The present invention relates to the transfer of electronic data over an unsecure data link. More specifically, it relates to a method and apparatus for the secure transmission of magnetically readable card data over the Internet, or other computer network.
A card is essential to many daily transactions. For instance, a growing number of commercial transactions, from purchasing goods, to hiring a car, are primarily accomplished via credit cards or direct debit cards. Also, a variety of medical services, from treatment to the dispensation of drugs, require a patient to provide a health insurance card or a drug authorization card. The data on these cards may be highly sensitive. For example, details of a patient""s medical history can be coded on drug prescription cards to prevent adverse drug reactions, and credit card data provide the necessary authorization to receive goods or services on credit. Both purchaser and retailer, patient and clinic, demand that the card data remain secure during transmission down a data link.
The Internet is a worldwide network of interconnected computers and is gaining acceptance as a medium for commercial transactions. Many personal computers in the home include modems for connecting the consumer to an Internet Service Provider, such as America On-Line, via a telephone line. Consumers are increasingly using the Internet for their commercial, medical, and other personal transactions. Examples of transactions over the Internet include on-line banking, on-line shopping, buying and selling stock, student loan repayment, customer account management, identification, and verification that a consumer has adequate insurance.
Although Internet commerce is gaining acceptance, consumers are nonetheless concerned about the security of their sensitive data over telephone lines and over the Internet. Many businesses using the Internet require consumers to submit credit card numbers or other sensitive data, such as social security numbers or other identity numbers, in order to receive service. The relative anonymity of Internet transactions can heighten consumer anxiety that sensitive information may end up in unintended hands. Consumer anxiety may dampen the growth of Internet commerce.
Consumer fears are not unfounded; the Internet is not a secure computer network. For example, consider the purchase of goods from a retailer""s World Wide Web page. Upon selecting the goods, the consumer is asked to type his or her name, credit card number, and the card""s date of expiration into an interactive web page. The web browser software typically encrypts the data and outputs the encrypted data to a modem for transmission down a telephone line. The data packets travel on the Internet and pass through several other computers and routers on their way to their destination. Anybody can read the encrypted card data at any of the nodes on the Internet and make a copy of the data for identification purposes or for later illegitimate use. Moreover, some older browsers do not support encryption and any credit card data can then be directly read from the data packets and even directly read from the telephone line.
Although the data is usually encrypted and secure on the telephone line, the consumer may still be wary of passing sensitive information through a global network of computers. One reason for the wariness is psychological: the consumer enters the data to the web page in a manner that he or she may perceive as being open to fraud. Many credit card frauds operate by persuading consumers to provide data to a sham retailer. In these frauds, the consumer typically reads, over the telephone, the data embossed into a credit card, or fills out a false authorization form. The sham retailer then uses the number to make unauthorized charges against the consumer""s credit or bank account. Entering the data to a web page appears to be no different.
Secondly, some web browsers may be vulnerable to attack by a program that captures keystrokes. Such a program, popularly referred to as a xe2x80x9cTrojan horse,xe2x80x9d could be downloaded from a web site to the consumer""s personal computer without his or her knowledge. The program can reside in memory and operate to record the keystrokes of the consumer and in particular the keystrokes made as the consumer enters the card data to a genuine and legitimate commercial web page. Again without the knowledge of the consumer, the program can send the captured data via the Internet to an address where a data thief can reconstruct the unencrypted card data. In this situation, the consumer is often completely unaware that the data on the card have been compromised. This threat to security is presently unperceived. It could ultimately destroy consumer confidence in Internet transactions involving sensitive data.
Moreover, a determined data thief can tap a telephone line or circumvent the security of a public switched telephone network and record or otherwise acquire modem traffic. A public switched telephone network, however, such as provided by ATandT and others, and telephone lines are usually secure from eavesdropping. But if the data are not encrypted, the thief may extract the information or at least sufficient information to construct a sham request for authorization. Applying encryption techniques to the data, however, does prevent a thief from unscrambling the sensitive data from the traffic on a telephone line. These perceived weaknesses in the security of Internet commerce may be overcome both electronically and psychologically by a direct encryption and transmission of the data magnetically encoded in the card.
Although the consumer may be wary of Internet transactions, the consumer may still be comfortable with the familiar card transaction he encounters in a retail store. In this instance, data on a card are read when the card is swiped through a magnetic card reader. A telephone call is made to a predetermined telephone number and a modem connected to the magnetic card reader transmits the card data and transaction data to an authorization server. The authorization server identifies the card, verifies that the card is valid, and determines whether the consumer is authorized for that particular transaction. Otherwise, the server denies the transaction. The modem receives the authorization or denial information from the authorization server and presents it to the retailer.
In this case, the card data are transmitted over another unsecure computer network: an ordinary telephone service. However, steps are taken to protect the security of the data on the telephone line. First, the consumer has possession of the card until the moment of the swipe and after the moment of swipe. Next, the consumer is physically present at the transaction and can verify the identity of the retailer. Next, the telephone number of the destination is predetermined and cannot be mimicked. Next, the data can be encrypted before modulation and transmission over the telephone line. Next, the data encoded on the magnetic card may be previously encrypted. Not only does this process provide valid authorization, but it also purports to protect the data on the card. It is difficult for the magnetic card data to be transmitted to a sham destination for later illicit use. The consumer has reason to believe that a card swipe transaction protects the sensitive data on the card on its travel to the authorization server.
Existing methods for transmitting card data on the Internet has two weaknesses: the first is that the consumer enters the data via a keyboard; the second is that the web browser performs the encryption. Encryption of the data on the computer is often too late because the security breach could have occurred at each keystroke. Additionally, consumers may prefer that the data on the magnetic card be entered in a manner with which they are already comfortable. It is therefore desirable to prevent the alteration, engraftation, or unintended manipulation of data over an unsecure computer network, such as the Internet or an ordinary telephone service. Protecting the security of magnetic card data may lead to greater use of the Internet as a medium for consumer transactions.
In accordance with preferred embodiments of the present invention, some of the problems associated with the secure transmission of card data are overcome. An apparatus for the secure transmission of card data over a computer network is provided. The apparatus is adapted for connecting to a network device. The apparatus includes a card reader including a card reader input for receiving data obtained from scanning a card, and a card reader output for sending data obtained from scanning a card. Scanned card data on the card reader are not readable by the network device. The apparatus further includes an encryption circuit configured for encrypting card data, including an encryption input connected to the card reader output and an encryption output. The apparatus yet further includes a data interface including a data interface input connected to the encryption output and a data interface output. The apparatus yet further includes a communications device including a communications device input connected to the data interface output and a communications device output connected to the computer network.
For example, the apparatus of the present invention may provide for the secure transmission of card data over a computer network such as the Internet. When the card reader scans a card, such as a magnetic card, a network device connected to the apparatus, such as a personal computer, cannot read the card data. Instead, an encryption circuit encrypts the card data and forwards it to the computer network, again without being accessible by the network device. This can help ensure that the card data are secure from programs on the network device that capture keystrokes and secure from electronic eavesdropping. However, the present invention is not limited to the Internet, magnetic cards, or personal computers, and other networks, cards, and network devices could be used.
The foregoing and other features and advantages of preferred embodiments of the present invention will be more readily apparent from the following detailed description, which proceeds with references to the accompanying drawings.