The invention relates to verification of information media of card-type with which an issuer""s obligations are associated, and more particularly to the methods for a cardholder to request fulfillment of an obligation associated with the card and for the issuer to acknowledge this obligation. The invention can be used for selling goods and services, in lotteries, in banking and financing activities, and in other areas.
The method of selling goods and services with the help of prepaid cards is well known in the business practice. The essence of this method is that the issuer issues special cards, associates with each of them an obligation of his and distributes the cards among cardholders. At some later time a cardholder can request the issuer to fulfill the obligation associated with the card. Utilization of this method can substantially expand the issuer""s customer base, since the cards can be distributed in the places that are near to potential cardholders. Furthermore, acquiring the issuer""s obligations via acquiring a card can be anonymous.
By a card is meant any suitable material medium with which the issuer""s obligation is associated.
By an issuer of a card is meant an entity which issues cards, bears the responsibility for the obligations associated with them, and performs actions related to verification of the cards and acknowledgment of the obligations. In practice, the issuer may delegate part of his functions, for example, related to verification of the cards, to other entities. Moreover, the issuer can carry out some auxiliary actions itself or entrust their execution to other entities. Such auxiliary actions may include, for example, manufacturing the cards, distribution of cards among cardholders, fulfillment of the acknowledged obligations, etc.
A bank issuing one-time cards (bills) is an example of the issuer. Associated with each card is an obligation of the bank to deposit a certain sum of money in the account indicated by the cardholder. A lottery selling game tickets to the players is another example of the issuer. Associated with each ticket is an obligation of the lottery to give the prize won by the ticket in the drawing.
It would be convenient for the cardholder if he could request the issuer to fulfill the obligation associated with the card without producing the card to the issuer or to his representative. In this case the cardholder could interact with the issuer remotely via electronic means of communication. For example, the holder of a one-time bank card could request, without visiting the bank, that the sum indicated on the card be deposited in the account indicated by the cardholder. Similarly, the holder of a winning ticket, who is watching the lottery drawing on TV, could immediately request, without leaving the comforts of his home, that the prize be delivered to the address indicated by him or that the sum of the prize be deposited in his bank account.
It is also convenient for the issuer to have the possibility of a remote interaction with the cardholder, since this reduces overhead expenses needed for maintenance of offices and accompanying infrastructure, and expands the base of potential consumers of the goods and services offered by the issuer. For example, for an officeless Internet bank, the cards distributed through non-bank retail outlets, could serve as a channel of delivering money in the clients"" accounts.
Before fulfilling an obligation, the issuer must acknowledge it, i.e., he must make sure that the received request for fulfillment of the obligation is legitimate.
Well-known is a conventional method for a cardholder to request fulfillment of an obligation associated with the card and for the issuer to acknowledge this obligation, which method allows a remote interaction between the cardholder and the issuer. The method consists in performing the following steps:
(1) the cardholder reads the identifier from the card and presents to the issuer a request for fulfillment of the obligation associated with the card, which request includes the identifier of the card and directions specifying fulfillment of the issuer""s obligation;
(2) the issuer verifies the validity of the card using the identifier and directions presented by the cardholder, i.e., he checks that a card with such an identifier has actually been issued and that he has acknowledged no obligation associated with the card and specified by directions different from the presented ones;
(3) the issuer acknowledges the obligation corresponding to the obligation associated with the card and the cardholder""s directions.
The data uniquely determining a particular card are called the identifier of the card. The representation of identifier on the card must withstand the attempts to modify it: at least, it must be unfeasible to modify (counterfeit) the identifier so that the modified identifier would coincide with the identifier of another issued card. In practical implementations the card identifier is often represented as a pair consisting of the card number and password. In general, it is not necessary to represent the identifier in the form of several parts though this might be convenient in concrete implementations.
The directions specifying fulfillment of the obligation consist of arbitrary data with which one must supplement the original obligation associated with the card to give it that concrete and final form in which it will be fulfilled. The form and interpretation of the directions depend on a specific application, and are immaterial for description of the invention. For example, the role of directions may be played by the number of the cardholder""s account in which the prize money should be deposited.
The issuer""s acknowledgement of an obligation may consist in performing some actions or may serve as an initiator for their execution. For example, on the ground of his acknowledgment, the issuer can enter the identifier of the card and the corresponding directions specifying fulfillment of the obligation in a list of acknowledged obligations or transmit the obligation to a system fulfilling obligations (into the input of a device executing the obligations). The issuer can also issue to the cardholder a signed receipt stating acknowledgment of the obligation.
To prevent a third party from undetectably reading the identifier from the card while the card is on its way from the issuer to the cardholder, the identifier is usually concealed, at least partly, by a masking device (the concealed part of the identifier can be called the password of the card, and the open part of the identifier can be called the number of the card). The masking device is a means to temporarily conceal certain data connected with the card such as the card identifier. The masking device has two states: open and closed, and it must possess the following properties:
(1) It is practically impossible to read or modify the data concealed by the masking device if the masking device is in the closed state.
(2) It is practically impossible to switch the masking device from the open state to the closed one.
(3) It is easy to determine in which state the masking device is: in the open or closed one.
(4) It is easy to switch the masking device from the closed state to the open one (to open the masking device).
(5) It is easy to read the data concealed by the masking device if the masking device is in the open state.
There are many various types of masking devices which are particularly often used for manufacturing tickets of instant lotteries. Only the functional properties of a masking device listed above are of importance for the description of the present invention, while its concrete realization and constructional features are immaterial.
An application of the conventional method described above to selling the access to Internet is described in [1, 2]. In this application, the cardholder uses the conventional method to activate an account with an Internet provider, who is the issuer of the cards.
The US patent [3] discloses an invention related to selling telephone services, which invention includes application of the conventional method described above to selling telephone services. In this invention, the cardholder uses the conventional method to activate or raise the balance of a telephone account with a telephone company, who is the issuer of the cards.
The conventional method for a cardholder to request fulfillment of an obligation associated with the card and for the issuer to acknowledge this obligation has a number of drawbacks.
The main drawback of the conventional method is that it has no intrinsic procedure for resolving disputes and hence it is not protected against cheaters. For example, an unscrupulous cardholder may choose new directions and request the issuer to fulfill the obligation associated with the card already used earlier. In this case the issuer is unable to prove to the third party that the card is reused. On the other hand, an unscrupulous issuer may refuse to acknowledge and fulfill his obligation, claiming that he has already fulfilled the obligation associated with the given card and specified by some other directions. In this case the cardholder will be unable to prove to the third party that the card was not used earlier by anybody. This drawback is due to the fact that after the completion of the session of the method neither the cardholder, nor the issuer retains any data which they could not have formed without assistance of the opposite party and which could serve as a proof in the dispute resolution. Furthermore, if the issuer has refused to acknowledge his obligation associated with the card, then after the completion of the session of the method the cardholder remains with the card in the same state in which it would be if the issuer acknowledged his obligation, i.e., the card with an open masking device of the identifier if it is used to temporarily conceal the identifier of the card.
The consequence of this drawback is that a malfunction of equipment and communication channels, as well as just human errors, may lead to the situation when the conscientious participant of the conventional method will appear to be unscrupulous from the point of view of the opposite party.
Another drawback of the conventional method stems from the fact that the knowledge of the card identifier is sufficient to request fulfillment of the obligation associated with the card, and that there always is a time interval during which the identifier is not protected. A swift malefactor who learned the card identifier, may manage to request fulfillment of the obligation associated with the card before the legitimate cardholder. For example, the malefactor can peep at the identifier xe2x80x9cover the shoulderxe2x80x9d or intercept it when the identifier is on its way to the issuer (if the channel of communication is not protected).
The main object of the present invention is to provide a secure method for a cardholder to request fulfillment of an obligation associated with the card and for the issuer to acknowledge this obligation, which method allows a remote interaction of the parties. The security of the method is ensured, in particular, by the presence of a dispute resolution procedure. The dispute resolution procedure is conclusive for a third party and completely protects the party acting strictly within the framework of the method.
Another object of the present invention is to weaken negative consequences of malfunctions in the equipment and communication channels, as well as of human errors.
Yet another object of the present invention is to prevent an unauthorized use of a card in those cases when the identifier of the card turns out to be intercepted by cheaters.
The essence of the method according to the present invention is as follows.
The issuer issues cards, each of which has an identifier and the corresponding verifier, the latter being concealed, at least partially, by a masking device. Additional data corresponding to the identifier of the card are called the verifier of the card. The rule of the correspondence between the verifier and identifier of the card must be such that for a party other than the issuer, it would be practically impossible to derive the corresponding verifier from the identifier provided that party did not know in advance which verifier corresponds to the given identifier. In particular, for a party other than the issuer, it must be practically impossible to determine the card verifier without opening the masking device concealing the verifier.
With each card one associates an obligation of the issuer, for example, by way of informing potential cardholders, by putting suitable inscriptions on the card, and by other generally accepted methods. After that, the cards are distributed among the cardholders. On receipt of the card, the cardholder must check that the masking device concealing the verifier of the card is in the closed state.
A cardholder requests the issuer to fulfill the obligation associated with the card, and the issuer acknowledges the obligation by performing the following steps:
(1) the cardholder reads the identifier from the card and presents to the issuer a request for fulfillment of the obligation associated with the card, which request includes the identifier of the card and directions specifying fulfillment of the issuer""s obligation;
(2) the issuer checks that he has not earlier presented to anybody a signed reply binding the identifier presented by the cardholder and directions different from the directions presented by the cardholder, forms a reply to the cardholder, which reply binds the identifier and directions presented, signs the formed reply and presents the signed reply to the cardholder;
(3) the cardholder verifies the issuer""s signature on the reply and checks that the signed reply binds the identifier and directions which the cardholder presented to the issuer, after which the cardholder reads the verifier from the card and presents the verifier to the issuer;
(4) the issuer checks that the verifier presented by the cardholder corresponds to the identifier presented by the cardholder;
(5) the issuer acknowledges the obligation corresponding to the obligation associated with the card and the cardholder""s directions.
To avoid mutual influence between different sessions of the described procedure, the issuer must not proceed to step 2 as long as step 2 is being executed in another session of the procedure described.
Steps 2-4 in the present method correspond to step 2 in the conventional method (verifying the validity of the card using the identifier and directions presented by the cardholder) and replace it.
The issuer""s reply must bind the presented identifier and directions in such a way that it is practically impossible to find an identifier corresponding to an issued card and some directions which, in the aggregate, are different from the identifier and the directions presented, but are also bound by this reply (under the condition that the identifier presented also corresponds to an issued card). For example, the reply may coincide with the cardholder""s request. In another variant, the reply can be a concatenation of the directions and that part of the identifier which uniquely determines a particular card. In one more variant, the reply can be the value of a certain cryptographic hash function calculated for the concatenation of the identifier and directions [4, 5, 7].
There are many ways for the issuer to check that he has not earlier presented to anybody a signed reply binding the identifier presented by the cardholder and directions different from the directions presented by the cardholder. For example, the issuer can maintain a list of replies that were signed and presented to somebody and search the list to carry out this check.
If for some reasons the issuer cannot execute his next step of the described procedure or if the next check yields a negative result, then the issuer stops following the described procedure and may notify the cardholder of this.
If for some reasons the cardholder cannot or does not want to execute his next step of the described procedure or if the next check yields a negative result, then the cardholder may initiate the dispute resolution procedure.
The dispute resolution procedure is as follows. If the cardholder acts according to the method described in the present invention, then either he has a card with the closed masking device of the verifier or he has a card and the issuer""s signature on his reply binding the identifier of the card and the directions specifying fulfillment of the obligation. Hence, initiating a dispute, the cardholder must produce either a card with closed masking device of the verifier or a card and the issuer""s signature on his reply binding the identifier of that card and directions specifying fulfillment of the obligation. In the first case the issuer takes the card from the cardholder and acknowledges the obligation associated with the card and specified by the directions presented by the cardholder in the dispute resolution procedure. In the second case the issuer makes sure that the masking device of the verifier is open, and if it is closed, then the cardholder must open it. After that, the issuer acknowledges the obligation associated with the card and specified by the directions, which directions were bound to the identifier of the presented card by the signed reply of the issuer.
In the second variant of a dispute, where a cardholder produces the card and the issuer""s signature on his reply binding the identifier of the card and directions specifying fulfillment of the obligation, another dispute resolution procedure is also possible. This dispute resolution procedure runs as follows. The issuer checks that he has not acknowledged the obligation associated with the card and specified by the directions which are bound to the identifier of the card by the issuer""s signed reply. After that, the issuer takes the card from the cardholder and acknowledges the obligation associated with the card and specified by the directions presented by the cardholder in the dispute resolution procedure.
In practical implementations of the method, other modifications of the dispute resolution procedure are possible, as well.
The directions specifying fulfillment of the obligation that were presented by the cardholder in the dispute resolution procedure may differ from the directions presented in the procedure of requesting fulfillment of an obligation, which procedure failed and led to the dispute. Moreover, the set of the directions specifying fulfillment of the obligation that are admissible in the dispute resolution procedure may differ from the set of directions admissible in the procedure of requesting fulfillment of an obligation. This set can also depend on the stage of the dispute. For example, the directions presented by the cardholder in the dispute resolution procedure may include the request to return the money that were paid for the card or the request to pay out a forfeit.
The security of the described method is also ensured, in particular, by the fact that even if a malefactor gets to know the identifier of the card and has time to request the issuer to fulfill the obligation associated with the card before the cardholder, neither the cardholder nor the issuer will suffer direct losses, while the malefactor will get no direct profit. Indeed, the malefactor does not know the verifier of the card, and so he will not be able to complete the procedure of requesting fulfillment of an obligation. On the other hand, if the directions of the malefactor and cardholder are different, then, when the cardholder presents to the issuer his request to fulfil the obligation associated with the card, the issuer will discover that he has already issued a signed reply binding the identifier of the card and directions different from the directions presented, and he will interrupt the procedure of requesting fulfillment and acknowledging an obligation. Such a situation can be settled in the dispute resolution procedure. This also means that it is desirable to protect the identifier of the card.
In order to preclude the possibility of guessing the identifier of the card, the set of identifiers of the issued cards must constitute a negligible fraction of all possible identifiers. In this case, a malefactor is unable to indicate the identifier of at least one of the issued cards otherwise than by reading the identifier from the card.
In order to preclude a malefactor from undetectably reading the identifier from a card before the card has reached the cardholder, the identifier of the card may be concealed, at least partly, by a masking device. In this case, on receipt of the card, the cardholder must also check that the masking device concealing the identifier of the card is in the closed state.
If a masking device is used for concealing the identifier, then the cardholder can mistakenly open the masking device of the verifier before the masking device of the identifier. Such a mistake does not deprive the cardholder of the possibility to request fulfillment of the obligation associated with the card though it deprives him of the protection against a malevolent issuer, or, under certain circumstances, against malfunction of the equipment. In order to preclude such mistakes, the construction of the card and of the masking devices may be such that opening the masking device of the verifier is practically impossible without first opening the masking device of the identifier. For example, a card may consist of a sealed envelope containing the second part of the card, which part has an identifier and a verifier, the verifier being concealed by a masking device. In this case, the envelope serves as the masking device of the identifier, and it is practically impossible to open the masking device of the verifier without opening the masking device of the identifier, i.e., without opening the envelope.
The construction of the cards and of the masking devices can be such that the verifier of the card possesses the properties of an identifier and the identifier possesses the properties of a verifier with respect to the verifier of the card which is used as an identifier. In this case, the cardholder can choose on his own which concealed data of the card he will use as an identifier and which as a verifier. The issuer must be able to determine which data of the card are used by the cardholder as an identifier and which as a verifier from the cardholder""s request for fulfillment of an obligation. For example, the formats of the respective data may be different, and the issuer determines which data of the card are used by the cardholder as an identifier and which as a verifier from the format of the data presented. For such cards the cardholder""s mistake of opening the masking device of the verifier before the masking device of the identifier is innocuous, since the verifier and the identifier play symmetric roles. Such cards can also be used in game applications and promotional advertising campaigns, when the prize depends on the cardholder""s choice of the order in which the masking devices are opened.
A card may consist of several physically disconnected parts, which, nevertheless, are united logically. For example, each part may have certain auxiliary data, which uniquely determine the parts that combined together constitute one card. Such cards can be used in game applications and in promotional advertising campaigns, where the cardholder must preliminarily collect together the separate parts of a card.
If the rule of the correspondence between the verifier and identifier of the card is such that the cardholder can independently generate pairs consisting of an identifier and the corresponding verifier, then before acknowledging his obligation the issuer must additionally check that the presented identifier coincides with the identifier of an issued card. The issuer can also perform this check to have a possibility to notify the cardholder of his mistakenly reading the identifier of the card, as well as to quicken the discovery of such a mistake. The issuer must have a means for determining whether the presented identifier coincides with the identifier of an issued card. This means should preferably be a secret of the issuer. For example, as such a means the issuer may use the list of identifiers of all the cards issued.
To raise the level of confidentiality, as well as to prevent interception of the identifier by malefactors in the process of delivering the request for fulfillment of the obligation associated with the card to the issuer, the parties may encrypt their messages. A particular choice of encryption methods is immaterial for the present invention. For example, the cardholder may encrypt the data presented to the issuer using the issuer""s public key within the framework of some predetermined asymmetric encryption system [4, 5]. The issuer may encrypt the data presented to the cardholder, for example, using keys additionally included by the cardholder in his messages for the issuer.
Directions specifying fulfillment of the obligation associated with a card may include identification data of the entity controlling fulfillment of the obligations acknowledged by the issuer. In particular, one may use as such data a public key of the entity in a predetermined digital signature system. By issuing orders bearing digital signatures verifiable with the public key of the entity, the entity can, for example, control the process of the issuer""s fulfilling the acknowledged obligation.
To facilitate the issuer""s checking whether the verifier of the card presented by the cardholder corresponds to the identifier presented by the cardholder, the cardholder may repeatedly present to the issuer the identifier or a suitable part of the identifier together with the verifier.
In order to have a possibility to notify the cardholder of his mistakenly forming directions specifying fulfillment of the obligation associated with a card, as well as to quicken the discovery of such a mistake, the issuer may additionally check whether the presented directions meets the criteria of correctness of directions established and published beforehand.
The validity of the signature on the issuer""s reply may be restricted by certain conditions. For example, the conditions of the validity of the signature on the reply may be determined by the signature system used or by the issuer himself. In particular, such a condition may be a time period on the expiration of which the signature becomes invalid. The issuer""s signed reply may also contain conditions of the validity of the signature. If there are conditions restricting the validity of the signature, the issuer can present to the cardholder a new signed reply binding certain directions to an identifier received earlier provided the issuer has not already acknowledged the obligation (the cardholder has not presented the verifier of the card), and the signature on the reply presented earlier has become invalid. If, before opening the masking device of the verifier, a cardholder discovers that the conditions of validity of the signature are not fulfilled, then he has a possibility to receive the issuer""s new signed reply, and, in particular, to replace the previous directions by new ones.
If a malefactor learns the identifier of a card before the cardholder uses the card, then the malefactor can request the issuer to fulfill the obligation associated with the card ahead of the cardholder. Such actions of the malefactor will bring him no direct profit and will inflict no direct losses neither on the issuer or on the legitimate cardholder. However this will lead to interruption of the procedure of requesting fulfillment of an obligation, and the parties will be forced to proceed to the dispute resolution procedure. For this reason, the cardholder should preferably keep the identifier of his card secret until he obtains a positive result of verifying the issuer""s signature on the reply binding the identifier of the card and the directions specifying fulfillment of the obligation, which identifier and directions he presented to the issuer in his request.
To lessen the number of disputes caused by malfunction of communication channels, the cardholder may repeatedly send the issuer the request to fulfill the obligation associated with the card if he has received no reply to his previous request. If the issuer discovers that the presented request contains an identifier for which a signed reply has been issued earlier, then he must compare the received directions specifying fulfillment of the obligation with the directions already bound to the given identifier by the reply signed and sent out earlier. If these directions coincide, then the previous signed reply may be repeatedly presented to the cardholder.
Having checked whether the verifier presented by the cardholder corresponds to the identifier presented by the cardholder, the issuer can notify the cardholder of an error or of the acknowledgment of his obligation. To lessen the number of disputes caused by malfunction of communication channels, the cardholder can repeatedly send the verifier of his card to the issuer if he has been notified neither of an error nor of the issuer""s acknowledgment of the obligation.
The issuer may sign his messages in order to prevent a malefactor from presenting to the cardholder a false error notification or some other bogus message on behalf of the issuer, thus confusing the cardholder and forcing him to initiate a dispute.
The reply signed by the issuer may contain additional data, for example, those connected with the procedure of fulfilling the obligation. In particular, the reply may include access passwords, the validity period of the signature on the reply on the expiration of which the signature becomes invalid, etc.