A PIN NUMBER SECURITY SYSTEM FOR DEBIT CARD AND CREDIT CARD

SYSTEME DE SECURITE A NUMERO NIP POUR CARTE DE DEBIT ET CARTE DE CREDIT

English Abstract

A pin number security system for debit card and credit card: when creating an
account
in a bank or a credit card company, the client will provide his or her mobile
phone or
wire telephone number or email address, the pin number of the debit card or
the credit
card can only be used once, and immediately, a new pin number will be sent to
the
client as a text message or email or via telephone transmission through the
mobile
phone or wire telephone or email provided by the client in his or her
registration
records at the bank or the credit card company. The frequent change of pin
number for
a client's debit card and credit card greatly improves the security level of
such card,
and reduces the opportunity of causing inconveniences to the client. And as no

material modifications are needed for the existing pin number system for debit
card
and credit card, the entire system does not increase the operating costs for
banks and
credit card companies.

Claims

CLAIM


1. A One-Time Pad (OTP) pin Number Security System for debit card and credit
card featured with a One-time Pad generator has the following features:

A. The computer generates random pin numbers (hereinafter referred to as the
"Pin Number");
B. According to the requirements by the user of debit card and credit card
(hereinafter referred to as the "Client"), a newly-generated Pin Number is
sent
to the Client via mobile phone, mobile phone text message (hereinafter
referred to as the "text message"), the Internet, wire telephone and other
communication tools;
C. Upon completion of a payment process, the Pin Number that has been used
will become invalid, in other words, the Pin Number to debit card or credit
card shall be used only for once;
D. A new Pin Number is generated immediately after the current Pin Number
becomes invalid, and will be sent to the Client for use of next transaction
via
the above-mentioned mobile phone, text message, the Internet, wire telephone
and other communication tools;
E. The new Pin Number may also be sent upon the Client's request to the Client

for use of next transaction via the above-mentioned mobile phone, text
message, the Internet, wire telephone and other communication tools;
F. The Client breaks and uses the Pin Number by using the encryption algorithm

that has been previously established with the bank or the credit card company.

2. According to Article 1 in this Claim of Rights, when opening an account at
the
bank or the credit card company, the Client will register with his or her
mobile
phone or wire telephone number or email address and will be designated with an

initial pin number;

3. According to Article 1 in this Claim, the Client may establish a specific
encryption
algorithm with the bank or credit card company for the Pin Number sent to the
Client via the above-mentioned mobile phone, text message, the Internet, wire
telephone and other communication tools in order to prevent such card or
communication tools from being stolen and used by a thief;

4. According to Article 1 in this Claim, the pin numbers to debit card or
credit card
are randomly generated by the computer by using a specific algorithm, and, in
this
case, totally non-repeated, this means that no same passwords will be
generated
for the Client's debit card or credit card within the expiration of such card.

5. According to Article lin this Claim, the random pin number generator can be




1



customized by the user itself or other finished software;

6. According to Article 1 in this Claim, by using the initial pin number
designated by
the bank or the credit card company, this OTP Pin Number Security System is
started;

7. According to Article 1 in this Claim, once the initial pin number is used
for the
first transaction, it will immediately become invalid and can no longer be
used for
any future transaction;

8. According to Article 1 in this Claim, once the initial pin number is used
for the
first transaction, it will immediately become invalid and can no longer be
used for
any future transaction, but this initial pin number will be stored in the
computer
server as references for the event of the debit card or the credit card being
lost,
restarted or modified.

9. According to Article 1 in this Claim, upon completion of the first
transaction, the
initial pin number will become invalid, the central computer server of the
bank or
the credit card company will immediately generate a new Pin Number for the
Client (or upon the Client's request, this patented invention reserves the
rights to
generate more than one Pin Numbers and no further statement will be made
hereunder);

10. According to Article 1 in this Claim, the new Pin Number generated by the
central
computer server will be transmitted to the Client via mobile phone, text
message,
the Internet, wire telephone and other communication tools, each transmission
contains only one Pin Number from time to time (or more Pin Numbers upon the
Client's request, this patented invention reserves the rights to send more Pin

Numbers and no further statement will be made hereunder);

11. According to Article 1 in this Claim, if the Client has provided his or
her mobile
phone number to the bank or the credit card company for registration, the Pin
Number will be sent to the Client as a mobile phone text message, the Client
gets
the Pin Number by viewing such message;

12. According to Article 1 in this Claim, if the Client has provided his or
her
designated email address to the bank or the credit card company for
registration,
the Pin Number will be sent to such email box via the Internet, the Client
gets the
Pin Number by checking such email;

13. According to Article 1 in this Claim, the Pin Number can also be sent to
the Client
via mobile phone or wire telephone, details are as follows: the Client makes a
call
to the designated phone number of the bank or the credit card company by using

his or her mobile phone or wire telephone, and follows the voice instructions
to



2



correctly input the password that was previously set at the bank or the credit
card
company when opening the account, then the Client shall hear the new Pin
Number in the phone, the Client records such Pin Number and uses it. The
Client
may get a different new Pin Number from time to time by repeating the above
steps;

14. According to Article 1 in this Claim, while the new Pin Number generated
by the
central computer server is sent to the Client, the Client's Pin Number records

stored in the database of the central computer server will be updated
concurrently,
which means that the Pin Number stored in the database will be same as the new

Pin Number sent to the Client, this enables the central computer server to
compare
the Pin Number the Client is using with that stored in the database;

15. According to Article 1 in this Claim, the Client uses his or her debit
card or credit
card for any transaction by following the required steps (as for charging
devices,
ATMs or when input of pin number is needed), and inputs the Pin Number, which,

if correct, will close the transaction, however, if incorrect, the transaction
will not
continue;

16. In case that input errors have exceeded three times, the central computer
will
immediately invalidate such Pin Number and send a new Pin Number as well as a
notice of error to the Client via mobile phone, text message, the Internet,
wire
telephone and other communication tools;

17. In case that the Client's debit card or credit card is stolen or used by
someone else
without authorization of the Client, the notice of error serves as a warning
to the
Client, so he or she may set up for prevention or call the police;

18. According to Article 1 in this Claim, upon completion of the transaction
by using
the Pin Number sent to the Client via mobile phone, text message, the
Internet,
wire telephone and other communication tools, such Pin Number shall become
invalid and can no longer be used in the future;

19. According to Article 1 in this Claim, upon completion of the transaction
by using
the Pin Number sent to the Client via mobile phone, text message, the
Internet,
wire telephone and other communication tools, such Pin Number shall become
invalid and can no longer be used in the future, meanwhile the same Pin Number

in the Client's database of the central computer server also becomes invalid;

20. According to Article 1 in this Claim, the completion of transaction with
debit card
or credit card by using the Pin Number sent via mobile phone, text message,
the
Internet, wire telephone and other communication tools shall refer to that the
debit
card is taken out from the automatic teller machine; or that a payment,
transfer or
deposit is done at the counter in the bank by using the debit card or the
credit card;



3



or that a payment is done at the cashier in a store or other establishments by
using
the debit card or the credit card; or a transaction is completed on the
Internet by
using the debit card or the credit card; and or a transaction, payment,
transfer or
deposit is completed in any other ways by using the debit card or the credit
card;

21. According to Article 1 in this Claim, upon completion of the transaction
with debit
card or credit card, the Pin Number of the Client becomes invalid and can no
longer be used in the future. And the invalidity period of such Pin Number
shall
remain the same as the remaining term of such Client's such debit card or
credit
card, this means, such Pin Number shall never be used until such debit card or

credit card expires;

22. According to Article 1 in this Claim, upon completion of the transaction
with debit
card or credit card, the current Pin Number becomes invalid, the computer will

immediately generate a new Pin Number and send it to the Client for use of the

next transaction via mobile phone, text message, the Internet, wire telephone
and
other communication tools;

23. According to Article 1 in this Claim, the Client may also choose a more
secure
way to procure the Pin Number in which the new Pin Number is only generated
upon the Client's request and sent via mobile phone, text message and the
Internet.



4

Description

CA 02627108 2008-04-04

DESCRIPTION
Field of Invention

This invention is in the field of pin number security for debit card and
credit card.
BACK GROUND OF INVENTION

Debit cards and credit cards, as payment tools integrated with modern
financial
concept and information technology, have significantly changed people's
consumption concepts and payment methods, and have become pervasive in human
society as an indispensable part of our everyday life.

However, along with the rapid growth in use of debit cards and credit cards,
crimes
arising out of it have been dramatically increased. During the period of 2004 -
2006,
over 100 thousand credit card crimes were reported in the U.S. In January
2007,
Canadian government eradicated a credit card counterfeiting syndicate, and
confiscated 1400 phony credit cards on site. Canadian Imperial Bank of
Commerce
(CIBC) announced in 2007 that it lost a file containing the confidential
information of
almost a half-million clients. According to statistics from the Canadian
Bankers
Association, Canadian consumer losses caused by debit card theft were about 95
million Canadian dollars in 2006, and the losses of banks were even heavier.
China
has also seen frequent debit card and credit card theft cases in recent years,
which
have brought a sense of insecurity to the entire society. These criminal
activities have
seriously damaged the world economy

One of the reasons why debit card and credit card crimes are so common in the
world
is the disadvantage of security measures to safeguard the use of debit card
and credit
card in the financial systems. Commonly-used countermeasures by banks
worldwide
to prevent debit card and credit card crimes include the following:

1. To set up a pin number for the debit card;
2. To educate clients how to protect their debit card information;
3. To enable timely alarm.

While debit cards are protected by pin numbers, credit card users do not even
have
that simple protection. However debit card pin number is no longer an
effective
barrier to thieves. There are more and more opportunities for debit card pin
number to
be disclosed or stolen. Thieves that have access to ingenious high-tech
criminal
devices only need to use their transducers closed to the ATMs to acquire
clients' bank

t


CA 02627108 2008-04-04

account numbers and pin numbers. Some thieves can steal personal information
on
thousands of clients by hacking into the bank's computer system. There have
been
numerous news reports on this phenomenon.

To establish an more effective pin number security system to protect debit
card
and credit card is urgently needed for all financial institutions.

The difficulty in applying effective technical measures to protect debit card
and credit
card is: while the measure shall be effective to prevent debit card and credit
card
information including pin number from being stolen by thieves, it shall not be
too
complicated for average consumers and businesses to accept, and it shall not
significantly change the debit card and credit card systems that the bank is
currently
using. These difficulties are the main reason why the current security
measures for
debit card and credit card are not effective for prevention of crimes.

INVENTION
The purpose of this invention is to provide a pin number security system for
debit
card and credit card more reliable and efficient than the existing one without
being
necessary to do any material modifications to the currently used pin number
systems.
But it is strongly recommended for credit card companies to establish pin
number
system for credit cards. This invention is adapted to establish pin number
system for
credit cards.

1. When opening an account in a bank or credit card company, the client will
provide
his or her own mobile phone or wire telephone number or email address, and the
bank or the credit card company will offer the client an initial pin number;

2. To prevent the client's debit card or credit card information from being
stolen
together with the client's mobile phone or email password, the client may
select
the encryption algorithm when creating the account. For example: suppose the
client requires to add 1 to a specific digit in a four-digit pin number, in
this
example we assume it to be the third digit, this means, if the pin number
designated to the client is 1234, the right input of pin number by the client
when
using this debit card or credit card shall be 1244, i.e., the third digit is
added with
1; for another example: suppose the client wants the second digit of the pin
number to be uniformly altered to 8, in this case, when using a debit card or
credit
card with the designated pin number of 1234, the right input shall be 1834;
the
third example: the client requires a three-digit pin number sent from time to
time,
and wants to add 9 in front of the three digits (or other positions), in such
case, if
the client is sent with the pin number 123, he or she shall input 9123 when
using
the debit card or credit card. The analogy goes on, the client have hundreds
of
other options for encryption, to name just a few, as long as the client sets
it up at
the bank or the credit card company when opening his or her account. This

2


CA 02627108 2008-04-04

invention specifically emphasizes on the rights for prior setting of
encryption
algorithm at banks or credit card companies to enhance security for debit card
and
credit card.

3. The pin number the client uses for the first time is the initial pin
number, which
will be abandoned after the first use. For example: a client has withdrawn
some
cash from his or her debit card account at an ATM, once the card is taken out
from
the slot, a new pin number will be sent as via text message to the mobile
phone
that the client has provided in the registration information at the bank, the
initial
pin number is invalidated at the same time;

4. Upon the use of the initial pin number, the One-time Pad (OTP) pin number
system will be started. Later, when the client completes his or her use of the
debit card or credit card from time to time, he or she will be sent with a new
pin
number to replace the current pin number. For instance: when a client finishes
a
payment with credit card (such as online payment), a new pin number will sent
to
the email box that the client has provided in his or her registration
information at
the credit card company; another example: upon the completion of a payment
process, the client may require a new pin number by calling a designated
number
of the bank using the mobile phone or wire telephone that the client has
provided
in his or her registration records at the bank. The process will continue in
which
the new pin number is generated to replace the existing one until the debit
card or
credit card expires or is reported lost (drawing);

5. For consideration of loss, change and technical failure of the client's
mobile phone
and other communication tools or the inaccessibility of the client's email
account,
the client may also register at the bank or the credit card company with a
specific
pin number to report such loss, change and restart. Such specific pin number
shall
not be used for transactions with the debit card or credit card and can only
be used
to report a loss or modification. The client may also adopt the methods
commonly
used in banks or credit card companies, which is by providing the bank or the
credit card company with the client's identification card to report a loss,
modification or restart.

6. Pin numbers for debit card and credit card are generated randomly by the
computer with a specific algorithm program, which can be made by the user
itself
or purchased from the market, such program has the following two features: (1)
it
creates completely random pin numbers that lack in discernable patterns, even
if
the algorithm is cracked by the thief, it is still hard to manipulate; (2) no
pin
numbers generated are repeated, which means there will never be two same pin
numbers generated for the debit card or credit card, in other words, all pin
numbers generated before the expiration of the debit card or credit card are
used
only for once.

3


CA 02627108 2008-04-04

7. Upon completion of a payment process with the client's debit card or credit
card,
immediate feedback information will be sent to the pin number generator
computer in our system servers center, such computer will, upon receipt of the
request, immediately generate a new pin number and send it to the client, and
the
previous pin number will become invalid.

8. The client may also choose to get the new pin number only when a request is
made. Example for this method: the client sends a cell phone text message or
email or makes a call to the number designated by the bank or the credit card
company when opening the account, from time to time, before he or she actually
uses his or her debit card or credit card, the computer receives such request
from
the client, and immediately generates a new pin number that the client will be
using and send it to the client via text message, email or mobile phone or
wire
telephone. The advantage of this method is that there is not at all any pin
number
pre-stored that may be stolen, however the disadvantage is that the problems
in
communication facilities or the restrictions on the internet may delay the
client's
procurement of the pin number, affecting the client's use of his or her debit
card or
credit card.

9. While the newly-generated pin number is sent to the client, such
information is
also sent and stored in the client's account in the computer server of the
bank or
the credit card company so that the client may check up for the pin numbers
when
using his or her debit card or credit card. Whenever the client finishes a
payment
with debit card or credit card, a new pin number will be generated and sent to
the
client, and the client's account information in the server will be updated,
that is,
the previous pin number becomes invalid while a the new pin number takes
place.

10. The pin numbers of the debit card or the credit card are generated on a
random
basis without any patterns and thus hard to predict, and all pin numbers are
stored
in the database for very a short period of time, and will be changed to for
transactions from time to time. All these features contribute to greatly
improve the
security level of debit card and credit card.

11. Even if the thief acquires the client's debit card or credit card and the
pin number
for such card sent by the server, the thief will still be unable to use the
card as he
or she does not know the specific encryption algorithm that the client has set
up
with the bank or the credit card company;

12. Even if the thief acquires the client's debit card or credit card and the
pin number
for such card sent by the server and the encryption algorithm set at the bank
or the
credit card company, the thief will only be able to use the card for once as
he or
she does not have the client's communication tool to which the new pin number
being used for the next transaction will be sent. This keeps the losses of the
client
at a minimum;

4


CA 02627108 2008-04-04

13. In case that a thief has the client's debit card and credit card or the
information of
such cards as well as the communication tool to which the new pin number being
used for the next transaction will be sent, such as the mobile phone or email
with
its user name and password, the thief can get the new pin number by using such
communication tool, but the thief still can not use that pin number because he
or
she does not know the specific encryption algorithm that the client has set up
with
the bank or the credit card company;

14. It is rarely likely that the client's debit card or credit card, the pin
number to such
card and the communication tool used to receive new pin numbers, as well as
the
encryption algorithm set with the bank or the credit card company have all
been
stolen simultaneously.