WO2000025474A1 - Cryptographic protocol for financial transactions - Google Patents

Abstract

Information such as information of a credit card transaction over the Internet is encrypted by a multi-level encryption scheme in which the information is encrypted using a random one-time pad to produce a first level cipher (S1), and the one-time pad is encrypted using the first level cipher as a pad to produce a second level cipher (S2). The ciphers are preferably divided into respective shadows (S3) that are distributed among a plurality of files (S6), whereby all of the files must be retrieved in order to decrypt the transaction information. The random pad may be produced with a random number generator that produces random numbers based on information of the transaction, which information may, but need not be, information that is to be encrypted.

Description

CRYPTOGRAPHIC PROTOCOL FOR FINANCIAL TRANSACTIONS

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional Application No. 60/105,520 filed October 26, 1998, which is incorporated herein by reference.

BACKGROUND OF THE INVENTION

This invention relates to a cryptographic protocol that provides for secure storage and transmission of financial and other data of private communications over a computer network. Within its broader applicability, the invention is especially useful for the protection of data exchanged by parties to an electronic commerce transaction, such as a purchase of goods or services by credit card over the Internet, specifically over the worldwide web.

With the recent proliferation of personal computers, electronic commerce over the Internet has become increasingly commonplace. In a typical e-commerce transaction, a customer accesses a merchant's Internet web site and places an order for goods or services by credit card (more precisely, by providing his credit card account information) using his personal computer. The merchant's web site requests and, in the usual case, receives a credit card authorization from the customer's card issuing bank and accepts the order. The credit card authorization may be obtained indirectly from the card issuing bank through a third party processor, who may also store information of the transaction for subsequent retrieval on behalf of one or more the parties involved in the transaction or, on infrequent occasions, at the request of law enforcement authorities.

In conventional transaction data storage systems, sensitive data such as financial account information may be encrypted based on so-called public key encryption techniques, if the is even encrypted in the first place. For a description of public key encryption, see, e.g.,

Schneier, Applied Cryptography, Protocols, Algorithms, and Source Code in C, Second Edition, John Wiley & Sons, 1996, which is incorporated herein by reference. The problem with this approach is that public key encryption is subject to compromise, even if with considerable difficulty. Further, with the ever-increasing computing power of modern computers, the risk of compromise is continuously on the rise. Once compromised, the information of all stored transactions can be obtained. Data stored in non-encrypted form, on the other hand, is simply "free for the taking" by any unauthorized person who gains access to the data—hardly a desirable scenario.

As will be seen hereinafter, the encryption protocol of the present invention is, in a preferred form, based on principles derived from two powerful, highly secure encryption techniques: one-time pads and secret sharing schemes. For a comprehensive understanding of these techniques, the reader is referred to the aforementioned text by Schneier. Additionally, see Stinson, Cryptography Theory and Practice, CRC Press, 1995, which is also incorporated herein by reference. A brief explanation of these techniques will suffice here for purposes of understanding the present invention.

A one-time pad can be defined as a non-repeating set of random key characters. Each key character is used to encrypt one plaintext character. Encryption is the addition "modulo m" of the plaintext character and the corresponding key character, where m is the number of plaintext characters in the available character set. Consider the following example from the Schneier text based on the 26 -letter English alphabet (m = 26) : Plaintext Message = onetimepad

Random Key Sequence = tbfrgfarfm The resulting ciphertext (encrypted text) is ipklpsfhgq because (o + t)mod 26 = I (n + b)mod 26 = p

(e + f)mod 26 =k and so on. Note that it is actually the associated number of each letter in the alphabet that would be used in the foregoing. For example, in the first encryption, 15 would be used for "o" , which is the 15th letter of the alphabet, and 20 would be used for "t", which is the 20th letter. Then, (15 + 20)mod 26 = 9, which corresponds to the letter "I", the 9th letter of the alphabet. Thus "I" becomes the ciphertext for the plaintext character "o" , and so on.

Since every key sequence for the one-time pad is equally likely due to the use of random key characters, it is impossible to cryptanalyze (decipher) the ciphertext obtained by the above process. The key sequence could just as likely be either poyyaeaazx which would decrypt to salmoneggs or bxfgbmtmxm which would decrypt to greenfluid. Since every plaintext message is equally possible, there is no way for the cryptanalyst to determine which plaintext message is the correct one. A random key sequence added to a non-random plaintext message thus produces a completely random ciphertext message that cannot be broken with any amount of computing power.

Secret sharing schemes divide a secret, such as an encryption key, into a plurality of pieces (referred to as shadows) . A predetermined number of the pieces is required to reconstruct the key. In a preferred form, the present invention applies this basic principle of secret sharing schemes to protect encrypted text as well as a one-time pad used to encrypt the text. An important consideration in any scheme based on onetime pads (indeed, in any encryption scheme based on the use of random numbers) is that the random numbers should be as "random" as possible. Attacks against a one-time pad protocol will ultimately be against the method used to generate the random key. If a truly random source is used, the system will be secure.

According to research done in the areas of random generation, statistics, and related fields, there is no random number generator resident on any computer system that can be shown mathematically to be truly random. Indeed, a computer program will inherently produce output that is entirely predictable, and thus not truly random. It is therefore common to characterize computer-resident random number generators as pseudo random number generators (PNRG's) .

Computer systems today rely upon various standardized random number generators, which are simply programming routines designed to produce sequences of numbers having an appearance of randomness. These random generator routines typically start with an arbitrary initializing value or "seed" which is operated on by the random generator algorithm to begin the sequence. Each initializing value or seed will typically result in a different random sequence, or at least a different starting point in one enormously long sequence. But the same seed will in any event return the same output sequence from the generator. Further, the seed (also known as the entropy of information) has a significant impact on the cyclic nature of a random generator. The cyclic nature of a random number generator is a property by which the output sequence is repeated after a certain interval, which may vary depending on the seed and the operative algorithm.

A weakness of many conventional random generation routines resides in the fact that their output is evolved from seeds that are determined by the algorithms themselves and/or from parameters that are dependent upon system hardware (e.g., hard disk access time). Thus, at least in some cases, knowledge of the algorithm and/or the relevant hardware parameters can lead rather easily to a breach of security.

SUMMARY OF THE INVENTION

The present invention provides a novel cryptographic protocol using one-time-pad random keys, preferably in conjunction with multi-level encryption, secret sharing, and further obfuscation techniques, to avoid the potential for total system compromise that characterizes public key systems. More particularly, because each transaction is encrypted with its own random one-time pad, there is no key that can be attacked by an intruder to compromise the entire system. Even if an intruder were somehow to recover the original data of an encrypted transaction, he would merely obtain the data of that transaction. The overall system would remain uncompromised.

It should be noted that the overhead associated with the additional data requirements of one-time pads (the data of the pad is the same size as the data of the plaintext) is quite acceptable for applications such as Internet credit card transactions in which the amount of plaintext is insubstantial. Of course, as the amount of plaintext to be encrypted increases, the additional overhead increases as well. The effect on processing speed and other system parameters should thus be taken into consideration when contemplating other applications of the invention.

According to a preferred feature of the inventive protocol, the one-time pad is itself encrypted to provide increased security. Specifically, the one-time pad is encrypted with another one-time pad which is the ciphertext generated by the encryption of the original plaintext. The result is a multi- level encryption scheme. Encryption of the original plaintext with the randomly generated one-time pad produces a first level ciphertext. This ciphertext is then used as a one-time pad to encrypt the randomly generated pad, thus producing a second level ciphertext. Recovery of the original plaintext in this scenario involves two decryption operations. First, the level 2 ciphertext is decrypted using the first level ciphertext to recover the random pad. Then, the first level ciphertext is decrypted using the random pad to recover the original plaintext. To provide yet a further measure of security, another preferred feature of the invention draws upon the earlier mentioned principle of secret sharing schemes to protect the first and second level ciphertexts. More particularly, shadows of first level ciphertext and shadows of second level ciphertext are grouped, and the ciphertext groups are distributed among a plurality of files. All of the files associated with a given transaction must be retrieved in order to recover the first and second level ciphertexts, which are in turn necessary to decrypt the encrypted transaction information.

According to still another preferred feature of the invention, further obfuscation can be achieved by storing all (or at least a large number) of files with the same time and date stamp. Then, regardless of the number of transactions, the order of transactions, or the path in which the transaction files are stored, a would-be hacker cannot discern which files are associated with which transaction. In addition, enciphered files may have different file lengths. Even knowing the length of plaintext transaction information, an intruder still cannot determine the correspondence between files and transactions, because the file sizes do not match the length of the original plaintext. Still another preferred feature of the invention achieves a further degree of obfuscation through the use of random generated file names which are embedded in encrypted form within the files of the associated transactions. For example, the randomly generated name of a first file of a particular transaction may be used as a one-time pad to encrypt the randomly generated name of a second file, with the resulting ciphertext then being embedded in the first file. Then, the randomly generated name of the second file is used as a one-time pad to encrypt the randomly generated name of a third file, with the resulting ciphertext then being embedded in the second file name, and so on for the remaining file names. Under this scenario, in order to retrieve the files of a given transaction, each file must be retrieved in sequential order, and each time a file is retrieved, the embedded file name of the next file must be identified and decrypted. The transaction cannot be encrypted until all of the files have thus been retrieved, since each file contains a shadow of the initial one-time pad used to encrypt the transaction.

Another aspect of the present invention relates to a random number generator that can be used for generating the characters of the one-time pad, for example. More particularly, the random numbers are generated from seeds that do not depend solely on the random generation algorithm, system hardware, or a combination of the two. The seeds used for producing the keys are themselves generated based on the content of the message to be encrypted. In the context of a credit card transaction over the Internet, for example, seeds may be generated based on transaction information such as the customer name, merchant name, credit card number, billing information, product and quantity information, shipping information, etc. It will be appreciated that such transaction information will vary in content from one transaction to another in a way that cannot be predicted, even with full knowledge of the random generation algorithm and any relevant system parameters.

The invention and its various features and advantages will be more fully appreciated from the following detailed description taken in conjunction with the accompanying drawings . BRIEFF DESCRIPTION OF THE DRAWINGS

Fig. 1 is a diagram illustrating the parties and the basic transactional flow of a credit card purchase conducted over the Internet.

Fig. 2 illustrates a screen which the customer uses to enter certain transaction information.

Fig. 3 illustrates an exemplary architectural arrangement for implementing the encryption protocol of the present invention.

Fig. 4 is a basic flow diagram of the encryption process .

Fig. 5 is a diagram illustrating the distribution of ciphertext shadows among a plurality of files. Fig. 6 is a basic flow diagram of the decryption process . Fig. 7 is an explanatory drawing illustrating the process of generating level 1 and level 2 ciphertexts for the credit card number 1111 2222 3333 4444 using the ASCII character domain. Fig. 8 is a flow diagram of a PNRG using transaction information to generate a seed.

Figs. 9A to 9E are flow diagrams showing a seed generation routine.

DETAILED DESCRIPTION OF THE INVENTION

The invention will now be explained in detail with reference to the drawings. Those familiar with computer programming will also wish to refer to the accompanying computer program listing, which constitutes a part of this specification and presents an annotated source code implementation (C++ programming language) of the encryption/decryption process as applied to a credit card transaction over the Internet. The source code listing also contains an illustrative random number generator, including a seed generation routine designed to use transaction data as previously mentioned. It should be noted that, of necessity, hard-coded information has been presented to simulate certain transaction information that would ordinarily be obtained or determined in real time as the transaction is being conducted.

Fig. 1 illustrates the parties and the basic transactional flow of a typical credit card purchase over the Internet. The transaction is initiated by the customer accessing the web site of the merchant's on-line store. The customer loads his "shopping cart" with one or more items, each specified by a quantity and a descriptor. The customer also enters other pertinent transaction information that typically includes a ShipTo address, a BillTo address (if different from the ShipTo address), and the customer's e-mail address and credit card information including the credit card number and expiration date. The customer information screen may look something like the form shown in Fig. 2. The information from this screen is passed to the merchant's web site along with the item order, and any other desired information such as the Internet Protocol address of the referring browser. The customer's transaction information is passed to the merchant's site over the Internet using standard Internet encryption, i.e., Secured Socket Layer (SSL) encryption.

In order to process credit card transactions over the Internet, the merchant uses the services of an Internet Transaction Processor. One such processor is Evolv Adaptive Technology of Cincinnati, Ohio, whose transaction processing services are marketed under the designation Skipjack^SM Merchant Services. The Internet transaction processor functions as an intermediary to facilitate the credit card authorization and settlement process on the merchant's behalf and stores the transaction data for use during and after the transaction. The cryptographic protocol of the present invention, to be described in detail shortly, is suitably applied by the Internet transaction processor. However, it will be understood that the invention is by no means limited to such application.

At least the most sensitive transaction data, such as the customer's credit card information, should be stored in encrypted form. But, as will be evident hereinafter, it is advantageous to store additional transaction data in encrypted form since this tends to further obfuscate the most sensitive data. Indeed, it may be preferred in particular applications to subject all of the transaction data to the inventive encryption protocol . For optimum security, the transaction data may be stored in encrypted form upon receipt and may be decrypted as needed at different stages of processing the transaction. Following each decryption, the protocol is applied anew to re-encrypt the data for storage. With each application of the protocol, the previous ciphertext is replaced with new ciphertext that is stored under a different set of file names .

Referring back to Fig. 1, the Internet Transaction Processor receives the transaction information from the merchant and sends a credit card authorization request to the merchant's acquiring bank or third party processor, who in turn passes the request to the credit card association (e.g., VISA or MASTERCARD), who in turn passes the request to the customer' s card issuing bank or third party processor. If the transaction is approved, an authorization code is returned from the customer's card issuing bank or third party processor to the association, and then from the association to the merchant's acquiring bank or third party processor, and finally to the Internet Transaction Processor. The merchant is informed of the approval by the Internet Transaction Processor and fills the customer' s order. The customer may also be informed of the approval through the merchant's web site, by e-mail, or any other convenient means .

In the foregoing authorization process, the Internet Transaction Processor plays a role analogous to that of "swiping" a customer's credit card in an in-store transaction. The communications with the merchant's acquiring bank or third party processor are commonly conducted by direct point-to-point connection via the public telephone network, as are the communications between the banks/third party processors and the association. A request for financial settlement of the transaction follows a similar flow to the authorization request. In response, the customer's card issuing bank or third party processor transfers funds to the merchant (actually, his bank account) via the association and the merchant's acquiring bank or third party processor. As a convenience, settlement requests may be processed in batches by the Internet Transaction Processor. Fig. 3 illustrates an exemplary architectural arrangement for implementing the encryption protocol of the present invention. The illustrative arrangement includes an authorization/settlement module 10, which communicates with the merchant over the Internet and with the merchant's acquiring bank or third party processor by direct telephone link (although the Internet could be used if desired) , a control module 12, a database 14, a random number generator (more strictly speaking, a PNRG) 16, an encryption module 18, a decryption module 20, and a secondary storage device 22 (e.g., large capacity disk storage). The control module 12 controls the overall operation of the system, including external communications, management of the database, and data storage and retrieval to and from the storage device. It also coordinates the operation of the PNRG 16, the encryption module 18, and the decryption module 20 as necessary to perform the cryptographic protocol of the invention. The foregoing architecture is preferably implemented on a programmed general purpose digital computer, or a network of such computers, having access to a large capacity disk storage system. But implementation in this manner is not strictly required.

Fig. 4 is a basic flow diagram of the encryption process. In the first step of the process, step SI, plaintext transaction information is encrypted using a randomly generated one-time pad to produce a first level ciphertext (level 1 ciphertext) . This operation may be performed using any suitable increments of data, such as one data field at a time, a plurality of data fields at a time, a combination of these techniques, etc.

In the second step, of the encryption process, step S2, the one-time pad (or pads) used to generate the level 1 ciphertext is encrypted using the level 1 ciphertext itself as a one-time pad. This produces a second level ciphertext (level 2 ciphertext) . Steps SI and S2 together constitute a two-level encryption scheme that protects both the original plaintext information and the one-time pad used to encrypt that information.

To gain a better appreciation of the foregoing, consider the following simplified alphabetic example.

Plaintext Message = street Random Pad Sequence = acdπnb

The resulting ciphertext (encrypted text) is

Ciphertext Level 1 = twvwrv. Applying the level 1 ciphertext as a pad to encrypt the random pad sequence yields Ciphertext Level 2 = uzzoex.

It should be noted that a practical embodiment will preferably be based on a universe of characters which is considerably broader than the common alphabet to expand the range of available characters for the random one-time pad, and thereby increase the security of the system. The ASCII character system, for example, contains 256 characters and is employed in the appended source code implementation. The third step of the encryption process, step S3, involves the creation of shadows of the level 1 and 2 ciphertexts. The shadows may be the same or different sizes, and the number of shadows of each ciphertext is at least equal to a selected number n of files among which the shadows are ultimately to be distributed. Shadows of level 1 ciphertext are grouped with shadows of level 2 ciphertext, with each of the shadows in a group being assigned to the same file. The number of files used in the appended source code implementation is 6, but it may be more or less in any given application.

In the fourth step, step S4, plural random file names of a predetermined length are generated, one for each file in which the aforementioned shadows are to be distributed. Since each file will contain shadows from both the level 1 and level 2 ciphertexts, all of the files must be retrieved in order to decrypt the stored transaction. This is because the level 1 and level 2 ciphertexts are needed in their entirety to perform the decryption process, as will be seen later.

In step S5, the name of the ith file is encrypted using the (i - 1) th file name as a one-time pad for i = 2 to n. The encrypted file name is embedded in the (i - 1) th file. More concretely, the name of file 2 is encrypted using the name of file 1 as a one-time pad and embedded in its encrypted form in file 1. Likewise, the name of file 3 is encrypted using the name of file 2 as a one-time pad and embedded in its encrypted form in file 2, and so on. Thus, in order to retrieve the files of a particular transaction, the files must be accessed in sequential order and the name of each successive file (files 2 to n) must be properly decrypted as a precondition to retrieval. The name of file 1, incidentally, may be stored in an index.

In step S6, the ciphertext shadows are distributed among the plurality of files, which are stored to disk in step S7. Fig. 5 is a diagrammatic example of the process described in connection with steps S3 to S6 for the case of two ciphertexts each separated into four shadows Shi to Sh4 and Shi' to Sh4', respectively. Four shadow groups (Shi, Shi'), (Sh2, Sh2'), (Sh3, Sh3 ' ) , and (Sh4, Sh4') are distributed to files 1 to 4, respectively. Each of files 1 to 3 also contains the encrypted name of the next file in sequence. It will be appreciated by those skilled in the art that steps of Fig. 4 need not be carried out in the sequence shown. Other sequences can be used to the same effect.

Fig. 6 is a basic flow diagram of the decryption process for a stored transaction.

This process proceeds at a first step, designated as step Sll, at which it gets the name of file 1 of the transaction to be decrypted and then retrieves file 1. At step S12, the remaining files 2 to n are retrieved in sequential order. Recall that each file contains the encrypted name of the next file in sequence. Thus, for j = 1 to (n -1) , step S12 extracts and decrypts the encrypted file name of the (j +l)th file and then retrieves the (j + l)th file until all n files have been retrieved. In step S13, the level 1 and level 2 ciphertexts are reconstructed from their respective shadows, reversing the process depicted in Fig. 5. In step S14, the level 2 ciphertext is decrypted using the level 1 ciphertext as a one-time pad. This recovers the one-time pad used to generate the level 1 ciphertext.

In step S15, the level 1 ciphertext is decrypted using the recovered one-time pad. This recovers the plaintext transaction information, which is then output at step S16 (e.g., to a display).

EXAMPLE

With the foregoing description as background, it is now appropriate to consider the an exemplary encryption of a credit card number in accordance with the invention. Fig. 7 shows the process of generating the level 1 and 2 ciphertexts for the credit card number 1111 2222 3333 4444 using the ASCII character domain. In Fig.7, the first line shows the credit card number. The second line shows the corresponding ASCII values. The third line shows ASCII values of a random one-time pad (random key) . The fourth line shows the level 1 ciphertext obtained by adding corresponding values in the second and third lines modulo 255 (ASCII values run 0 to 255) . The fifth line shows the plaintext ASCII characters corresponding to the level 1 ciphertext. The effect of the level 1 encryption is apparent from this plaintext. The sixth line in Fig. 7 shows the level 2 ciphertext, which is obtained by encrypting the random key using the level ciphertext as a one-time pad. That is, the level 2 ciphertext is obtained by adding corresponding values of the random key and the level 1 cipher modulo 255. The final line in Fig. 7 shows the plaintext ASCII characters corresponding to the level 2 ciphertext. The effect of the level 2 encryption is apparent from this plaintext.

The level 1 and 2 ciphertexts thus obtained are divided into shadows and distributed among a plurality of files on disk as explained in connection with Fig. 4 to complete the encryption process. In the decryption process, the files containing the level 1 and level 2 ciphertexts are retrieved and the ciphertexts are reconstructed as discussed in connection with Fig. 6. The level 2 ciphertext is decrypted using the level 1 ciphertext as a pad. This involves subtracting corresponding values of the level 1 ciphertext from the values of the level 2 ciphertext to obtain the initial random key (note that if a negative value is obtained, 255 is added to the result to obtain the correct ASCII value) . The ASCII values corresponding to the plaintext credit card number are then obtained by likewise decrypting the level 1 ciphertext using the random key. It is preferable in the practice of the invention to encrypt not only the customer's credit card information (card number and expiration date) , but also other transaction information such as the information entered in the form shown in Fig. 2, other information passed from the customer to the merchant such as item quantities/descriptors, and the credit card authorization code. This will serve to further obfuscate the most sensitive information, namely, the customer's credit card information. The appended source code implementation uses this approach.

Another preferred feature of the invention can be used in the encryption process to provide still further obfuscation. More particularly, all or at least a large number or group of files in the system may be labeled with the same time and date stamp (e.g., 00:00:00 01/01/98).

Then, regardless of the number of transactions, the order of transactions, or the path in which the transaction files are stored, a would-be hacker cannot discern which files are associated with which transaction. In addition, enciphered files may have different file lengths. Even knowing the length of plaintext transaction information, an intruder still cannot determine the correspondence between files and transactions, because the file sizes do not match the length of the original plaintext.

Still further obfuscation can be obtained by padding transaction information fields with arbitrary or random filler data, so that all data fields will have the same length, and encrypting the filler data along with the actual transaction information. Also, the level 1 and/or level 2 ciphertext may be padded with such additional data to enhance the obfuscation. Another useful concept of the invention relates to the generation of random numbers based on transaction information such as the customer name, merchant name, credit card number, billing information, product and quantity information, shipping information, etc. Such transaction information will vary in content from one transaction to another in a way that cannot be predicted, even with full knowledge of the random generation algorithm and any relevant system parameters since the information is outside the control of these influences. The foregoing concept may be adopted in either the seed generation routine or the main random generation routine of the random number generator (more strictly, the pseudo random number generator) . The particular generator used is not critical, but it should naturally use an algorithm that provides a high degree of randomness. The transaction information may be introduced in the form of variables that are derived from the transaction information based on a variety of parameters when the random routine is called. For example, the variables may be derived from numeric parts in the transaction information, the ASCII value of the character, the position of the character in the string, and the IP address of the customer. Other factors may also be used, such as the position of the customer's cursor on the screen, time, memory address of the object generating random numbers, and mathematical operations (+, -, x, and /) . The accompanying source code implementation uses a PNRG designed to generate seeds based on transaction information. Fig. 8 is a flow diagram of a PNRG using transaction information to generate the seed. When the PNRG is called, a seed is generated based on transaction information in step S20. In step 21, a number of iterations I is generated. I represents a number of passes to be made through the main generate random routine when producing a random number for the one-time pad or for a file name, and is preferably a random number or at least an arbitrary number. It will be appreciated that running through the main routine a different number of times when generating each random number will obfuscate any cyclic property of the PNRG. This is accomplished at steps S22 to S24 and S27. After the required number of iterations I, the current random number N_j. is provided as the output. Step S26 checks if the sequence of random numbers to be generated is complete. If not, the flow returns to step S21 to produce the next number of the sequence. If the sequence is complete at step S26, the routine ends .

The PNRG in the appended source code implementation uses a conventional library routine known as "ran3" as the main random generation routine. See Press et al, Numerical Recipes in C, The Art of Scientific Computing, Second Edition, Cambridge University Press, 1995, which is incorporated herein by reference. The ran3 routine is used in conjunction with a proprietary seed generation routine. The operation of the seed generation routine will be apparent from a review of the source code. However, a flow diagram of the seed generation routine has been provided in Figs. 9A to 9E to facilitate such review.

It will be appreciated by those skilled in the art that while the invention has been particularly described as applied to the processing of credit card transactions over the Internet, it is by no means limited to such transactions or to the Internet environment. Indeed, the invention may be applied to other financial transactions, such as debit card transactions or electronic checking transactions, or for that matter to any transaction or communication containing sensitive information. The invention may also be applied in computer networks other than the Internet, or even in a non-network environment. // stdafx.cpp : source file that includes just the standard includes // SkipjackPatent_l.pch will be the pre-compiled header // stdafx.obj will contain the pre-compiled type information ..include "stdafx.h"

#include "stdafx.h"

#ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE

Static Char THIS_FILE [] = __FILE ;

#endif

#include "PadEncrypt.h"

/***_**_**_***_******_***_*********_*********_*********_******_***_****_*****_**_*******_*******_* Defines used in generating the random number.

***_***_*****_******_***_*********_{*****************}*_******_*******_*****_*********_*****_**

..define NRANSI #define ALPH 1.5 #define NDMX 50 #define MXDIM 10 #define TINY 1.0e-30

#define MBIG 1000000000 ..define MSEED 161803₃98 #define MZ 0 #define FAC (1.0/MBIG)

/*****_**_***_*******_**_****_***_**_**_{***************}*_**********_***_*****_**_*******_*****_**_*

Routines used in generating the random number. ***_********_*******_**_****_*****_**_*******_*********_**********_**_**_****_**_********_****** extern long idum; float ran3 (long *idum) ; long GenerateSee dong IVall, long lVal2, int nVall, int nVal2) ; int Generatelterationdong IVall); int ValidateFloa (float Value) ;

/**********_**_*********_*******_*****_****_****_**_*********_*****************_******_******

Method: ran3

Description: Random Routine. **★****************************************************************************** float ran3 (long *idum)

{ static int inext, inextp; static long ma [56] ; static int iff=0; long mj ,mk; int i,ii,k; if (*idum < 0 I I iff == 0) { iff=l; mj =MSEED- (*idum < 0 ? - *idum : *idum) ; mj %= MBIG; ma [55] =mj ; mk=l; for (i=l ; i<=54 ; i++) { ii= (21*i) % 55 ; ma [ii] =mk; mk=mj -mk; if (mk < MZ) mk += MBIG; mj=ma [ii] ;

} for (k=l ;k<=4 ;k++) for (i=l ; i<=55 ; i++) { ma [i] - = ma [l+ (i+30) % 55] ; if (ma [i) < MZ) ma [i] += MBIG;

} inext =0 , • inextp=₃l ; *idum=l ;

} if (++inext == 5β) inext=l; if (++inextp == 56) inextp=l; mj=ma [inext] -ma [inextp] ; if (mj < MZ) mj += MBIG; ma [inext] =mj ; return mj*FAC;

}

#undef MBIG

#undef MSEED

#undef MZ

#undef

FAC

/*********************************************************************************

Method: GenerateSeed

Description: Generates a seed to be sent to ran₃. ********************************************************************************* long GenerateSeed (long IVall, long lval2, int nVall, int nVal2) { long IRet = 0; long ITemp; long lSubRet = 0 ; int nMainOperator; int nSubOperator; ldiv_t div_result;

// Following is the operation done on the values which are used to generate the seed.

ITemp = IVall + lVal2 ; ********************************************************************************* Generate the main operator to be used on the long value resulting from the addition, and the result of the suboperator calculation between theintegers.

*********************************************************************************/ div_result = ldiv( ITemp, 10 ) ; nMainOperator = (div_result.rem/2) ; nMainOperator = abs (nMainOperator) ; *********************************************************************************

Generate the sub operator to be used on the integer values. ********************************************************************************* div_result = ldiv( div_result .quot, 10 ); nSubOperator = (div_result.rera/2) ; nSubOperator=abs (nSubOperator) ; *********************************************************************************

Do the sub operator calculation based on the return value. ********************************************************************************* switch (nSubOperator)

{ case 0: lSubRet = (long) nVall * nVal2; break; case 1: if (nVall>nVal2)

{ if (nVal2 == 0)

{ ++nVall; ++nVal2 ;

> div_result = ldiv( (long) nVall, (long) nVal2 ) ;

ISubRet = div_result.rem;

} else

{ if (nVall == 0)

{

++nVall; ++nVal2;

} div_result = ldiv( (long) nVal2, (long) nVall );

ISubRet = div_resul .rem;

} break; case 2:

ISubRet = (long) nVall + nVal2; break; case 3 : if (nVall>nVal2)

{

ISubRet = nVall - nVal2;

) else

{

ISubRet = nVal2 - nVall;

} break; case 4 :

ISubRet = (long) nVall * nVal2 ; break; )

/************************************************************★********************

Do the main operator calculation based on the return value.

***_*****_**********_*****_*****_***_****_*********_******_* switch (nMainOperator)

{ case 0 :

IRet = (long) ITemp * ISubRet; brea ; case 1: if (lTemp>lSubRet)

{ if (ISubRet == 0)

{

++lSubRet; ++lTemp;

} div_result = ldiv( (long) ITemp, (long) ISubRet ) ;

IRet = div_result.rem;

} else

{ if (ITemp == 0)

{

++ISubRet; ++lτemp;

} div_result = ldiv( (long) ISubRet, (long) ITemp ) ;

IRet = div_resuit.rem;

} break; case 2: IRet = (long) ISubRet + ITemp; break; case ₃ : if (lTemp>lSubRet)

{

IRet = ITemp - ISubRet;

} else

{

IRet = ISubRet - ITemp ;

} break; case 4 :

IRet = (long) ISubRet + ITemp; break ;

} return (IRet) ,-

} _{*********************************************************************************}

Method: Generatelteration

Description: Generates an iteration value to be used as the number of times the random routine is to be called.

********************************************************************************* int Generatelterationdong IVall)

{ int nRet = 0; ldiv_t div_result; div_result = ldiv( IVall, 10 ); nRet = (int) div_result.rem; ++nRet ; return (nRet) ;

} _******_{***************************************************************************}

Method: ValidateFloat

Description: Converts the float value to a int from 0 to 255. *********************************************************************************/ int ValidateFloat (float fValue)

{ char "pszConvertFloat; int decimal, sign; int precision = 6; long lvalue; int nRet = 0; ldiv_t div_result ;

/****★****************************************************************************

Convert to a string.

*********************************************************************************/ pszConvertFloat = _ecvt ( fValue, precision, -.decimal, &sign ) ; *********************************************************************************

Convert back to a long. ********************************************************************************* lvalue = atol (pszConvertFloat) ;

/*********************************************************************************

Devide by 235.

*********************************************************************************/ div_result = ldiv( lvalue, 235 );

/********************************************************************************

Use the remainder as our return value.

*********************************************************************************/ nRet = (int) div_result.rem; return (nRet) ;

}

/_{*********************************************************************************}

Method : GenerateRandom

Description: Combines the above methods to generate a random number.

********************************************************************************* int GenerateRandom (long lvalue)

{ float fValue = 0;

CPoint pt; GetCursorPos(-ipt) ; long lSeed = GenerateSeed (time (NULL) , lvalue, pt.x, pt.y); int nlteration = Generatelteration (time (NULL) ) ; for (int i=0; i<nIteration; ++i)

{ fValue = r-u₃ (SlSeed) ;

} int nRet = ValidateFloat (fValue) ; return (nRet) ;

}

/_{***************************************************************************}

* Method: GeneratePad

* Description: Generates the pad text for the given string.

_{***************************************************************************}

CString GeneratePad (CString strPad, CString m_strCreditCardNumber) { int nLen = strPad.GetLengthO ; int nRandom; int nCount; char cRetrievedValue ; CString strReturn = " " ; for (nCount = 0; nCount < nLen; ++nCount)

{ cRetrievedValue = strPad.Get-At (nCount) , •

......*.*****.....*..*..**.***.*....*****..***.****.******..***.*.***.**..*

Take the last four digits and add it to our seed;

***************************************************************************/ int nLength = m_strCreditCardNumber.GetLength() ; CString strTmpBuffer; int nAdditionalSeed; if (nLength > 5)

{ strTmpBuffer = m_strCreditCardNumber.Mid (nLength-5) ; nAdditionalSeed = atoi (strTmpBuffer.GetBuffer (256) ) ; strTmpBuffer.ReleaseBuffer 0 ;

} _{***************************************************************************}

Generate the random value, once again the seed values are important;

*************************************************************************** nRandom = GenerateRandom! (long) nCount ÷cRetrievedValue + nAdditionalSeed),

/***************************************************************************

Assign the value retrieved to the return string.

***************************************************************************/ strReturn += "X" ; strRetur . SetAt (nCount, nRandom) ; } return (strReturn) ;

}

/_{***************************************************************************}

* Method: GenerateCipher

* Description: Generate the Cipher text for the message.

..*.**.*****.*.********.***********************************************♦*.*/

CString GenerateCipher (CString εtrMessage, CString strPad) { int nLen = strPad.GetLength!); int nCount; char cMessageValue; char cPadValue; CString strReturn = " " ;

/***************************************************************************

Return if the lengths of the strings are not equal .

*************************************************************************** if (! (strMessage.GetLengthO == strPad.GetLength () ) )

{ return (strReturn) ,-

***************************************************************************

Loop through applying the pad to the message.

*************************************************************************** for (nCount = 0; nCount < nLen; ++nCount)

{ cPadValue = strPad.GetAt (nCount) ; cMessageValue = strMessage.GetAt (nCount) ; div_t div_result; div_result = div( cPadValue + cMessageValue, 255 ) ; ***************************************************************************

Set the values for the return string. *************************************************************************** strReturn . SetAt (nCount, div_result . rem) ;

> return (strReturn) ;

/***************************************************************************

* Method: ReverseCipher

* Description: Apply the pad to the cipher text and reverse the algorithm.

***************************************************************************

CString ReverseCipher (CString strCipher, CString strPad) { int nLen = strPad.GetLengthO ; int nCount; char cCipherValue ; char cPadValue;

CString strReturn = "";

/***************************************************************************

Return if the lengths of the strings are not equal.

***************************************************************************/ if ( ! (strCipher .GetLength ( ) == strPad.GetLength ( ) ) )

{ return (strReturn) ;

}

/_{***************************************************************************}

Loop through each of the characters reversing the algorithm.

***************************************************************************/ for (nCount = 0; nCount < nLen; ++nCount) .' ( )

-caΛτj <-sτ-n ///

^•paau 30U op noΛ aq^ βuτ«oχχoj aq-ι uio-tj aΛOiua-c p azτs aq-t aonpa 03 qsτ« pue

dγτ^_3-ta:.Ba3.->EC τ-.sD // 11111111111111111111111111111111111 II 11111111111111111111111111111 ii l) 1111111 iddvaq-( c-tvc^ua -»B -pε Cdτ-(so

3oaCqo ddvτ^— 5ua-iB -(θBCdτ5[sD Λχuo p-re auo aqj, //

{ 3DUB-;sui₃τuι uτ uoτ.iBzτχEτϊτuτ -(U Oτgτuβτs XX aoβχa //

()

uoτ3on-t-»suoo

// /////////////////////////////////////////////////////////////////////////////

ddvτ^— -.ua^ε_d- ε Cdτ-fs-) //

.' ( ) auτ-»no-t^— -taΛτ-ip pτoΛ u-xa-ixa //

-q " apnχouτ#

apnχouτ#

„q- q it ua Ba,, apnχouτ#

•

.. - sεp^s,, apnχouτ# // -uoτ-iB3τχddε atp --03 s-toτΛeqaq ssεχo aq-ι

^: ddo ^• χ^~ -tua-iεd-pε Cdτ-(S //

.' (I+anχBΛpεdo - (ssε + anχεΛ-caqdτoo)

^•βuτ-ns u-m-ta-i aq-i Λ03 sanxεΛ aq-t -tas * + + **♦********»*****♦***♦»****+******* + **********************♦♦************ ■' (-(unoDU) -ιv-ιao'-C3i.dτo-t3s = anχBΛ--aqdτo-> .' (-ι-moou) 3V5ao- -c3s = anχεΛ ε θ

}

S86^Z/66SfVlDd LPSZ/00 OΛ\ int nResponse ; dlg .DoModaK ) ; if (nResponse == IDOK)

{

// dismissed with OK

} else if (nResponse == IDCANCEL)

{

// dismissed with Cancel

// Since the dialog has been closed, return FALSE so that we exit the // application, rather than start the application's message pump, return FALSE; } void CSkipj ackPatent_lApp : : driver_routine ( ) {

/* CString strMessage; CString strPad; CString strCipher; CString strLevel_l; CString strLevel_2 ;

strMessage = "Skipjack Merchant Services.";

strLevel_l = GeneratePad (strMessage) ; strCipher = GenerateCipher (strMessage, strLevel_l) ; strLevel_2 = GenerateCipher (strLevel_l, strCipher);

strLevel_l = ReverseCipher (strLevel_2, strCipher) ; strMessage = ReverseCipher (strCipher, strLevel_l) ;*/

// SkipjackPatent_lDlg.cpp : implementation file //

#include "stdafx.h"

#include "Ski jackPatent_l.h"

#include "SkipjackPatent_lDlg . h"

#ifdef _DEBUG tfdefine new DEBUG_NEW #undef THIS_FILE static char THIS_FILE [] = FILE ; tendif

///////////////////////////////////////////////////////////////////////////// // CSki jackPatent_lDlg dialog

CSkipjackPatent_lDlg: :CSkipjackPatent_lDlg(CWnd* pParent /*=NULL*/) :

CDialog(CSkipjackPatent_lDlg: :IDD, pParent)

{ m_strDecryptFileName = " " ; //

Holds the name of the file to be decrypted.

//{ {AFX_DATA_INIT (CSkip jackPatent_lDlg) m_strAmount = _T(""),- m_strBillToAddress = _T("")_; m_strBillToCity = _T(^«")_; m_strBillToName = _T(""); m_strBillToState = _T("")_; m_strBillToZip = _T(""); m_strCreditCardNumber = _T("") ; m_strExpirationDate = _T(""); m_strShipToCity = _T(""); m_strShipToAddress = _T(""); m_strShipToName = _T ( " " ) ; m_strShipToState = _T ( " " ) ; m_strShipToZip = _T ( " " ) ,- m_strUserReplyEmail = _T(""); m_strShipToPhone = _T(""); // } }AFX_DATA_INIT

// Note that Loadlcon does not require a subsequent Destroylcon in Win32 m_hIcon = AfxGetApp 0 ->LoadIcon(IDR_MAINFRAME) ;

} void CSkipjackPatent_lDlg: :DoDataExchange (CDataExchange* pDX) {

CDialog: :DoDataExchange (pDX) ;

//{ {AFX_DATA_MAP (CSkipjackPatent_lDlg)

DDX_Control(pDX, IDOK, m_bOk) ;

DDX_Control(pDX, IDCANCEL, m_bCancel) ;

DDX_Control(pDX, IDC_REVERSE_CIPHER, mJ-iReverseCipher) ;

DDX_Text (pDX, IDC_AMOUNT, m_strAmount) ;

DDX_Text(pDX, IDC_BILL_TO_ADDRESS , m_strBillToAddress) ;

DDX_Text(pDX, IDC_BILL_TO_CITY, m_strBillToCity) ;

DDX_Text(pDX, IDC_BILL_TO_NAME, m_StrBillToName) ;

DDX_Text(pDX, IDC_BILL_TO_STATE, m_strBillToState) ;

DDX_Text(pDX, IDC_BILL_TO_ZIP, m_strBillToZip) ;

DDX_Text(pDX, IDC_CC_NUMBER, m_strCreditCardNumber) ;

DDX_Text(pDX, IDC_EXPIRATION_DATE, m_strExpirationDate) ;

DDX_Text(pDX, IDC_SHIP_TO_CITY, m_strShipToCity) ;

DDX_Text(pDX, IDC_SHIP_TO_ADDRESS, m_strShipToAddress) ;

DDX_Teκt(pDX, IDC_SHIP_TO_HAME, m_strShipToName) ;

DDX_Text(pDX, IDC_SHIP_TO_STATE, m_strShipToState) ;

DDX_Text(pDX, IDC_SHIP_TO_ZIP, m_strShipToZip) ;

DDX_Tex (pDX, IDC_EMAIL, m_strUserReplyEmail) ;

DDX_Text(pDX, IDC_SHIP_TO_TELEPHONE, m_strShipToPhone) ;

// } }AFX_DATA_MAP }

BEGIN_MESSAGE_MAP (CSkipjackPatent_lDlg, CDialog)

//{ {AFX_MSG_MAP (CSkipjackPatent_lDlg)

ON_WM_PAINT ( )

ON_WM_QUERYDRAGICON ( )

ON_BN_CLICKED (IDC_REVERSE_CIPHER, OnReverseCipher)

//}}AFX_MSG_MAP END_MESSAGE_MAP ( )

II CSkipjackPatent_lDlg message handlers

BOOL CSkipjackPatent_lDlg : :OnlnitDialog ( )

{

CDialog: :OnlnitDialog 0 ;

// Set the icon for this dialog. The framework does this automatically

// when the application's main window is not a dialog SetIcon(m_hIcon, TRUE)

// Set big icon SetIcon(m_hIcon, FALSE);

// Set small icon m_strBillToName = "Joe Smith" ; m strBillToAddress = "123. Somewhere Avenue."; m_strBillToCity = "City of Joy"; m_strBillToState = "Birth Place Of Aviation."; m_strBillToZip = "12345"; m_strCreditCardNumber = "999999999999999999"; m_strExpirationDate = "12/12/9999"; m_strAmount = "1000000.00"; m_strShipToCity = "City of Joy"; m_strShipToAddress = "123 Somewhere Avenue."; m_strShipToName = "Mary Smith" ; m_strShipToState = "Birthplace of Aviation"; m_strShipToZip = "12345"; m_strϋserReplyEmail = "best@technologist.com"; m_strShipToPhone = "123 456 78 90";

UpdateData (FALSE) ; return TRUE; // return TRUE unless you set the focus to a control

void CSkipjackPatent_lDlg: :0nPaint()

{ if (Islconic 0 )

{

CPaintDC dc(this); // device context for painting

SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc 0 , 0)

// Center icon in client rectangle int cxlcon = GetSystemMetrics (SM_CXIC0N) ; int cylcon = GetSystemMetrics (SM_CYIC0N) ;

CRect rect;

GetClientRect (Street) ; int x = (rect -Width0 - cxlcon + 1) / 2; int y = (rect.Height 0 - cylcon + l) / 2;

// Draw the icon dc.DrawIcon(x, y, m_hIcon) ;

} else

{

CDialog: :OnPaint () ;

)

// The system calls this to obtain the cursor to display while the user drags // the minimized window.

HCURSOR CSkipjackPatent_lDlg: :OnQueryDraglcon ()

{ return (HCURSOR) m hlcon; }

// This method will do the encryption of the financial transaction. void CSkipjackPatent lDlg: :OnOK()

{

UpdateData (TRUE) ;

// All the fields from the dialog are read into the CString variables the way it is done

// from a browser formTransactionObject.m_strTransactionAmount = m_strAmount; formTransactionObject.m_strBillToAddress «= m_strBillToAddress; formTransactionObject.m_εtrBillToCity = m_strBillToCity; formTransactionObject.m_strBillToName = m_strBillToName; formTransactionObject.m_strBillToState = m_strBillToState;

formTransactιonOb;)ect.ιτι_strBιllToZιp « m_strBιllToZιp; formTransactιonOb-ect.m_strCredιtCardNumber = m_strCredιtCard-.umber; formTransactιonOb;ject.m_strUserReplyEmaιl « m_strUserReplyEmaιl; formTransactιo--Ob3ect.m_strExpιratιonDate = m_strExpιratιonDate; formTransactιonObject.m_strShιpToCιty « m_strShιpToCιty; formTransactιonOb;ject.m_strSh pToAddress -. m_strShipToAddress; formTransactionObject .m_strShipToName = m_strShιpToName; formTransactιonOb;ject.m_strShιpToState » m_strShιpToState, formTransactionOb^ect.m_strShipToPhone = m_strShιpToPhone; formTransact onObject.m_strShιpToZιp = m_strShιpToZ p; m_strDecryptFιle-Jame = formTransactιonOb;ject .GeneratePadObject ("FileName"

1) ;

CWnd *pWnd = GetDlgItem(IDC_REVERSE_CIPHER) ; if (pWnd)

{ pWnd->EnableWιndow(TRUE) ; pWnd = GetDlgltem.IDOK) ; if (pWnd)

{ pWnd--.EnableWi.-dow(FALSE) ;

}

void CSkιp;jackPatent_lDlg. .OnReverseCipher ()

{ if (m_strDecryptFιleName.IsEmpty() ) return; formTransactionOb^ect.ReadPadOb^ect (m_strDecryptFιleName, 0, 0) ,

}

CTransactionObject: IMplementation file.

This object is used as a serializable object to be able to combine all of the information needed for a transaction. All the fields n this object are similar to the fields in a real life transaction.

.............*..._***..................................*.................«.................*../

#include "stdafx.h"

..include "TransactionObject .h"

(.include "PadEncrypt.h" ttifdef _DEBϋG fldefine new DEBUG_NEW

#undef THIS_FILE static char THIS_FILE [) = FILE ;

#endιf

IMPLEMENT_SERIAL(CTransactιonOb:ect, COb^ect, 1) // Always in .CPP

METHOD: CTransactionObject

DESCRIPTION. constructor _*..............._*..................._**...... _{****** *}....._*..._*._**........_*..._*...../

CTransactionObject : :(-TransactιonOb}ect { )

{

// The bill to address fields m_strBιllToName = ""; m strBxllToAddress = ""; m_strBillToCity = ""; m_strBillToState = ""; m_strBillToZip = "";

// The credit Card Information. m_strCreditCardNumber = " " ; m_strExpirationDate = " " ;

// The ship to address fields m_strShipToName = " " ; ra_strShipToAddress = ""; m_strShipToCity = " " ; m_strΞhipToState = ""; m_strShipToZip = ""; m_strShipToPhone = ""; m_strTransactionAmount = " " ; m_strUserReplyEmail=" " ;

// The transaction fields which are returned by the // institution which processes the transaction. m_strTransSeqNum = "0001"; m strCustomerLocation = "41018";

// Following fields are hard coded in order to simulate

// the fields that are received from the user internet profile

// and the institution processing the transaction.

// The Internet Protocol (IP) address of the user // who is visiting the site. m_strClientIpAddress = "38.217.1.11"; m_strSerialNumber = "123456789012"; m_strOrderString = " 1 Order of 1 Year's Supply of Dry Food for a Family of

Fou . " ; m_strSendMessage

".*02SKIPJACKIC.0950001132. EV2173001.600030600000.5010000030003005.1512.186...4 41018

504 kirby court.aD.0.0000..!" ; m_strReceivedMessage =

"SKIPJACKIC.AP .0197.0047.9812.981020152119000. .000075.186 f" ; m_strAuthorizationMessage

"02SKIPJACKIC.0950001132. EV2A80000.0010.173000, 600030600000, 5010000030003005, 15 512,189,, ,0050,491,000,000015,981020152125,981021, , aD,N, SKIPJACKIC, ,0,0 000.4"; m_strAuthorizationHeader = ".^♦02SKIPJACKIC.0950001132. EV2A70001.0.0000.6D******.SKIPJACK.28.4785.0.000.0.0 000.0.000.28.0197.9"; m_strAuthorizationDetail = "2SKIPJACKIC.0950001132. EV2A70001f00981021115128OK" ; m_strAuthorizationParm = "0950001132. EV2A" ; m_strAuthorizationTrailer = "981020152125,981021, , aD,N, SKIPJACKIC, 0, 0000.4 " ; m_strAuthorizationReceivedMessage = ".SKIPJACKIC.000981021115128OKTEST 28.4785 " ;

m_strBatchNumber = "123"; m_strOrderNumber = "456"; m_strRetACI = "Y" ; m_strRetAuthorizationSourceCode = "00"; m_strRetTransactionSequenceNumber = "0001"; m_strRetResponseCode = "012345"; m_strRetApprovalCode = "00"; m_strRetLocalTransactionDate = "1290"; m strRetLocalTransactionTime = "010101"; // The institution which processes the transaction // uses an Address Verification System which matches // the address of the credit card holder to the // address supplied by the user in the browser. m_strRetAVSResultCode = "N"; m_strRetTransactionIdentifier = "000V; m strRetValidationCode = "vcOl";

METHOD: -CTransactionObject

DESCRIPTION: destructor

_{************************************************************************}

CTransactionObject: : -CTransactionObject 0

{

} _{***************************************************************************}

* Method: SerializeUsageA

* Description: This method used to serialize the fields to a file on

* a disk. **_**_****_********_********_*****_**_*****_{***************************************}/

CString CTransactionObject: : SerializeUsageA (CArchiveSc ar, CString strAdditional, CString strFileName) // CString CTransactionObject : : SerializeUsageA (CArchiveSc ar) { if (ar.IsStoringO )

{

// For A. ar << m_strBillToZip; ar << m_strTransSeqNum; ar « m_strCreditCardNumber; ar << m_strExpirationDate ; ar << m_strBillToAddress; ar << m_strBillToZip; ar << m_strTransactionAmount ; ar << m_strBillToName; ar << m_strCustomerLocation; ar << m_strBillToState ; ar << m_strUserReplyEmail ; ar << m_strClientIpAddress ; ar << strAdditional; ar << strFileName;

> else

// For A.

CString strTmpSerialize; ar >> m_strBillToZip; ar >> strTmpSerialize;

//ar >> m_strTransSeqNum; ar >> m_strCreditCardNumber; ar >> m_strExpirationDate ; ar >> m_strBillToAddress; ar >> m_strBillToZip; ar >> m_strTransactionAmount; ar >> m_strBillToName; ar >> m_strCustomerLocation; ar >> m_strBillToState; ar >> m_strUserReplyEmail ; ar >> m_strClientIpAddress ; ar >> strAdditional; ar >> strFileName; return strFileName;

}

/_{***************************************************************************}

* Method: SerializeUsageB

* Description: This method used to serialize the fields to a file on

* a disk.

★♦★A***********************************************************************/

CString CTransactionObjec : rSerializeUsageB (CArchiveSc ar, CString strAdditional, CString StrFileName)

{ if (a . IsStoring ( ) )

{

// For B.

// Following will archive the fields in the transaction information to the // disk. ar << m_strBatc--Number ; ar << m_strOrderNumber ; ar << m_strRetACI; ar << m_strRetAuthorizationSourceCode; ar << m_strRetTransactionSequenceNuraber; ar << m strRetResponseCode ; ar << m_strRetApprovalCode ; ar << m_strRetLocalTransactionDate; ar << m_strRetLocalTransactionTime; ar << m_strRetAVSResultCode; ar << m_strRetTransactionIdentifier; ar << m_strRetValidationCode ; ar << strAdditional; ar << strFileName;

} else

{

// For B.

//CString strTmpSerialize;

// Following will archive the fields in the transaction information to the

// disk. ar » m_strBatchNumber; ar >> m_strOrderNumber; ar >> m_strRetACI ; ar >> m_strRetAuthorizationSourceCode; ar >> m_strRetTransactionSequenceNumber; ar >> m_strRetResponseCode; ar >> m_strRetApprovalCode; ar >> m_strRetLocalTransactionDate ; ar >> m_strRetLocalTransactionTime ; ar >> m_strRetAVSResultCode; ar >> m_strRetTransactionIdentifier; ar >> m_strRetValidationCode; ar >> strAdditional; ar >> strFileName; } return strFileName;

}

/_{***************************************************************************}

* Method: SerializeUsageC

* Description: This method used to serialize the fields to a file on

* a disk.

***************************************************************************

CString CTransactionObject: : SerializeUsageC (CArchiveSc ar, CString strAdditional, CString strFileName) { if (ar. IsStoring 0 )

{

// For C. // Following will archive the fields in the transaction information to the

// disk. ar << m_strSendMessage ; ar << m_strReceιvedMessage; ar << m_strAuthoπzatιonMessage; ar << m_strAuthonzatιonHeader; ar << m_strAuthorιzatιonDetaιl; ar << m_strAuthorιzatιonParm; ar << m_strAuthorιzatιonTraιler; ar << m_strAuthorιzatιonReceιvedMessage; ar << m_strSerιalNumber,- ar << m_strOrderStπng ; ar << m_strShιpToName ; ar << m_strShipToAddress, ar << m_strShιpToCιty, ar << m_strShιpToState; ar << m_strShιpToZιp ; ar << m_strShιpToPhone ; ar << strAdditional , ar << strFileName;

> else

// For C.

// Following will archive the fields in the transaction information to the

// disk. ar >> m_strSendMessage ; ar >> m_strReceιvedMessage ; ar >> m_strAuthorιzatιonMessage; ar >> m_strAuthorιzatιonHeader; ar >> m_strAuthorιzatιonDetaιl; ar >> m_strAuthor zatιonParm; ar » m_strAuthoπzatιonTraιler; ar >> m_strAuthorιzatιonReceιvedMessage; ar >> m_strSerιalNumber; ar >> m_strOrderStπng; ar >> m_strShipToName ; ar >> m_strShιpToAddress ; ar >> m_strShipToCιty,- ar >> m_strShipToState ; ar >> m_strShipToZιp; ar >> m_strShιpToPhone ,- ar >> strAdditional; ar » strFileName;

} return strFileName;

/.,.***.._*.... .._*..*. *....._*._** *._{* *} ._*._*._*.

* Method: GeneratePadOb₃ect

* Description: This method is used to generate the pad and the cipher text

* This gets activated when a user (one who is using the object code)

* clicks on the encrypt the text button.

* strPadFileName «.=> the title of the file (i.e.

* of (myfile.txt) this is (myfile) . **************•***..*.***»„*********»*.*****«*******.******..*.*•„„„.*.**♦*/ CStr_ing

CTransactιonOb₃ect: :GeneratePadOb₃ect (CString strPadFileName, int nFileType)

{

CTransactionObject *pLevellTransactιonOb₃ect;

CTransactionObject *pLevel2TransactιonOb₃ect ; CTransactionObject *pCιpherTransactιonθbject;

// Following fields are used to distribute the encryption text in

// 6 different files. CString strFileNameUsageA = CString strFileNameUsageB ■= CString strFileNameUsageC = CString strFileNameUsageD = CString strFileNameUεageE = CString strFileNameUsageF =

/_{***************************************************************************}

Generate the level one pad. Th s is the original pad, used m the final step to generate the message. pLevellTransactionOb-ect = new CTransactionObject 0 ,

// GeneratePad(SpLevellTransactιonObject->m_moCurrentMerchant, &m_moCurrentMerchant) ; pLevellTransactιonOb3ect->m_strBιllToZ-.p = GeneratePad (m_strBιllToZιp, m_strCredιtCardNumber) , pLevellTransactιonOb^ect->m_strBιllToState = GeneratePad(m_strBιllToState, m_strCredιtCard-Jumber) ; pLevellTransactionOb-ect->m_s rTransSeqNum = GeneratePad(m strTransSeqNum, m_strCreditCardNumber) ; pLevellTransactιonOb]ect->m_strCreditCardNumber = GeneratePad(m_strCredιtCardNumber, m_strCredιtCardNumber) ; ρLevellTransactιonOb]ect->m_strExpιratιonDate = GeneratePa (m_strExpιratιonDate, m_strCredιtCard umberϊ , pLevellTransactιonOb-ect->m_strBιllToAddress = GeneratePa (m_strBillToAddress, m_strCredιtCardNumber) ; ρLevellTransactιonOb-ect->m_strBιllToZιp = GeneratePad(m_strBιllToZιp, m strCreditCardNumber) , pLevellTransactιonOb]ect->m_strTransactιonAmount = GeneratePad(m_strTransactιonAmount, m_strCredιtCardNumber) pLevellTransactιonOb3ect->m_strBιllToName - GeneratePad(m_strBιllToName, m_strCreditCardNumber) ,- pLevellTransactιonOb-ect->m_strCustomerLocatιon = GeneratePad(m_strCustomerLocatιon, m_strCredιtCardNumber) ; pLevellTransactιonOb3ect->m_strShιpToState = GeneratePad(m_strShιpToState, m_strCredιtCardNumber) ; pLevellTransactιonOb;ject->m_strUserReplyEmaιl = GeneratePad(m_strUserReplyEmaιl, m_strCredιtCard umber) ; pLevellTransactιonOb3ect->m_strBatchNumber = GeneratePad(m_strBatchNumber, m_strCreditCardNumber) ; pLevellTransactιonOb^ect->m_strOrderNumber = GeneratePad(m strOrderNumbe , m_strCredιtCardNumber) ; pLevellTransactιonOb]ect->m_strRetACI = GeneratePad(m_strRetACI, m_strCredιtCardNumber) , pLevellTransactιonOb_ιect->m_strRetAuthorιzatιonSourceCode = GeneratePad(m_strRetAuthoπzatιonSourceCode, m_strCreditCardNumber) ; pLevellTranεactιonOb-ect->m_strRetTransactιonSequenceNumber = GeneratePad (m_strRetTransactιonSequenceNumber, m_strCredιtCard umber) ; pLevellTransactιonOb;ject->m_strRetResponseCode = GeneratePad (m_strRetResponseCode, m_εtrCredιtCard umber) , pLevellTransactιonOb3ect->m_εtrRetApprovalCode = GeneratePad(m_strRetApprovalCode, m_strCredιtCardNumber) ; pLevellTransactιonOb3ect->m_strRetLocalTransactιonDate = GeneratePad (m_εtrRetLocalTransactιonDate, m_strCredιtCardNumber) ; pLevellTransactionOb]ect->m_strRetLocalTransactιonTιme = GeneratePad(m_strRetLocalTransactιonTιme, m_strCredιtCardNumber) ; pLevellTransactιonOb]ect->m_strRetAVSResultCode _* GeneratePad(m_strRetAVSResultCode, m_strCredιtCard umber) ; pLevellTransactιonObject->m_strRetTransactιonIdentιfιer = GeneratePad (m strRetTransactionldentifler, m_strCredιtCardNumber) ; pLevellTransactιonObject->m_strRetValιdationCode = GeneratePad(m strRetValidationCode, m_strCredιtCard-Jumber) ;

pLevellTransactιonOb}ect->m_strSendMessage = GeneratePad (m_strSendMessage,m_strCredιtCard umber) ; pLevellTransactιon0bject->m_8trRece vedMessage ■= GeneratePad (m_strReceιvedMessage, m_strCredιtCardNumber) ; pLevellTransactionOb;ject->m_strAuthorizationMessage - GeneratePad(tn_strAuthorιzatιonMessage, m_strCred tCardNumber) ; pLevellTransact onOb^ect->m_strAuthoπzatιonHeader = GeneratePad (m_strAuthorιzatιonHeader, m_strCredιtCardNumber) , pLevellTransactιonOb]ect--»m_strAuthorιzatιonDetaιl = GeneratePad (m_strAuthorιzatιonDetaιl, m_strCredιtCardt.umber) ; pLevellTransactιonOb]ect->m_strAuthorιzatιonParm = GeneratePad (m_strAuthorιzatιonParm, m_strCredιtCardNumber) ; pLevellTransactιonOb;)ect---m_strAuthorιzatιonTra ler = GeneratePad (m_strAuthoπzatιonTraιler, m_strCredιtCardNumber) , pLevellTransactιonOb-ect->m_strAuthonzatιonReceιvedMessage = GeneratePad (m_strAuthorιzatιonReceιvedMessage, m_strCredιtCard umber) ; pLevellTransactιonOb]ect->m_strSerιalNumber = GeneratePad (m_strSerιalNumber,m_strCredιtCard umber) , pLevellTransactιonObject->m_strOrderStrιng = GeneratePad (m_strOrderStrιng,m_strCredιtCardNumber) ; pLevellTransactιonOb3ect->m_strShιpToName = GeneratePad (m_8trShipToName,m_εtrCredιtCardNuraber) ; pLevellTransaction0b;ject->m_strShιpToAddre8s = GeneratePad (m_strShιpToAddress,m_strCredιtCard-.umber) ; pLevellTransactιonOb3ect->m_strShιpToCιty = GeneratePad (m strShipToCity,m_strCred tCardNumber) ; pLevellTransactιonOb;ject->m_strShιpToState = GeneratePad (m_strShipToState,m_strCredιtCardNumber) ; pLevellTransactιonOb3ect->m_strShιpToZιp • GeneratePad(m_strShιpToZιp, m_strCredιtCard umber) ; pLevellTransactιonObject->m_strShιpToPhone = GeneratePad (ra_strShιpToPhone,m_strCredιtCardNumber) ; pLevellTransactιonOb]ect->m_strClιentIpAddress = GeneratePad (m_strClιentIpAddress, m_strCredιtCard umber) ; _{***************************************************************************}

Generate the cipher object This is the original message w th the pad applied to it. ..............._*............_*.._****......_*.._*....._*....._**.._*.._*........._**/ pCipherTransactionObject = new CTransactionOb-ect (ϊ ,

// GenerateCipher (ScpCipherTransactionOb-ect->m_moCurrentMerchant, s.m_moCurrentMerchant, //

&pLevellTransactιonOb]ect->m_moCurrentMerchant) ; pCιpherTransactιonOb]ect->m_strShιpToZιp = GenerateCipher (m_εtrShιpToZιp, pLevellTransactionOb3ect->m_strShιpToZιp) ; pCιpherTransactιonOb3ect-> _strTransSeqNum = GenerateCipher (m_strTransSeqt.um, pLevellTransactionObject->m_strTransSeqNum) ,- pCipherTransactionOb}ect->tn_strCredιtCard umber = GenerateCipher (m_strCredιtCardNumber, pLevellTransactιonOb]ect->m_strCredιtCardNumber) ,- pCιpherTransactιonOb-ect->ra_strExpιratιonDate GenerateCipher(m_strExpιratιonDate, pLevellTransact onOb3ect->m_strExpιratιonDate) ; pCipherTransactionObject->m_strBιllToAddress GenerateCipher(m_strBillToAddress, pLevellTransactιonOb;)ect->m_strBillToAddress) ; pCιpherTransactιonOb,ect->m_strBιllToZιp =

GenerateCipher (m_strBιllToZιp, pLevellTransact onOb;)ect->m_strBιllToZιp) , pCιpherTransactιonOb}ect->m_strTransactιonAmount = GenerateCipher (m_strTransactιonAmount, pLevellTransactιonOb^ect->m_strTransact onAmount) pCιpherTransactιonOb3ect->m_strBιllToName = GenerateCipher (m strBillToName, pLevellTransact onOb3ect->m_strB llToName) , pCιpherTransactιonOb3ect->m_strCustomerLocatιon = GenerateCipher (tn_strCustomerI-ocatιon, pLevellTransactιonObject->m_strCustomerLocatιon) , pCιpherTransactιonOb3ect->m_strBιllToState = GenerateCipher(m_strBιllToState, pLevellTransactιonOb;ject->m_strBιllToState) , pCιpherTransactιonOb-ect->m_strϋεerReplyEmaιl = GenerateCipher<m_strUserReplyEmaιl, pLevellTransactionOb}ect->m_strUserReplyEmaιl) , pCιpherTransactιonOb]ect->m_strBatch umber = GenerateCipher (m_strBatchNumber, pLevellTransact onOb;ject->m_strBatchNumber) , pCιpherTransactιonObject->m_strOrderNumber = GenerateCipher(m_strOrderNumber, pLevellTransactιonOb;ject->m_strOrder-.umber) , pCιpherTransactιonOb]ect->m_strRetACI = GenerateCipher(m_strRetACI, pLevellTransact onOb]ect->m_strRetACI) , pCipherTransactιonObject->m_strRetAuthorιzatιonSourceCode = GenerateCipher(m_strRetAuthorιzat onSourceCode, pLevellTransact onOb3ect->m_strRetAuthorιzatιonSourceCode) , pCιpherTransactιonOb]ect->m_strRetTransactιonSequenceNumber = GenerateCipher (m_strRetTransactιonSequenceNumber, pLevellTransactιonOb3ect->m_strRetTransactιonSequenceNumber) , pCιpherTransactιonOb3ect->m_strRetResponseCode = GenerateCipher (m_strRetResponseCode, pLevellTransactionOb]ect->m_strRetResponseCode) , pCιpherTransactionOb]ect->tn_strRetApprovalCode = GenerateCipher(m_strRetApprovalCode, pLevellTransactιonOb}ect->m_strRetApprovalCode) , pCιpherTransactιonOb]ect->m_strRetLocalTransactιonDate = GenerateCipher(m_strRetLocalTransactιonDate, pLevellTransact onOb]ect->m_strRetLocalTransactιonDate) pCιpherTransactιonOb3ect->m_strRetLocalTransactιonTιme = GenerateCipher (m_εtrRetLocalTransactιonTιme,

pLevellTransactιonOb3ect->m_strRetLocalTransactιonTιme) ; pCιρherTransactιonOb;ject->m_εtrRetAVSResultCode = GenerateCipher (m_strRetAVSResultCode , p evellTransactιonOb;ject->m_strRetAVSResultCode) , pCιpherTransactιonOb;ject->.n_strRetTransactιonIdent £ιer = GenerateCipher (m_s trRetTransactionldent if ler, p evellTransactιonOb^ect->m_strRetTransactιonIdentιf ler) ; pCιpherTransactιonOb^ect->m_strRetValιdatιonCode = GenerateCipher (m_strRetValιdatιonCode , p evellTransactιonObject->m_strRetValιdatιonCode) ; pCxpherTransactιonOb3ect->m_strSendMessage = GenerateCipher (m_strSendMessage, pIjevellTransactιonOb3ect->m_strSendMessage) ; pCipherTransactιonOb3ect->m_strReceιvedMessage = GenerateCipher (m_strReceιvedMessage, pLevellTransact onOb3ect->m_strReceιvedMessage) ; pCipherTransactιonOb3ect->m_strAuthoπzatιonMessage = GenerateCipher (m_strAuthorιzatιonMessage, p evellTransact onOb;ject->m_strAuthor zatιonMessage) pCipherTransactionOb]ect->m_strAuthorizationHeader = GenerateCipher (m_strAuthor zatιonHeader, pI_evellTransactιonOb}ect->m_strAuthor zatιonHeader) ; ρCιρherTransactιonOb^ect->m_strA thor zatιonDeta l = GenerateCipher {m_strAuthor zatιonDe a l, p evellTransactιonOb₃ect->m_strAuthorιzatιonDetaιl) ,- pCipherTransactιonOb;ject->m_strAuthorιzatιonParm = GenerateCipher (m_strAuthorιzatxonParm, p evellTransact onOb3ect->m_strAuthorιzatιonParm) pCipherTransactιonOb₃ect->m_strAuthorιzatιonTrailer = GenerateCipher (m_strAuthonzatιonTraιler, pLevellTransactιonOb}ect->m__strAuthorιzatιonTraιler) ; pCipherTransactιonQbject->m_strAuthorιzatιonReceιvedMessage = GenerateCipher (m_strAuthσrιzatιonReceιvedMessage, pLevellTransactιonObject->m_strAuthorιzatιonReceιvedMessage) , pCιpherTransactιonOb;ject->m_strSerιalNumber = GenerateCipher {m_strSerιalNumber, pLevellTransactιonOb3ect->m_strSerιalNumber) ; pCιpherTransactιonObject->m_strOrderStrιng = GenerateCipher (m_strOrderStrmg, p evel--.TransactιonObject->m_strθrderStrmg) ; pCιpherTransactιonOb3ect->m__strShιpToNaτne = GenerateCipher (τn_strShιρToName ,

pLevellTransactιonOb3ect->m_strShιpToName) , pCipherTransactιonObject->m_strShipToAddress GenerateCipher(m strShipToAddress, pLevellTransactιonOb3ect->m_strShιpToAddress) , pCιpherTransact onObject->m_strShιpToCιty -= GenerateCipher (m_strSh pToCιty, pLevellTransactionOb}ec ->m_strShιpToCιty) , pCιpherTransactιonObject->m_strShιpToState = GenerateCipher (m_strShιpToState, pLevellTranεactιonOb-ect->m_strShιpToState) , pCιpherTransactιonOb-ect->m_strShιpToZιp = GenerateCipher (m strShipToZip, pLevellTransactιonOb3ect->m_strShιpToZιp) , pCipherTranεactionObject->m_strShipToPhone GenerateCipher (m strShipToPhone, pLevellTransactιonOb ect->m_strShιpToPhone) ; pCιpherTransactιonOb3ect->m_strClιentIpAddress = GenerateCipher (m_strClιentIpAddresε, pLevellTransactionObject->m_strClιentIpAddress) ;

/.............._*.._*......_*............_*._*._*..._**.

Generate the level two pad Apply the cipher text as a pad to the level 1 pad to allow for level 2 encryption

,..._*...._**................_*.._*......_*............_******«..........._*/ pLevel2TransactιonOb3ect -> new CTransactionObject 0 ,

// GenerateCipher (£.pLevel2TapιConnectιon->m_moCurrentMerchan , ϋpLevellTapiConnection--.m_moCurrentMerchan , // ipCipherTapiConnection->m_moCurrentMerchant) , pLevel2TransactιonOb]ect->m_strShιpToZιp = GenerateCipher(pLevellTransactιonOb3ect->m_strShιpToZιp, pCipherTransactιonOb3ect->m_strShιpToZιp) ; pLevel2TransactιonOb3ect->m_strTransSeqNum = GenerateCipher (pLevellTransactionObject->m_strTransSeqNum, pCipherTransactιonOb3ect->m_strTransSeqNum) ; pLevel2TransactιonOb ect->m_εtrCredιtCard umber = GenerateCipher(pLevellTransactιonOb3ect->m_strCredιtCardNumber, pCipherTransactιonObject->m_strCreditCardNumber) , pLevel2TransactιonOb3ect->m_strExpιratιonDate = GenerateCipher(pLevellTransactιonOb ect->m_strExpιratιonDate, pCipherTransactιonOb3ect->m_strE- iratιonDate) , pLevel2TransactιonOb3ect->m_strBillToAddres8 «= GenerateCipher (pLevellTransactιonOb3ect->m_strBιllToAddress, pCipherTransactιonOb3ect->m_strBιllToAddress) ; pLevel2TransactιonOb3ect->m_strBillToZip ■= GenerateCipher (pLevellTransactionObject->m_strBillToZιp, pCipherTransactionObject->m_strBillToZip) ; pLevel2TransactionObject->m_strTransactionAmount = GenerateCipher (pLevellTransactionObject- >m_strTransactionAmount , pCipherTransactionObject->m_strTransactionA ount) ; pLevel2TransactionObject->m_strBillToName = GenerateCipher (pLevellTransactionObject->m_strBillToName,

pCipherTransactionObject->m_strBillToName) ; pLevel2TransactionObject->m_strCustomerLocation = GenerateCiphe (pLevellTransactionObject->m_strCustomerLocation, pCipherTransactionObject->m_strCustomerLocation) ; pLevel2TransactionObj ect- >-m_strBillToState = GenerateCipher (pLevellTransactionObject->m_strBillToState, pCipherTransactionObject->m_strBillToState) ; pLevel2TransactionObject->m_strUserReplyEmail = GenerateCipher (pLevellTransactionObject->m_strUserReplyEmail, pCipherTransactionObject- >m_strUserReplyEmail) ; pLevel2TransactionObject->m_strBatchNumber = GenerateCipher (pLevellTransactionObject->m_strBatchNumber, pCipherTransactionObject->m_strBatchNumber) ; pLevel2TransactionObject->m_strOrderNumber = GenerateCipher (pLevellTransactionObject->m_strOrderNumber, pCipherTransactionObject->m_strOrderNumber) ; pLevel2TransactionObject->m_strRetACI -= GenerateCipher(pLevellTransactionObject->m_strRetACI ,

pCipherTransactionObject->m_strRetACI) ; pLevel2TransactionObject->m_strRetAuthorizationSourceCode = GenerateCipher (pLevellTransactionObject->m_strRet_AuthorizationSourceCode,

pCipherTransactionObject->m_strRetAuthorizationSourceCode) ,- pLevel2TransactionObject->m_strRetTransactionSequenceNumber = GenerateCipher (pLevellTransactionObject->m_strRetTransactionSequenceNumber,

pCipherTransactionObject->m_strRetTransactionSequenceNumber) ; pLevel2TransactionObject->m_strRetResponseCode = GenerateCipher (pLevellTransactionObject->m_strRetResponseCode, pCipherTransactionObject->m_strRetResponseCode) ; pLevel2TransactionObject- >m_strRetApprovalCode = GenerateCipher (pLevellTransactionObject->m_strRetApprovalCode, pCipherTransactionObject->m_strRetApprovalCode) ; pLevel2TransactionObject->m_strRetLocalTransactionDate = GenerateCipher (pLevellTransactionObject->m_strRetLocalτransactionDate,

pCipherTransactionObject- >m_strRetLocalTransactionDate) ; pLevel2TransactionObject->m_strRetLocalTransactionTime = GenerateCipher (pLevellTransactionObject->m_strRetLocalTransactionTime,

pCipherTransactionObject->m_strRetLocalTransactionTime) ; pLevel2TransactionObject->m_strRetAVSResultCode = GenerateCipher (pLevellTransactionObject->m_strRetAVSResultCode, pCipherTransactionObject- >m_strRetAVSResultCode) ; pLevel2TransactionObject->m_strRetTransactionIdentifier = GenerateCipher (pLevellTransactionObject- >m_strRetTransactionIdentifier,

PCipherTransactionObject->m_strRetTransactionIdentifier) ; pLevel2TransactionObject->m_strRetValidationCode = GenerateCipher (pLevellTransactionObject->m_strRetValidationCode, pCipherTransactionObject->m_strRetValidationCode) ; pLevel2TransactionObject->m_strSendMessage = GenerateCipher (pLevellTransactionObj ect- >m_strSendMessage ,

PCipherTransactionObject- >m_strSendMessage) ; pLevel2TransactionObject->m_strReceivedMessage = GenerateCipher (pLevellTransactionObject->m_strReceivedMessage, pCipherTransactionObject->m_strReceivedMessage) ; pLevel2TransactionObject->m_strAuthorizationMessage = GenerateCipher (pLevellTransactionObject->m_strAuthorizationMessage,

pCipherTransactionObject->m_strAuthorizationMessage) ; pLevel2Transaction0bject->m_strAuthorizationHeader = GenerateCipher (pLevellTransactionObject->m_strAuthorizationHeader, pCipherTransactionObject->m_strAuthorizationHeader) ; pLevel2TransactionObject->m_strAuthorizationDetail = GenerateCipher (pLevellTransactionObject- >m_strAuthorizationDetail, pCipherTransactionObject->m_strAuthorizationDetail) ; pLevel2TransactionObject->m_strAuthorizationParm = GenerateCipher (pLevellTransactionObject- >m_strAuthorizationParm, pCipherTransactionObject->m_strAuthorizationParm) ; pLevel2TransactionObject->m_strAuthorizationTrailer = GenerateCipher (pLevellTransactionObject->m_strAuthorizationTrailer,

pCipherTransactionObject->m_strAuthorizationTrailer) ; pLevel2TransactionObject->m_strAuthorizationReceivedMessage = GenerateCipher (pLevellTransactionObject->ra_strAuthorizationReceivedMessage,

pCipherTransactionObject->m_strAuthorizationReceivedMessage) ; pLevel2TransactionObject->m_strSerialNumber = GenerateCipher (pLevellTransactionObject->m_strSerialNumber, pCipherTransactionObject->m_strSerialNumber) ; pLevel2TransactionObject->m_strOrderString = GenerateCipher (pLevellTransactionObject- >m_strOrderString, pCipherTransactionObject->m_strOrderString) ; pLevel2TransactionObject->m_strShipToName = GenerateCipher (pLevellTransactionObject- >m_strShipToName,

pCipherTransactionObject->m_strShipToName) ; pLevel2Transactionθbject->m_strShipToAddress = GenerateCipher (pLevellTransactionObject- >m_strShipToAddress, pCipherTransactionObject->m_strShipToAddress) ; pLevel2TransactionObject->m_strShipToCity = GenerateCipher (pLevellTransactionObject- >m_strShipToCity,

pCipherTransactionObject- >m_strShipToCity) ; pLevel2TransactionObject->m_strShipToState GenerateCipher (pLevellTransactionObject->m_strShipToState, pCipherTransactionObject->m_strShipToState) ; pLevel2TransactionObject->m_strShipToZip = GenerateCipher (pLevellTransactionObj ect->m_strShipToZip,

pCipherTransactionObject- >m_strShipToZip) ; pLevel2TransactionObject- >m_strShipToPhone = GenerateCipher (pLevellTransactionObject->m_strShipToPhone, pCipherTransactionObject->m_strShipToPhone) ; pLevel2TransactionObject->m_strClientIpAddress = GenerateCipher (pLevellTransactionObject- >m_strClientIpAddreεs, pCipherTransactionObject->m_strClientIpAddress) ;

/****************************************************************_***********

Generate the file names for all of the parts .

*_***_**_******_**_****_******_**_********_**********_*****_*****_*****_*****_********_**_*/ char 'pszConvertFloat ; int decimal, sign; int precision = 6 ; int nRet = 0; int nLength = m_strCreditCardNumber.GetLength() ; CString strTmpBuffer; int nAdditionalSeed; if (nLength > S)

{ strTmpBuffer = m_strCreditCardNumber.Mid(nLength-5) ; strTmpBuffer = StrTmpBuffer + m_strClientIpAddress; nAdditionalSeed = atoi (strTmpBuffer .GetBuffer (256) ) ; strTmpBuffer.ReleaseBuffer () ; }

// Following get the position of the cursor on the screen. This is used to generate

// the seed for the PNRG.

CPoint pt;

GetCursorPos(£.pt) ; int nRandom = GenerateRandom ( (long) this + nAdditionalSeed + 10);

// Following computes the seed for the subsequent call to the GenerateSeed.

// As can be seen from the call the memory address of this object is passed as one of the

// parameters to generate the seed. long lSeed = GenerateSeed (time (NULL) , (long) this + nAdditionalSeed + 40 + nRandom, pt.x, pt.y) ; float fValue = O.BOOL bFileFound;

DFileFound = TRUE; while (bFileFound)

{ fValue = ran3 (-.lSeed) ; ***********************************************************************+******+*+

Convert to a string.

********************************************************************************* pszConvertFloat = _ecvt ( fValue, precision, -.decimal, SSign ) ; strTmpBuffer = pszConvertFloat; fValue = ran3 lSeed) ,- pszConvertFloat = _ecvt ( fValue, precision, ..decimal, Ssign ),

StrTmpBuffer «. strTmpBuffer + "."+ pszConvertFloat;

CString strExtension; if (nFileType == 1)

{ strExtension = ".DNE"; else if (nFileType == 2)

{ strExtension = ".PND";

}

ΞtrFileNameUsageA = strTmpBuf fer+strExtension ;

CFileFmd f fTempFileFind; bFileFound = f fTempFileFind . FindFile (ΞtrFileNameUsageA) ; f fTempFileFind. Close 0 ;

bFileFound = TRUE ; while (bFileFound)

{ fValue = ran3 (StlSeed) ;

/_{*********************************************************************************}

Convert to a string.

♦A*******************************************************************************/ pszConvertFloat = _ecvt ( fValue, precision, Stdecimal, {.sign ); strTmpBuffer = pszConvertFloat; fValue = ran3(£lSeed) ; pszConvertFloat = _ecvt ( fValue, precision, (-decimal, --sign ) ; strTmpBuffer = strTmpBuffer + "."+ pszConvertFloat; strFileNameUsageB = strTmpBuffer;

CFileFind ffTempFileFind; bFileFound = fTempFileFind. FindFile (strFileNameUsageB) ; ffTempFileFind. Close 0 ; } bFileFound = TRUE; while (bFileFound)

{ fValue = ran3(&lSeed) ;

/*********************************************************************************

Convert to a string. *********************************************************************************/ pszConvertFloat = _ecvt ( fValue, precision, Stdecimal, fcsign ) ; strTmpBuffer = pszConvertFloat; fValue = ran3(tlSeed) ; pszConvertFloat = _ecvt ( fValue, precision, (-decimal, s-sign ) ; strTmpBuffer = strTmpBuffer + "."+ pszConvertFloat; strFileNameUsageC = strTmpBuffer;

CFileFind ffTempFileFind; // bFileFound = ffTempFileFind FindFile (m_strInstallDιrectory+strFιleNameUsageC) , bFileFound = f TempFileFind. FindFile (strFileNameUsageC) , ffTempFileFind CloseO,

bFileFound = TRUE, while (bFileFound)

{ fValue = ran3 UlSeed) ,

Convert to a string

_{****************************************}*_*********_{*******************************} pszConvertFloat = _ecvt ( fValue, precision, (-decimal, -.sign ), strTmpBuffer = pszConvertFloat, fValue = ran. ((-lSeed) , pszConvertFloat = _ecvt ( fValue, precision, (-decimal, (-sign ), strTmpBuffer = strTmpBuffer + " "+ pszConvertFloat, strFileNameUsageD = strTmpBuf er,

CFileFind ffTempFileFind, // bFileFound = ffTempFileFind. FindFile (m_strInstallDirectory+strFileNameUsageD) , bFileFound = ffTempFileFind. FindFile (strFileNameUsageD) , ffTempFileFind. CloseO , } bFileFound = TRUE, while (bFileFound)

{ fValue = xan3 (J-lSeed) ;

/ ******^*

Convert to a string.

*/ pszConvertFloat = _ecvt ( fValue, precision, (-decimal, -sign ), strTmpBuffer = pszConvertFloat; fValue = ran3 (-.lSeed) ; pszConvertFloat = _ecvt ( fValue, precision, (-decimal, tsign ); strTmpBuffer = strTmpBuffer + "."+ pszConvertFloat, strFileNameUsageE = strTmpBu er,

CFileFind ffTempFileFind, // bFileFound = ffTempFileFind. FindFile (m_strInstallDιrectory+strFιleNameUsageE) ; bFileFound = ffTempFileFind. FindFile (strFileNameUsageE) , ffTempFileFind. CloseO ; } bFileFound = TRUE, while (bFileFound)

{ fValue = ran3 (tlSeed) ;

Convert to a string pszConvertFloat = _ecvt ( fValue, precision, (-decimal, S-sign ), strTmpBuffer = pszConvertFloat; fValue = ran3((-lSeed) ; pszConvertFloat = _ecvt ( fValue , precision, {.decimal , (.sign ) ,

strTmpBuffer « strTmpBuffer + "."+ pszConvertFloat; strFileNameUsageF - strTmpBuffer;

CFileFind f TempFileFind,-

// bFileFound e ffTempFileFind. FindFile (m_strInstallDιrectory+strFιleNameUsageF) ; bFileFound = ffTempFileFind.FindFile (StrFileNameUsageF) , f TempFileFind.CloseO ;

) /_*........

Start serializing the pieces. ..

CFile 'pFile; CArchive *pAr;

/

Used to hard code the date and time of the file . ...../

CFileStatus fileStatus;

CTime setτιme( 1998, 1, 1, 1, 0, 0) ;

/ * * *

Piece <A> using the level 2 pad. _***_****_*

// pFile - new CFile ( m_strInstallDιrectory+strFileNameUsageA, CFile: :modeCreate | CFile: :modeWrite CFile::typeBinary ) ; pFile ■- new CFile (strFileNameUsageA, CFile: :modeCreate | CFile: :modeWrite | CFile: :typeBmary ) ; if (IpFile)

{ // LogErrorMsg( "Failed opening/creating part A."); return

)

/_***_****

Create the archive for serialization.

_***** / pAr = new CArchive ( pFile, CArchive: :store >;

/***_**•*

Serialize this ob3ect. ......../

CString strHoldPad;

CString StrTempFileName;

StrTempFileName « StrFileNameUsageB;

StrTempFileName « GenerateCipher (strTempFileName, StrFileNameUsageA.Left (strFileNameUsageA.GetLength!) - 4)); εtrTempFileName ■= StrTempFileName. eft (6) +strTempFιleName.Right (ε) ;

// pLevel2TransactιonObject->SerιalιzeUsageA(*pAr, GenerateAdditionalText(lO) , StrTempFileName) ; pLevel2TransactιonOb3ect->Ser-.alιzeUsageA(*pAr, "sfasdfasd" , StrTempFileName) ; pAr->Close () ; pFιle->Close() ; delete pAr; delete pFile; ...................

Set the date and time. ../

// if (CFile: :GetStatus(m_strInstallDιrectory+strFileNameUsageA, fileStatus) ) if (CFile: :GetStatus (strFileNameUsageA, fileStatus)) {

fileStatus.m_ctιme = setTime; fιleStatU8.m_mtιme - setTime; fileStatus.m_atιme - setTime;

// CFile: :SetStatus (m_strInstallDιrectory.-StrFileNameUsageA, fileStatus) ;

CFile: :SetStatus (strFileNameUsageA, fileStatus); }

/ * * * *

Piece <B> using the level 2 pad. _******** ./

// pFile = new CFιle( m strlnstallDirectory+strFileNameUsageB, CFile: :modeCreate | CFile: :mode rιte | CFile: :typeBιnary ), pFile = new CFile (StrFileNameUsageB, CFile' :modeCreate | CFile: :modeWrιte | CFile : : typeBinary ) , if (tpFile)

( // LogError sg( "Failed opening/creating part B."), return ("");

>

/ * * *

Create the archive for serialization.

* _** ........................./ pAr <= new CArchive ( pFile, CArchive: :store );

/

Serialize this ob3ect. ................./

StrTempFileName » StrFileNameUsageC;

StrTempFileName = GenerateCipher(strTempFileName, StrFileNameUsageB) ;

StrTempFileName = StrTempFileName.Left (6) +strTempFιleName .Right (6) ;

// pLevel2TransactιonOb3ect->SerιalιzeUsageB (*pAr,GenerateAddιtιonalText (40) , StrTempFileName) ;

// " pLevel2TransactιonOb3ect->SerιalιzeUsageB(*pAr, "asdfasdfasdf^M , StrTempFileName) ,- pAr->Close() , pFιle->Close 0 , delete pAr; delete pFile;

/...............................

Set the date and time ../

// if (CFile: :GetStatus(m_strInstallDιrectory+strFιleNameUsageB, fileStatus) ) if (CFile: :GetStatus (εtrFileNameUsageB, fileStatus)) { fileStatus.m_ct me = setTime; fileStatus m_mt me « setTime; fileStatus.m_atιme - setTime;

// CFile : : SetStatus (m_strInstallDιrectory+strFιleNameUsageB, fileStatus) ,

CFile: :SetStatus (StrFileNameUsageB, fileStatus), ) ..................

Piece <C> using the level 2 pad.

// pFile = new CFile ( m_strInstallDirectory+strFileNameUsageC, CFile: :modeCreate | CFile: .-modeWrite | CFile: :typeBinary ) ; pFile = new CFile (StrFileNameUsageC, CFile: -modeCreate | CFile: :modeWrite | CFile :• typeBinary ), if CpFile)

{ // LogErrorMs C Failed opening/creating part C . " ) ; return

( " " > ;

}

Create the archive for serialization.

_*********** .........»....._*. _**_*** pAr = new CArchive ( pFile, CArchive :: store ) ;

/**_****** _*

Serialize this object. _* .._*.._*. _*..........._*...._*.. .._*.._*._*/

StrTempFileName = strFileNameUsageD,-

StrTempFileName = GenerateCipher (strTempFileName, StrFileNameUsageC); StrTempFileName = StrTempFileName.Le t (6)+strTempFιleName.Rιght (6) ;

// ??

// pLevel2TransactιonOb₃ect->SerιalιzeUsageC (*pAr, GenerateAdditionalTex (40) , StrTempFileName) ,• pLevel2TransactιonOb₃ect->SerιalιzeUsageC(*pAr, "sfasdfasd", strTempFileName) ; pAr->Close 0 ; pFιle->Close() ; delete pAr; delete pFile;

/ _*...... .._*............._{* *}...._*............... _*......._*. _*.._*....................../

// if (CFile : :GetStatus <m_strInstallDιrectory+strFileNameUsageC, fileStatus) ) if (CFile: :GetStatus (strFileNameUsageC, fileStatus)) { fileStatus.m_ctιme = setTime; fileStatus.m_mtιme = setTime; fileStatus.m_atιme = setTime;

// CFile: :SetStatus (m_strInstallDιrectory+strFιleNameUsageC, fileStatus) ;

CFile: :SetStatus (StrFileNameUsageC, fileStatus); }

/**** * * .....*.*.

Piece <D> using the cipher text. _* .._*._*.... * ../

// ??

// pFile = new CFile ( m_strInstallDιrectory+strFileNameUsageD, CFile: :modeCreate | CFile: :modeWrite CFile :: typeBinary ); pFile = new CFile (StrFileNameUsageD, CFile: :modeCreate | CFile: :modeWrite | CFile : : ypeBinary ) ; if OpFile)

{ // ogErrorMsg ("Failed opening/creating part D."); return ( " " ) ;

)

/ _* ...*... ............._*...

Create the archive for serialization. .......*................ ............*. pAr = new CArchive ( pFile, CArchive: : store );

/ _*

Serialize this object. * * / strTempFileName = StrFileNameUsageE;

StrTempFileName = GenerateCipher (StrTempFileName, StrFileNameUsageD) ;

StrTempFileName = StrTempFileName. eft (6) +strTempFιleName. ight (6) ;

// ??

// pCipherTransactionOb]ect- -.SerializeUsageA(*pAr, GenerateAdditionalTex (40) , StrTempFileName) ; pCipherTransactionOb]ec ->SerιalιzeUsageA(*pAr, "asdfasdfasfqbsdfbdbd" , StrTempFileName) , pAr->Close 0 , pFιle->Close 0 ;

/ *.

Set the date and time. _*...._*/

// if (CFile: :GetΞtatus (m_strInstallDιrectory+strFιleNameUsageD, fileStatus) ) if (CFile: :GetStatus (StrFileNameUsageD, fileStatus))

{ fileStatus.m_ctιme = setTime; fileStatus.tn ntime = setTime; fileStatus.m_atιme = setTime;

// CFile: :SetStatus (m_strInstallDιrectory+strFιleNameUsageD, fileStatus) ;

CFile: :SetStatus (strFileNameUsageD, fileStatus); } /

Piece <E> using the cipher text. _{*** *} ..._*..._*. * ./

// ??

// pFile = new CFile ( m strlnstallDirectory+strFileNameUsageE, CFile: :modeCreate | CFile: :modeWrite CFile: :typeBinary ); pFile = new CFile (StrFileNameUsageE, CFile: : odeCreate | CFile: :modeWrite | CFile: :typeBinary ); if (IpFile)

{ // LogErrorMsg ( "Failed opening/creating part E."); return ("");

}

/ * * ***** **

Create the archive for serialization.

*** ** * ** * ./ pAr = new CArchive ( pFile , CArchive : : store );

/ *** * * .*..........

Serialize this object. ****** * * **** *..*.. **.........*.. /

StrTempFileName = StrFileNameUsageF;

StrTempFileName = GenerateCipher (strTempFileName, StrFileNameUsageE) ;

StrTempFileName = StrTempFileName. eft (6) +strTempFιleName .Right (β) ;

// ??

// pCιpherTransactιonOb₃ect->SenalizeUsageB(*pAr, GenerateAdditionalText (SO) , StrTempFileName) ,- pCιpherTransactιonOb₃ect->SerιalιzeUsageB(*pAr, "asd dnbvasdas" , strTempFileName) ,- pAr->Close() ; pFιle->Close () ;

/*

^******** * * * ........../ // ??

// if (CFile: :GetStatus (m_strInstallDιrectory+strFιleNameUsageE, fileStatus) ) if (CFile: :GetStatus (strFileNameUsageE, fileStatus))

{ ileStatus .m_ctιme = setTime; fileStatus.m_mtιme = setTime; fileStatus .m_atιme = setTime;

// '?

// CFile: :SetStatus (m_strInstallDιrectory+strFιleNameUsageE, fileStatus) ,

CFile: :SetStatus (strFileNameUsageE, fileStatus); }

/._*...............................

Piece <F> using the cipher text. _***** ........

// ??

// pFile = new CFile ( m_strInstallDιrectory+strFιleNameUsageF, CFile: :modeCreate | CFile: :modeWrιte CFile :: ypeBinary ); pFile = new CFile (strFileNameUsageF, CFile: :modeCreate | CFile: :modeWrιte | CFile :: typeBinary ), if (IpFile)

{ // LogErrorMsg ( "Failed opening/creating part F."); return ( " " ) ; }

Create the archive for serialization. pAr = new (-Archive ( pFile, CArchive :: store ) ;

Serialize this object.

// ??

// pCιpherTransactιonObject->Ser alιzeUsageC(*pAr, GenerateAdditionalText (60) , "^■) ; pCipherTransactionObject->SerιalιzeUsageC(*pAr, "asdfasdf" pAr->Close() ; pFile->Close() ; delete pAr; delete pFile;

Set the date and time.

// ?? // if (CFile: :GetStatus (m_strInstallDιrectory+strFιleNameUsageF, fileStatus) ) if (CFile: :GetStatus (strFileNameUsageF, fileStatus))

{ fileStatus m_ctιme = setTime; fileStatus.m_mtιme = setTime; fileStatus.m_atιme = setTime;

// ?'

// CFile: :SetStatus (m_strInstallDιrectory+strFιleNameUsageF, fileStatus) ;

CFile: : SetStatus (StrFileNameUsageF, fileStatus); ) delete pLevellTransactionObject;

delete pLevelΣTransactionObject, delete pCιpherTransactιonOb3ect, return strFileNameUsageA,

// Following method is used to decrypt the transaction information from the six files mt CTransactιonOb3ect ReadPadOb ec (CString strFileTitle, int nDeleteFilesWhenFinished, int nSetDeleteStatus) {

CTransactionObject *pLevellTransactιonOb]ect, CTransactionObject *pLevel2TransactιonObject , CTransact onObject *pCιpherTransact onOb;ject ,

CString StrFileNameUsageA = ^nM,

CString StrFileNameUsageB = "^M,

CString StrFileNameUsageC = "^M

CString StrFileNameUsageD = ^rtn,

CString StrFileNameUsageE = ""

CString StrFileNameUsageF = " " ,

Generate the file names for all of the parts

**/ StrFileNameUsageA = strFileTitle,

Used to set the date and time of the files

CFileStatus fileStatus,

CTime setTιme( 1998, l, l, l, 0, 0) ,

Read m the level two pad pLevel2TransactιonOb}ect = new CTransactionObject {) ,

/*

Start serializing the pieces

CFile *pFιle, CArchive *pAr,

Piece <A> using the level 2 pad try pFile - new CFile (strFileNameUsageA, CFile modeReadWrite } CFile shareDenyNone | CFile typeBinary ), catch (CFileException *)

// LogErrorMsgt "Failed opening part A * ) return (-1) , if {'pFile)

// ogErrorMsg ( "Failed opening part A ") return

Create the archive for serialization. pAr = new CArchive ( pFile, CArchive ::load

/_**_*****_**_*********_{**********************}*****_*******_**_{********************}**_************_***

Serialize this object. _{****************************************************************************^}

CString strTempFileName; try

{ strTempFileName = p evel2TransactιonObject->SeπalιzeUsageA(*pAr, " ⁿ , ^M " ) ,

} catch (CArchiveException *pEx)

{

// ogErrorMsgCFailed serializing part A "), return (-1) ;

)

StrTempFileName = strTempFileName.Left (6) + CString ("\\ⁿ) + strTempFileName.Right (6) ; pAr->Close () ; pFιle->Close () ; delete pAr; delete pFile;

/*_***************_****_**********_************_**_**_{********** *********}****_*

Set the date and time . if (CFile: -GetStatus<strFlleNameUsageA, fileStatus))

{ fileStatus.m_ctιme ■= setTime; fileStatus.m_mtιme = setTime, fileStatus.m_atιme = setTime;

CFile: :SetStatus(StrFileNameUsageA, fileStatus), }

/*

Piece <B> using the level 2 pad.

StrFileNameUsageB = ReverseCipher (strTempFileName, StrFileNameUsageA.Left (StrFileNameUsageA.GetLengthO - 4)), try { pFile = new CFile ( StrFileNameUsageB, CFile: :modeReadWrite | CFile: -shareDenyNone | CFile :: typeBinary ), } catch (CFileException *)

{

// LogError sgt "Failed opening part B." ), return (-1) ,

} if (IpFile) {

// LogErrorMsg( "Failed opening part B "), return

(-1),

}

Create the archive for serialization pAr _* new CArchive ( pFile, CArchive:: load

);

Serialize this object. ......../ try { pLevel

+ strTempFileName.Right (6) ; pAr->Close 0 ; pFile->Close() ,- delete pAr; delete pFile;

Set the date and time . if (CFile: :GetStatus (strFileNameUsageB, fileStatus))

{ fileStatus.m_ctιme = setTime; fileStatus.m_mtιme = setTime; fileStatus.tn_atιme = setTime,-

CFile: :SetStatus (StrFileNameUsageB, fileStatus), }

/*_*

Piece <C> using the level 2 pad.

StrFileNameUsageC = ReverseCipher(strTempFileName, strFileNameUsageB) , try

{ pFile = new CFile ( StrFileNameUsageC, CFile: :modeReadWr te | CFile: :shareDenyNone | CFile: :typeBinary );

} catch (CFileException *)

( // LogErrorMsg("Failed opening part C."); return (-1) ;

} if (IpFile)

( // LogErrorMsg ( "Failed opening part C. " ) ; return (-1) ;

>

_/*** ....................

Create the archive for serialization. ......................................................................./ pAr = new CArchive ( pFile, CArchive :: load ),

Serialize this object ..................../ try strTempFileName = pLevel2TransactιonObject->SerιalιzeUsageC (*pAr, "", ""),

catch (CArchiveException *)

{

// LogErrorMsg ("Failed serializing part C."); return (-1) ,

}

StrTempFileName = strTempFileName.Left (6) + CStrmgCW") + StrTempFileName Rιght(6), pAr->Close () ; pFιle->Cloεe() ; delete pAr; delete pFile;

Set the date and time. if (CFile: :GetStatus (StrFileNameUsageC, fileStatus))

{ fileStatus.m_ctιme = setTime; fileStatus.m_mtιme = setTime; fileStatus.m_atιme = setTime;

CFile: :SetStatus (StrFileNameUsageC, fileStatus), }

Read in the cipher text. pCipherTransactιonOb3ect = new CTransactιonOb3ect 0 ;

Piece <D> using the cipher text.

StrFileNameUsageD = ReverseCipher (strTempFileName, strFileNameUsageC), try pFile = new CFile ( strFileNameUsageD, CFile: :modeReadWrite | CFile: :shareDenyNone | CFile: : ypeBinary ), catch (CFileException *)

// LogErrorMsg("Failed opening part D.^M); return (-1) ,- if (IpFile)

// LogErrorMsg("Failed opening part D."),- return (-1) ,-

Create the archive for serialization pAr = new CArchive ( pFile, CArchive :: load

Serialize this ob3ect. try

{ strTempFileName = pCipherTransactionOb} ect ->SerιalιzeUsageA<*pAr, " " , " " ) ;

) catch (CArchiveException *)

(

// LogErrorMsg{ Faιled serializing part A.^M), return (-1) ,

}

εtrTempFileName -= StrTempFileName.Left (6) + CString("\\") + strTempFileName.Rιght(6) ; pAr->Close() ,- pFιle->Close() ; delete pAr; delete pFile;

/*

Set the date and time. f (CFile: :GetStatus (StrFileNameUsageD, f leStatus))

{ fileStatus .m_ct me = setTime, fileStatus.m_mtιme = setTime; fileStatus.m_atιme = setTime;

CFile: :SetStatus(strFιleNameUsageD, fileStatus); )

/*

Piece <E> using the cipher text.

,................*......................*........................*.../

StrFileNameUsageE = ReverseCipher(strTempFileName, StrFileNameUsageD) ; try pFile = new CFιle( StrFileNameUsageE, CFile: :modeReadWrite | CFile: :shareDenyNone | CFile: : typeBinary ); catch (CFileException *)

//LogErrorMsg ("Failed opening part E."); return (-1) ; f (IpFile)

//LogErrorMsg("Failed opening part E-"), return (-1) ,

Create the archive for serialization. pAr >. new CArchive ( pFile, CArchive : :load ) ;

Serialize this ob3ect. try

{ strTempFileName = ρCιpherTransactιonObject->SerιalιzeUsageB (*pAr, "" , ^M " ) ;

} catch (CArchiveException *)

{

//LogErrorMsg("Failed serializing part B."); return (-1) ,-

}

StrTempFileName = StrTempFileName.Left (6) + CStringC'W") + StrTempFileName.Right (6) ; pAr->Close() ; pFιle->Close() ,- delete pAr; delete pFile;

/*

Set the date and time. if (CFile: :GetStatus (StrFileNameUsageE, fileStatus))

( fileStatus.m__ctιme = setTime;

fileStatus. _mtιme - setTime; fileStatus.m_atιme = setTime;

CFile: .SetStatus (StrFileNameUsageE, fileStatus), )

Piece <F> using the cipher text.

StrFileNameUsageF = ReverseCipher (strTempFileName, StrFileNameUsageE), try pFile = new CFile ( StrFileNameUsageF, CFile: :moαeReadWnte | CFile: :shareDenyNone | CFile •: typeBinary ), catch (CFileException *)

//LogErrorMsgC'Failed opening part F."); return (-1) ; if (IpFile)

//LogErrorMsg("Failed opening part F."); return (-1) ;

Create the archive for serialization. pAr « new CArchive ( pFile, CArchive ::load );

Serialize this ob3βct. try { strTempFileName = pCιpherTransactιonOb ect->SenalιzeUsageC(*pAr, "", "") ;

) catch (CArchiveException *) {

//LogErrorMsgC'Failed serializing part C."); return (-1) ; } pAr->Close<) ,- pFιle->Close() ; delete pAr; delete pFile;

Set the date and time. if (CFile: :GetStatus(εtrFιleNameUsageF, fileStatus)) fileStatus.m_ctιme = setTime; fileStatus.m_mtime = setTime; fileStatus.m_atιme = setTime,

CFile: -.SetStatus (StrFileNameUsageF, fileStatus) ,-

} _{********************************************************* *****},

Create the level 1 pad from the cipher text and the level 2 pad. pLevellTransactionObject = new CTransactionObject () ,

// ReverseCipher (&cpLevellTransact onObject->m_moC rrentMerchant, &pLevel2Transactιonθb ect->m__moCurrentMerchant, //

&pCiρherTransactιonObject->m_moCurrentMerchant) ; ρLevellTransactιonOb ect->m_strShιpToZιρ = ReverseCipher (pLevel2Transact onOb ect->m_strSh pToZιp, pCipherTransactιonObject->m_strShιpToZip) ,- pLevellTransactionObject->m_strTransSeqNum = ReverseCipher (pLevel2TransactionObject->m_strTransSeqNum, pCipherTransact onOb ect->m_strTransSeqNum) ; pLevellTransactιonOb ect->m_strCredιtCardNumber = ReverseCipher(pLeve12TransactionObject->m_strCred tCardNumber, pCipherTransactionOb ect->m_strCredιtCardNumber) ,- pLevellTransactιonObject->m_strExρiratιonDate = ReverseCipher<pLevel2TransactionOb ect->m_strExpιratιonDate, pCipherTransactιonObject->m_strExp ratιonDate) , pLevellTransactionOb ect->m_strShipToAddress = ReverseCiphe (pLevel2TransactionOb ect->m_strShιpToAddress, pCipherTransactionObject->m_strShιpToAddress) ; pLevellTransactionObject->m_strShιpToZιp K ReverseCipher(pLevel2TransactionObject->m_strShipToZ , pCipherTransact onObject->m_strShιpToZip) , pLevellTransactionOb ect->m_strTransactιonAmount = ReverseCipher (pLevel2Transact onObject->m_strTransactιonAmount, pCipherTransactionObject->m_strTransac ιonAmount) , pLevellTransactionOb ect->ra_strBillToName = ReverseCipher<pLevel2TransactionObject->ra_strBιllToName, pCipherTransactionObject->m_strBιllToNaτne) ,- pLevellTransactionObject->m_strCus omerLocation = ReverseCipher(pLevel2TransactιonObject->m_strCustomerI-ocatιon, pCipherTransactionOb ect->m_strCustomerLocat--.on) ; pLevellTransactιonObject->m_strBillToState =

ReverseCipher<ρLevel2TransactionOb ect->m_strBillToState, pCipherTransactionOb ect->m_strBιllToState) ; pLevellTransactιonOb ect->m_strUserReplyEmaιl = ReverseCipher ( Leve12TransactxonOb ect->m_strUserReplyEmaιl, pCipherTransactionObject->m_strUserReplyEmaιl) ; pLevellTransactionObject->m_strBatchNumber = ReverseCipher(pLevel2Transact onOb ect->m_strBatchNumber, pCipherTransactionObject->m_strBatchNumber) ; pLevellTransactionObject->m_strOrderNumber = ReverseCipher (pLevel2TransactιonObject->m_strOrderNumber, pCipherTransactionOb ect->m_strθrderNumber) ; pLevellTransactionObject->m_strRetACI _*= ReverseCipher(pLevel2TransactιonObject->m_strRetACI, pCipherTransactionOb]ect->m_strRetACI) , pLevellTransactionOb]ect->m_strRetAuthorιzatιonSourceCode = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetAuthor zatιonSourceCode,

pCipherTransactionOb]ect->m_strRetAuthorιzatιonSourceCode) , pLevellTransactionOb]ect->m_strRetTransactιonSequenceNumber = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetTransactιonSequenceNumber,

pCipherTransactionOb]ect- >m_strRetTransactιonSequenceNumber) , pLevellTransactionOb]ect->m_strRetResponseCode = ReverseCipher (pLevel2TransactιonOb]ect- >m_strRetResponseCode, pCipherTransactionOb] ect->m_strRetResponseCode) , pLevellTransactionOb]ect->m_strRetApprovalCode = ReverseCipher (pLevel2TransactιonOb]ect- >m_strRetApprovalCode, pCipherTransactionOb]ect->m_strRetApprovalCode) , pLevellTransactionOb]ect->m_strRetLocalTransactιonDate = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetLocalTransactιonDate,

pCipherTransactionOb]ect->m_strRetLocalTransactιonDate) , pLevellTransactionOb]ect->m_strRetLocalTransactιonTιme = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetLocalTransactιonTιme,

pCipherTransactionOb]ect->m_strRetLocalTransactιonTιme) , pLevellTransactionOb]ect->m_strRetAVSResultCode = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetAVSResultCode, pCipherTransactionOb]ect->m_strRetAVSResultCode) , pLevellTransactιonOb₃ect->m_strRetTransactιonIdentιfιer = ReverseCipher (pLevel2TransactιonOb]ect->m_strRetTransactιonIdentιf_.er,

pCipherTransactionOb]ect->m_strRetTransactιonIdentιfιer) ; pLevellTransactιonOb]ect->m_strRetValιdatιonCode = ReverseCipher (pLevel2TransactιonOb₃ect->m_strRetValιdatιonCode , pCipherTransactιonOb₃ect->m_strRetValιdatιonCode) , pLevellTransactιonOb]ect->m_strSendMessage = ReverseCipher (pLevel2TransactιonOb]ect->m_strSendMessage,

pCipherTrc-nsactιonOb]ect->m_strSendMessage) ; pLevellTransactionOb]ect->m_strReceιvedMessage = ReverseCipher (pLevel2TransactιonOb]ect->m_strReceιvedMessage, pCipherTransactionOb]ect->m_strReceιvedMessage) , pLevellTransactionOb]ect->m_strAuthorιzatιonMessage = ReverseCipher (pLevel2TransactιonOb]ect->m_strAuthorιzatιonMessage, pCipherTransactionOb]ect->m_strAuthorιzatιonMessage) , pLevellTransactionOb]ect->m_strAuthorιzatιonHeader = ReverseCipher (pLevel2TransactιonOb]ect->m_strAuthorιzatιonHeader, pCipherTransactionOb]ect- >m_strAuthorιzatιonHeader) , pLevellTransactionOb]ect->m_strAuthonzatιonDetaιl = ReverseCipher (pLevel2TransactιonOb]ect->m_strAuthorιzatιonDetaιl, pCipherTransactionOb_]ect- >m_strAuthonzationDetail) , pLevellTransactionOb]ect->m_strAuthoπzatιonParm = ReverseCipher (pLevel2TransactιonOb]ect->m_strAuthorιzatιonParm, pCipherTransactionOb_] ect- _>m_strAuthorιzatιonParm) ; pLevellTransactionOb] ect - >m_strAuthorιzatιonTraιler = ReverseCipher (pLevel2TransactιonOb] ect- >m_strAuthorιzatιonτraιler, pCipherTransactionOb] ect - >m_strAuthorιzatιonTraιler) ; pLevellTransactιonOb]ect- >m_strAuthorιzatιonReceιvedMessage = ReverseCipher (pLevel2TransactιonOb] ect- >m_strAuthorιzatιonReceιvedMessage ,

pCipherTransactionOb] ect - >rn_strAuthorιzatιonReceιvedMessage) pLevellTransactionOb] ect - >m_strSerιalNumber = ReverseCipher (pLevel2TransactιonOb] ect- >m_strSerιalNumber , pCipherTransactionOb] ect - >m_strSenalNumber) , pLevellTransactionOb] ect- >m_εtrOrderStrιng = ReverseCipher (pLevel2TransactιonOb] ec - >m_strOrderStrιng ,

pCipherTransactionOb] ect- >m_strOrderStπng) , pLevellTransactιonOb]ect- >m_strShιpToName = ReverseCipher (pLevel2TransactιonOb] ect- >m_strShιpToName ,

pCipherTransactionOb] ect ->tn_strShιpToName) , pLevellTransactionOb] ec ->m_strShιpToAddress = ReverseCipher (pLevel2TransactιonOb] ect- >m_strShιpToAddress , pCipherTransactionOb] ect - >m_s trShipToAddress ) , pLevellTransactionOb] ect- >m_strShιpToCιty = ReverseCipher (pLevel2TransactιonOb] ect- >m_strShιpToCιty,

pCιpherTransactιonOb]ect- >m_strShιpToCιty) ,- pLevellTransactionOb] ect ->m_strShιpToState = ReverseCipher (pLevel2TransactιonOb]ect->m_strShιpToState,

pCipherTransactionOb] ect ->m_strShιpToState) ; pLevellTransactionOb] ect- >m_strShιpToZιp = ReverseCipher (pLevel2TransactιonOb]ect- >m_strShιpTo2ιp,

pCipherTransactionOb] ect - >m_strShιpToZιp ) ; pLevellTransactionOb] ect- >m_strShιpToPhone = ReverseCipher (pLevel2TransactιonOb] ect- >m_strShιpToPhone ,

pCipherTransactionOb] ect ->rn_strShιpToPhone) ,- pLevellTransactionOb] ect ->m_strClιentIpAddress = ReverseCipher (pLevel2TransactιonOb] ect- >m_strClιentIpAddress, pCipherTransactionOb] ect- >m_strClιentIpAddress) ,

Create the message from the cipher text and the level 1 pad .

// ReverseCipher (&m_moCurrentMerchant ,

-.pCipherTransactionOb] ect ->m_moCurrentMerchant , //

..pLevellTransactionOb] ect- >m_moCurrentMerchant ) ;

m_strShιpToZιp = ReverseCipher (pCipherTransactionOb] ect- >m_strShιpToZιp, pLevellTransactionOb]ect- >m_strShιpToZιp) , m_strTransSeqNum = ReverseCipher (pCipherTransactionOb]ect->m_strTransSeqNum,

pLevellTransactionOb] ect->m_εtrTransSeqNum) , m_strCredιtCardNumber = ReverseCipher (pCipherTransactionOb]ec - >m_strCredιtCardNumber , pLevellTransactionOb]ect->m_strCredιtCard umber) , m_strExpιratιonDate = ReverseCipher (pCipherTransactionOb]ect- >m_strExpιratιonDate, pLevellTransactionOb] ect->m_strExpιratιonDate) , m_strShιpToAddress = ReverseCipher (pCipherTransactionOb]ect- >m_strShιpToAddress, pLevellTransactionOb]ect- >m_strShιpToAddress) , m_strSh pToZιp = ReverseCipher (pCipherTransactionOb]ect- >m_strShιpToZιp ,

pLevellTransactιonOb]ect->m_strShιpToZιp) , m_strTransactιonAmount = ReverseCipher (pCipherTransactionOb]ect- >m_strTransactιonAmount , pLevellTransactionOb] ect- >m_strTransactιonAmount) , m_strBιllToName = ReverseCipher (pCipherTransactionOb] ect- >m_strBillToName ,

pLevellTransactionOb] ect->m_strB llToName) ; m_strCustomerLocatιon = ReverseCipher (pCipherTransactionOb]ect->m_strCustomerLocatιon, pLevellTransactιonOb]ect->m_strCustomerLocation) ; m_strBιllToState = ReverseCipher (pCipherTransactionOb]ect->m_strBillToState,

pLevellTransactιonOb]ect->m_strBillToState) ; m_strUserReplyEmaιl = ReverseCipher (pCipherTransactionOb]ect->m_strUserReplyEmaιl , pLevellTransactionOb]ect->m_strUserReplyEmail) ; m_strBatchNumber = ReverseCipher (pCipherTransactionOb] ect->m_strBatchNumber,

pLevellTransactionOb]ect->m_strBatchNumber) ,- m_strOrderNumber = ReverseCipher (pCipherTransactionOb]ect->m_strOrderNumber,

pLevellTransactionOb] ect- >m_strOrderNumber) ,^• m_strRetACI = ReverseCipher (pCipherTransactionOb] ect- >m strRetACI,

pLevellTransactionOb] ect->m_strRetACI) , m_strRetAuthorιzatιonSourceCode = ReverseCipher (pCipherTransactionOb]ect- >m_strRetAuthorιzatιonSourceCode,

pLevellTransactionOb]ect->m_strRetAuthorιzatιonSourceCode) , m_strRetTransactιonSequenceNumber = ReverseCipher (pCιpherTransactιonOb]ect->m_strRetTransactιonSequenceNumber,

pLevellTransactionOb]ect->m_strRetTransactιonSequenceNumber) , m_strRetResponseCode = ReverseCipher (pCipherTransactionOb] ect- >m_strRetResponseCode , pLevellTransactionOb] ect->m_strRetResponseCode) , m_strRetApprovalCode = ReverseCipher (pCipherTransactionOb]ect- >m_strRetApprovalCode, pLevellTransactionOb] ect- >m_strRetApprovalCode) , m_strRetLocalTransactιonDate = ReverseCipher (pCipherTransactionOb]ect- >m_strRetLocalTransactιonDate,

pLevellTransactionOb]ect->m_strRetLocalTransactιonDate) , m_strRetLocalTransactιonTιme = ReverseCipher (pCipherTransactionOb]ect- >m_strRetLocalTransactιonTιme,

pLevellTransactionOb] ect- >m_strRetLocalTransactιonTιme) , m_strRetAVSResultCode = ReverseCipher (pCipherTransactionOb]ect- >m_strRetAVSResultCode, pLevellTransactionOb] ect- >m_strRetAVSResultCode ) , m_strRetTransactιonIdentιfιer = ReverseCipher (pCipherTransactionOb]ect- >m_strRetTransactιon!dentifler,

pLevellTransactionOb]ect->m_strRetTransactιonIdentιfler) , m_strRetVal datιonCode = ReverseCipher (pCipherTransactionOb]ect- >m_strRetValιdatιonCode, pLevellTransactionOb]ect->m_strRetValιdatιonCode) , m_strSendMessage = ReverseCipher (pCιpherTransactιonOb]ect->m_strSendMessage,

pLevellTransactionOb]ect->m_strSendMessage) ; m_strReceιvedMessage = ReverseCipher (pCipherTransactionOb]ect- >m_strReceιvedMessage, pLevellTransactionOb]ect->m_strReceιvedMessage) , m_strAuthorιzatιonMessage = ReverseCipher (pCιpherTransactιonOb]ect->m_strAuthorιzatιonMessage, plιevellTransactιonOb]ect->m_strAuthoπzatιonMessage) , m_strAuthorιzatιonHeader = ReverseCipher (pCιpherTransactιonOb]ect->m_strAuthorιzatιonHeader, pLevellTransactionOb]ect->m_strAuthorιzatιonHeader) , m_strAuthorιzatιonDetaιl = ReverseCipher (pCipherTransactionOb]ect->m_strAuthoπzatιonDe ail, pLevellTransactionOb]ect->m_strAuthor zatιonDetaιl) , m_strAuthorιzatιonParm = ReverseCipher (pCipherTransactionOb]ect- >m_strAuthorιzatιonParm, pLevellTransactionOb] ect->m_strAuthoπzatιonParm) , m_strAuthorιzatιonTraιler = ReverseCipher (pCipherTransactionOb]ect- >τn_strAuthonzatιonTraιler, pLevellTransactionOb] ect->m_strAuthoπzatιonTraιler) , m_strAuthorιzatιonReceιvedMessage = ReverseCipher (pCιpherTransactιonOb]ect->m_strAuthoπzatιonReceιvedMessage, pLevellTransactιonOb]ect->m_strAuthorιzatιonReceιvedMessage) , m_strSerιalNumber = ReverseCipher (pCipherTransactionOb]ect- >m_strSerιalNumber, pLevellTransactionOb]ec ->m_strSerιalNumber) , m_strOrderStrmg = ReverseCipher (pCipherTransactionOb]ect- >m_strOrderStπng,

pLevellTransactionOb] ect->m_strOrderStπng) ; m_strShιpToName = ReverseCipher (pCipherTransactionOb] ect- >m_strShιpToName,

pLevellTransactionOb]ect->m_strShipToName) , m_strShιpToAddress = ReverseCipher (pCipherTransactionOb] ect- >m_strShιpToAddress, pLevellTransactionOb] ect->m_strShιpToAddress) ; m_strShιpToCιty = ReverseCipher (pCipherTransactionOb] ect- >m_strShιpToCιty,

pLevellTransactionOb] ect->m_εtrShιpToCιty) , m_strShιpToState = ReverseCipher (pCipherTransactionOb]ect- >m_strShιpToState,

pLevellTransactionOb] ect- >m_strShιpToState) ; m_strShιpToZιp = ReverseCipher (pCipherTransactionOb]ect->m_strShιpToZιp,

pLevellTransactionOb]ect->m_strShιpToZιp) ; m_strShιpToPhone = ReverseCipher (pCιpherTransactιonOb]ect- >m_strShιpToPhone ,

pLevellTransactionOb]ect->m_strShιpToPhone) ; m_strClιentIpAddress = ReverseCipher (pCipherTransactionOb]ect->m_strClιentIpAddress, pLevellTransactionOb]ect- >m_strClιentIpAddress) ; delete pLevellTransactιonOb]ect; delete pLevel2TransactιonOb]ect, delete pCipherTransactionOb]ect ; if (nDeleteFilesWhenFinished)

{

DeleteFile (StrFileNameUsageA) DeleteFile (strFileNameUsageB) DeleteFile (strFileNameUsageC) DeleteFile (StrFileNameUsageD) DeleteFile (StrFileNameUsageE) DeleteFile (strFileNameUsageF)

*_{*****************************************************} Output the decrypted information to a text file.

CFile fFile ("decrypt.txt",

CFile: :modeWrιte|CFιle: :modeCreate | CFile: : typeBinary) ; if (! fFile)

{ return -1 ; }

CString strCrLf = "XX" , strCrLf SetAt(0 OxOd) , StrCrLf SetAtfl, OxOa) ,

CString strMessage = "Bill To fFile Write strMessage, strMessage GetLengthO) fFile Write StrCrLf, 2), fFile Write StrCrLf, 2) , fFile Write m_strB llToName , m_strBιllToName GetLength ), fFile Write strCrLf, 2), fFile Write m_strBιllToAddress , m_strBιllToAddress GetLength ) , fFile Write StrCrLf, 2) , fFile Write m_strBιllToCιty, m _strBιllToCιty GetLengthO) fFile Write StrCrLf, 2) , fFile Write m_strBιllToState , _strBιllToState GetLengthO), fFile Write strCrLf, 2), fFile Write m_strBιllToZιp, m_strBιllToZιp GetLengthO) fFile Write strCrLf, 2) , fFile Write m_strUserReplyEmaιl, m_strUserReplyEmaιl GetLengthO), fFile Write strCrLf, 2) , fFile Write strCrLf, 2) , strMessage "Order Information " , fFile Write strMessage, strMessage GetLengthO) fFile Write strCrLf, 2) , fFile Write strCrLf, 2), fFile Write m_strCredιtCardNumber, m_strCredιtCardNumber GetLengthO), fFile Write strCrLf, 2) , fFile Write m_strExpιratιonDate , m_strExpιratιonDate GetLengthO), fFile Write strCrLf, 2), fFile.Write m_strTransactιonAmount,m_strTransactιonAmount GetLengthO ) , fFile Write StrCrLf, 2) , fFile Write StrCrLf, 2) , strMessage : "Ship To:", fFile Write strMessage, strMessage.GetLength () ) , fFile Write StrCrLf, 2) ; fFile Write strCrLf, 2) , fFile Write m_strShιpToName, m_strShιpToName GetLength ), fFile.Write strCrLf, 2) , fFile.Write m_strShιpToAddress, m_strShιpToAddress.GetLength ) , fFile.Write strCrLf, 2) , fFile.Write m_strShipToCιty, m_strShιpToCιty.GetLength ) , fFile. rite strCrLf, 2) , fFile Write m_strShιpToState, m_strShιpToState.GetLengthO ) , fFile Write strCrLf, 2) , fFile Write m_strShιpToZιp, m_strShιpToZιp GetLengthO), fFile Write StrCrLf , 2 ) , fFile Write m_strSh pToPhone , m_strShιpToPhone GetLength () ) , fFile Write strCrLf, 2) , fFile Close ), return 0,

}

#ιfndef TransactιonOb]ect_H #defιne TransactιonOb]ect_H class CTransactιonOb]ect public COb]ect

{ public

CTransactιonOb]ect 0 ,

// Attributes public

CString m_strBιllToName, CString m_strBιllToAddress ,

CString m_strBιllToCιty, CString m_strBιllToState; CString m_strBιllToZip;

CString m_strCredιtCardNumber; CString m_strExpιratιonDate ;

CString m_strShιpToName; CString m_strShipToAddress; CString m_strShιpToCιty, CString m_εtrShιpToState ; CString m_εtrShιpToZιp, CString m_strShιpToPhone ; CString m_strTransactιonAmoun ;

CString m_strTransSeqNum;

CString m__εtrCustomerLocatιon;

CString m_strUserReplyEmaιl,

CString m_strClιentIpAddress,-

CString m_strSerialNumber;

CString m_strorderString;

CString m_strSendMessage;

CString m_strReceιvedMessage;

CString m_strAuthorιzatιonMessage,-

CString m_strAuthorιzationHeader;

CString m_strAuthorιzatιonDetaιl ,-

CString m_strAuthorιzatιonParm;

CString m_strAuthorιzatιonTraιler;

CString m_strAuthoπzatιonRece vedMessage;

CString m_strBatchNumber,-

CString rn_strorderNumber;

CString m_strRetACI;

CStπng m_strRetAuthorιzat onSourceCode;

CString m_strRetTransactιonSequenceNumber;

CString m_strRetResponseCode;

CString m_strRetApprovalCode;

CString m_strRetLocalTransactιonDate;

CString m_strRetLocalTransactιonTιme;

CString m_strRetAVSResultCode;

CString m_strRetTransactιonIdenti ler;

CString m_strRetValιdatιonCode;

CString GeneratePadObjec (CString StrPadFileName, int nFileType); int ReadPadOb3ect (CString strFileTitle, int nDeleteFilesWhenFinished, int nSetDeleteStatus) ,-

// overrides virtual CString SerializeUsageA(CArchιve& ar, CString strAdditional, CString StrFileName) ; virtual CString SerializeUsageBtCArchivefc ar, CString StrAdditional, CString strFileName) ; virtual CString SerializeUsageC (CArchiveδe ar, CString strAdditional, CString strFileName) ,-

// Implementation protected-

DECLARE_SERIAL ( CTransactιonOb3ect ) virtual -CTransactιonOb ec 0 ; }. ttendif

//{ (NO_DEPENDENCIES) )

// Microsoft Developer Studio generated include file.

// Used by Skιp ackPatent_l.re

// #defιne IDD_SKIPJACKPATENT_l_DIALOG 102

#defιne IDR_MAINFRAME 128

.. define IDC_BILL_TO_NAME 1000

(. define IDC_BILL_TO_ADDRESS 1001

#def me IDC_BILL_TO_CITY 1002

#defme IDC_BILL_TO_STATE 1003

#def ne IDC_CC_NUMBER 1004

#defme IDC_EXPIRATION_DATE 1005

#defme IDC_BILL_TO_ZIP 1006

#defιne IDC_SHI P_TO_NAME 1007

#def ne IDC_SHI P_TO_ADDRES S 1008

#defme IDC_SHIP_TO_CITY 1009

#de ιne IDC_SHIP_TO_STATE 1010

#defιne IDC_SHIP_TO_ZIP 1011

#defιne IDC_REVERSE_CI PHER 1012

#defιne IDC_EMAIL 1013

#defιne IDC_SHIP_TO_TELEPHONE 1014

^define IDC AMOUNT 1015

// Next default values for new ob]ects

//

#lfdef APSTUDIO_INVOKED

#lfndef APSTUDIO_READONLY_SYMBOLS

#defiπe _APS_NEXT_REΞOURCE_VALUE 129

#defιne _APS_NEXT_COMMAND_VALUE 32771

#defιne _APS_NEXT_CONTROL_VALUE 1016 tdef ne _APS_NEXT_SYMED_VALUE 101

#endιf

#endιf

// Skιp]ackPatent_l.h mam header file for the SKIPJACKPATENT_1 application //

Hit ldefined(AFX SKIPJACKPATENT 1 H 01130BD5 68CE 11D2 94A3 0OA0C99A5300 INCLUDED

#define

AFX_SKIPJACKPATENT_1_H 01130BD5_68CE_11D2_94A3_00A0C99A5300 INCLUDED_

#if _MSC_VER >= 1000

#pragma once

#endιf // _MSC_VER >= 1000

#ιfndef AFXWIN_H_

#error include 'stdafx.h' before including this file for PCH #endif

#ιnclude "resource.h" // main symbols

II CSkip] ackPatent_lApp

// See Skιp]ackPatent_l.cpp for the implementation of this class // class CSkιp]ackPatent_lApp public CWinApp

{ public •

CSkip]ackPatent_lApp ,

// Overrides

// ClassWizard generated virtual function overrides

//{ {AFX_VIRTUAL (CSkιp]ackPatent_lApp) public virtual BOOL Initlnstance 0 ,

//}}AFX_V RTUAL

// Implementation

//{{AFX_MSG(CSkιp]ackPatent_lApp)

// NOTE - the ClassWizard will add and remove member functions here // DO NOT EDIT what you see m these blocks of generated code ! //}}AFX_MSG DECLARE_MESSAGE_MAP ( ) void dπver_routιne ( ) ; }.

II { {AFX_INSERT_LOCATION} }

// Microsoft Developer Studio w ll insert additional declarations immediately before the previous line

#endιf

//

[defined (AFX_SKIPJACKPATENT_1_H 01130BD5_68CE_11D2_94A3_00A0C99A5300 INCLUDED

^D_⁾

// Skιp]ackPatent_lDlg.h . header file

//

#ιf

! defined (AFX_SKIPJACKPATENT_1DLG_H 01130BD7_68CE_11D2_94A3_00A0C99A5300 INCLU

UDED_) #defιne

AFX_SKIPJACKPATENT_1DLG_H 01130BD7_68CE_11D2_94A3_00A0C99A5300 INCLUDED_

#ιf _MSC_VER -•= 1000

#pragma once

#endlf // _MSC_VER >= 1000

#ιnclude "TransactionObject.h" II CSkιp₃ackPatent_lDlg dialog

class CSkip]ackPatent_lDlg : public CDialog

{

// Construction public :

CSk p]ackPatent_lDlg(CWnd* pParent = NULL);

// standard constructor

// Dialog Data

// { {AFX_DATA (CSkιp]ackPatent_lDlg) enum { IDD = IDD_SKIPJACKPATENT_l_DIALOG } ,

CButton m_bOk;

CButton m_bCancel ;

CButton m_bReverseCιpher;

CString m_strAmount ;

CString m_strBιllToAddress ,

CString m_strBιllToCity;

CString m_strBιllToName ;

CString m_strBιllToState ;

CString m_strBillToZιp ;

CString m_strCredιtCardNumber;

CString m_strExpιratιonDate ;

CString m_strShιpToCιty;

CString m_strShιpToAddress;

CString m_strShιpToName ;

CString m_strShιpToState;

CString m_strShιpToZιp;

CString m_strUserReplyEmaιl ;

CString m_strShιpToPhone ;

//}}AFX_DATA

// ClassWizard generated virtual function overrides

//{ {AFX VIRTUA (CSkip]ackPatent_lDlg) protected- virtual void DoDataExchange (CDataExchange* pDX) ,-

// DDX/DDV support

//}}AFX_VIRTUAL

CTransactionObject formTransactionObject ;

CString m_strDecryptFιleName ;

// Implementation protected :

HICON m hlcon;

// Generated message map functions

// { (AFX_MSG (CSkip]ackPatent_lDlg) virtual BOOL OnlnitDialog () , af _msg void OnPaint ( ) , afx_msg HCURSOR OnQueryDraglcon () ; virtual void OnOKO; afx_msg void OnReverseCipher () ,

//)}AFX_MSG

DECLARE MESSAGE MAP 0

).

//{ {AFX_INSERT_LOCATION} }

// Microsoft Developer Studio will insert additional declarations immediately before the previous line

#endιf //

I defined (AFX_SKIPJACKPATENT_1DLG_H 01130BD7_68CE_11D2_94A3_00A0C99A5300 INCLU

UDED_)

// stdafx.h : include file for standard system include files,

// or project specific include files that are used frequently, but

// are changed infrequently

//

#if ! defined (AFX_STDAFX_H__01130BD9_68CE_11D2_94A3_O OAOC99A5300 INCLUDED_) #defιne

AFX_STDAFX_H__01130BD9_68CE_11D2_94A3_OOAOC99AS300 INCLUDED_

#if _MSC_VER >= 1000

#pragma once

#endif // _MSC_VER >= 1000

#define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers

#include <afxwιn.h> // MFC core and standard components ..include <afxext.h>

// MFC extensions #ifndef _AFX_NO_AFXCMN_SUPPORT

#include <afxcmn.h> // MFC support for Windows Common Controls

#endif // _AFX_NO_AFXCMN_SUPPORT

//{ {AFX_INSERT_LOCATION} }

// Microsoft Developer Studio will insert additional declarations immediately be ore the previous line .

#endif //

!de ιned(AFX_STDAFX_H__01130BD9_68CE_llD2_94A3_00A0C99A5300 INCLUDED_)

/ * * **

Routines used for encrypting strings.

For Encryption: strLevell = GeneratePad (strValue) ,- strCipher = GenerateCipher (strValue, strLevell); strLevel2 = GenerateCipher (strLevell, strCipher), For Decrypting: strLevell = ReverseCipher (strLevel2, strCipher), strValue = ReverseCipher (strCipher, strLevell) ,- #if _MSC_VER >= 1000

#pragma once tendlf // _MΞC_VER >=

1000 ._***._**._*. — ......._**._*._*.._** .........._**. — ._*******.... — ..........

Reverses the Cipher Text.

♦A*****************************************************************************.*******.*.**/

CString ReverseCipher (CString strCipher, CStrmg strPad),

/************_**_************************************.._***_********_*******************_********_*

Generates the Cipher Text .

CString GenerateCipher (CString strMessage, CString strPad), ***..***.. .......***.**.***.**** ..*****...............**...*.*.**.........*......

Generates the Pad Text

******************_*********************************.**_******************************.*******/

CString GeneratePad (CString strPad, CString m_strCred tCardNumber) , /**************************************************_***_**************************.********_**.

Math routines to generate the random values

Generate Seed could be expanded on to add additional long values to be used to make the value less dependent on time For instance, information entered from the user

....**..*...***.**..* * **. *.... ......* ******* .../ int GenerateRandom (long lvalue), int ValidateFloat (float fValue), mt Generatelterationdong IVall), long GenerateSeed (long IVall, long lVal2, mt nVall, mt nVal2) , float ran3(long *ιdum) ,

//Microsoft Developer Studio generated resource script

//

#include "resource.h"

Ddefme APSTUDIO_READONLY_SYMBOLS

II

II Generated from the TEXTINCLUDE 2 resource .

//

.(include "afxres.h" II III II II 11 III II I III 11

#undef APSTUDIO_READONLY_SYMBOLS

II English (U.S.) resources #if .defined (AFX_RESOURCE_DLL) || defined (AFX_TARG_ENU) #ifdef _WIN32

LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US Spragma code_page (1252) #endif //_WIN32

#ifdef APSTUDIO_INVOKED II

II TEXTINCLUDE

//

1 TEXTINCLUDE DISCARDABLE BEGIN

"resource.h\0" END

2 TEXTINCLUDE DISCARDABLE BEGIN

"..include ""afxres.h""\r\n" "\0" END

3 TEXTINCLUDE DISCARDABLE BEGIN

d(AFX_TARG_ENU) \r\n" "tt fdef _WIN32\r\n"

// non-Microsoft Visual C++ edited res

rd components\r\n" "#endιf\0" END

#endif // APSTUDIO_INVOKED

///////////////////////////////////////////////////////////////////////////// //

// Icon

//

// Icon w th lowest ID value placed first to ensure application icon

// remains consistent on all systems .

IDR_MAINFRAME ICON DISCARDABLE "res\\Skιp;]ackPatent_l . ICO"

/////////////////////////////////////////////////////////////////////////////

//

// Dialog

//

IDD_SKIPJACKPATENT_l_DIALOG DIALOGEX 0, 0, 386, 214

STYLE DS_MODALFRAME | S_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_APPWINDOW

CAPTION "Credit Card Transaction Information"

FONT 8, "MS Sans Serif"

BEGIN

GROUPBOX "Bill To Address" , IDC_STATIC, 7, 3 , 158 , 127 LTEXT "Name" , IDC_STATIC, 21, 17, 20, 8

EDITTEXT IDC_BILL_TO_NAME,57,15,76,14,ES_AUTOHSCROLL LTEXT "Address" , IDC_STATIC, 21, 34 , 26 , 8

EDITTEXT IDC_BILL_TO_ADDRESS,58,32,7S,14,ES_AUTOHSCROLL LTEXT "City" , IDC_STATIC,22 , S2,12, 8

EDITTEXT IDC_BILL_TO_CITY,58,49,76,14,ES_AUTOHSCROLL LTEXT "State" , IDC_STATIC, 21, 71, 18 , 8

EDITTEXT IDC_BILL_TO_STATE,58,67,40,14,ES_AUTOHSCROLL LTEXT "Zip" , IDC_STATIC, 23 , 87, 11, 8

EDITTEXT IDC_BILL_TO_ZIP,S8,8S,40,14,ES_AUTOHSCROLL LTEXT "Email" , IDC_STATIC, 21, 105 , 18 , 8

EDITTEXT IDC_EMAIL, 57, 103 , 40, 14 , ES_AUTOHSCROLL GROUPBOX "Order Information", IDC_STATIC, 7, 132, 159,75 LTEXT "Credit Card

Number",IDC_STATIC,16,149,62,8 EDITTEXT IDC_CC_NUMBER, 91, 145, 67, 1 , ES_AUTOHSCROLL LTEXT

"Expiration Date", IDC_STATIC, 16, 167, 49, 8 EDITTEXT IDC_EXPIRATION_DATE, 91, 165, 40 , 14, ES_AUTOHSCROLL LTEXT "Amount" , IDC_STATIC, 20 , 186, 25, 8 EDITTEXT IDC_AMOUNT,92,184,40,14,ES_AUTOHSCROLL GROUPBOX "Ship To

Address" , IDC_STATIC, 220,3,159,128 LTEXT "Name" , IDC_STATIC, 232, 15, 20, 8

EDITTEXT IDC_SHIP_TO_NAME,268,13,76,14,ES_AUTOHSCROLL LTEXT "Address" , IDC_STATIC, 232, 32 , 26 , 8

EDITTEXT IDC_SHIP_TO_ADDRESS,269,30,75,14,ES_AUTOHSCROLL LTEXT "City" , IDC_STATIC, 233 , 50, 12 , 8

EDITTEXT IDC_SHIP_TO_CITY,269,47,76,14,ES_AUTOHSCROLL LTEXT "State" , IDC_STATIC, 232 , 69 , 18 , 8

EDITTEXT IDC_SHIP_TO_STATE,269,65,40,14,ES_AUTOHSCROLL LTEXT "Zip" , IDC_STATIC, 234 , 85, 11, 8

EDITTEXT IDC_SHIP_TO_ZIP,269,83,40,14,ES_AUTOHSCROLL LTEXT "Tel. No . " , IDC_STATIC, 233 , 105 , 26, 8

EDITTEXT IDC_SHIP_TO_TELEPHONE,268,101,64,14,ES_AUTOHSCROLL PUSHBUTTON "Decrypt

Transaction" , IDC_REVERSE_CIPHER, 219, 146 , 77, 14 , WS_DISABLED

DEFPUSHBUTTON "Encrypt Transaction" , IDOK,219 , 165 , 77, 14 PUSHBUTTON "Cancel" , IDCANCEL, 329, 193 , 50, 14

END ttifndef _MAC

///////////////////////////////////////////////////////////////////////////// // // Version //

VS_VERSION_INFO VERSIONINFO

FILEVERSION 1,0,0,1

PRODUCTVERSION 1,0,0,1

FILEFLAGSMASK 0x3fL #ifdef DEBUG FILEFLAGS OxlL #else

FILEFLAGS OxOL #endif FILEOS 0χ L FILETYPE OxlL FILESUBTYPE OxOL BEGIN

BLOCK "StringFilelnfo" BEGIN

BLOCK "040904B0" BEGIN

VALUE "CompanyName" , "\0"

VALUE "FileDescription" , "SkipjackPatent_l MFC Application\0" VALUE "FileVersion" , "1, 0, 0, 1\0" VALUE "InternalName" , "SkipjackPatent_l\0" VALUE "LegalCopyright", "Copyright (C) 1998\0" VALUE "LegalTrademarks", "\0"

VALUE "OriginalFilename" , "SkipjackPatent_l.EXE\0" VALUE "ProductName" , "SkipjackPatent_l Application\0" VALUE "ProductVersion", "1, 0, 0, 1\0" END END

BLOCK "VarFilelnfo" BEGIN

VALUE "Translation", 0x409, 1200 END END

#endif // ! MAC

II

II DESIGNINFO

//

#ifdef APSTUDIO_INVOKED GUIDELINES DESIGNINFO DISCARDABLE BEGIN

IDD_SKIPJACKPATENT_l_DIALOG, DIALOG BEGIN

LEFTMARGIN, 7 RIGHTMARGIN, 379 TOPMARGIN, 7 BOTTOMMARGIN, 207 END END #endif // APSTUDIO_INVOKED

#endif // English (U.S.) resources

#ifndef APSTXTOIO_INVOKED

II

II Generated from the TEXTINCLUDE 3 resource.

//

..define _AFX_NO_SPLITTER_RESOURCES #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_TRACKER_RESOURCES tdefine _AFX_NO_PROPERTY_RESOURCES

#if !define (AFX_RESOURCE_DLL) | | defined (AFX_TARG_ENU) #ifdef _WIN32 LANGUAGE 9, 1 #pragma code_page (1252)

#endif

#include "res\SkipjackPatent_l . rc2 " // non-Microsoft Visual C++ edited resources

..include "afxres . rc" // Standard components

#endif 11 mt in 11 im mil / mi ii ii i ill mi III i ii nm iiiiiiiu

#endif // not APΞTUDIO_INVOKED

Claims

THE INVENTION CLAIMED IS:

1. A method of encrypting information, comprising: generating a first one-time pad containing random key characters or values; encrypting the information using the first one-time pad to produce a first level cipher; and encrypting the first one-time pad using the first level cipher as a second one-time pad to produce a second level cipher.

2. A method according to Claim 1, further comprising dividing the first and second level ciphers into shadows, and distributing to each of a plurality of files at least one shadow from the first level cipher and at least one shadow from the second level cipher.

3. A method according to Claim 2, further comprising generating respective names of the plurality of files at random, encrypting the i-th file name using the (i-l)th file name as a one-time pad for i=2 to n, where n = the number of files, and embedding the encrypted file name in the i-l(th) file.

4. A method according to Claim 3, further comprising applying a same time and date stamp to the plurality of files.

5. A method according to any of Claims 1-4, wherein the information is information of a financial transaction.

6. A method according to Claim 5, wherein the financial transaction is a transaction performed over a computer network.

7. A method according to Claim 6, wherein the financial transaction is performed over the Internet.

8. A method according to Claim 7, wherein the financial transaction is a credit card transaction.

9. A method of encrypting information, comprising: generating random numbers based on content of the information to be encrypted; and using the random numbers to encrypt the information.

10. A method of generating random numbers in an encryption process, comprising: generating a seed based on the content of information to be encrypted; and applying a random generation algorithm to the seed to produce a random number.

11. A method according to Claim 10, wherein the encryption process is a process to encrypt information of a financial transaction, the seed being based on information of the financial transaction.

12. A method according to Claim 11, wherein the financial transaction is a transaction performed over a computer network.

13. A method according to Claim 12 , wherein the financial transaction is performed over the Internet.

14. A method according to Claim 13, wherein the financial transaction is a credit card transaction.

15. A system that performs the method of any of Claims 1-4 and 10-14.

16. A system that performs the method of Claim 5.

17. A system that performs the method of Claim 6.

18. A system that performs the method of Claim 7.

19. A system that performs the method of Claim 8.