`Flitcroft et al.
`
`111111111111111111111111111111111111111111111111111111111111111111111111111
`US006636833Bl
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,636,833 BI
`Oct. 21, 2003
`
`(54) CREDIT CARD SYSTEM AND METHOD
`
`(75)
`
`Inventors: Daniel I. Flitcroft; Graham
`O'Donnell, both of Sandycove (IE)
`
`(73) Assignee: Obis Patents Ltd., Dublin (IE)
`
`( *) Notice:
`
`This patent issued on a continued pros(cid:173)
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent
`term provisions of 35 U.S.c.
`154(a)(2).
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.c. 154(b) by 0 days.
`
`(21) Appl. No.: 09/235,836
`
`(22) Filed:
`
`Jan. 22, 1999
`
`(60)
`
`Related U.S. Application Data
`Provisional application No. 60/099,014, filed on Sep. 9,
`1998, provisional application No. 60/098,175, filed on Aug.
`26, 1998, and provisional application No. 60/092,500, filed
`on Jul. 13, 1998.
`
`(30)
`
`Foreign Application Priority Data
`
`Mar. 25, 1998
`May 7, 1998
`Jun. 15, 1998
`
`(IE)
`(IE)
`(IE)
`
`Int. CI?
`(51)
`(52) U.S. CI.
`
`(58) Field of Search
`
`S980223
`S980346
`S980458
`
`G07F 7/08
`705/1; 705/39; 705/44;
`235/380
`705/1, 35, 38,
`705/39,41,26,44; 235/379, 380
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`3,938,091 A
`4,707,592 A
`4,720,860 A
`4,747,050 A
`4,797,920 A
`
`2/1976 Atalla et al.
`11/1987 Ware
`1/1988 Weiss
`5/1988 Bracht! et al.
`1/1989 Stein
`
`4,856,062 A
`4,941,090 A
`4,988,849 A
`5,023,904 A
`5,093,861 A
`5,117,355 A
`5,130,519 A
`5,163,097 A
`5,097,505 A
`5,193,114 A
`
`8/1989 Weiss
`7/1990 McCarthy
`1/1991 Sasaki et al.
`6/1991 Kaplan et al.
`3/1992 Graham
`5/1992 McCarthy
`7/1992 Bush et al.
`11/1992 Pegg
`3/1993 Weiss
`3/1993 Moseley
`
`(List continued on next page.)
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`
`0081 921
`
`6/1983
`
`(List continued on next page.)
`
`OTHER PUBLICATIONS
`Ketchpel et al. "Shopping Models: A Flexible Architecture
`for Information Commerce" Library Project Working Paper
`SIDL-WP-19960052, 1996.*
`Web page for "Virtual Credit Card (VCC)" found at http://
`www.geocities.com!Eureka!Park/5014/vcc.htm bearing the
`parent, putative date of Aug. 9, 1998, No Author.
`Durbin, "ASTA Unit: No Active Status for SATO," Travel
`Weekly, Jan. 26, 1987, vol. 45, p. 92.
`
`(List continued on next page.)
`Primary Examiner-M. Kemper
`(74) Attorney, Agent, or Firm-Burns Doane Swecker &
`Mathis
`(57)
`
`ABSTRACT
`
`A credit card system is provided which has the added feature
`of providing additional
`limited-use credit card numbers
`and/or cards. These numbers and/or cards can be used for a
`single transaction, thereby reducing the potential for fraudu(cid:173)
`lent reuse of these numbers and/or cards. The credit card
`system finds application to "card remote" transactions such
`as by phone or Internet. Additionally, when a single use
`credit card is used for "card present" transactions, so called
`"skimming" fraud is eliminated. Various other features
`enhance the credit card system which will allow secure trade
`without the use of elaborate encryption techniques.
`
`24 Claims, 9 Drawing Sheets
`
`r------------------------------
`
`102
`L
`
`_
`
`124
`
`Credit
`Card
`#'s
`
`126
`
`112
`
`104
`,/
`Electronic
`/
`(Internet) 1-- Device
`r
`. 0--142
`
`106
`,/
`Credit
`Carn
`Swiper
`(merchant)
`
`138
`
`Central
`Processing
`Station
`
`MasterCard, Exh. 1005, p. 1
`
`
`
`US 6,636,833 BI
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`5,196,840 A
`5,202,826 A
`5,239,583 A
`5,287,268 A
`5,317,636 A
`5,326,960 A
`5,343,529 A
`5,350,906 A
`5,363,449 A
`5,428,684 A
`5,478,994 A
`5,479,494 A
`5,485,510 A
`5,577,109 A
`5,592,553 A
`5,606,614 A
`5,627,355 A
`5,671,279 A
`5,677,955 A
`5,694,471 A
`5,715,314 A
`5,721,768 A
`5,724,424 A
`5,748,908 A
`5,757,917 A
`5,768,381 A
`5,777,306 A
`5,825,881 A
`5,826,241 A
`5,826,243 A
`5,832,087 A
`5,864,830 A
`RE36,116 E
`5,883,801 A *
`5,890,137 A
`5,893,907 A *
`5,903,878 A
`5,953,710 A *
`5,956,699 A *
`5,984,180 A
`6,000,832 A
`6,029,890 A
`6,144,948 A
`6,227,447 B1
`6,267,292 B1
`6,339,766 B1
`6,341,724 B2
`6,375,084 B1
`
`3/1993
`4/1993
`8/1993
`2/1994
`5/1994
`7/1994
`8/1994
`9/1994
`11/1994
`6/1995
`12/1995
`12/1995
`1/1996
`11/1996
`1/1997
`2/1997
`5/1997
`9/1997
`10/1997
`12/1997
`2/1998
`2/1998
`3/1998
`5/1998
`5/1998
`6/1998
`7/1998
`10/1998
`10/1998
`10/1998
`11/1998
`1/1999
`2/1999
`3/1999
`3/1999
`4/1999
`5/1999
`9/1999
`9/1999
`11/1999
`12/1999
`2/2000
`11/2000
`5/2001
`7/2001
`1/2002
`1/2002
`4/2002
`
`Leith et al.
`McCarthy
`Parrillo
`McCarthy
`Vizcaino
`Tannenbaum
`Goldfine et al.
`Brody et al.
`Bestock
`Akiyama et al.
`Rahman et al.
`Clitherow
`Colbert
`Stimson et al.
`Guski et al.
`Brady et al.
`Rahman et al.
`Elgamal
`Doggett et al.
`Chen et al.
`Payne et al.
`Stimson et al.
`Gifford
`Yu
`Rose et al.
`Hawthorne
`Masuda
`Colvin, Sr.
`Stein et al.
`Musmanno et al.
`Hawthorne
`Armetta et al.
`McCarthy
`Franklin et al.
`Koreeda
`Ukuda
`Talati et al.
`Fleming
`Wong et al.
`Albrecht
`Franklin et al.
`Austin
`Walker et al.
`Campisano
`Walker et al.
`Gephart
`Campisano
`Stanford et al.
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`FR
`GB
`GB
`JP
`WO
`WO
`WO
`WO
`WO
`
`515448
`2661 996
`2327831
`2361790 A
`6-282556
`WO 91/12680
`WO 91/12693
`WO 96/08756
`WO 97/15893
`WO 98/26376 A2
`
`12/1992
`11/1991
`2/1999
`10/2001
`10/1994
`8/1991
`8/1991
`3/1996
`5/1997
`6/1998
`
`304/479.02
`
`705/35
`
`705/35 X
`705/39
`
`WO
`
`* 9/1999
`9949424
`OTHER PUBLICATIONS
`Jones, "ACE Server to Ship for NT," InfoWorld, Feb. 3,
`1997, vol. 19, No.5, p. 8.
`Yamada, "Security Dynamics Plans to Launch Reseller
`Program," Computer Reseller News, Aug. 19, 1996, No.
`697, p. 65.
`Davis, "Vendors Put New Spin on Securtiy Wares," Com(cid:173)
`munications Week, Mar. 27, 1995, No. 549, p. 5.
`"Stokell Security Dynamics & Cisco Offer 'Crackerproof'
`Routers," Newsbytes News Network, Jun. 20, 1994.
`Highland, "With Tokens, It's a New Password Every Time,"
`Computerworld, Jun. 11, 1990, vol. 24, No. 24, pp, 88-89.
`"Security Dynamics Announces ACE/Client for NT/RAS,"
`Business Wire, Mar. 27, 1995, No Author.
`"Security Dynamics Expands Level of User Authentication
`for Internet Security," Business Wire, Mar. 27, 1995, No
`Author.
`Brown, "TGV Launches Token-Based Security Ware,"
`Communications Weeks, Oct. 31, 1994, No. 529, p. 4.
`"CYRPTOCard 2: CRYPTOCard Enables Companies and
`ISPs to Secure Intranet Access with Authentication Tokens
`at Much Lower Costs," Business Wire, Jun. 29, 1998, No
`Author.
`"ENIGMA LOGIC: Enigma Logic Introduces SafeWord
`SofToken," Business Editors & Computer Writers Jun. 1,
`1994, No Author.
`Lamond, Credit Card Transaction Real World and Online,
`1996,
`http://www.virtualschool.edu/mon/electronicprop(cid:173)
`erty/clamond/creditcard.htm.
`Wiggins, "Putting Risk in Perspective," http://www.webref(cid:173)
`erenee .com/outlook/column3/page4.html, 1997.
`Crotch-Harvey, Electronic Money and the Law -The Impli(cid:173)
`cations, http://www.smartcard.co.uk/articles/electronicmon(cid:173)
`ey.html.
`B. Ives & M. Earl, Mondex International: Reengineering
`Money, http://isds.bus.isu.edu/cases/mondex.html, 1997.
`V. Moscaritolo, Digital Commerce for the Rest of US Apple
`in a Geodesic Economy, http://www.shipwright.com/rants/
`rant 15.html, Sep. 4, 1996.
`Herscheim, "Smart Card," http://disc.cba.uh.edu/-rhirsch/
`fa1l96/neepa.htm, Sep. 24, 1996.
`NetChex: "NetChex Offers Secure Checking to the Web,"
`http://ntrg.cs.tcd.ie/mepeirce/ProjectlPress/netchex.html,
`Jan. 1995.
`"NetChex -a short brief," http://www.tml.hut.fi/Studies/
`Tik-110.350/1997IEcommerce/netchex 5.html, 1997.
`GE Capitol Financial, Inc., "Corporate E-Card and E-Com(cid:173)
`merce Glossary," http://www.ge.com/capital/cardservices/
`corpcard/5news5.html.
`Agora: "A minimal Distributed Protocol of Electronic Com(cid:173)
`merce," USENIX Workshop on Electronic Commerce,
`http://www.usenix.org/publicationsllibrary/proceedings/
`ec96/fuILpapers/grabberlhtml/ held from Nov. 18-21, 1996.
`* cited by examiner
`
`MasterCard, Exh. 1005, p. 2
`
`
`
`d•
`'JJ.
`•
`
`~~.
`
`....
`~=.....
`
`oI"l
`
`:-'"
`
`112
`
`/
`(Internet)
`
`104
`/
`Electronic
`
`1.-1 Device
`r - 0;'42
`
`N'
`
`""'"~
`
`NCS
`
`'JJ.=(cid:173)~
`~....
`'""'"o....,
`
`'0
`
`e\
`
`Jl
`-..CJ\
`
`~C
`
`J\
`00
`
`~~ ~1
`
`-0"
`
`106
`/
`Credit
`Card
`Swiper
`(merchant)
`
`I
`
`110
`
`./ 108
`1 ' /
`
`E3
`
`ATM
`
`((rr~140
`
`I
`
`. I
`I
`,
`,
`:
`,
`,
`I
`:
`:
`II
`I
`I
`,
`
`»)1
`
`,
`
`I
`
`138
`
`100
`
`124
`I
`
`r---------
`:
`:
`:
`:
`,
`i I
`
`Credit
`Card
`#'s
`-~-------
`Limited-use
`
`IIII,,:
`
`102
`___________1
`
`--------------
`Conditions
`Database
`122
`
`Fig. 1
`
`,
`,
`,
`
`I
`
`I.
`
`I
`
`Central
`Processing
`Unit
`120
`
`I
`
`I/O
`118
`
`I
`
`,
`
`,
`I
`I
`I
`:
`'
`'
`I
`:
`:
`I
`I
`I
`I
`
`I
`
`126
`
`Card
`Dispenser
`128
`- -
`
`Printer
`130
`
`I :
`
`[J-134 LJ-136
`
`132
`
`[]
`II]
`Central
`:
`[]
`Processing
`:
`Station
`~----------------------------------- ------
`
`l :
`
`MasterCard, Exh. 1005, p. 3
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 2 of 9
`
`US 6,636,833 BI
`
`Fig. 2
`
`START
`
`202
`
`Allocate
`New Limited-use
`Card(s}
`
`Deactivate
`Limited-use
`Card
`
`210
`
`MasterCard, Exh. 1005, p. 4
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 3 of 9
`
`US 6,636,833 BI
`
`Fig. 3
`
`Generate Database of
`Available Credit Card
`Numbers
`
`302
`
`304
`
`Select Master Credit
`Card Number
`
`306
`
`Yes
`
`308
`
`Select Additional
`Credit Card Numbers
`
`310
`
`Yes
`
`322
`
`Add an Issued, But Not
`Valid Number To
`Issued and Valid List
`
`Add Additional Credit
`Card Numbers To
`Issued, But Not Valid
`List
`
`312
`
`314
`
`320
`
`Add Issued and Valid
`Number To Issued and
`invalid List
`
`316
`
`Yes
`Add an Issued, But Not
`Valid Number To
`Issued and Valid List
`
`318
`
`Yes
`
`No
`
`No
`
`MasterCard, Exh. 1005, p. 5
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 4 of 9
`
`US 6,636,833 BI
`
`Fig. 4
`
`Allocate a Credit Carel
`Number To a Master
`Credit Card Number
`
`Allocate a Condition To
`the Credit Card Number
`
`402
`
`404
`
`Store the Condition In a
`Database of Conditions
`
`406
`
`Yes
`
`No
`
`412
`
`No
`
`Transaction
`Denied
`
`Yes
`
`Transaction
`Authorized
`
`MasterCard, Exh. 1005, p. 6
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 5 of 9
`
`US 6,636,833 BI
`
`Fig. 5
`
`Allocate a Master
`Credit Card Number To
`a Master Credit Card
`Number Owner
`
`Allocate Limited Use
`Numbers To the
`Master
`Credit Card Number
`
`502
`
`504
`
`No
`
`Yes
`
`Distribute Multiple
`Numbers Using
`Multiple Cards
`
`Distribute Multiple
`Numbers Using a
`Single Card
`
`514
`
`510
`No
`.>-------+--------+1 Cover One or More
`Portions of the Card
`
`Place the Multiple
`Cards In a Self-
`Contained Container
`
`516
`
`No Distribute the Cards
`>---~ Using An ATM
`Machine
`
`522
`
`Activate the Cards
`When the Statement
`Is Paid
`
`520
`
`MasterCard, Exh. 1005, p. 7
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 6 of 9
`
`US 6,636,833 BI
`
`600
`
`Fig. 6
`
`START
`
`1
`
`Launch Software
`
`'--602
`
`!
`
`Enter PIN
`
`"""- 604
`
`t
`Select a New Limited-
`Use Number With or
`Without Additional
`Constraints
`
`r-- 606
`
`1
`Access Encrypted ~608
`Numbers
`
`612
`)
`Insert the Number
`Into a Web Page
`
`Yes
`
`610
`
`Is the
`Number
`For the
`Internet?
`
`No
`
`Print Out or Copy the
`614 - - Number From the
`Screen
`I•
`
`Delete From
`Encrypted Lists
`
`616--
`
`618--
`
`620 --
`
`!
`
`Store Information
`From
`Transaction
`
`!
`
`Download
`Additional
`Numbers
`
`1
`
`Store the Numbers
`With Computer
`Specific Information
`
`-622
`
`MasterCard, Exh. 1005, p. 8
`
`
`
`d
`JJ.
`
`•'
`
`• ~
`
`~.....
`~=.....
`
`0
`I"l
`:-'"
`N
`'""'"~
`Nc
`8
`
`'JJ.
`
`=-~
`~....
`-..J
`....,
`0
`'0
`
`e
`
`\Jl
`0'1
`-..
`0'1
`'1
`00
`
`~0
`
`~~
`
`~1
`
`-0"
`
`Fig. 7
`
`702
`
`706
`
`I
`
`Complete Nonnal
`.
`Conventional I Authorization,
`Processing &
`Other Functions
`
`708
`
`I
`
`Account
`Settlement
`And Billing
`
`712
`
`Deny Authorization ) 4
`
`/
`
`"'
`.", < ----- . ~_...__. -..
`
`Within
`
`)
`
`I
`
`I
`
`I
`
`I
`I
`
`Detennine Associated I
`
`Account Number
`
`Complete Limited Use I
`
`Specific Processing
`
`718
`
`716
`I
`J
`/ Associated Account
`7& Transaction Details,
`
`Limited Use Number, f-
`
`./ Associated Account
`& Transaction Details
`
`720
`
`MasterCard, Exh. 1005, p. 9
`
`
`
`d•
`'JJ.
`
`• ~~.
`
`....
`~=.....
`
`o0
`
`..
`
`N'
`
`""'"~
`
`NC8
`
`'JJ.=(cid:173)~
`
`~ Q
`
`IO
`
`o....,
`'0
`
`e\
`
`Jl
`0'1
`
`~0
`
`'1
`00
`
`~~ ~1
`
`-0"
`
`Fig. 8
`
`804
`
`812
`
`Account
`Settlement
`And Billing
`
`806
`
`808
`
`Authorize
`
`Conventional
`
`limited Use Number,
`Associated Account
`& Transaction Details
`
`818
`
`limited Use
`Complete Limited Use I
`Specific Processing
`
`814
`
`_I Detennine Associated
`Account Number
`
`816
`
`MasterCard, Exh. 1005, p. 10
`
`
`
`u.s. Patent
`
`Oct. 21, 2003
`
`Sheet 9 of 9
`
`US 6,636,833 BI
`
`Fig. 9
`
`Generate a Database
`of Available Credit Card
`Numbers
`
`902
`
`Select a Master Credit
`Card Number
`
`904
`
`Distribute the Master
`Credit Card Number To a
`Master Credit Card
`Number Owner
`
`Allocate Additional
`Credit Card Numbers To
`the Master Credit Card
`Number
`
`Distribute Additional
`Credit Card Numbers To
`The Master Credit Card
`Number Owner
`
`906
`
`908
`
`910
`
`.>-
`
`-1 No
`
`Yes
`
`Use Additional Credit
`Card Number As a Pin
`Number
`
`912
`
`MasterCard, Exh. 1005, p. 11
`
`
`
`US 6,636,833 Bl
`
`1
`CREDIT CARD SYSTEM AND METHOD
`
`This application claims the benefit of U.S. Provisional
`Application No. 60/099,614 filed Sep. 9, 1998; U.S. Provi(cid:173)
`sional Application No. 60/098,175 filed Aug. 26, 1998; and
`U.S. Provisional Application No. 60/092,500 filed Jul. 13,
`1998, the entire contents of each of which are incorporated
`by reference herein. This application also claims the benefit
`ofIrish Patent Application No. S98 0458 filed Jun. 15, 1998;
`Irish Patent Application No. S98 0346 filed May 7, 1998;
`and Irish Patent Application No. S98 0223 filed Mar. 25,
`1998, the entire contents of each of which are incorporated
`by reference herein.
`
`BACKGROUND
`
`1. Field of the Invention
`This invention relates to a credit card system and method,
`and more particularly, to a credit card system and method
`offering reduced potential of credit card number misuse.
`2. Related Art
`The development of retail electronic commerce has been
`relatively slow in spite of the perceived demand for such
`trade. The single greatest deterrent to the expansion of retail
`electronic commerce is the potential for fraud. This potential
`for fraud has been a major concern for the credit card
`companies and financial institutions as well as the customers
`and the providers of the goods and services.
`The former are concerned about fraud because essentially
`the financial institutions have to bear the initial cost of the
`fraud. Additionally,
`the credit card companies have an
`efficient credit card system which is working well for face to
`face transactions, i.e., "card present" transactions where the
`credit card is physically presented to a trader and the trader
`can obtain the credit card number, compare signatures and in
`many cases photographs before accepting a particular credit
`card.
`The latter are equally concerned about fraud being well
`aware that ultimately the user must pay for the fraud.
`However,
`there are particular personal concerns for the
`consumer in that the fraudulent use of the credit card by
`misuse of the credit card number by a third party may not
`become apparent for some time. This can happen even if the
`card is still in his or her possession. Further, when fraud does
`occur the consumer has the task of persuading the credit card
`provider that fraud by another did indeed occur.
`There is also the additional fear of being overcharged on
`a credit card. There are thus particular risks for those credit
`card holders who have relatively high spending limits, in
`that if fraud should occur, it may be some considerable time
`before it is detected. One particular form of fraud referred to
`to control. What
`as "skimming" is particularly difficult
`happens is that the card holder proffers his or her card at an
`establishment to make a transaction, the relevant informa(cid:173)
`tion is electronically and/or physically copied from the card
`and the card is subsequently reproduced. This can be a
`particular problem with travelers particularly during an
`extensive period of travel as the fraudulent card may turn up
`in other places and it may be some considerable time before
`the fraud is detected.
`For remote credit card use, the credit card holder has to
`provide details of name, master credit card number, expira(cid:173)
`tion date and address and often many other pieces of
`information for verification; the storing and updating of the
`information is expensive but necessary. This of itself is a
`considerable security risk as anybody will appreciate that
`
`25
`
`2
`this information could be used to fraudulently charge goods
`and services to the card holder's credit card account. Such
`fraudulent use is not limited to those people to whom the
`credit card information has been given legitimately, but
`5 extends to anybody who can illegitimately obtain such
`details. A major problem in relation to this form of fraud is
`that the credit card may still be in the possession of the
`legitimate holder as these fraudulent transactions are taking
`place. This is often referred to as "compromised numbers"
`10 fraud. Indeed all
`this fraud needs is one dishonest staff
`member, for example in a shop, hotel or restaurant, to record
`the credit card number. It is thus not the same as card theft.
`The current approaches to the limiting of credit card fraud
`are dependent on the theft of a card being reported and
`15 elaborate verification systems whereby altered patterns of
`use initiate some enquiry from the credit card company.
`Many users of credit cards have no doubt received telephone
`calls, when their use of the card has been exceptional, or
`otherwise unusual in the eyes of the organization providing
`20 the verification services.
`Thus, there have been many developments in an effort to
`overcome this fundamental problem of fraud, both in the
`general area of fraud for ordinary use of credit cards and for
`the particular problems associated with such remote use.
`One of the developments is the provision of smart cards
`which are credit card devices containing embedded elec(cid:173)
`tronic circuitry that can either store information or perform
`computations. Generally speaking they contribute to credit
`30 card security systems by using some encryption system. A
`typical example of such a smart card is disclosed in U.S. Pat.
`No. 5,317,636 (Vizcaino).
`Another one of the developments is the Secure Electronic
`Transaction (SET) protocol which represents the collabora-
`35 tion between many leading computer companies and the
`credit card industry which is particularly related to elec(cid:173)
`tronic transmission of credit card details and in particular via
`the Internet. It provides a detailed protocol for encryption of
`credit card details and verification of participants in an
`40 electronic transaction.
`Another method that is particularly directed to the Internet
`is described in U.S. Pat. No. 5,715,314 (Payne et al.). U.S.
`Pat. No. 5,715,314 discloses using an access message that
`comprises a product
`identifier and an access message
`45 authenticator based on a cryptographic key. A buyer com(cid:173)
`puter sends a payment message that identifies a particular
`product to a payment computer. The payment computer is
`programmed to receive the payment message, to create the
`access message, and to send the access message to a
`50 merchant computer. Because the access message is tied to a
`particular product and a particular merchant computer, the
`access message can not be generated until the user sends the
`payment message to the payment computer. Because the
`access message is different from existing credit card formats,
`55 the access message is ill-suited for phone/mail orders and
`other traditional credit card transactions.
`There are then specific electronic transaction systems
`such as "Cyber Cash," "Check Free" and "First Virtual."
`Unfortunately, there are perceived problems with what has
`60 been proposed to date. Firstly, any form of reliance on
`encryption is a challenge to those who will then try to break
`it. The manner in which access has been gained to extremely
`sensitive information in Government premises would make
`anyone wary of any reliance on an encryption system.
`65 Secondly, a further problem is that some of the most secure
`forms of encryption system are not widely available due to
`government and other security requirements. Limiting the
`
`MasterCard, Exh. 1005, p. 12
`
`
`
`US 6,636,833 Bl
`
`5
`
`4
`No. 5,350,906 (Brody et al.) and U.S. Pat. No. 5,326,960
`(Tannenbaum et al.) disclose issuing temporary PINs for one
`time or limited time and limited credit access to an account
`at an ATM. These patents disclose a currency transfer system
`and method for an ATM network. In this system, a main
`account holder (i.e., the sponsor) sets up a subaccount that
`can be accessed by a non-subscriber by presenting a fixed
`limit card associated with the subaccount and by entering a
`password corresponding to the subaccount. Once the fixed
`10 limit is reached, the card can no longer be used. The fixed
`limit card contains information on its magnetic stripe per(cid:173)
`taining to the sponsor account.
`One of the problems with all these systems is that there
`are many competing technologies and therefore there is a
`15 multiplicity of incompatible formats which will be a deter(cid:173)
`rent to both traders and consumers. Similarly, many of these
`systems require modifications of the technology used at the
`point of sale, which will require considerable investment
`and further limit the uptake of the systems.
`
`3
`electronic trading systems and security systems for use to
`the Internet
`is of relatively little use. While electronic
`commerce is perceived to be an area of high risk, in practice
`to date it is not.
`Additionally, various approaches have been taken to make
`"card present" transaction more attractive. For instance,
`Japanese Patent Publication No. Hei 6-282556 discloses a
`one time credit card settlement system for use by, e.g.,
`teenage children of credit card holders. This system employs
`a credit card which can be used only once in which various
`information such as specific personal
`information, use
`conditions, and an approved credit limit identical to those of
`the original credit card are recorded on a data recording
`element and displayed on the face of the card. The one-time
`credit card contains the same member number, expiration
`date, card company code, and the like as on existing credit
`card, as well as one-time credit card expiration date not
`exceeding the expiration date of credit card, available credit
`limit for the card, and the like. The one-time credit card
`makes use of some of the same settlement means as the 20
`conventional credit card. However, the system also requires
`use permission information to be recorded on the credit card,
`the information permitting the credit card to be used only
`once or making it impossible to use the credit card when the
`credit
`limit has been exceeded. A special card terminal 25
`device checks the information taken from the card for
`correctness and imparts use permission information for
`when the card is not permitted to be used on the transmission
`to the credit card issuing company. The use permission
`information takes the form of a punched hole on the card 30
`itself. This system has obvious drawbacks, such as the card
`terminal having to be modified for additional functions (e.g.,
`punching holes, detected punched holes,
`imparting addi(cid:173)
`tional information, etc.). Also, such a system offers little
`additional security insofar as fraud can still be practiced 35
`perhaps by covering the holes or otherwise replacing the
`permission use information on the credit card. Further, such
`a system would require a change in nearly all card terminal
`equipment if it were adopted.
`U.S. Pat. Nos. 5,627,355 and 5,478,994 (Rahman et al.) 40
`disclose another type of system that uses a plurality of pin
`numbers which are added to a credit card number on an
`electronic display. U.S. Pat. No. 5,627,355 discloses a credit
`card having a memory element containing a series of pass(cid:173)
`words in a predetermined sequence. These passwords are 45
`identical to another sequence stored in a memory of a host
`control computer. Further, the card contains a first fixed field
`containing an account number (e.g., "444 222 333"). In
`operation, the memory element of the credit card device
`provides a unique password from the sequence with each use 50
`of the credit card device. This permits verification by
`comparing the account number and the password provided
`with each use of the device with the account number and the
`next number in sequence as indicated by the host computer.
`The host computer deactivates the password after the trans- 55
`action. Among the drawbacks with this type of system is the
`need for a power supply, a display, a memory device, a
`sound generator and the need to recycle a limited sequence
`of pin numbers. Such a system is not readily adapted to
`current credit card transactions because it lacks the ability of 60
`providing a check sum of the card number and cannot be
`read by a standard card reader. Also, if the card is lost or
`stolen, there is little to prevent a person from using the card
`until it is reported to be lost or stolen by the correct holder.
`See, also, U.S. Pat. No. 5,606,614 (Brady et al.).
`Other attempts have been made to make funds available
`to an individual, but with limitations. For example, U.S. Pat.
`
`OBJECTS AND SUMMARY OF THE
`INVENTION
`
`Many solutions have been proposed to the problem of
`security of credit card transactions. However, none of them
`allow the use of existing credit cards and existing credit card
`formats and terminal equipment. Ideally, as realized by the
`present
`inventors,
`the solution would be to obtain the
`functionality of a credit card, while never in fact revealing
`the master credit card number. Unfortunately, the only way
`to ensure that master credit card numbers cannot be used
`the master credit card
`fraudulently is to never transmit
`number by any direct route, i.e. phone, mail, Internet or even
`to print out
`the master credit card number during the
`transaction, such as is commonly the case at present.
`According to exemplary embodiments, the present inven(cid:173)
`tion is directed towards improving the existing credit card
`system by providing a more secure way of using existing
`credit cards and in particular to providing an improved way
`of using existing credit cards in remote credit card transac(cid:173)
`tions. The present
`invention is further directed towards
`providing a more secure way of using existing credit cards
`generally which will not require any major modifications to
`existing credit card systems. It is further directed towards
`providing an improved credit card system that will be more
`user friendly and will provide customers with a greater
`confidence in the security of the system.
`Further the invention is directed towards providing an
`improved credit card system, in one embodiment, that will
`not necessarily require the use of expensive and potentially
`fallible encryption systems. The present invention is also
`directed towards providing an improved credit card system
`which will enable a user to obtain the functionality of a
`credit card while never revealing the master credit card
`number.
`Further the invention is directed towards overcoming as
`far as possible the incidence of skimming and compromise
`numbers frauds.
`invention are
`These and other objects of the present
`satisfied by a first exemplary embodiment, which pertains to
`a credit card technique involving: maintaining a pool of
`credit card numbers which share identical formatting;
`assigning at least one credit card number from the pool of
`credit card numbers to be a master credit card number;
`65 assigning at least one credit card number from the pool of
`credit card numbers to be a limited-use credit card number
`which is deactivated upon a use-triggered condition subse-
`
`MasterCard, Exh. 1005, p. 13
`
`
`
`US 6,636,833 Bl
`
`5
`quent; and associating the master credit card number with
`the limited-use credit card number, while ensuring that the
`master credit card number cannot be discovered on the basis
`of the limited-use credit card number.
`The technique further comprises: receiving notification 5
`that the limited-use credit card number has been used in a
`credit card transaction; determining whether a limited-use
`event has occurred based on the notification, and if so,
`generating a deactivation command; and deactivating the
`limited-use credit card if a limited-use event has occurred, 10
`based on the deactivation command which is generated upon
`a use-triggered condition subsequent. In one embodiment,
`the limited-use event is satisfied when the limited-use credit
`card is used only once. In another embodiment, the limited(cid:173)
`use event is satisfied when the limited-use credit card is used 15
`to accrue charges which are greater than a prescribed mon(cid:173)
`etary amount, which are greater than a prescribed frequency
`of use, and/or a combination of use frequency, individual
`transaction amount and total amount.
`the additional 20
`In one embodiment of the invention,
`limited-use credit card numbers are allocated automatically
`as soon as the credit card holder uses more than a preset
`amount of limited-use credit card numbers. The advantage
`of this is that the master credit card holder does not have to
`request the credit card numbers each time they are required. 25
`In another embodiment, a technique for performing a
`credit card transaction based on one of a master credit card
`number and a limited-use credit card number is provided,
`wherein the limited-use credit card number is randomly 30
`chosen with respect to the master credit card number, but the
`limited-use credit card number includes identical formatting
`to the master credit card number and is associated with the
`master credit card number. The technique comprises: enter(cid:173)
`ing a transaction on the basis of the master credit card 35
`number or the limited-use credit card number to generate a
`transaction message; and receiving the transaction message
`and processing the transaction. The step of processing the
`transaction includes: authorizing or denying the transaction;
`determining whether to deactivate the limited-use credit card 40
`number when the limited-use credit card number was used
`to perform the transaction, and generating a deactivation
`command in response thereto, wherein the determining step
`determines whether to deactivate the limited-use credit card
`number based on whether a limited-use event pertaining to 45
`the use of the limited-use credit card number has occurred,
`and if so, generates the deactivation command when the
`limited-use event has occurred; and deactivating the limited(cid:173)
`use credit card number based on the deactivation command.
`One advantage of the above-described techniques is that 50
`the credit card holder obtains the functionality of a credit
`card without ever in fact revealing the master credit card
`number in the course of a transaction. More specifically,
`according to a preferred embodiment, there is no mathemati-
`cal relationship between the limited-use credit card number 55
`and the master credit card number. This is attributed to the
`fact that the numbers are randomly selected from a queue of
`available limited-use credit card numbers based upon the
`It is thus
`requests and/or needs of different customers.
`virtually impossible to predict which customers are looking 60
`for numbers at any time or how they will be allocated.
`Further, the technique can use a limited-use credit card
`number, and hence the possibility of compromised numbers
`credit card fraud may be eliminated or at
`least greatly
`reduced. Additionally, in one embodiment of the credit card 65
`technique, a preset credit limit, etc. is allocated. Irrespective
`of how the trader behaves (for example, by fraudulently
`
`6
`overcharging or providing additional goods) the total risk to
`the credit card holder is directly related to the preset credit
`limit, and thereby can be minimized.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The foregoing, and other, objects, features and advantages
`of the present invention will be more readily understood
`upon reading the following detailed description in conjunc(cid:173)
`tion with the drawings in which:
`FIG. 1 shows an exemplary system for implementing the
`present invention;
`the operation of the
`FIG. 2 shows, in high-level form,
`central processing station shown in FIG. 1;
`FIG. 3 is a flow chart illustrating an exemplary process for
`allocating credit card numbers;
`FIG. 4 is a flow chart illustrating an exemplary process for
`limiting the use of a credit card number;
`FIG. 5 is a flow chart illustrating an exemplary process for
`distributing credit card numbers;
`FIG. 6 is a flow chart illustrating an exemplary process for
`electronically using credit card numbers;
`FIG. 7 is a flow chart illustrating an exemplary process for
`processing a transaction;
`illustrating another exemplary
`FIG. 8 is a flow chart
`process for processing a transaction; and
`FIG. 9 is a flow chart illustrating an exemplary process for
`using a credit card number as a PIN number.
`
`DETAILED DESCRIPTION
`In this specification the term "credit card" refers to credit
`cards (MasterCard®, Visa®, Diners Club®, etc.) as well as
`charge cards (e.g., American Express®, some department
`store cards), debit cards such as usable at ATMs and many
`other locations or that are associated with a particular
`account, and hybrids thereof (e.g., extended payment Ameri(cid:173)
`can Express®, bank debit cards with the