simplistic, they may easily be defeated by a knowledgeable person, as occasional newspaper headlines attest.
What has been lacking until now is a procedure, method or system that integrates the validation and authentication of the plastic card, cardholder, terminal or other device used to initiate transactions, render ineffective wiretap data, that does not require unencrypted Personal Identification Numbers to be processed, that efficiently uses costly data communication lines by minimizing transmissions and is adaptable to the requirements of different types of on-line networks.