JP4903346B2 - Improved method and system for processing secure payments across computer networks without pseudo or proxy account numbers - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a method and system for processing secure financial transactions across a communications network, and more particularly to securely transmitting payments across a computer network such as the Internet and across a public communications channel. It relates to a method and system for transmitting sensitive information.
[0002]
Priority application
This application includes US Provisional Patent Application No. 60 / 225,168 (filed August 14, 2000), “Method and System for Processing Secure Electronic Commerce Transactions”, and Provisional Application No. 60 / 213,325 (June 22, 2000). ), “Same name as previous application”, claiming the benefit of each priority, and which is incorporated herein by reference. This application further claims the benefit of the priority of US Patent Application Serial No. 09 / 833,049 (April 11, 2001), "Improved Method and System for Handling Secure Payments Over Computer Networks" This is incorporated herein by reference, and as such is US Provisional Patent Application No. 60 / 195,963 (Apr. 11, 2000), “Method and System for Processing Secure Payments Over Computer Networks” And US Patent Application Serial No. 09 / 809,367 (May 15, 2001), "Laws and Systems for Processing Secure Payments Over Computer Networks", each claiming the benefit of priority.
[0003]
Obviously, online commerce has grown tremendously over the last few years, but in fact, the ever-growing consumer is still going beyond public communication networks such as the Internet, credit card numbers and personal identification I'm worried or worried about sending information such as a number (password) or using personal financial information. As a result, in the last few years, companies have worked hard to find the best way to ensure secure payments across computer networks and reduce the risk of financial theft and misuse. .
[0004]
For example, US Patent Application No. 5,883,810 “Electronic Online Commerce Card Using Transaction Proxy Number for Online Transactions” (assigned to Microsoft Corporation) provides a temporary transaction number for each transaction, Is intended for a system where the transaction number looks like a real credit card number and the customer uses this transaction number and submits it to the merchant instead of the customer account number. In this regard, customers do not need to send their true credit card numbers across public networks.
[0005]
In the aforementioned '810 patent, the merchant passes the transaction number to the issuing authority, which then uses the transaction number as an index to access the real customer account number, processes the approval, and approves or authorizes the response. To the merchant based on the transaction number. As a result, the risk can be minimized according to the claims of the patent. The reason is not only that the customer sends the transaction number, but also the proxy number is only valid for a single purchase, ie, “the thief stole because it cannot be used repeatedly for other shopping and transactions. But I can't get a big profit "(Col. 2, lines 60-61).
[0006]
Traditional systems need to be improved, and more specifically, avoid the need to send and generate unique transaction numbers that are repeatedly generated, and replace permanent account numbers for each processed transaction. What is needed is a method and system for processing secure financial transactions across the Internet.
[0007]
Co-pending application 09 / 809,367 (March 15, 2001) is incorporated herein by reference, but a “pseudo” account number is assigned to the customer and cryptographically the customer's payment account. Linked to a number. This payment account number is an account number issued by a financial institution or other organization that a customer can use to pay for goods and / or services. For example, the payment account number may be an account number obtained from a payment (settlement) card such as a credit card or debit card, or from a payment application such as an electronic cash application stored on the customer's computer. The pseudo account number looks like a real payment account number to the merchant. That is, the pseudo account number has the same length as the proper payment account number and starts with the proper identification number (eg, “5” for MasterCard International Inc. (MasterCard)). The pseudo account number is used by the customer in place of the real account number for all his online financial transactions.
[0008]
According to the invention of co-pending application 09 / 809,367, all transactions based on pseudo account numbers are preferably cryptographically authenticated using a private key unique to each account number. Authentication can be based on a private key of a public key pair (public key authentication) or a secret key other than a private key. Thus, if an unauthorized person attempts to verify some pseudo account number, the number is used to prevent unauthorized transactions.
[0009]
Further, according to the invention of co-pending application 09 / 833,049, a method is provided in which a service provider is assigned to an acquirer code and processes a transaction using a payment network. More specifically, the service provider receives a first authorization request for an authorization request for authorization or authorization of a transaction using the first payment account number;
(i) the first payment account number has a BIN code (bank identification number) associated with the service provider and a second payment account number with a BIN code associated with the issuer of the second payment account number; Associated,
(ii) The first authorization request includes the acquirer code associated with the acquirer
(iii) The first payment account number can be routed to the service provider via the payment network based on the BIN code of the first payment account number.
[0010]
The method further includes the step of the service provider responding to the first approval request by sending a second approval request for authorization or approval of the transaction using the second payment account number. The second authorization request is associated with the service provider and is routed through the payment network to the issuer based on the issuer's BIN code (ie, the BIN code of the second payment account number).
[0011]
In addition, a response to the second authorization request from the issuer is received by the service provider, which includes an acquirer code associated with the service provider and can be routed through the payment network based on the code. A response to the first approval request is then sent by the service provider to the acquirer based on the response to the second approval request, and the response to the first approval request is associated with the acquirer. Preferably, it includes an acquirer code and can be routed through a payment network based on the code.
[0012]
In another preferred embodiment of the invention of this co-pending application 09 / 833,049, a method for processing a transaction with a merchant using a first payment account number associated with a second payment account number. (A) generating a message authentication code based on the details of one or more transactions; (b) sending at least a first payment account number and a message authentication code to the merchant; (c) by the merchant. Requesting authorization (approval) to pay for the transaction using the first payment account number, said request being submitted at the POS terminal using a conventional magnetic stripe payment card And the message authentication code is contained in a track of the type used in conventional payment card magnetic stripes. (D) the first payment account number by requesting approval to pay for the transaction using the associated second payment account number. Responding to an authorization request for, (e) accepting or rejecting an authorization request for the first payment account number based on a response to the authorization request for the message authentication code and the second payment account number A method comprising:
[0013]
This system still has room for improvement and can be further enhanced by protecting information and snoring messages sent during or in connection with financial transactions processed across public communication lines. Such improvements can be implemented without using pseudo or proxy account numbers.
[0014]
Summary of the Invention
Accordingly, the present invention provides a method for processing electronic transactions using a payment account number with a certain amount of funds available using a payment network and a “test site”. This method
(a) generating a secret key associated with the payment account number;
(b) generating a message authentication code (MAC) specific to the transaction using the secret key;
(c) generating a permission (approval) request message including the message approval code;
(d) transferring the approval request message across the payment network to the inspection site to verify the authenticity of the MAC;
(e) verifying the message authentication code by the inspection site using the secret key;
(f) responding to the approval request message across the payment network based on the transaction amount and the available funds;
Is included.
[0015]
According to a preferred embodiment of the present invention, the approval request message is routed across the payment network based on the special bank identification number corresponding to the inspection site. The software is preferably placed at the user's location to generate a secret key.
[0016]
According to another preferred embodiment of the present invention, the approval request message includes an expiration date field, and the message authentication code is placed in this expiration date field.
[0017]
Further objects, features and advantages of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, which illustrate preferred embodiments of the invention.
Throughout the drawings, the same reference signs and characters refer to the same functions, components, or parts in the described embodiments unless otherwise specified. Furthermore, the subject matter of the present invention will be described in detail with reference to the drawings together with preferred embodiments. It is intended that changes and modifications may be made to the described embodiments without departing from the spirit and scope of the claimed subject matter.
[0018]
Detailed Description of the Preferred Embodiment
As mentioned above, the present invention is directed to a method and system for processing secure electronic commerce (e-commerce) transactions using a payment account number, such as a credit card account number. In a preferred embodiment of the present invention, the payment account number is a virtual payment account number, ie it is an ISO (International Standards Organization) 7816 account number, which is used in electronic transactions, There is no need to link to a new ISO7816 type card. Alternatively, the payment account number can be the payment account number issued to the physical ISO7816 type card, or the payment account number can be linked to the payment account number issued to the physical ISO7816 type card. You can also.
[0019]
In the following detailed description of the invention, there are many references to MasterCard International, Inc. (or MasterCard), but this is merely an example, so as to process a special payment account number as described below. It is a special one. The following acronyms may be used.
[0020]
BIN-Bank identification number
DEA-Data encryption algorithm
PC-Consumer personal computer device
MAC-Message authentication code
MCI-MasterCard International or Mastercard
MCWS- MasterCard website
PIN-Personal identification number (password)
POS-Point of sale management
SSL-Secure Socket Layer (Internet security)
TSN-Transaction sequence number
[0021]
According to one aspect of the invention, one or more BIN ranges or BINs of a payment account number are associated with a secure e-commerce transaction. These BINs or BIN ranges may hereinafter be referred to as “special” BINs or BIN ranges. A payment account number with a special BIN may hereinafter be referred to as a “special” payment account number.
[0022]
According to another aspect of the invention, the owner of the special payment account number is provided with a private key (key per card) and when the e-commerce transaction is processed using the special payment account number. This key can be used to generate a message authentication code (MAC).
[0023]
According to yet another aspect of the invention, at least one function with a copy of the private key is provided, which can be used to verify the MAC generated by the owner of the special payment account number. Such a function may hereinafter be referred to as an “inspection site”.
[0024]
Thus, as shown in FIG. 1, the present invention has several processing components, which will be described. Special payment account number (SPAN) owners or consumers can be provided with a secure special payment account number software application (SPANSA) on their computer 10. SPANSA maintains a secret key associated with the SPAN and uses this key to generate a MAC. The MAC is sent to the originating merchant 12 and forwards an approval request message (MAC) to the acquirer bank 14 (member acquisition bank) to initiate the approval process.
[0025]
E-commerce transactions that use special payment account numbers are preferably approved through the payment (settlement) network 16. For example, if the special payment account number is a master card credit card number, these may be authorized through the bank card payment network of the master card. An authorization request message and an authorization response message for the special payment account number are routed through the payment network 16 to the inspection site 18 based on the special BIN of the account number. Thus, for example, issuing and acquirer computers that interface with payment network 16 may include a look-up table that points to a special BIN corresponding to inspection site 18. However, one or more computers at the inspection site 18 that interface with the payment network 16 include a look-up table that indicates the issuer corresponding to the special BIN.
[0026]
According to the present invention, when the inspection site 18 receives the approval request message, the inspection site 18 can verify the MAC associated with the transaction using the private key associated with the special payment account number. Further, the inspection site 18 can transmit an approval request message to the issuer 20 (the institution that issued the special payment account number). The inspection site 18 responds to the approval request message with an indication of whether the MAC has been verified (ie, verified as authentic) and / or with an approval response from the issuing authority.
[0027]
When the inspection site 18 forwards the approval request message to the issuing organization, the inspection site can display on the issuing organization 20 whether or not the MAC has been verified. As an example, assuming that the special payment account number is the credit card or debit card account number of the master card, the inspection site will either debit the master bank debit switch to the issuing bank, in the outgoing bank net, or In the message, it can be shown that the MAC has been verified. This display can be a newly defined value in the current security display field used in the “0100/0200” type message on the master card. The inspection site erases the contents of the incoming security level display section for all transactions, and writes the supplied security level (that is, whether or not the MAC is verified) to the output. it can.
[0028]
In the exemplary transaction using a special payment account number, the issuing bank authorization response message is routed back to the inspection site because of the special BIN range. If the approval response message indicates approval, the inspection site 18 displays “approval” on the display or indicator that the MAC returns to the verified acquirer. The acquirer 14 then sends the message back to the originating approval 12. In this way, the merchant learns not only that the issuing bank has approved the transaction through its acquirer but also that the inspection site has confirmed the validity of the MAC. This means that the transaction must have originated from the cardholder, and it can be a “guaranteed” transaction.
[0029]
As mentioned above, SPANSA can be stored on a special PAN owner's computer. Further, apart from the computer, this application can also be stored in a mobile phone or a personal digital assistant (PDA). It is preferred that the special PAN owner make a request to the application across the Internet from a website 22 (eg, an issuer's website, including an inspection site, or other suitable location). The website is preferably coupled to or accessible to a hardware security module 24 that has the ability to create a customer-specific secret encryption key, such as a DES key. Each security module preferably includes one or more “derivation keys” as used to generate and regenerate a secret cryptographic key unique to the customer.
[0030]
The secure PAN application stored on the owner's computer can include a transaction sequence number (discussed in detail below) and must communicate with the inspection site or other support site for each trunkion There is no. Instead, the application stored on the special PAN owner's computer exchanges transaction sequence counters with the inspection site or other support site at any interval desired by the special issuing authority. Can be synchronized.
[0031]
The present invention can also be used with a remote wallet server. In this case, the secure PAN application is not stored and is managed and maintained by the special PAN owner's computer system. Advantageously, in this embodiment, the present invention allows a special PAN owner to use a common Internet browser, using this remote wallet server (this server is a secure With PAN application). In this embodiment, the special PAN owner's local system does not need to include any additional software or functionality that is superior to a typical Internet browser.
[0032]
Advantageously, the present invention allows the use of a virtual reality first account number. In contrast to systems that use pseudo or proxy account numbers, the present invention can be switched by the acquirer's computer without conversion, requiring changes to the back end switching or processing functions. There is no.
[0033]
Also, in contrast to systems that use pseudo or proxy account numbers, the present invention simplifies all payment procedures by 1) eliminating the need to send a clearing file to the central site. 2) Eliminates the need for charge back that needs to be returned to the central site, and 3) the transaction is sent to the central site system for conversion to a real account number Remove all search requests made by the cardholder after being placed on the bill. The cardholder is provided with and uses a real account number for these transactions.
[0034]
In contrast to systems that use pseudo or proxy account numbers, the present invention addresses the need to create and manage the transaction log storage required to convert a special payment account number to a real account number. Remove.
[0035]
The MAC can be sent to the inspection site in a number of ways. An example of a method for transmitting the MAC to the inspection site is shown below.
MAC option 1
In this embodiment, the MAC is placed in the card expiration date (expiration date) field and behaves as a “pseudo expiration date”. MAC generation is described in further detail below. In this embodiment, there is no need to make any changes to the merchant site. The only additional requirement considered for the merchant is the merchant's ability to accept an additional authorization response field in the message from the acquirer indicating that the transaction MAC has been authenticated, but use this There is no need. The field used for this display can be any field currently supported in a normal bank card authorization message send / receive POS system.
[0036]
MAC option 2
This embodiment can be used in conjunction with other options. In this embodiment, the cardholder's computer or remote wallet server maintains a log of merchant data associated with the transaction. For example, a cardholder's computer or remote wallet server
(a) Transaction MAC,
(b) the merchant's web address (URL),
(c) Merchant Secure Socket Layer (SSL) certification serial number and / or
(d) Full merchant SSL certification,
Log.
This embodiment allows the log to provide sufficient data to prove that the claim is incorrect if the cardholder later claims that the transaction was not initiated by him. This provides further safety. In this embodiment, the merchant website has not changed.
[0037]
MAC option 3
In this embodiment, the transaction MAC is placed at the card expiration date location, as in option 1 or 4. The MAC is generated based on merchant-provided data elements. This merchant-provided data element is passed to the cardholder or remote wallet server in an additional separate field designed to transmit the merchant-provided data necessary to calculate the MAC. In one embodiment, the merchant, such as the merchant's SSL certificate serial number, is linked to a data element that is already held in the data field used in the MAC operation. For example, MAC is the following data element:
(a) PAN,
(b) Real card expiry date (4-digit number MMYY format),
(c) Transaction sequence number (this is kept synchronized both at the cardholder's system and at the inspection site),
(d) transaction date and time,
(e) Secure PAN application version number,
(f) data identifying the merchant, such as the merchant's SSL certification serial number;
Can be created using.
[0038]
This embodiment requires modification of the merchant's electronic commerce site. Merchants need to modify their system to send their merchant identification serial number in an outbound authorization request message. However, this embodiment provides merchant identification data that is the key to linking the merchant to a particular transaction. The MAC verification step calculated at the cardholder system and at the inspection site has this additional merchant identification field. If the inspection site recognizes that the incoming authorization request message has a merchant-provided certification serial number, it uses it in the MAC calculation and the same process used when the cardholder system generated the MAC To match.
[0039]
MAC option 4
In this embodiment, the transaction MAC is placed in the card expiration date field and in the CVC2 or equivalent field. CVC2 is a three-digit numeric value printed next to the signature field of some cards. As background art, ISO payment cards have a static (at least) three-digit code that is cryptographically generated by the issuer. For example, in a master card payment card, this code is called CVC2. This value can be generated by the issuing bank using a private encryption key and verified using this same key. This option allows the generation of longer transaction MACs (ie, the MAC output size is incremented by 3 digits). In this embodiment, the CVC2 (or equivalent code) field is dynamically generated and filled with the MAC. The merchant site needs to support cardholder prompting and subsequent transmission of CVC2 or equivalent fields.
[0040]
MAC option 5
In this embodiment, the transaction MAC is placed in CVC2 or a corresponding field. This embodiment makes it possible to generate at least a three-digit MAC.
In the preferred embodiment of this option, when the MAC is generated for a transaction, the MAC contrasts the real or static CVC2 value (ie, the CVC2 value generated by the issuing bank and issued with the payment card). Inspected. If the generated MAC is the same as the static CVC2 value, the secure PAN application transaction counter is incremented and a new MAC is generated. This new MAC is then compared with a static CVC2 value, so that it is determined whether the two values are the same. This process is repeated until the generated MAC value is no longer the same as the static CVC2 value. When the MAC is verified for a transaction, this verification process compares the CVC2 value received with the one sent with the transaction with the expected static CVC2 value for the payment card. If these values are the same, the verification process determines that the secure PAN application is not used for the transaction and the MAC is not being transmitted. If the received CVC2 value is different from the static CVC2 value, it is determined that the secure PAN application is being used for the transaction and that the CVC2 field contains the MAC. The verification process then attempts to verify the MAC in the CVC2 field.
[0041]
Special payment account numbers need not be used in this embodiment (although they can also be used). Instead, as described above, the value in the CVC2 field can be used to determine when a secure PAN application was used in the transaction.
[0042]
General background of cardholder authentication
Many cardholder authentications are provided and well known in the art, but may be specified by the issuer of the cardholder's secure PAN application. Authentication methods include, but are not limited to, the use of a remote wallet server accessed by the cardholder's Internet browser, such as Netscape using SSL or Microsoft Internet Explorer browser. Here, the authentication method can include the use of access by user ID and password and / or the use of access of chip card based digital ID authentication. In the case of a remote wallet server, the present invention may also include locally stored applications such as those managed and maintained by the cardholder system itself.
[0043]
The transaction authentication of the present invention is provided by the generation of a MAC that exceeds the transaction details as described below.
[0044]
The protection of the account number of the present invention can be further enhanced by the use of a virtual account number, which consists of a zero value of the magnetic stripe in a face-to-face transaction at a POS terminal (issued to the virtual account number). Because there is no magnetic stripe). In connection with the fact that these virtual account numbers must fall within the special BIN range indicating these account numbers required for routing to the inspection site, each issuing authority has a special A BIN range is given, so that virtual account numbers are used under the present invention.
[0045]
In the case of the present invention, the need for merchant authentication before revealing the cardholder's own account number is eliminated because the account number of the present invention cannot be used without the transaction-specific MAC associated with it. Is done. Any unauthorized use of an account number under the present invention, such as replaying a transaction with an old MAC without cardholder authentication, is routed to a special inspection site, but for that transaction attempt No verification is performed. Thus, all unauthorized use attempts will fail.
[0046]
The cardholder can provide a password before downloading the secure PAN application, or can select the password when the application is installed on the cardholder's PC. If a password is selected or provided, then the cardholder must enter this password to activate the application on his PC. This password selected by the cardholder can be used to encrypt or otherwise change the private key. This secure PAN application can also be downloaded as part of a digital wallet application.
[0047]
Generation of customer-specific secret key
The private key embedded in the secure PAN application is unique to each special payment account number and is preferably derived from the security module using the derived key and special payment account number. It can be a derived key for each issuer or each BIN range. The derived key can be, for example, a triple-length DEA key. Any encryption method known in the art can be used to generate a customer specific key with a derived key.
[0048]
The inspection site preferably has binding or access to a security module that has a copy of the derived key therein. When the inspection site receives an authorization request for a special payment account number, the inspection site uses the appropriate derived key with the special payment account number to derive the key necessary to verify the MAC.
[0049]
MAC generation
An exemplary method illustrating that a MAC can be generated and used in accordance with the present invention is shown below. As described above, the MAC can be placed in the transaction expiration date field. The MAC then behaves as a “pseudo” expiration date. This pseudo expiration date is formatted in the MMYY format like the expiration date. Desirably, the pseudo-expiration date is included within 48 months of the transaction so as to work with all or most merchant's current processing systems in the market today.
[0050]
Preferably, it includes a secure PAN application (hereinafter also referred to as a “secured application”), a transaction sequence number, which consists of 20 digits of bits and is incremented for each transaction. Therefore, 2²⁰Until that is, that is, until about 1 million transactions are generated, the rotation from all zero to all one is not performed. The secured application can also include a 4-bit “version number”, which is a number unique to each PC or other device on which the secured application exists for a given account number. is there.
[0051]
For each transaction processed by the cardholder's secured application, the transaction sequence number is first incremented. The resulting 20-bit number, and the 4-bit secured application version number concatenated to its left, is left justified in the 8-byte field and padded with binary zeros on the right, double-length secured Three times longer DEA encryption is performed using a key for each card of the application. The result is a 64-bit binary MAC.
[0052]
Write MAC to expiration date field
The transaction expiration date field can then be obtained from the 64-bit binary MAC described above as follows.
1. Select the leftmost “1” bit in “Number of month display (binary number, will be explained in more detail below)”, and the bit from this bit position to the rightmost bit (least significant bit) Count the number of positions (including the leftmost “1” bit). This number is called “N”. For example, when the “number of months display” is “0101 0100 (84 in decimal)”, the value of “N” is 7. After determining “N”, the 64-bit binary MAC is considered as a group of “N” bits, and the leftmost left-most bit is ignored. Start from the leftmost group and select the first group found below the number of months displayed. If no such group is found, select the leftmost group, add “Number of Months” to this selected group, and add 2^NAnd use this result (this is> 0 and <"number of months") as the selected value.
2. The result of step 1 is divided by the binary number “1100 (12 in decimal)” to generate a quotient and a remainder. Convert this quotient and remainder to decimal. Add this remainder in decimal (with a value in the range 00 to 11) to the two leftmost (most significant) decimal digits (MM) of the "reference date", but this Will be described in detail later. If the result exceeds 12, subtract 12 from the result and in any case,
The result is used as the leftmost number on the card expiration date for the transaction, ie MM. If the result obtained needs to subtract 12, increment the quotient by one.
3. The quotient of the two decimal numbers from step 2 (which may have been incremented as described in step 2) is added to the rightmost two digits (YY) of the “base date” and modular at 100 Calculate (Add, mod-100 ...). The result is used as the two rightmost numbers, YY, for the card expiration date for the transaction.
[0053]
Write MAC to CVC2 field or equivalent
The MAC can be generated by the method described above, but can be generated by any method known in the art. Further, in addition to or instead of placing the MAC in the expiration date field, the MAC, or a part thereof, can be placed in, or written to, the CVC2 field or a corresponding field.
[0054]
Communication between cardholder and merchant
Once the secured application is installed on the cardholder's computer, the cardholder uses this secured application for all Internet payments, and this secured application is used by the cardholder for all internet transactions. Provide a special payment account number. The fact that this is a secure application transaction is transparent to the merchant, ie, the merchant is unaware. Although the account number is actually a special payment account number and the expiration date can actually represent the MAC, the merchant is unaware that the transaction is different from other Internet SSL transactions received.
[0055]
More specifically, whenever the MAC field is supported by the merchant, the secured application uses the private key embedded in it to create a message authentication code (MAC) associated with the transaction, and the MAC Place this MAC and data based on it in the field, which becomes part of the transaction.
[0056]
Upon receipt of the cardholder transaction message, the merchant formats a conventional authorization request for the acquirer. This approval request preferably includes the MAC field as provided by the consumer's PC.
[0057]
Only those that include the MAC field and expiration date at the beginning of the transaction, the merchant should initiate multiple approvals / clearings transactions for the cardholder's transaction. Subsequent transactions include only the payment account number and can be thought of as mail order / phone order transactions generated by the merchant.
This is also true for all repeated and partial payments with multiple clearings.
[0058]
Handling requester approval requests
When an acquirer receives an approval request from an internet merchant, it looks up the issuer BIN in its own BIN table. In the master card payment system, if the acquirer determines that the BIN of the transaction corresponds to an issuer other than the home country, the acquirer routes the transaction to the master card via the bank net system. If the acquirer determines that the BIN for the transaction corresponds to the issuer in his country, the transaction can be routed to the master card via the bank net. Alternatively, if the issuer is in the same country as the acquirer, the acquirer can usually route the transaction directly to the issuer specified by the BIN. In the case of a special payment account number transaction, the transaction is preferably routed to a central processing function (preferably a processing function of the master card approval, i.e., an inspection site).
[0059]
In some embodiments of the present invention, some countries may have the capability of special security module equipment to handle domestic transactions. Each of these functions is preferably set up only by master card authorization and preferably only holds account number conversion data and encryption keys for the transaction country to process. In a country with such a country inspection site function, all transactions are sent using this function, so that transactions in the same country need not leave that country. The country's inspection site function that processes domestic transactions can be more efficient than sending all transactions to the central processing function.
[0060]
Starting a secured application
The secured application can be started on a transaction-by-transaction basis, just before secure application-based payment is performed. The secured application sends the request to a payment processing website (preferably a master card website or server). This request may include, for example, a 16-digit special payment account number, a payment account number expiration date consisting of 4 decimal digits, a 4-bit secured application version number, a current value of a 20-bit transaction sequence number, and , And a 16-bit MAC (Message Authentication Code) based on the latter three of these values. The MAC is concatenated with a 20-bit transaction sequence number, and further using a 16-bit expiration date (in binary-coded decimal) concatenated with a 4-bit secured application version number (from left to right) This is left-justified within a 64-bit field, padded with binary zeros to the right, and then encrypted with triple-length DEA encryption by selecting the leftmost 16 bits of the resulting ciphertext Can be done.
[0061]
When the website receives this information, the site uses a secured application system with a special security module to verify the MAC based on the secured application version number, transaction sequence number, and expiration date. If the MAC is verified, i.e. proved to be authentic, the system increments (holds) the transaction sequence number and generates an "expected transaction sequence number (ETSN)" The secure application version number and the ETSN for the special payment account number of the secure application authentication system (eg, inspection site) in question to process the secure application approval request for the BIN of the special payment account number. This secured application approval system (inspection site) will determine if the received ETSN is equal to or less than the highest numbered ETSN previously received for this secured application version number and special payment account number. Reject the ETSN just received. The secured application authorization system (inspection site) is also given an expiration date that has just been received, and this special payment account number will be included if the expiration date just received is later than the current expiration date in the record. Update the associated expiration date.
[0062]
The special secured application system preferably sends the following two data values to the web, which then sends them to the secured application of the cardholder's PC.
1) A data value called "reference date". This is a 4-digit decimal number in the MMYY format (actually the date of the current or next month).
2) A data value referred to as “number of month indications”. This is an 8-bit binary number with a maximum value less than 256 (in decimal). These data are also included in the information sent to the appropriate secured application approval system (inspection site).
[0063]
Central processing function (and / or country function) to process approval requests
With the special BIN for the special payment account number, the acquirer and payment network will route the transaction to the inspection site.
The inspection site shall record the ETSN record with the highest 20-bit number received for each secured application version number and special payment account number that the MAC is valid against this transaction sequence number ( A) Stores with verification indication. In addition, the inspection site stores the “expected transaction sequence number” received within the last 48 hours regarding that the MAC has not been verified. In association with each such expected transaction sequence number, the system also stores a “number of month indications” and a “base date” indication that match each expected transaction sequence number.
[0064]
The “reference date” is a date value indicating the earliest expiration date that can be accepted by the approval request message. By way of background, some merchants request approval in batches together, rather than promptly requesting approval. Thus, this date is typically one or two days before the date the transaction was initiated.
[0065]
The “number of month indications” indicates a number representing a month after the current date corresponding to the latest expiration date on which the payment card is accepted.
[0066]
The inspection site has access to, or is bound to, a security module that has the ability to determine a unique and secret 16-byte encryption key that is placed in the secured application of the cardholder's PC when it is registered Has been. The processing executed at the inspection site is as follows.
[0067]
1. A security module is used to determine a unique encryption key for this secured application using the appropriate derived key and special payment account number.
2. Select the first 20-bit ETSN received within 48 hours for an unverified MAC. A 64-bit MAC is calculated based on the secured application version number associated with that ETSN and this 20-bit transaction sequence number as defined above for the PC's secured application. Determine the expiration date from this MAC using the method defined above for the PC's secured application, using the "number of month indications" and "base date" specified for the associated ETSN . If the determined expiration date is the same as the expiration date of the current transaction, the MAC has been properly verified. This ETSN entry resulting from MAC verification is marked as “MAC verified” if this entry is the highest numbered ETSN for the secured application version number associated with it. Alternatively, if it is not the ETSN assigned the largest number, it is deleted. Entries are now deleted in the lower numbered ETSN marked as “MAC verified” and associated with the same secured application version number.
[0068]
3. If step 2 (or step 4) verifies that the Mac is valid, then it is known that the merchant of this transaction will never send a second approval request message for the same transaction An entry is made in the “history data” for this special payment account number. It should be noted that some merchants can also send a second or more authentication request message if they cannot ship all of the goods with a delivery date specified after the transaction. This historical data entry includes all of the data described above, and in addition, the identity of the merchant and acquirer, and an “expiration date” for this entry. This expiry date entry is a designated time in the future (eg, 6 months).
[0069]
If step 2 did not verify that the MAC is valid, the other “expected” received within the last 48 hours, from the oldest to the latest that is not associated with the already verified MAC The procedure defined in step 2 is repeated for all the “transaction sequence numbers”. Again, if the date resulting from these attempts matches the date of the current transaction, the MAC is considered verified. When the MAC is verified, if the 20-digit ETSN resulting from the MAC verification is the highest ETSN for the associated secured application version number in question, the 20 resulting from the MAC verification The digit ETSN is marked “MAC verified” and is deleted if it is not the highest ETSN for the associated secured application version number in question. If the MAC is verified at this step, step 3 is also executed.
5. If neither the step 2 nor the step 4 verifies that the MAC is valid, the “history data” for the special payment account number in question is accessed. If there is an entry of data for the same merchant and acquirer that generates the same expiration date MAC and the entry has not expired, accept the MAC (this is an additional for already approved transactions) Is presumed to be an approval request message). When the MAC is accepted for this entry, if the expiration date of this entry is less than two months, this expiration date should be about two months. The reason is that this may be a “repeat payment” and there may be other approval request messages for the same transaction around the next month.
[0070]
If the MAC is not verified as valid in step 2, step 4 or step 5, the transaction is rejected. In this case, a “reject” response is sent to the acquirer and / or the fact that the MAC was not verified is displayed in a special field such as the security field described above.
[0071]
In summary, the inspection site looks at the presence of the MAC field. The inspection site determines the secret key (as described above) and uses this key to verify the MAC using essentially the same procedure used on the PC to create the MAC. The system also checks the transaction Siemens number and, in order to do so, must maintain transaction sequence number information for each version number for each special account number that it processes.
[0072]
This system
1. The transaction sequence number is less than or equal to the largest transaction sequence number for this version of this secured application number received at least 48 hours ago, or
2. Whether the transaction sequence number matches any of the transaction sequence numbers already received for this version of this secured application number;
If the transaction is rejected.
[0073]
If the verification of the MAC or transaction sequence number fails, the function will reject the transaction and / or display a verification failure in an appropriate field, such as a SET security field. If both the MAC and the transaction sequence number are verified as valid, this function routes the transaction to the issuer.
If the MAC is verified as valid, the central processing function, or inspection site, formats an approval request message for the issuer. The approval request message can include information indicating whether the MAC is verified as valid.
[0074]
Use of pseudo-BIN
If the approval response is routed through the payment network based on the acquirer BIN of the approval request message sent to the issuer, the master card will specialize the acquirer BIN in the transaction message as a “pseudo” acquirer BIN. It can be replaced with a master card BIN. As a result of replacing the acquirer BIN, the issuer responds to the master card on behalf of the acquirer. This step need not be performed if the payment network keeps a record of where the authorization request message was sent from and where the authorization response message was sent to the same location.
[0075]
When using a pseudo-acquirer BIN, the pseudo-acquirer BIN provides the same exchange fee as the country in which the acquirer is located, in order for the acquirer and issuer to accurately calculate the interchange fee. It should correspond to the region or other countries that will be. If each country has a special BIN associated with those countries, the master card can replace the acquirer BIN with the special BIN associated with that acquirer's country. If the acquirer country does not have a special BIN associated with that country, it can also select a special BIN associated with another country that results in the same exchange fee.
[0076]
When using the pseudo acquirer BIN, the master card stores the acquirer reference data received in the approval request from the acquirer in the database (hereinafter also referred to as “original acquirer reference data”). When formatting an approval request for an issuer, the master card can use the original acquirer criteria data to find the pseudo acquirer BIN, the appropriate transaction type indicator, and the original acquirer criteria data. Is replaced with “pseudo” acquirer reference data including index values.
[0077]
When the secure application approval system (or inspection site) receives a new ETSN without waiting for an actual approval request to be received, it calculates the expiration date displayed by the MAC and stores it more efficiently. You can also. Subsequently, when an approval request is received, the expiration date in the approval request message does not yet match any expiration date in the previous approval request message, and has been precalculated and stored within the past 48 hours And compare.
[0078]
Handling of issuers of approval requests
The issuer approves the transaction like any other transaction. The authorization response is routed back to the “pseudo” acquirer, ie, the test site that originally received the special payment account number transaction, or the same master card secured application authorization system.
As described above, the inspection site sends an approval response with an indication of whether the MAC has been verified to the acquirer. This message is then sent from the acquirer to the merchant like a normal master card transaction.
[0079]
Authentication using additional fields
The MAC of the present invention can be written into a separate MAC field consisting of, for example, three decimal digits. These 13 numbers can be as follows:
1. “Version Indicator” field with one decimal digit. This field normally contains “1”. However, if the cardholder has multiple copies of the secured application for the same special payment account number (eg, on desktop and laptop computers), an additional version of the secured application will appear in the version display field. Will have a different number (the secured application transaction sequence number is unique for each such version of the secured application).
2. Six decimal digits, the secured application transaction sequence number for this version of the secured application. This field is incremented for each secured application transaction started on this particular computer (each computer will have its own version of the secured application and thus will have its own set of sequence numbers).
[0080]
3. MAC itself, 6-digit decimal number
In this situation, the recommended MAC generation process is as follows.
(a) Describe the 7 digit number of the secured application version number (to the left) and the secured application transaction sequence number (for this computer) in binary-coded decimal, resulting in 28 bits. These 28 bits are left-justified within the 64-bit field and zero bits are padded on the right.
(B) Using the leftmost 8 bytes of the key for each card as an encryption key, the result of step 1 is DE-encrypted (DE-encrypt).
(c) DE-decrypt the result of step 2 using the rightmost 8 bytes of the key for each card as a decryption key.
(d) Using the leftmost 8 bytes of the key for each card as an encryption key, the result of step 3 is DEA-encrypted (DEA-encrypt).
(e) Consider the 64-bit result of step 4 as a 16-digit hexadecimal number of 4 bits each. These 16-digit hexadecimal numbers are scanned (from left to right) and the first six numbers having a value of “9” or less in hexadecimal are selected. If these first six numbers are not found, rescan these numbers to select the remaining required numbers, but at this point, select only numbers that are more than “9” in hexadecimal. Then, subtract hexadecimal “A” from each selected.
(f) Use the result of step 5 as a 6-digit decimal MAC for this transaction.
[0081]
The MAC will be provided by the secured application of the cardholder's PC, and this MAC will be verified at the appropriate master card secured application function or inspection site. When generated, the 6-digit decimal number resulting from step 6 is inserted into the MAC field as the actual MAC. When verified, the secured application function performs the six steps described above using the leftmost seven digits of the MAC field, and then receives the six digits resulting from step 6 and Compare the rightmost 6 digits of the MAC field. If the result is an exact match, it indicates an authenticated transaction. If it does not match, it indicates that the transaction must be rejected.
[0082]
While the preferred embodiment of the invention has been disclosed for purposes of illustration, those skilled in the art will be able to make numerous additions, modifications and substitutions without departing from the scope and nature of the invention as defined in the claims. You will understand that.
[Brief description of the drawings]
FIG. 1 is a block diagram of processing components associated with a transaction method according to one embodiment of the present invention.

Claims (6)

A method of processing electronic transactions across a public communication network using a payment network linked to an inspection site and using a payment account number with a certain amount of funds available,
(A) a first computer of an issuer issuing the payment account number generating a secret key associated with the payment account number;
(B) a second computer of the owner of the payment account number using the private key to generate a message authentication code specific to the transaction;
(C) the second computer generating an approval request message including the message authentication code;
(D) In order for the third computer at the inspection site to verify the authenticity of the message authentication code, the second computer sends the approval request message to the inspection across the payment network via an acquirer. Transferring to the site;
(E) the third computer using the private key to verify the message authentication code by the inspection site;
(F) the third computer receives a response of the approval request message based on the transaction amount and the available funds from the first computer across the payment network;
A method comprising:
Said third computer, the authorization request message, corresponding to the test site, based on the bank identification number, and routed to the first computer over said payment network,
The approval request message includes an expiration date field, the message authentication code, the Rukoto placed on the expiration date field, behave as a pseudo expiration date, the verification of the message authentication code is performed based on the pseudo-expiration date And
How the first computer provides to verify the authorization request message by the previous SL responsive the issuer. A payment account number having a bank identification number (BIN) associated with an inspection site and a method of processing electronic transactions across a public communications network using the inspection site, comprising:
(A) a first computer of an issuer issuing the payment account number generating a per-card key associated with the payment account number;
(B) the second computer of the owner of the payment account number generates a message authentication code (MAC) using the key for each card;
A step (c) said second computer generates a MAC verification request including the MAC and the payment account number,
(D) a server for a payment processing website verifies the MAC;
(E) the server generates an expected transaction sequence number (ETSN) for the MAC by incrementing a transaction sequence number associated with an electronic transaction by one based on the validation;
(F) the server providing reference data including at least a reference date associated with the ETSN to a third computer at the inspection site;
(G) the third computer generating a second message authentication code using the per-card key and the ETSN;
(H) the third computer routes the second message authentication code to the inspection site based on the BIN associated with the inspection site;
(I) the third computer determines a key for each card associated with the payment account number of an unverified message authentication code with associated ETSN and reference data; Verifying the second message authentication code by the inspection site using a key and the associated ETSN and reference data;
The step (g) further comprises:
(J) converting the second message authentication code using the reference data into a pseudo-expiration date;
(K) generating an approval request having an expiration date field including the pseudo expiration date;
(L) responding to the approval request and verifying the second message authentication code based on the pseudo-expiration date;
Including methods. The method of claim 2, wherein
The step of generating the message authentication code further comprises:
Using a transaction sequence number and application version number associated with the payment account number, and an expiration date,
A method characterized by that. The method of claim 3, wherein
The MAC verification request also includes the application version number and the expiration date.
A method characterized by that. The method of claim 4, wherein
Verifying the MAC also includes using a per-card key;
A method characterized by that. The method of claim 2, wherein
The reference data includes a number representing a reference date and a month,
A method characterized by that.

Images