SYSTEM AND METHOD FOR PROCESSING A SECURE CONSUMER TRANSACTION THROUGH A NETWORK
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method and system for processing a secure consumer transaction through a computer network.
2. Background Information
Computer networks have been established to interconnect a large number of computers. There are many types of networks including local area networks (LANs), metropolitan area networks (MANs) and wide area networks (WANs). There are various types of WANs that are operated by public entities. These networks are commonly referred to as public data networks (PDNs). One popular PDN operates in accordance with a transmission control protocol and an internet protocol (TCP/IP) that is commonly referred to as the Internet.
The Internet includes a number of routers that route information transmitted between computers and computer systems. The routers contain memory, logic circuitry, etc. that receives information, determines a destination for the information, and then transmits the information. Additionally, server computer systems have been connected to the Internet. The server may contain a web site written in a Hypertext Markup Language (HTML) that can be readily transmitted to another computer for viewing by an end user of the system. The web site may have a graphical user interface (GUI) that allows the end user to interact with the site.
There has been developed a number of merchant web sites that allow consumers to purchase goods and services through the Internet. To complete a transaction to purchase goods and/or services the consumer
must typically provide confidential debit or credit information that allows the merchant to receive payment from a financial institution such as a bank, or credit card institution. The confidential information may be a credit card number, or a personal identification number (PIN) asociated with an automatic teller machine (ATM) card. This information can be entered into the consumer's computer by entering information through a pin pad, and/or swiping a card through a magnetic card reader.
The debit/credit information is transmitted into the network by the consumer's computer. The information is routed by routers, and then stored and processed by both the merchant and financial information servers/systems. The confidential credit/debit information may be illegally accessed during the transmission or retention processes. To prevent such illegal access there has been developed a number of security systems and protocols to encrypt data that is transmitted through the Internet. For example, a secure socket layer (SSL) protocol has been widely used to encrypt data transmitted through the Internet. The SSL protocol allows client computers to exchange certified public keys, set up a session key, encrypt data, authenticate digital signatures and decrypt data.
U.S. Patent Nos. 5,461,217; 5,367,572; 5,524,073; 5,524,072; 5,493,613; 5,517,569 and 5,809,143 all disclose systems for entering credit/debit information through a pin pad and/or magnetic reader and then encoding/encrypting the information for transmission through a network. For example, the ' 143 patent discloses a secure keyboard that encrypts confidential information, and then transmits the encrypted information to a secure host computer. The host computer can then send a request to a bank server and a merchant server to complete a commercial transaction. In this system the merchant server receives the confidential information. The merchant server thus provides another point of entry for illegal access to the information.
Systems and security methods of the prior art are still susceptible to illegal access of the consumer's confidential information. It would be desirable to provide a system and method that enhanced the security of a consumer transaction through a network.
BRIEF SUMMARY OF THE INVENTION
One embodiment of the present invention includes a consumer computer that is coupled to a merchant server through a network. The network also couples the merchant server and the consumer computer to a transaction server. The transaction server can be coupled to a processing network that can authorize a consumer transaction between the consumer computer and the merchant server. The transaction server can transmit a transaction process to the consumer computer. The transaction process may include a proprietary encryption algorithm that encrypts confidential information that is transmitted to the transaction server in a request to authorize the transaction between the consumer computer and the merchant server. The confidential information may be located within two or three layers of encryption. The transaction server obtains authorization from the processing network. The authorization is provided to the merchant server and consumer computer so that the consumer transaction can be completed. The confidential information is then purged from the transaction server. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is an illustration of an embodiment of a network system of the present invention;
Figure 2 is a schematic showing a consumer computer of the network;
Figures 3a-d are flowcharts showing a method for processing a consumer transaction through the network.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
In general the present invention includes a method and system for processing secure consumer transactions through a network. The system includes a consumer computer that is coupled to a merchant server through a network. A consumer can "shop" on a web site provided by the merchant server. After selecting the goods and/or services to be purchased the consumer can then enter a request to "checkout" and complete the sale. The merchant server instructs the consumer computer to upload a transaction process from a transaction server. The transaction process may include a proprietary encryption algorithm.
The consumer may enter confidential credit/debit information by either swiping a credit card or automated teller machine (ATM) card through a magnetic reader coupled to the computer. A personal identification number (PIN) is also entered through a pin pad when an ATM card is used by the consumer. The confidential information is encrypted by the proprietary encryption algorithm and then encrypted again when transmitted to the transaction server with a secure socket layer (SSL) protocol. If an ATM card is used the PIN may be initially encrypted within the pin pad before being encrypted by the proprietary encryption algorithm. The confidential information may therefore have three layers of encryption, pin pad encryption, proprietary algorithm encryption and SSL encryption.
The consumer computer transmits the encrypted confidential information in an authorization request provided to the transaction server. The transaction server decrypts the data and transmits an authorization request to a processing network. The processing network may include a bank server that transmits an authorization grant to the transaction server. The transaction server then transmits an authorization id message to the merchant server and the consumer computer so that the transaction can be completed. The merchant server does not receive the confidential
information from either the consumer computer or the merchant server. The confidential information is purged from the transaction server.
The three layers of encryption decreases the likelihood of a successful illegal access of the confidential information. Additionally, security is enhanced because the confidential information is not provided to the merchant server and not retained by the transaction server. Uploading the transaction process and the proprietary encryption algorithm further reduces the likelihood of a third party illegally accessing the confidential information. The proprietary algorithm is only resident on the transaction server. A network firewall may be placed between the transaction server and the network to prevent illegal access to the server.
Referring to the drawings more particularly by reference numbers, Figure 1 shows an embodiment of a system 10 of the present invention. The system 10 may include a consumer computer 12 that is coupled to a network 14. The network 14 may include various routers, computers, etc. interconnected and operated in accordance with TCP/IP protocols and commonly referred to as the Internet. Although an Internet network is described, it is to be understood that other networks can be employed in the present invention.
The system 10 may further have a merchant server 16 coupled to the network 14. The merchant server 16 may have a resident web site that allows a consumer to purchase goods and/or services. The merchant server 16 may also have a resident at least a portion of a program that allows a secure consumer transaction to occur through the network 14. This program will hereinafter be referred to as the Autotecq program. The consumer computer 12 may also have a portion of the Autotecq program resident within the computer 12. Both the consumer computer 12 and the merchant server 16 can be coupled to the network by an Internet Service Provider (ISP) connection 18.
The system 10 may further have a transaction server 20 that is coupled to the network 14 by a router 22 through an ISP connection 18. The transaction server 20 may operate with the LINUX operating system. Although a LINUX based server 20 is described, it is to be understood that the transaction server 20 may operate with other operating systems. The transaction server 20 has resident at least a portion of the Autotecq program. The system 10 may further have a firewall 24 to prevent illegal access to the transaction server 20.
The transaction server 20 may be coupled to a processing network 26. The processing network 26 may include a bank server (not shown) that can process an authorization request to complete a consumer transaction. The processing network 26 may be coupled to the transaction server 20 by a dedicated leased transmission line 28 to minimize the illegal access to information transmitted over the line 28. The Autotecq program resident in the transaction server 20 can be written to operate with various operating systems and software languages used in the processing network 26.
Figure 2 shows an embodiment of a consumer computer 12. The computer 12 may include a microprocessor 30, memory 32 and an input/output (I/O) interface 34. Memory 32 may include both volatile and non-volatile memory. For example, memory 32 may include a dynamic random access memory (DRAM) device(s), a read only memory (ROM) device(s) and a hard disk drive. The I/O interface 34 both transmits and receives information through network line 18.
The processor 30 performs software routines in accordance with instructions and data that are stored in memory 32. The software routines may include a search engine commonly referred to as a browser for searching web sites connected to the Internet. The processor 30 and memory 32 can be coupled to a keyboard, monitor, mouse, etc., as is known in the art.
A pin pad 36 may be coupled to the computer 12 through I/O ports 38 and 40. The pin pad 36 may include a magnetic reader 42 that can read confidential information stored on the magnetic strip of a card (not shown). By way of example, the card may be a credit card that contains confidential credit card information, or the card may be an ATM card that provides confidential PIN and banking information. The pin pad 36 may further have a keypad 44 that allows a consumer to enter a PIN or other information.
The pin pad 36 may have memory and logic circuits 46 that can encrypt a PIN entered through the keypad 44. By way of example, the memory/logic circuits 46 may encrypt the PIN with a master key that is stored in memory and a key encrypt key (KEK) provided through the network to create an encrypted PIN block. The PIN block can be sent to the computer 12 through the I/O ports 38 and 40. The encryption may be performed with standard DES ATM encryption known in the art. The memory/logic circuit 46 may become disabled if a third party attempts to illegally access the memory of the pin pad 36.
Figures 3a-d are flowcharts showing a method for processing a secure consumer transaction through a network. A method for processing a secure consumer transaction will be described with reference to Figs. 1, 2 and 3a-d. The process is performed in accordance with the Autotecq program. Initially, at least some portion of the Autotecq program is resident within the merchant server 14, consumer computer 12 and transaction server 20. The consumer computer 12 is connected to a web site resident on the merchant server 14. The consumer can select to purchase goods and/or services listed on the web site. The web site may have a graphical user interface (GUI) that allows the consumer to readily make the selections, as is known in the art.
As shown in process block 100, the consumer may select a checkout button to complete the consumer transaction. The selection of goods and/or services and other information is transferred to the Autotecq program resident in the merchant server 16 in process block 102. In process block 104, the merchant server 16 transmits transaction information and an instruction to upload a transaction process from the transaction server 20 to the consumer computer 12. The transaction information may include the identity of the consumer computer 12 and the cost of the items selected.
In process block 106, the transaction server 20 transmits a transaction plug-in process to the consumer computer 12. The transaction process may append to the browser program within the computer 12. The transaction process may include a proprietary encryption algorithm. The encryption algorithm may be an algorithm specifically written by the proprietor of the Autotecq program and/or the transaction server 20. For example, the proprietary encryption algorithm may be a program provided by R.G. Tecq, the assignee of the present application, under the trademark DOGCRYPTION.
In decision block 108, the transaction process prompts the consumer to choose a payment method. The GUI of the program displayed by the computer 12 may have separate selectable icons to select either a credit card or an ATM card. The consumer may select a credit card in block 110 as shown in Fig. 3 c. The program then prompts the consumer to either swipe the credit card through the magnetic reader 42, or type in the relevant information into the keypad 44 in block 112. The user then swipes or enters the data in block 114 as shown in Fig. 3d.
In process block 116, the transaction process encrypts the confidential information from the consumer computer 12 and the merchant server 16 with the proprietary encryption algorithm. The transaction process opens a SSL connection with the transaction server 20 in
accordance with SSL protocol in block 118. An authorization request is transmitted from the consumer computer 12 to the transaction server 20. The request includes confidential information that is double encrypted with both the proprietary encryption algorithm and the SSL encryption algorithm.
In block 120, the Autotecq program resident in the transaction server 20 decrypts the confidential information and verifies that the transmission is a valid authorization request. The transaction server 20 then transmits an authorization request to the processing network 26. The processing network 26 determines whether the authorization request should be granted or denied. The processing network 26 transmits an authorization grant or authorization denied message back to the transaction server 20.
In process block 122, the transaction server 20 verifies the message from the processing network 26 and sends a message to the merchant server 16. The message is sent in accordance with the SSL protocol and may be encrypted with both the proprietary algorithm and the SSL algorithm. The message may be a simple id number which instructs the merchant server 16 that the transaction request has been granted or denied. The confidential information of the consumer is never sent to the merchant server 16 as part of the process. The confidential information is therefore never resident in the memory of the merchant server 16.
In process block 124, the transaction server 20 also transmits a double encrypted id message to the consumer computer 12 in accordance with the SSL protocol. The transaction server may provide status information during the authorization request process in block 126. This information may be displayed by the consumer computer 12 through the GUI of the transaction plug-in process so that the consumer can monitor the authorization process.
If authorization was granted then the process continues through block 128 to block 130 wherein the transaction process in the consumer computer links to a success web page in the merchant server so that the consumer transaction can be completed. In process block 132, the transaction server 20 archives the transaction in a transaction log and then actively purges the confidential information from the server 20. With this process the confidential information is not retained by either the merchant server 16 or the transaction server 20. Additionally, the transaction process is not stored within non-volatile memory of the personal computer 12, so that the plug-in and associated proprietary algorithm is not resident in the computer 12.
If authorization was denied the process continues to block 134. The consumer may abort the transaction in block 136. In block 138, the consumer computer 12 is linked to a failed web page of the merchant web site. The process continues to block 132.
The consumer may attempt to complete the transaction in process block 140. The process will then continue to block 108. The consumer may select payment with an ATM card in block 142. Although the selection of ATM payment has been described as being subsequent to the denial of a credit card payment, it is to be understood that the consumer could have initially selected payment with an ATM card.
In block 144, the transaction plug-in process opens a SSL connection with the transaction server 20 and requests a key encrypt key. The transaction server 20 transmits the KEK to the consumer computer 12 in block 146. The transaction process transmits the KEK to the pin pad 36 in block 148. The consumer swipes or enters the ATM information in block 150. In block 152, the transaction process prompts the consumer to enter the PIN for the ATM. The consumer enters the PIN through the keypad 44. The encrypted PIN block is created within the pin pad 36 using the PIN, the
155844-0005 (P001PCT) ]_ J
KEK and a master key pre-stored in the memory of the pin pad 36. The process then continues to block 116.
While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other modifications may occur to those ordinarily skilled in the art.