Data processing: financial – business practice – management – or co – For cost/price – Postage meter system
Reexamination Certificate
1997-11-05
2001-03-06
Cosimano, Edward R. (Department: 2761)
Data processing: financial, business practice, management, or co
For cost/price
Postage meter system
C705S039000, C714S002000, C714S015000, C714S019000, C714S747000
Reexamination Certificate
active
06199055
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
This invention relates in general to a system and method for providing secure fault tolerant transactions over an unsecured data path. More particularly, the invention relates to a portable processor device that can be coupled to processor-based host systems to conduct financial transactions, such as to receive and retrieve an amount of pecuniary credit.
BACKGROUND OF THE INVENTION
It is often desirable today to conduct trusted transactions, such as financial transactions, with an individual where only limited or no supervision is required of a trusted party, such as an employee of the financial institution. Such automated transactions are common today as automated teller machine (ATM) transactions. There, an individual may conduct a transaction, such as withdrawal of an amount of cash from a bank account, at a location remote from the financial institution and without any supervision or interaction with anyone from the financial institution.
It shall be appreciated that, although no person provides supervision (arbitration) over the transaction, the device with which the individual conducts the transaction provides trusted interaction through the use of secure vaults, passwords, etcetera. For example, the ATM requires an individual to identify an account through information provided on an ATM card and to identify himself through input of a personal identification number (PIN).
Typically, to provide security for the transaction, i.e., to avoid fraud or rogue interception/use of transaction information, the transactions are conducted using secure links. For example, because the account information and the associated PIN are stored on the ATM card, the ATM provides a secure link between the ATM card and the ATM, such as by accepting the card for reading of the information within the secure confines of the ATM itself. However, often it is desirable to conduct such transactions remotely, such as for example the electronic transmission pecuniary value for use in a value dispensing device such as a postage meter.
Although information security techniques, such as encryption of transmitted electronic data, may be utilized to maintain a certain amount of security in a transaction conducted remotely, there are additional problems to be overcome, especially in the case of financial transactions. In the case of the ATM transaction above, it should be realized that when the individual withdraws an amount of cash from an account there are at least two transactions that take place. Initially, the ATM must deduct from the individual's account records an amount equal to the cash amount ultimately to be dispensed to the individual. Additionally, the ATM must dispense an amount of cash, or cash value, equal to the amount deducted from the individual's account records to the individual. If the withdrawal transaction were to be interrupted between these two steps, i.e., the individual's account is debited but the individual does not receive the amount of cash, the failed transaction will result in error in at least one party's status.
A technique used to ensure such transactions do not result in an undesired state if interrupted is the “two-phase commit.” Here a centralized arbiter, such as a central processor or server, will ensure that a transaction that involves more than a single step does either all or none of the steps. If the transaction fails to complete the final phase of processing all the updates made so far are reversed automatically. Accordingly, if the transaction were to be interrupted before the individual received his cash, the ATM would reverse the debit to the individual's account.
It should be appreciated that the two-phase commit requires central control or arbitration in order to reliably determine/command a complete transaction or a complete reversal. This requirement is not a problem in the ATM example, as the ATM provides a secure environment in which to conduct the transaction. However, conducting remote transactions, as is often desired, does present a problem for a two-phase commit type solution.
In the case of the aforementioned postage meter, remote credit transfer likely includes the use of unsecured communication links, such as a public switched network (PSN) to interact with a user or service not under control of a trusted party. Moreover, a single arbiter is unable to reliably determine/command a compete transaction or complete reversal as communication with the remote site may be lost, either accidentally or purposefully.
A need therefore exists in the art for a system and method for reliably providing secure fault tolerant transactions, such as financial transactions, through the use of remotely located devices.
There is a further need in the art for a secure portable processor device to provide trusted interaction with a remote device in conducting a transaction.
There is still a further need in the art for a system and method for providing complete financial transactions between coupled devices or for resetting such devices in the event of a failure to complete the financial transaction. Likewise, there is a need in the art to provide for such financial transactions over an unsecured data path while maintaining security and fault tolerance.
A yet further need exists in the art for a system and method for recording, as transactions take place, information about each transaction and maintaining a log of the most recent transactions, in order to provide resetting of the devices and/or management functions such as detection of fraud.
SUMMARY OF THE INVENTION
These and other objects, features and technical advantages are achieved by a system and method wherein a secure portable device is constructed with a memory and having a processor controlling that memory. The device is arranged to communicate with a host processor based system, such as a PC, in order to exchange instructions therewith.
The portable processor device has on board certain security related fields, such as cryptographic keys, the current date and time, the balance, random number generators, number of transactions that have taken place on the device, and the serial number of the device. It also has on board, when the user initializes/authorizes the device, information about the owner of the device including his/her name, the registration number and other information about the owner such as the user's address and password.
Typically, the portable processor device will consist of a general purpose processor device which, as produced, includes certain necessary components for utilization as a secure portable processor according to the present invention. Upon initialization, a “raw” general purpose processor device will be adapted to operate according to the present invention. For example, program structure including a limited number of commands will be downloaded to firmware in the portable processor. Likewise, memory areas and cryptographic keys will be initialized in the device. Upon completion of initialization, the ability to change this initialization information will be “locked down,” or irreversibly established, in order to unalterably define the general purpose processor device as a portable processor of the present invention.
In order to utilize a particular portable processor device, a user will be required to receive authorization. The authorization process is to set up the secure device for use by a particular user and/or for particular purposes according to the present invention. Authorization may include the storage of certain information within the portable processor itself, such as the aforementioned information about the owner of the device including his/her name, the registration number and other information about the owner such as the user's address and password. Additionally, authorization may include recording certain information, such as identification of the portable processor device or the identification of a particular user associated with a portable processor device, at a centralized database for use in valid
Desai Manish
Hinh Ken D.
Husain Mohammas A.
Kara Salim G.
Pagel Martin J.
Cosimano Edward R.
E-Stamp Corporation
Fulbright & Jaworski L.L.P.
LandOfFree
System and method for providing fault tolerant... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for providing fault tolerant..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for providing fault tolerant... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2547294