Multiplex communications – Communication techniques for information carried in plural... – Combining or distributing information via frequency channels
Reexamination Certificate
1999-04-08
2001-08-07
Nguyen, Chau (Department: 2663)
Multiplex communications
Communication techniques for information carried in plural...
Combining or distributing information via frequency channels
C380S232000
Reexamination Certificate
active
06272152
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to methods for enhancing security of electronic transactions, and more particularly, to a method for authenticating electronic financial transactions conducted over two-way transmissions via cable alone or via cable in conjunction with a telephone connection.
2. Description of Related Art
The conventional use of cable is for the delivery of video entertainment to the home subscriber. In response to the need to enhance existing services of cable operators, cable equipment vendors have developed terminals and stand-alone modems which support the transmission of data over cable. The data transmission service is offered in addition to the delivery of video entertainment.
Currently, there are two types of data transmission: the one-way transmission and the two-way transmission. The one-way transmission allows text and graphics to be transmitted and displayed on the home television receiver, possibly simultaneously with video data. In addition to transmission of text, graphics, and video data, the two-way transmission allows bi-directional transmission of Internet Protocol (IP) data between the cable subscriber terminal and the cable distribution hub. For small systems, a third party can assume the function of the cable distribution hub.
While two-way communication is possible over cable, i.e., upstream transmissions to and downstream transmissions from the cable distribution hub, less than half of the existing systems are equipped to support upstream transmissions via cable. In the systems where only downstream transmissions via cable are possible, a telephone modem can be made part of the subscriber terminal to provide the upstream transmission capability.
Two-way communication allows financial transactions to be conducted between a cable subscriber and a merchant.
In order to better support electronic transactions over open networks such as the Internet, Visa and MasterCard have developed the Secure Electronic Transaction (SET) protocol to protect the privacy and security of their customers. This protocol takes over when agreement has been reached between the merchant and the cardholder as to the terms of the sale. For the simplest of transactions, the information flow is as follows.
The cardholder first sends a PInitReq message which contains various identifiers, housekeeping data including digests of all certificates in the cardholder computer. One of these certificates binds the cardholder's identity to his public key. Other certificates validate responses from the merchant. This PInitReq message is optional and contains no encrypted data.
The merchant then sends a PinitRes response which, in addition to the housekeeping data, contains reference to lists of revoked certificates. The cardholder's software uses the lists to reject cancelled merchant certificates in its possession. This PInitRes message which is the response to PInitReq message is also optional and contains no encrypted data.
The cardholder then sends a PReq response which contains encrypted cardholder data, and a digital signature which is not within the encrypted data envelope as well as cryptographic construct that links the ordering information with the payment information. Payment data is “tunneled” through to the acquiring bank without being revealed to the merchant. The digital signature format requires inclusion of the certificates that validate the signature.
The merchant then sends a PRes response which gives the status of transaction and housekeeping data, such as authorization and posting dates, etc., associated with the financial transaction. The PRes message is sent in the clear, i.e., with no encryption, but is authenticated with the merchant's digital signature.
Cardholder certificates are used when making an electronic purchase to insure that cardholder information has not been improperly appropriated and used to fraudulently obtain goods and services. SET uses digital signatures and cardholder certificates to ensure the authentication of the cardholder account.
The credit card does not have to be part of the transaction process if the card number or its cryptographic surrogate is stored in the terminal. Since the terminal in any of the cryptographic procedures in SET protocol would not necessarily have to read data from the credit card, the SET process really authenticates the terminal that is participating in the transaction, and only incidentally authenticates the card to which the transaction will be charged.
Thus, the SET protocols have a potential flaw: if the terminal is stolen, or if its software is copied, or if the terminal is somehow commandeered, fraudulent transactions will appear to be perfectly valid and, therefore, will be undetected.
When the authenticating certificate was granted, the terminal did pass the test of being in the possession of a legitimate cardholder. The problem with relying on the SET protocol alone is that no ongoing check is made of whether the legitimacy of the terminal has been compromised afterwards.
Accordingly, it is desirable to have a method and a system for correcting this deficiency.
SUMMARY OF THE INVENTION
The present invention is a method and a system for authenticating an electronic financial transaction conducted between a user owning a terminal and a third party via two-way transmissions between the terminal and a cable distribution hub which includes a validation server. The method comprises the following: (a) extracting a first identification attribute of the terminal from a first transmission message sent from the terminal to the cable distribution hub, which corresponds to a first set of user identifiers residing in a database accessible by the validation server; (b) extracting a second identification attribute of the terminal from a second transmission message sent from the terminal to the cable distribution hub, which corresponds to a second set of user identifiers residing in the database accessible by the validation server; (c) comparing the first and second sets of user identifiers to validate the identity of the user; (d) interrupting the electronic financial transaction if there is a discrepancy between the two sets of user identifiers; and (e) allowing the electronic financial transaction to proceed if there is no discrepancy between the two sets of user identifiers.
REFERENCES:
patent: 3654604 (1972-04-01), Crafton
patent: 4852154 (1989-07-01), Lewis et al.
patent: 5546379 (1996-08-01), Thaweethai et al.
patent: 5608778 (1997-03-01), Partridge, III
patent: 5919257 (1999-07-01), Trostle
patent: 6052785 (2000-04-01), Lin et al.
Frank J. Derfler, Jr. and Les Freed; Mixing Computers and Telephones; How Networks Work, 4th Edition; 1998; pp. 66-67; Macmillan Computer Publishing.
Tom Sheldon; Cable (CATV) Data Networks and Modems; Encyclopedia of Networking, Electronic Edition; 1998; pp. 119-122; Osborne/McGraw-Hill.
Ford, W., et al., “Secure Electronic Commerce,” Prentice Hall, 1997, p. 133.
Bluestein Leo I.
Levin Stuart Z.
Blakely Sokoloff Talyor & Zafman
Nguyen Chau
Trinh D.
TVN Entertainment Corporation
LandOfFree
Use of two-way cable transmissions to augment the security... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Use of two-way cable transmissions to augment the security..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Use of two-way cable transmissions to augment the security... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2495296