Abstract: A method of conducting a financial transaction by a purchaser over a communications network is provided where the purchaser does not transmit his or her “real” payment card information over the network but instead secure payment application software is provided which allows for the transmission of a pseudo account number that is cryptographically processed for purposes of responding to an authorization request based on the real account number.

Abstract: A proximity device transmits a first dynamic authentication value contactlessly to a terminal. The first authentication value is included in a discretionary data field of message data arranged in an ISO Track 1 and/or ISO Track 2 format. Message data is sent from the terminal to an issuer. The issuer separately derives a second authentication value and compares it with the first authentication value. An identifier associated with the primary account number (PAN) is also used and transmitted instead of the PAN.

Abstract: A proximity device transmits a first dynamic authentication value contactlessly to a terminal. The first authentication value is included in a discretionary data field of message data arranged in an ISO Track 1 and/or ISO Track 2 format. Message data is sent from the terminal to an issuer. The issuer separately derives a second authentication value and compares it with the first authentication value.

Abstract: A method is provided for conducting a financial transaction by a purchaser with a merchant having an acquirer bank, over a communications network. The method includes the steps of sending a first authorization request using a pseudo account number associated with a real account number to a service provider which forwards a second authorization request to the issuer using the real account number and preferably a pseudo acquirer code associated with the service provider such that the response to the second request is based on the real account number and sent back to the service provider who preferably forwards a response to the first request preferably to the “real” acquirer. A message authentication code is further provided which includes transaction data, and where the authorization request is formatted as a standard payment card track having one or more fields including a discretionary field in which the message authentication code is placed.

Abstract: A method is provided for conducting an electronic transaction with a payment account number having a certain amount of available funds, using a payment network and a “check site”. The method comprises the following steps: (a) generating a secret key associated with the payment account number; (b) using the secret key to generate a message authentication code (“MAC”) specific to the transaction; (c) generating an authorization request message including the message authentication code; (d) forwarding the authorization request message over the payment network to the check site for verifying the authenticity of the MAC; (e) verifying the message authentication code by the check site using the secret key; (f) responding to the authorization request message over the payment network based on the available funds and the transaction amount.

Abstract: A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request. One of the preferred methods comprises: generating a per-card key associated with an account number; generating a message authentication code using the per-card key; converting the message authentication code into a pseudo expiration date; generating an authorization request for the transaction, the request having an expiration date field containing the pseudo expiration date; and verifying the message authentication code based on the pseudo expiration date.

Abstract: A method is provided for conducting an electronic transaction with a payment account number having a certain amount of available funds, using a payment network and a “check site”. The method comprises the following steps: (a) generating a secret key associated with the payment account number; (b) using the secret key to generate a message authentication code (“MAC”) specific to the transaction; (c) generating an authorization request message including the message authentication code; (d) forwarding the authorization request message over the payment network to the check site for verifying the authenticity of the MAC; (e) verifying the message authentication code by the check site using the secret key; (f) responding to the authorization request message over the payment network based on the available funds and the transaction amount.

Abstract: A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request.

Abstract: A method is provided for conducting a financial transaction by a purchaser with a merchant having an acquirer bank, over a communications network. The method includes the steps of sending a first authorization request using a pseudo account number associated with a real account number to a service provider which forwards a second authorization request to the issuer using the real account number and preferably a pseudo acquirer code associated with the service provider such that the response to the second request is based on the real account number and sent back to the service provider who preferably forwards a response to the first request preferably to the “real” acquirer. A message authentication code is further provided which includes transaction data, and where the authorization request is formatted as a standard payment card track having one or more fields including a discretionary field in which the message authentication code is placed.

Abstract: A method of conducting a financial transaction by a purchaser over a communications network is provided where the purchaser does not transmit his or her “real” payment card information over the network but instead secure payment application software is provided which allows for the transmission of a pseudo account number that is cryptographically processed for purposes of responding to an authorization request based on the real account number.

Abstract: An approach for handling data representative of invalid transaction cards is disclosed. A memory area 34 in a transaction terminal 16 is divided into a plurality of stacks. Two digits of the invalid account number are used to identify the stack into which the remainder of the account number is added. Stack start pointers are provided for file management. As the newest entries are added to the list, the oldest entries are purged. The subject system allows a large number of accounts to be stored in a minimum of space. Updates of the file can be easily handled during direct communication sessions between a central processor 12 and the terminal 16.

Abstract: An improved system is disclosed for detecting invalid transaction cards at remote transaction terminals. The system includes providing each terminal with a master table having data corresponding to invalid cards. The data in the master table is less than the actual account numbers of the invalid cards. By using a compressed version of the data, the file can be shortened to facilitate storage and transmission. The compressed data file is arranged such that when an invalid card is presented, it will be identified and routed on for further processing. In the preferred embodiment, the probability that a valid card will be identified as potentially invalid is on the order of one to three percent. During each transaction, the master table is supplemented with information about the account number of the transaction card presented for the purchase. In this manner, any subsequent use of the card will be routed for additional processing.

Abstract: An improved system is disclosed for detecting invalid transaction cards at remote transaction terminals. The system includes providing each terminal with a master table having data corresponding to invalid cards. The data in the master table is less than the actual account numbers of the invalid cards. By using a compressed version of the data, the file can be shortened to facilitate storage and transmission. The compressed data file is arranged such that when an invalid card is presented, it will be identified and routed on for further processing. In the preferred embodiment, the probability that a valid card will be identified as potentially invalid is on the order of one to three percent.

Abstract: An improved system is disclosed for detecting invalid transaction cards at remote transaction terminals. The system includes providing each terminal with a master table having data corresponding to invalid cards. The data in the master table is less than the actual account numbers of the invalid cards. By using a compressed version of the data, the file can be shortened to facilitate storage and transmission. The compressed data file is arranged such that when an invalid card is presented, it will be identified and routed on for further processing. In the preferred embodiment, the probability that a valid card will be identified as potentially invalid is on the order of one of three percent.

Abstract: The subject invention relates to a new and improved key management system particularly suited to facilitate communication between point of sale terminals and a host processor. The system provides for the generation of a table of keys in the terminal. The terminal includes a counter which is related to the table of keys. During a transaction, information, such as a personal identification number (PIN) is encrypted using one of the keys in the table. This information is transmitted, along with other transaction data, and the number stored in the counter. By utilizing the information in the counter, the host processor can generate the key used for encrypting the PIN. By this arrangement, security is enhanced and there is no need for large storage of keys at the central host.

Abstract: A security system, particularly useful in an electronic funds transfer system, makes use of secret identification codes known only to system users. The codes are encrypted upon insertion into the system and are stored in a data processing unit in encrypted form. A security module is used to decrypt the code entered by a user and compare it to the corresponding encrypted code stored in the data processing unit.

Abstract: An apparatus and method for generating a unique working key variable for controlling the operation of an encryption/decryption device during each user specified time period. The apparatus generates each working key variable by encrypting a user specified value, unique for each specified time period, under control of a fixed key variable stored in the apparatus. After the user specified value has been encrypted, the apparatus utilizes the encrypted (working) key variable to control the encryption/decryption of data during the corresponding user specified time period.

Abstract: An authenticator device designed to preclude undetected compensating text modifications in a message by sequentially processing each character of the message and producing an authenticator code as a result of said processing.As each message is received, it is modulo added to the contents of a first register and the result is used to simultaneously address first and second memories, the values stored in the first memory consisting of a specified permutation of preselected decimal values, the values stored in the second memory consisting of non-linear transformations of a 16 digit authentication key. The data read out of the second memory is used to address a third memory, the values stored in the third memory consisting of another specified permutation of preselected decimal values. The data read out of the third memory replaces the value previously stored in the first register.

Abstract: A device for generating an authenticator code by encrypting the contents of a plain text message in accordance with a unique user supplied authenticator key variable. The device operates in two phases, the first of which processes every character in the plain text message and produces a first sequence of 16 check bits. The second phase processes this first 16 check bit sequence and transforms it into a second sequence of 16 check bits which may be utilized as an authenticator code.

Abstract: A security system, particularly useful in an electronic funds transfer system, makes use of secret identification codes known only to system users. The codes are encrypted upon insertion into the system and are stored in a data processing unit in encrypted form. A security module is used to decrypt the code entered by a user and compare it to the corresponding encrypted code stored in the data processing unit.