Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-05-20
2004-03-09
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S067000, C235S382000
Reexamination Certificate
active
06704715
ABSTRACT:
The domain of this invention is remote services offered by financial organizations such as banks and/or insurance companies to their customers.
More precisely, the invention relates to a method and a system enabling customers of a bank or an insurance company to securely and quickly access services offered by the said bank or insurance company to its customers, from a remote location using a microphone connected to a communications network.
The problem that arises is to prevent a dishonest user from accessing the services offered by the bank or insurance company without being authorized to do so, without paying the corresponding costs, or from claiming that he did not request the services that were debited to him.
To solve this problem it has been proposed to use access keys generated by the customer using peripheral equipment. Apart from their costs, these solutions are not very practical and take a long time to set up. The problem that arises can only really be solved if a solution is known to another problem—how to design a method and system that is convenient to use and that can be quickly and economically installed. Ease of use and time savings are major problems for any product aimed at the general public, and cannot be ignored.
In other domains, such as telephone subscriber cards (document CA 2 085 775 in the name of Michel BOURRE), telephone games (document FR 2 702 181 in the name of Lucas GORETA), and telephone number dialers (document WO 96 04741 in the name of Andrew MARK), it has been proposed to use a card emitting DTMF type encrypted acoustic signals. Thus, the holder of a card of this type can couple it to the microphone in the telephone handset to automatically transfer his identifiers to the computer services. Since these identifiers are encrypted, it may be thought that a third party will be incapable of understanding the contents. However, there is nothing to stop the signals emitted by the card from being recorded, and a defrauder in possession of this type of recording could substitute himself for the card holder.
Therefore the solutions proposed by M. BOURRE, L. GORETA and A. MARK, transposed to remote services offered by financial organizations, would not prevent a dishonest user from accessing services offered by the bank or insurance company without authorization.
Patent application DE,A,43 25 459 deposited by Raymond H. EILESE describes a calculator that emits acoustic identification signals that vary in each operation. Therefore, there is no point in a defrauder recording this type of acoustic signal. However, its large size, the fact that it is cumbersome and inconvenient to use and its high cost price prevent it from satisfying the objectives of this invention, namely to design a method and a system that are convenient to use and can be quickly and economically installed. In fact, a customer of a bank or an insurance company will not call upon the services of the said bank or the said insurance company unless access is fast and easy.
The objectives of this invention are achieved, and the problems that arise with techniques according to prior art are solved according to the invention by means of a method comprising the following steps:
the bank or insurance company provides each of its customers with a card, the same size as a credit card, customized by identifiers specific to each card and to each customer,
the said card emits short acoustic DTMF type identification signals, at least partly encrypted and varying for each operation, when the customer of the bank or insurance company (
12
) uses it,
the said acoustic signals are received by the microphone and are transmitted through the communications network to the bank or insurance company's computer service,
the transmitted signals and the customer and card identification data stored by the computer service are processed and electronically compared by the bank or insurance company's computer service.
Thus with this method, the bank or insurance company can verify that the caller actually has an authentic card and not a computer artifice. He can also identify the card holder as being a person authorized to use the offered services. Consequently if the results are conform, the customer is immediately put into contact with the voice server of the bank or insurance company. Furthermore, defrauders cannot determine identification data since they were automatically transmitted in encrypted form. Furthermore, with the recorded acoustic signals in any form whatsoever, a defrauder will be unable to identify himself to the bank or insurance company's computer services and benefit from their services. The acoustic identification signals are different for each operation, in other words every time that the card is used.
It is noted that, as the term is employed in this specification, the emission of acoustic signals by the card is considered to be “use” of the card. Thus, when it is stated herein for example that the acoustic signals are different every time the card is used, it is to be understood that the acoustic signals are different each time they are emitted.
Preferably the said card:
also counts the number of times C(p,n) that it is used,
emits acoustic signals representing the number of times C(p,n) that it has been used,
encrypts acoustic signals as a function of the number of times C(p,n) that it has been used.
Also preferably, the said computer means for processing and electronically comparing the transmitted signals and the customer and card identification data held by the bank or insurance company's computer service,
store the number of times C(p,m) that the card has been used at the time of the last validated operation,
compare the number of times C(p,n) that the card has been used at the time of the current operation, with the memorized number of times N
1
,
refuse the current operation if C(p,n) is less than or equal to C(p,m) and continue verifying the current operation if C(p,n) is greater than C(p,m),
recalculate electronic signals S′ (p,n) as a function of identification data and the number of times C(p,n) that the card was used, during the current operation, and then compare them with the transmitted electronic signals S (p,n). If the values agree, the customer may then immediately be connected to the voice server of the bank or insurance company.
Note that the use of a microcircuit to encrypt, by means of a counter, identification codes exchanged between an emitter and a receiver was described in patent application EP 0 459 781 A1 deposited in the name of NANOTEK LIMITED.
In order to increase security, in one variant embodiment, the method also comprises a step in which the customer uses a keypad associated with the microphone and/or the card to send a pin code. After transmission to the bank or insurance company's computer service through the communications network, this pin code is processed and compared with the customer's pin code held by the bank or insurance company's computer service.
Thus the bank or insurance company can check that the caller is actually the person authorized to be connected to their services. A stolen card cannot be used by the thief, since he does not know the pin code.
In another variant embodiment also designed to increase security of the method and to make it impossible for the customer to dispute the order that he made to the bank or insurance company, the method also includes the following steps:
orders given by the customer to the bank or insurance company are validated by the customer by using the card so that it sends an encrypted acoustic validation signal,
the computer service records the said validation signal.
Advantageously, an acknowledgment is sent to the customer.
With this method, the customer used an electronic signature to validate the order that he gave to the bank or insurance company.
The invention also relates to a system enabling customers to a bank or insurance company to quickly and reliably access services offered by the said bank or the said insurance company to their customers. This system
Gayet Alain
Moulin Jean
Rosset Franck
Fintel S.A.
Huseman M.
Merchant & Gould P.C.
Trammell James P.
LandOfFree
Method and system for ensuring the security of the remote... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for ensuring the security of the remote..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for ensuring the security of the remote... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3242480