Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-08-31
2001-09-11
Trammell, James P. (Department: 2161)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06289457
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to the field of security in data processing and electronic commerce and particularly to methods and apparatus for secure storage and transfer of electronic funds and other value data.
Data processing systems have been used to store and transfer electronic funds, encryption codes and other value data. To deter theft of the value data, data processing systems have employed devices having some form of security control (security controlled devices). An example of such data processing systems are electronic funds systems where the security controlled devices are smart cards. Another example of such data processing systems are cryptographic systems where the security controlled devices are stores for encryption codes and algorithms for encrypting data. While cryptographic techniques have been used to protect communications to and from security controlled devices, cryptology alone does not protect against the theft of the security controlled devices themselves. Electronic funds, encryption codes and other value data can be stolen from a data processing system by stealing the security controlled devices themselves thereby stealing the value data contained therein or associated therewith.
In the field of electronic commerce, wire transfers are one electronic method for the transfer of value that involves the transfer of funds from one trusted party to another. In a wire transfer, one party makes a debit book entry and the other party makes a credit book entry as a result of value data electronically sent from one party to another in accord with preestablished procedures agreed to by the parties. The wire transfers are usually subject to clearing operations to verify that the debit and credit entries have been made correctly and to reconcile the accounts between the parties. The security of the wire transfer of funds is higher if the value data transfer that implements the wire transfer is encrypted using electronic encryption/decryption devices, codes or algorithms. Such electronic encryption/decryption devices or the devices that store the codes or algorithms need to be security controlled devices since, if these devices are stolen, the security of the wire transfers is compromised.
In the field of electronic commerce, electronic cash is another electronic method for the transfer of value that involves the transfer of funds from one party to another. Electronic cash methods include two types of transfers, namely certificated value and net value transfers.
For the certificated value type of electronic cash, an issuer generates electronic value or transaction records, generally cryptographically encoded and signed, that represent distinct amounts of value. These electronic value or transaction records may be passed from one electronic cash device to another electronic cash device. For example, the transfer of funds occurs from a small portable electronic cash device (smart card) held by one party to an electronic cash device held by another party. In one form common to consumers, smart cards are portable cards similar in form and size to common credit or debit cards. In an alternate miniature form, the size is reduced to contain small contact area and internal electronics only. Typically, a smart card is issued by the issuer and dispensed to a first party (for example, a purchaser) where the card is pre-loaded or subsequently loaded with stored electronic value or transaction records (certificates), the electronic value record (certificate) is passed by the first party to an electronic cash device of another party (for example, a merchant) and, eventually, the electronic value record (certificate) is returned to the issuer by the other party for redemption in the amount of the electronic value record (certificate). Usually, electronic cash devices used by merchants, banks and other financial institutions are under the administrative and technical control of an issuer. Electronic cash devices that contain electronic value records need to be security controlled devices since, if these devices are stolen, the amount of money represented by the electronic value record (certificate) can be permanently lost.
For the net value type of electronic cash, the electronic value is represented by the net amount stored in an electronic device without need for further external accounting. Specifically, in the net value type of electronic cash, the value is not represented by electronic certificates or transaction records that must be transferred and redeemed from an issuer. The net value type of electronic devices are called value stores and each is capable of storing a net amount of value that reflects the accumulated aggregate of value transfers from and to that value store from other value stores.
Value stores can be implemented using cards (smart cards) that are similar to those used for the certificated value type of electronic cash except that the rules controlling the transfer of value are appropriate for the net value type of electronic cash. In an electronic funds system, merchants, banks or other institutions are the issuers that issue value stores (in the form of smart cards) to customers. The issuer in turn retains value stores capable of performing transactions with the value stores of its customers and others. An issuer may require tens or hundreds of value stores to conduct transactions with the value stores in the possession of its customers or correspondent institutions. Electronic value stores need to be security controlled devices since, if these devices are stolen, the amount of money represented by the electronic net value stored can be permanently lost.
Physical security is a typical method of protecting security controlled devices. In electronic funds environments, the individual security controlled devices are small devices that are easily concealed and moved. If the security controlled devices are value stores in a bank or other institution, the value stores are frequently contained in locked and guarded vaults with stringent access controls to the vaults. However, such physical security alone is increasingly difficult and insufficient as security controlled devices are further miniaturized and as security controlled devices are distributed to remote locations and institutions without vaults.
Because of the limitations and high costs of physical security, various methods have been provided to electronically enable and disable security controlled devices so that in the disabled state, they offer a reduced value to potential thieves. Previous systems have reduced the incentive for theft by manually removing value data from security controlled devices or by using secure operating modes for transfers involving security controlled devices.
The secure operating modes for security controlled devices are frequently manually implemented and frequently employ a data key such as a Personal Identification Number (PIN). In one commonly used implementation, a value store may be locked to inhibit the normal action of removing electronic funds so that restoration of the ability to remove electronic funds from the value store that is disabled or locked requires use of a previously determined PIN to unlock the value store. The PIN number may or may not be changeable depending on the design of the value store. Procedures are required for creation and distribution of PIN numbers, and of course the consequences of performing incorrect security procedures renders the value store not accessible by the ordinary means.
In another PIN implementation, a PIN number is required for the lock operation as well as for the unlock operation. The lock and unlock PIN numbers may be the same or different and they each may be fixed or changeable. In this variation, transaction durations are increased in order to accommodate the lock and unlock operations and sustainable transaction rates to value stores are reduced because of the PIN operations that must be performed. Difficulties resulting from the distribution of and procedures for use of PIN numbers rema
Bishop Richard Leslie
Slusher Jay Raymond
Amdahl Corporation
Elisca Pierre Eddy
Lovejoy David E.
Trammell James P.
LandOfFree
Value data system having containers for theft deterrent... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Value data system having containers for theft deterrent..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Value data system having containers for theft deterrent... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2476653