Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1998-04-22
2003-09-02
Mullen, Thomas (Department: 2632)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C235S379000, C705S039000, C713S172000
Reexamination Certificate
active
06615193
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
The invention provides a method of electronic value payment that uses a “block” value tagging means that can be used for the detection of fraud in electronic value payment systems. Additionally, the invention applies tag flow control mechanisms to facilitate value auditing across complex operational hierarchies. The invention is practical to implement, flexible enough for use in numerous operational scenarios and independent of actual electronic value representation and encryption mechanisms that may be applied. The size of “blocks” of tagged value in the invention is arbitrary and different levels of granularity can be used.
BACKGROUND OF THE INVENTION
Any system that uses electronic representation of some associated value may be termed an electronic value system. Such systems circumvent the exchange of actual value in favour of the ease of storage and exchange of an electronic representation of that value. The plethora of current electronic value exchange systems can be characterized in two ways, those that are audited, and give rise to the issue of invoices authorising and recording payments, and those that are unaudited, in that they comprise immediate exchange of tokens which have some attributed value. This invention provides a means to detect fraud in electronic value exchange systems. It has primary application in unaudited systems but may also be used as an additional security means for systems that are audited.
Value reconciliation in an audited electronic value exchange system assumes issue of an explicit instruction, or invoice, that authorises value reimbursement between the centrally held accounts of the parties involved in the payment. This gives rise to a record of payment that builds an audit trail that can be traced in order to detect fraudulent value exchanges. Security is high but there is no anonymity and the auditing adds an additional cost to each transaction.
Electronic value payment methods that comprise the exchange of tokens, vouchers, or equivalent electronic money representations do not require an audit of each transaction. The transaction, or value exchange, process is essentially anonymous and no record is necessarily made of the identity of the payment parties, although receipts giving these details may be issued. The value exchange, from payer to payee, is made on the basis of mutual consent and no independent reference is made to either party in the transaction. The payment proceeds only on the basis that the payer has sufficient funds in terms of the number or value of tokens, and that the payee is willing to accept them. Implicit in this process, and that of other similar transaction methods, is trust. To participate in a transaction there must be a strong belief that the tokens exchanged are guaranteed by some third party, have some associated value and that every effort has been made to prevent counterfeiting and fraud.
It is known that there are fixed costs associated with the processes of auditing and value reconciliation. The auditing cost may represent only a small percentage of large value transactions but can make small value transactions uneconomic. The cost imbalances associated with low value transactions makes auditing comparatively expensive and inappropriate. Electronic value transaction systems that do not audit each transaction can therefore make considerable cost and efficiency savings and are therefore desirable. However, the lack of direct transaction auditing means that these systems must make additional safeguards to prevent the introduction of counterfeit value. Counterfeit prevention mechanisms must be practical, cost effective, add little or no overhead to the transaction process, be hidden from the user, allow detection of fraud at the earliest opportunity and ideally give some indication of the level of fraudulent value present in a system should a breach of security occur. Additionally, counterfeit prevention and fraud detection systems should maintain user anonymity.
Consider, for example, the use of telephone payment cards. These cards perform the fundamental task of value storage. They are purchased from a vendor and have a value associated with them that corresponds with the number of tokens that they contain. In use, at appropriately equipped telephone points, value is debited, or tokens are removed, from cards in exchange for telephone services. The telephone system operator has no means with which to identify the card user, other than through assumptions or inductive reasoning, and payments for services are therefore received anonymously. In order to reconcile card sales against phone usage, aggregate statistics of value debited from cards are accounted for by the telephone operators. However, a full system account is not usually possible since much value will always remain on cards in circulation that cannot be readily audited. Sizeable levels of fraudulent value may therefore remain hidden from scheme operators.
An area of growth for electronic value payment is that of “means of exchange” payment devices. Electronic payment schemes of this type aim to encompass the fundamental properties of traditional cash and will perhaps in future become a replacement for it. Technologies applied in this area allow secure electronic value storage, portability and person to person payment mechanisms. If electronic value systems of this type succeed in their goal of cash replacement then full transaction auditing not only becomes problematic, in terms of storage and cost of processing, but also undesirable if payment anonymity is to be maintained.
Checking mechanisms are applied in such schemes to verify the authenticity of cards and are applied to guarantee the integrity of value transfers to prevent fraud and the potential manufacture of value. Wired logic authentication and encryption response mechanisms are designed to limit the scope of fraud and identify valid cards from those that may have been tampered with or those that may be counterfeit. Public key encryption techniques are also used to verify the authenticity of both parties in a transaction, encrypt messages passed between them, and to prevent message snooping. Encryption schemes used in such exchanges rely on unique card identity mechanisms, transaction numbering or random number generation techniques to create unique encryption sequences that cannot simply be recorded and replayed in order to transfer falsified value between parties.
The growth of telecommunications and the internet offer huge potential for electronic value exchange systems. It is no longer necessary for the payer and the payee in a transaction to be physically located in the same place. Electronic transactions can be made across networks, between an individual and a remotely located point-of-sale device, or between two individuals in different locations. There is no longer the need for physical movement of value with it's inherent costs and security risks. However, the flexibility of these new electronic payment forms introduces new security risks for scheme operators. Transglobal electronic value usage increases the problems associated with system monitoring and provides great potential for rapid distribution, or laundering, of fraudulent value should its manufacture prove possible.
Throughout these types of systems there is a need for fraud detection mechanisms. The present invention provides the means for electronic value exchange system operators to detect fraud, provides means to assess the levels of fraudulent exposure that have occurred and allows additional information that may have relevance to security and scheme operation to be exchanged.
Stored electronic value systems use number or token representations to describe value. Typically a value representation will consist of a string of binary bits but may also consist of a set of uniquely stored tokens. Electronic payment devices (EPDs) that are capable of storing and exchanging electronic value can take a variety of forms. Actual value storage on an EPD is system or scheme dependent and may
Feldman Konrad Simeon
Kingdon Jason
Mangat Annoop Singh
Taylor John Christopher
Wicks Tony James
Fulbright & Jaworski L.L.P.
Mullen Thomas
Searchspace Limited
LandOfFree
Monitoring system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Monitoring system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Monitoring system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3011310