Data processing: financial – business practice – management – or co – Automated electrical financial or business practice or... – Finance
Reexamination Certificate
1998-07-21
2002-05-21
MacDonald, Allen R. (Department: 2765)
Data processing: financial, business practice, management, or co
Automated electrical financial or business practice or...
Finance
C070S039000, C070S041000
Reexamination Certificate
active
06393411
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to the field of electronic commerce and more particularly to methods and apparatus for secure electronics funds transfer.
In the field of electronic commerce, electronic cash is an electronic method for the transfer of value that involves the transfer of funds from one party to another. Electronic cash methods include two types of transfers, from an electronic cash device held by one party to an electronic cash device held by another, namely certificated value and net value transfers.
For the certificated value type of electronic cash, an issuer generates electronic value or transaction records, generally cryptographically encoded and signed, that represent distinct amounts of value. These electronic value or transaction records may be passed from one electronic cash device to another electronic cash device. For example, the transfer of funds occurs from a small portable electronic cash device (smart card) in the possession of one party to an electronic cash device in the possession another party. Typically, an electronic cash device for certificated value is issued by the issuer and dispensed to a first party (for example, a purchaser) where the card is preloaded or subsequently loaded with stored electronic value or transaction records (certificates), the electronic value record (certificate) is passed by the first party to an electronic cash device of another party (for example, a merchant) and, eventually, the electronic value record (certificate) is returned to the issuer by the other party for redemption in the amount of the electronic value record (certificate). Usually, electronic cash devices used by merchants, banks and other financial institutions are under the administrative and technical control of an issuer.
For the net value type of electronic cash, the electronic value is represented by the net amount stored in an electronic cash device without need for further external accounting. Specifically, in the net value type of electronic cash, the value is not represented by electronic certificates or transaction records that must be transferred to and redeemed from an issuer. The net value type of electronic cash device is capable of storing a net amount of value that reflects the accumulated aggregate of value transfers from and to that net value electronic cash device from other net value electronic cash devices.
Net value electronic cash devices can be implemented using devices that are similar to those used for the certificated value type of electronic cash except that the rules controlling the transfer of value are appropriate for the net value type of electronic cash.
In an electronic funds system, merchants, banks or other institutions are the issuers that issue electronic cash devices to customers. Typically, these electronic cash devices are issued in the form of a smart card, which is a device containing internal electronic components that is packaged in a standardized manner similar in form and size to a common credit or debit card. The terms electronic funds and electronic cash include money, frequent flyer miles or any other measure of value.
The secure operating modes for electronic cash cards are frequently manually implemented and frequently employ a data key such as a Personal Identification Number (PIN). In one commonly used implementation, an electronic cash card may be locked to inhibit the normal action of removing electronic funds so that restoration of the ability to remove electronic funds from the card that becomes disabled or locked requires use of a previously determined PIN to unlock the card. The PIN number may or may not be changeable depending on the design of the card. In another PIN implementation, a PIN number is required for the lock operation as well as for the unlock operation. The lock and unlock PIN numbers may be the same or different and they each may be fixed or changeable. In a high-security variation, a PIN number unique to the lock operation must be supplied with the lock operation and also to reverse the lock operation. This variation is sometimes called a single-use key method. In another high-security variation, the electronic cash device requires the presentation of the PIN number before every occurrence of some or all operations, but the relocking is automatic after each operation.
Although PIN locking is useful to prevent unauthorized transfer of funds from an electronic cash device when it is locked and so is not in use, it does not prevent unintended extraction of funds when the electronic cash device is in use, as when in use connected to a computer system for payment of goods or services to a remote vendor.
By way of example, the intrusions into computing systems could be introduced from any of the following sources:
Deceitfully an application or operating system in a computer could contain instructions waiting for a special circumstances so that the developer or distributor of the application or operating system could defraud the user, a “Trojan horse” waiting for activation.
As an unintended side effect of an apparently unrelated operation, a user of the computing system could introduce code, a “virus”, that corrupts an application or the operating system with deleterious effects.
In a network, code (possibly transient), an “applet”, that has unaccounted side effects may be introduced by the receiver of funds.
As an alternative to using the display and data entry devices of computing systems, full function devices including a keyboard have been built or adapted to connect to computing systems for control of funds transfers. The full function devices typically have the disadvantages that:
They are costly in the sense that they require the additional size and/or cost of a keyboard and other full functionality.
They require keying or re-keying of the amount of electronic funds to be transferred which is time consuming and error prone.
They do not allow keying of a limit amount that may be transferred in increments over time, an action that is desirable when paying for a resource as it is used, a per-page of information or a per-minute of use fee, for example.
In light of the problems of prior art systems, there is a need for improved methods and apparatus for secure electronics funds transfers.
SUMMARY OF THE INVENTION
The present invention is a secure funds device for use with a computer system, such as a personal computer, for transferring funds, in response to a funds transfer request for amounts of funds from the computer system, to a funds receiver. One or more electronic cash devices store electronic funds and transfer funds in response to funds transfer requests when authorized by an authorization signal. A processor is used for connecting the funds transfer request from the computer system to the electronic cash device and for transferring electronic funds from the electronic cash device to the computer system when the authorization signal is present. User control means, including for example a visual or audio indicator and a pushbutton switch actuator that are not directly accessible by the computer system, are used for providing the authorization signal. The secure funds device has a secure interface that prevents the computer system from generating the authorization signal and hence the present invention prevents a computer from making unauthorized transfers from a electronic cash device. The electronic cash device and any of selected parts of or all of the secure funds device may be implemented as a smart card, including a card reader, whereby the smart card is protected from unauthorized transfers by the computer.
The secure funds device operates in sessions that include a preparation phase where the computing system prepares the secure funds device for the remote transfer of electronic funds for the fund receiver, an authorization phase where the secure funds device displays the amount of the funds transfer and generates the authorization signal in response to depression of a user button or other actuator, and a funds transfer phase where the
Bishop Richard Leslie
Freeman Robert Peter
Amdahl Corporation
Irshadullah M.
Lovejoy David E.
MacDonald Allen R.
LandOfFree
Device and method for authorized funds transfer does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Device and method for authorized funds transfer, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Device and method for authorized funds transfer will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2904620