US 6105013 Method, apparatus, system and firmware for secure transactions
ABSTRACT – The present invention relates to an electronic module used for secure transactions. More specifically, the electronic module is capable of passing information back and forth between a service provider’s equipment via a secure, encrypted technique so that money and other valuable data can be securely passed electronically. The module is capable of being programmed, keeping track of real time, recording transactions for later review, and creating encryption key pairs.
FIELD OF THE INVENTION
The present invention relates to a method, apparatus and firmware used for secure transactions. In particular, in an electronic module based system, the module can be configured to provide at least secure data transfers, digital signatures or to authorize monetary transactions.
BACKGROUND OF THE INVENTION
Presently, credit cards that have a magnetic strip associated with them, are a preferred monetary transaction medium in the market place. A card user can take the card to an automatic cash machine, a local store or a bank and make monetary transactions. In many instances the card is used via a telephone interface to make monetary exchanges. The magnetic strip card is used to help identify the card and user of the card. The card provides a relatively low level of security for the transfer. Regardless, the card enables a card holder to buy products, pay debts and make monetary exchanges between separate bank accounts.
Improvements have been made to the magnetic strip card. There have been cards created with microcircuits instead of magnetic strips. In general the microcircuit, like a magnetic strip, is used to enable a card-reader to perform a transaction.
SUMMARY OF THE INVENTION
The present invention is an apparatus, system and method for communicating encrypted information between a preferably portable module and a service provider’s equipment. The invention comprises a module, that has a unique identification, that is capable of creating a random number, for example, a SALT, and passing the random number, along with, for example, a request to exchange money, to a service provider’s equipment. The service provider’s equipment may in return encrypt the random number with a private or public key (depending on the type of transaction), along with other information and pass the encrypted information back to the module as a signed certificate. The module, upon receiving the signed certificate, will decrypt the certificate with a public or private key (depending on the type of transaction) and compare the decrypted number with the original random number. Furthermore, if the numbers are the same then the transaction that was requested may be deemed secure and thereby proceeds. The module is capable of time stamping and storing in memory information about the transaction for later review.